Snort Security ? How to ?

[Always Bishan <bishan4u () yahoo co uk>]

Hi Snorters,

I am installing a RH8 Linux machine in my network
which will serve the purpose of a snort sensor and the
main snort manager.There will be 3 other snort
sensors(all in linux) which will be logging into the
snort manager.

Now I want this Snort Manager and the 3 sensors to be
extremely secure. 
This can be done by:
1. Installing minimum number of packages on all the
boxes.
2. Running Snort as non-root.
3. Logging to the database as non-root.
4. Running Snort in a CHROOT environment.
5. Tight privileges to snort files.

Now, for making above possible, I don't have answers
to the following questions:

1. What are the dependencies of Snort and what minimum
packages do I need to install on the machine whose
purpose is only as a snort sensor? 
2. How do I run snort as a non-root user ?
3. What permissions like SELECT,INSERT,DELETE do I
need to give to snort user for it to work seamlessly
with ACID ?
4. How do I run Snort in a Chroot environment ? (Is
there any document explaining this)

I think if we can answer these, we will have a very
secure snort box.

Please drop in your valuable comments.

Regards,
Bishan


=====
Celebrating Happiness
email: bishan () sumerusolutions com
company: www.sumerusolutions.com

__________________________________________________
Yahoo! Plus
For a better Internet experience
http://www.yahoo.co.uk/btoffer


-------------------------------------------------------
This sf.net email is sponsored by:ThinkGeek
Welcome to geek heaven.
http://thinkgeek.com/sf
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users