RE: Installing a new SNORT box

["Chris Eidem" <jceidem () dexma com>]

hear hear.  i second that.  i was also in your same position and obsd
came to my rescue.  other great reasons to use it include:

* simple install (install bootdisk, ftp packages onto machine, install,
reboot)
* sane libpcap
* port/packages (once you go ports, you don't go back... :) )
* man pages that are 
     a) actually helpful and 
     b) maintained

but lookout on the misc@openbsd mailing list.  you are expected to have
done your homework before asking newbie questions.  unlike here, they
fry dumb newbies to a cripy, crunchy, golden brown and devour them
whole...

chris

> -----Original Message-----
> From: Mike Shaw [mailto:mshaw () wwisp com]
> Sent: Thursday, December 06, 2001 10:14 AM
> To: Thatcher Rea; 'snort-users () lists sourceforge net'
> Subject: Re: [Snort-users] Installing a new SNORT box
>
>
> At the risk of starting an OS Jihad, I recommend OpenBSD to 
> someone in your 
> situation for the following reasons:
>
> * Secure out of the 'box'
> * Most if not all features that you need are pre-installed, 
> but disabled by 
> default and easy to start up
>
> I was in your exact situation a year or so ago, and tuning 
> down Redhat was 
> just too much of a hassle for the simple applications we 
> needed.  This is 
> not to deny how great Linux is, I just think OpenBSD is 
> better for *nix 
> newbies putting boxes in hackable areas.  (especially for an 
> ultra-sensitive box like an IDS).
>
> I'm running at least 3 Snort locations using OpenBSD and the 
> exact same 
> hardware specs you're using.
>
> -Mike
>
> At 04:50 PM 12/5/2001 -0600, Thatcher Rea wrote:
> >         I have spent some time doing research about 
> installing a snort box
> > onto our Windows LAN. Because I'm really a Linux newbie I 
> don't want to have
> > the snort box itself hacked into, I'm trying to isolate only those
> > daemons/services that I need to have for SNORT. I have 
> decided to installed
> > snort on a PC-clone running RedHat Linux 7.2. I have read 
> several articles
> > on Linux-Sec.net, and they have given me some good starting 
> ideas, but I'm
> > not certain of which services SNORT needs to run. Assuming I 
> was going to
> > have an installation of SNORT 1.8.3 that used all the bells 
> and whistles,
> > what needs to run? Also, what kind of hardware requirements 
> do I need for
> > this machine? I have been given a PentiumII 233mhz machine 
> with 128mb RAM
> > and a 2GB hard drive to use, but I'm sure if this is enough. I'm sure
> > questions like this have been asked before, so If someone 
> could point me to
> > a site with appropriate answers rather than re-answering 
> questions that
> > would be great. Cheers.
> >
> > _______________________________________________
> > Snort-users mailing list
> > Snort-users () lists sourceforge net
> > Go to this URL to change user options or unsubscribe:
> > https://lists.sourceforge.net/lists/listinfo/snort-users
> > Snort-users list archive:
> > http://www.geocrawler.com/redir-sf.php3?list=snort-users
>
>
>
> _______________________________________________
> Snort-users mailing list
> Snort-users () lists sourceforge net
> Go to this URL to change user options or unsubscribe:
> https://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:
> http://www.geocrawler.com/redir-sf.php3?list=snort-users

_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users