snort
This is a discussion on snort within the Linux Security forums, part of the System Security and Security Related category; Hi! I have a standalone machine with the cable Internet connection. I am running shorewall and I read a little ...
|
|||||||
| FAQ | Members List | Calendar | Search | Today's Posts | Mark Forums Read |
12-09-2006
|
|||
|
|||
Re: snort
ajtiM <starikarp@linuxquestions.net>:
> > I have a standalone machine with the cable Internet connection. I am running > shorewall and I read a little about Snort. It is too paranoid to install > snort on the standalone computer? How can we possibly answer that for you? Do you have reason to be paranoid? How paranoid? -- Any technology distinguishable from magic is insufficiently advanced. (*) http://www.spots.ab.ca/~keeling Linux Counter #80292 - - http://www.faqs.org/rfcs/rfc1855.html Please, don't Cc: me. Spammers! http://www.spots.ab.ca/~keeling/emails.html 
|
|
12-10-2006
|
|||
|
|||
|
Re: snort
notbob <notbob@nothome.com>:
> On 2006-12-09, s. keeling <keeling@spots.ab.ca> wrote: > > > How can we possibly answer that for you? Do you have reason to be > > paranoid? How paranoid? > > Could your reply be any more useless? How useless? You call that useless? Asking for information with which to solve a problem? Glad you're not working for me. Snarky replies; now that's useless. -- Any technology distinguishable from magic is insufficiently advanced. (*) http://www.spots.ab.ca/~keeling Linux Counter #80292 - - http://www.faqs.org/rfcs/rfc1855.html Please, don't Cc: me. Spammers! http://www.spots.ab.ca/~keeling/emails.html
|
|
12-10-2006
|
|||
|
|||
|
Re: snort
In comp.os.linux.security s. keeling <keeling@spots.ab.ca>:
> ajtiM <starikarp@linuxquestions.net>: >> I have a standalone machine with the cable Internet connection. I am running >> shorewall and I read a little about Snort. It is too paranoid to install >> snort on the standalone computer? > How can we possibly answer that for you? Do you have reason to be > paranoid? How paranoid? Indeed, IMHO the general problem with snort and alike stuff is it tends to obscure many people more then anything and doesn't help an inch if you are missing the required skills to interpret what the logs want to tell you. In general, applying all distro updates on a regular base, keeping services not reachable from the internet should be enough to stay clean. At least disable direct root logins via ssh, if you think you really need to enable outside ssh access, sometimes it might be possible to reduce access to a few hosts/networks which would help in addition. Extra points for allowing key login only. -- Michael Heiming (X-PGP-Sig > GPG-Key ID: EDD27B94) mail: echo zvpunry@urvzvat.qr | perl -pe 'y/a-z/n-za-m/' #bofh excuse 46: waste water tank overflowed onto computer
|
|
12-16-2006
|
|||
|
|||
|
Re: snort
ajtiM wrote: > > Hi! > > I have a standalone machine with the cable Internet connection. I am running > shorewall and I read a little about Snort. It is too paranoid to install > snort on the standalone computer? > > Thanks in advance... Do you have a router? Shorewall can be used with a hardware firewall (router).
|
Linear Mode
