RE: Linux hardening
From: Herr (amfj_at_xn--funkstrung-jcb.net)
Date: 09/01/05
- Previous message: Alfred Huger: "Call for new mailing lists @ SecurityFocus"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
To: <focus-linux@securityfocus.com> Date: Wed, 31 Aug 2005 23:17:13 -0700
Run the separate snort box off the spanning port. It can be
totally passive. If you are really paranoid, then print the
logs on a dot matrix.
--Andy
-----Original Message-----
From: Daniel Margolis [mailto:dmargoli@seas.upenn.edu]
Sent: Monday, August 29, 2005 4:13 PM
To: AragonX
Cc: focus-linux@securityfocus.com
Subject: Re: Linux hardening
On Aug 21, 2005, at 8:13 AM, AragonX wrote:
> Installed Smothwall on a separate box.
> Installed & configured AIDE, Snort and chkrootkit
> Ran Bastille
I'm not sure I'd run Snort on the server itself. Given that Snort has
itself had remote code execution vulnerabilities in the past, it's at
best a trade off, and it seems unlikely that the information you get
will be useful in any case but after the fact (unless you're reading
logs religiously). You might gain something by putting Snort on some
other box on the same hub, just for logging purposes, but if I were
you I'd make it a box I didn't care about (i.e. one without anything
important running on it).
Feel free to disagree, of course.
Dan
- Previous message: Alfred Huger: "Call for new mailing lists @ SecurityFocus"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
