<HTML ><HEAD ><TITLE >Security Issues</TITLE ><META NAME="GENERATOR" CONTENT="Modular DocBook HTML Stylesheet Version 1.76b+ "><LINK REL="HOME" TITLE="Snort-Setup for Statistics HOWTO" HREF="index.html"><LINK REL="PREVIOUS" TITLE="Configuration" HREF="configuration.html"><LINK REL="NEXT" TITLE="Getting Help" HREF="help.html"></HEAD ><BODY CLASS="SECT1" BGCOLOR="#FFFFFF" TEXT="#000000" LINK="#0000FF" VLINK="#840084" ALINK="#0000FF" ><DIV CLASS="NAVHEADER" ><TABLE SUMMARY="Header navigation table" WIDTH="100%" BORDER="0" CELLPADDING="0" CELLSPACING="0" ><TR ><TH COLSPAN="3" ALIGN="center" >Snort-Setup for Statistics HOWTO</TH ></TR ><TR ><TD WIDTH="10%" ALIGN="left" VALIGN="bottom" ><A HREF="configuration.html" ACCESSKEY="P" >Prev</A ></TD ><TD WIDTH="80%" ALIGN="center" VALIGN="bottom" ></TD ><TD WIDTH="10%" ALIGN="right" VALIGN="bottom" ><A HREF="help.html" ACCESSKEY="N" >Next</A ></TD ></TR ></TABLE ><HR ALIGN="LEFT" WIDTH="100%"></DIV ><DIV CLASS="SECT1" ><H1 CLASS="SECT1" ><A NAME="SECURITY-ISSUES">5. Security Issues</H1 ><P > Snort is running under an own userid/group pair <EM >snort/snort</EM >. This should make sure that any buffer overflow not yet fixed (if any) only gets the rights the snort user has. For people for whom this is not enough you might use a changeroot'ed environment using snort's command line option <EM >-t</EM >. But please don't ask me how to create it, I've never done it and maybe will not do it anytime. </P ><P > As with all security related systems don't allow more services as needed. If you do a standard installation of any linux distribution take a look into <EM >/etc/inetd.conf</EM > if your distribution is still using the older inetd or <EM >/etc/xinetd.d/*</EM > on an <EM >xinetd</EM > based system and disable all services not really vital for your system. E.g. you don't want to use telnet, replace it with ssh. </P ><P > Also take a look at the initscripts, on a Sytem V based system like RedHat found in <EM >/etc/rc.d/init.d/*</EM >. If there are any services like <EM >nfs</EM > and <EM >portmap</EM > which you don't use on such a system delete the corresponding packages completely. </P ><P > And you should read a lot of security related papers and HOWTOs, like the <EM >Security-HOWTO</EM >, the <EM >System Administrators Guide</EM > or <EM >Network Administrator guide.</EM > </P ><P > Or take a look on various security related websites like <A HREF="http://www.securityfocus.com/" TARGET="_top" >http://www.securityfocus.com/</A >, <A HREF="http://www.linuxsecurity.org/" TARGET="_top" >http://www.linuxsecurity.org/</A > or <A HREF="http://www.insecure.org/" TARGET="_top" >http://www.insecure.org/</A > </P ></DIV ><DIV CLASS="NAVFOOTER" ><HR ALIGN="LEFT" WIDTH="100%"><TABLE SUMMARY="Footer navigation table" WIDTH="100%" BORDER="0" CELLPADDING="0" CELLSPACING="0" ><TR ><TD WIDTH="33%" ALIGN="left" VALIGN="top" ><A HREF="configuration.html" ACCESSKEY="P" >Prev</A ></TD ><TD WIDTH="34%" ALIGN="center" VALIGN="top" ><A HREF="index.html" ACCESSKEY="H" >Home</A ></TD ><TD WIDTH="33%" ALIGN="right" VALIGN="top" ><A HREF="help.html" ACCESSKEY="N" >Next</A ></TD ></TR ><TR ><TD WIDTH="33%" ALIGN="left" VALIGN="top" >Configuration</TD ><TD WIDTH="34%" ALIGN="center" VALIGN="top" > </TD ><TD WIDTH="33%" ALIGN="right" VALIGN="top" >Getting Help</TD ></TR ></TABLE ></DIV ></BODY ></HTML >
