Snort mailing list archives
Re: Minimal OS installation for a Snort sensor
From: "sunzi" <sunzi () mod-x co uk>
Date: Mon, 30 Jun 2003 09:35:26 -0400
Guy Bruneau (http://www.whitehats.ca/main/members/Seeker/Seeker.html) maintains an excellent distro called 'ShadowSlack' which is the Shadow IDS on hardened Slackware 9.0.0. The docs state that the install (using Shadow, not Snort) is only ~150mb. Version 3.0 includes Snort 2.0.0. I've used it for over a year now with excellent results on 486-grade systems. You can get the ISO and Install instructions from www.whitehats.ca hth, sunzi ----- Original Message ----- From: "Donofrio, Lewis" <donofrio () umich edu> To: <snort-users () sourceforge net> Sent: Monday, June 30, 2003 8:37 AM Subject: RE: [Snort-users] Minimal OS installation for a Snort sensor I've used my smoothie for years, enjoy. ______________________________________________________________________ Lewis Donofrio () umich edu College of Literature, Science, & Arts 1007 East Huron, Room 201, BetaID:243340 Cell: (734) 323-8776 Ann Arbor,MI 48104-1690 www.umich.edu/~donofrio Fax: (734) 647-8333 -----Original Message----- From: tim.otten [mailto:tim.otten () ntlworld com] Sent: Tuesday, June 24, 2003 10:16 AM To: 'Francesco' Cc: snort-users () sourceforge net Subject: RE: [Snort-users] Minimal OS installation for a Snort sensor Try: http://www.smoothwall.org/ Or: http://www.ipcop.org/cgi-bin/twiki/view/IPCop/WebHome -----Original Message----- From: snort-users-admin () lists sourceforge net [mailto:snort-users-admin () lists sourceforge net] On Behalf Of Francesco Sent: 24 June 2003 06:16 To: snort-users () lists sourceforge net Subject: [Snort-users] Minimal OS installation for a Snort sensor I remember a 20 months old document at SANS by Mr. Metcalf that is a very detailed guide for a mixed Linux/Windows configuration where there are useful indication for a minimal (Linux RH) OS installation to be used for the sensor. By reducing the number of unnecessary components we can avoid waste of resources and also reduce the chance that weak components can be a cause of failure (vulnerability at first). Does anyone have his own indication for such configuration with recent OS releases (Linux as well as BSD)? Hope this question can be useful to newbies, but also to experts to review their "defaults" Francesco ------------------------------------------------------- This SF.Net email is sponsored by: INetU Attention Web Developers & Consultants: Become An INetU Hosting Partner. Refer Dedicated Servers. We Manage Them. You Get 10% Monthly Commission! INetU Dedicated Managed Hosting http://www.inetu.net/partner/index.php _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users ------------------------------------------------------- This SF.Net email is sponsored by: INetU Attention Web Developers & Consultants: Become An INetU Hosting Partner. Refer Dedicated Servers. We Manage Them. You Get 10% Monthly Commission! INetU Dedicated Managed Hosting http://www.inetu.net/partner/index.php _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users ------------------------------------------------------- This SF.Net email sponsored by: Free pre-built ASP.NET sites including Data Reports, E-commerce, Portals, and Forums are available now. Download today and enter to win an XBOX or Visual Studio .NET. http://aspnet.click-url.com/go/psa00100006ave/direct;at.asp_061203_01/01 _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=ort-users ------------------------------------------------------- This SF.Net email sponsored by: Free pre-built ASP.NET sites including Data Reports, E-commerce, Portals, and Forums are available now. Download today and enter to win an XBOX or Visual Studio .NET. http://aspnet.click-url.com/go/psa00100006ave/direct;at.asp_061203_01/01 _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Minimal OS installation for a Snort sensor Francesco (Jun 23)
- RE: Minimal OS installation for a Snort sensor tim.otten (Jun 24)
- <Possible follow-ups>
- RE: Minimal OS installation for a Snort sensor Donofrio, Lewis (Jun 30)
- Preprocessor2-ignorehosts NOT WORKING. LucAdmin (Jun 30)
- Re: Preprocessor2-ignorehosts NOT WORKING. Ciprian Badescu (Jun 30)
- RE: Preprocessor2-ignorehosts NOT WORKING. LucAdmin (Jun 30)
- Re: Preprocessor2-ignorehosts NOT WORKING. Matt Kettler (Jun 30)
- Preprocessor2-ignorehosts NOT WORKING. LucAdmin (Jun 30)
- Re: Minimal OS installation for a Snort sensor sunzi (Jun 30)