Re: Linux hardening

From: Daniel Margolis (
Date: 08/30/05

  • Next message: Kir: "Re[4]: Linux hardening"
    Date: Mon, 29 Aug 2005 19:13:17 -0400
    To: AragonX <>

    On Aug 21, 2005, at 8:13 AM, AragonX wrote:

    > Installed Smothwall on a separate box.
    > Installed & configured AIDE, Snort and chkrootkit
    > Ran Bastille

    I'm not sure I'd run Snort on the server itself. Given that Snort has
    itself had remote code execution vulnerabilities in the past, it's at
    best a trade off, and it seems unlikely that the information you get
    will be useful in any case but after the fact (unless you're reading
    logs religiously). You might gain something by putting Snort on some
    other box on the same hub, just for logging purposes, but if I were
    you I'd make it a box I didn't care about (i.e. one without anything
    important running on it).

    Feel free to disagree, of course.


  • Next message: Kir: "Re[4]: Linux hardening"