Re: Snort on RedHat x.x

[James Garrison <jhg () athensgroup com>]

We run it on RH7.1 with no problems.

I'm not sure why people gripe about RH being difficult to secure.
Sure, a few things come enabled by default, but you have to go through
the hardening exercise exactly the same way on ANY distribution.  I'd
never trust the distribution's idea of what should and shouldn't be
turned on.  Someone who wants a hardened system out of the box 
without having to understand and verify it all is just lazy, IMHO.

Besides, with RH's chkconfig-based setup it's trivial to turn things 
on and off.  Just keep turning things off until "netstat -na" doesn't 
show any unexpected/unknown ports open :-)

On our bastion host we disable all chkconfig-based services 
EXCEPT the following:

        atd 
        keytable 
        syslog 
        kudzu 
        network 
        random 
        rawdevices 
        crond 
        sshd 
        reconfig 
        linuxconf (not linuxconf web access)
        ntpd 
        named
        snortd

Note that xinetd is NOT enabled.  

named is up as a forwarding-only caching server for the internal 
network and isn't bound to the external IP address.

sshd is running but requires RSA-based authentication and 
forbids root login.

"Madziarczyk, Jonathan" wrote:
> I've noticed a lot of gripes about how RedHat breaks stuff and how you have
> to disable a lot of stuff to get it secure.

-- 
James Garrison                                Athens Group, Inc.
mailto:jhg () athensgroup com                    5608 Parkcrest Dr
http://www.athensgroup.com                    Austin, TX 78731
PGP: RSA=0x92E90A3B DH/DSS=0x498D331C         (512) 345-0600 x150

_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users