Snort mailing list archives

Re: Two easy questions

From: Demetri Mouratis <dmourati () cm math uiuc edu>
Date: Thu, 15 Apr 2004 12:23:07 -0500 (CDT)

On Thu, 15 Apr 2004 dlimanov () sct com wrote:

1. Does anyone have a list of steps necessary to harden the OS prior to
installing Snort? Or will standard "Securing Linux" checklist is adequate
enough?


There are several considerations here depnding on how you want to use
snort, and where in your network the snort box will run.  The standard
securing linux checklist is probably a good starting point.  Other steps
include using an interface without a IP address, logging to a remote box
(database or syslog), and preventing remote and unauthorized
physical access to the snort box.  The number of additional steps you take
should be roughly proportional to the sensitivity of the data snort is
looking at: e.g., snort running in NIDS mode in your DMZ should be more
secure than snort running on in packet sniffing mode on an intranet web
server.

2. Is there a IDSCenter alternative for Linux? I'm trying to get a
user-friendly, no-nonsense GUI interface for managing snort and its
configuration. I've looked at various free products and few commercial
ones but they do appear a bit complicated for a non-Linux guru. I don't
need advanced functionality of SourceFire or PureSecure; IDSCenter (the
way it looks and operates on Windows) would be the optimal solution for my
testing environment.


I've had very good results with acid:
http://acidlab.sourceforge.net/

Good luck.



---------------------------------------------------------------------
Demetri Mouratis
dmourati at linfactory.com



-------------------------------------------------------
This SF.Net email is sponsored by: IBM Linux Tutorials
Free Linux tutorial presented by Daniel Robbins, President and CEO of
GenToo technologies. Learn everything from fundamentals to system
administration.http://ads.osdn.com/?ad_id=1470&alloc_id=3638&op=click
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users

Current thread:

Two easy questions dlimanov (Apr 15)
- Re: Two easy questions Demetri Mouratis (Apr 15)
- <Possible follow-ups>
- Re: Two easy questions John Creegan (Apr 15)