[Snort-users] Snort Security ? How to ?

From: Always Bishan <bishan4u(at)yahoo.co.uk>
Date: Sun Apr 20 2003 - 02:57:00 EDT

Hi Snorters,

I am installing a RH8 Linux machine in my network which will serve the purpose of a snort sensor and the main snort manager.There will be 3 other snort sensors(all in linux) which will be logging into the snort manager.

Now I want this Snort Manager and the 3 sensors to be extremely secure.
This can be done by:
1. Installing minimum number of packages on all the boxes.

2. Running Snort as non-root.
3. Logging to the database as non-root.
4. Running Snort in a CHROOT environment.
5. Tight privileges to snort files.

Now, for making above possible, I don't have answers to the following questions:

1. What are the dependencies of Snort and what minimum packages do I need to install on the machine whose purpose is only as a snort sensor?
2. How do I run snort as a non-root user ?
3. What permissions like SELECT,INSERT,DELETE do I need to give to snort user for it to work seamlessly with ACID ?
4. How do I run Snort in a Chroot environment ? (Is there any document explaining this)

I think if we can answer these, we will have a very secure snort box.

Please drop in your valuable comments.

Regards,
Bishan

---

Celebrating Happiness
email: bishan@sumerusolutions.com
company: www.sumerusolutions.com

---

Yahoo! Plus
For a better Internet experience
http://www.yahoo.co.uk/btoffer

---

This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven.
http://thinkgeek.com/sf

---

Snort-users mailing list
Snort-users@lists.sourceforge.net
Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users Received on Sun Apr 20 03:09:20 2003