Re: Linux hardening
From: Daniel Margolis (dmargoli_at_seas.upenn.edu)
Date: Mon, 29 Aug 2005 19:13:17 -0400 To: AragonX <email@example.com>
On Aug 21, 2005, at 8:13 AM, AragonX wrote:
> Installed Smothwall on a separate box.
> Installed & configured AIDE, Snort and chkrootkit
> Ran Bastille
I'm not sure I'd run Snort on the server itself. Given that Snort has
itself had remote code execution vulnerabilities in the past, it's at
best a trade off, and it seems unlikely that the information you get
will be useful in any case but after the fact (unless you're reading
logs religiously). You might gain something by putting Snort on some
other box on the same hub, just for logging purposes, but if I were
you I'd make it a box I didn't care about (i.e. one without anything
important running on it).
Feel free to disagree, of course.