Snort mailing list archives
RE: Snort on RedHat x.x
From: "Madziarczyk, Jonathan" <than () cityofevanston org>
Date: Mon, 10 Dec 2001 17:41:46 -0600
Thanks all, this gives me a lot to go on...we'll see how it goes :-) Peace, JonM -----Original Message----- From: GeEk [mailto:koolman () visi0n net] Sent: Monday, December 10, 2001 1:24 PM To: J. Craig Woods Cc: Madziarczyk, Jonathan; 'snort-users () lists sourceforge net' Subject: Re: [Snort-users] Snort on RedHat x.x Actually you should run it from the inside and the outside... if you run it just from the out side then you are counting on your firewall to block ports where was a good security policy is to always have multiple levels of security... Hardware Firewall, Software Firewall, Patches, TCP Wrappers, SSH, etc.... NMAP is good but you might also want to check out nessus... If you do do portscans from the internet you want to be sure you can't see anything besides the bare minimum for access... There where other posts about dissabeling services with chkconfig that is always good but I suggest uninstalling all servers you don't need... there is no point is leaving telnet-server installed if you don't need it.. also NTP is a major security risk keep all NTP traffic to teh internet at a minimum. If you need ntp make one server send requests out to the internet and then make other servers in your DMZ query that one server. -- LinSys http://www.visi0n.net Unix / Security Online Info ----- When you die and your life flashes before your eyes does that include the part where your life flashes before your eyes? ----- On Mon, 10 Dec 2001, J. Craig Woods wrote:
Make sure you are on the outside of your network when you run this
nmap....
j. c, woods, UNIX SA At 01:37 PM 12/10/2001 -0500, GeEk wrote:Do this... nmap -sT <your boxes IP> and any ports your see open dissable them...
this
will give you a good starting point... telnet, snmp, dns, rpc services, ntp, nfs, be sure to install TCP Wrappers, Set up ipchians or iptables... RedHat can be secure it's all about what the admin does to make it that way... -- LinSys
_______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Snort on RedHat x.x Madziarczyk, Jonathan (Dec 10)
- Re: Snort on RedHat x.x GeEk (Dec 10)
- Re: Snort on RedHat x.x James Garrison (Dec 10)
- RE: Snort on RedHat x.x Ricardo Londono (Dec 10)
- Message not available
- Re: Snort on RedHat x.x J. Craig Woods (Dec 10)
- Re: Snort on RedHat x.x GeEk (Dec 10)
- Re: Snort on RedHat x.x J. Craig Woods (Dec 10)
- <Possible follow-ups>
- RE: Snort on RedHat x.x Madziarczyk, Jonathan (Dec 10)