Snort is running under an own userid/group pair snort/snort. This should make sure that any buffer overflow not yet fixed (if any) only gets the rights the snort user has. For people for whom this is not enough you might use a changeroot'ed environment using snort's command line option -t. But please don't ask me how to create it, I've never done it and maybe will not do it anytime.
As with all security related systems don't allow more services as needed. If you do a standard installation of any linux distribution take a look into /etc/inetd.conf if your distribution is still using the older inetd or /etc/xinetd.d/* on an xinetd based system and disable all services not really vital for your system. E.g. you don't want to use telnet, replace it with ssh.
Also take a look at the initscripts, on a Sytem V based system like RedHat found in /etc/rc.d/init.d/*. If there are any services like nfs and portmap which you don't use on such a system delete the corresponding packages completely.
And you should read a lot of security related papers and HOWTOs, like the Security-HOWTO, the System Administrators Guide or Network Administrator guide.
Закладки на сайте
Проследить за страницей
Created 1996-2023 by Maxim Chirkov
Добавить, Поддержать, Вебмастеру