On Wednesday 25 June 2003 17:14, Rich Lichvar wrote: > Thinking of using a Linux 9.0 box running Snort for detection in the > Untrusted Zone of our network (i.e., before the firewall). I would > like to know the absolute minimum configuration (package/software) > and a suggested hardening script that could be used for this. > > Richard L. Lichvar > Director, Operations > Knowledge Resource Center, Inc. > Phone: 703-848-2100 x228 > Fax: 703-848-4747 > Mobile: 571-221-3430
If you are not looking for real time data, that is, you can live with periodically pulling the data down, just capture packets via tcpdump on your sensor and scp it to a box that's running snort for analysis work for several machines at your convenience. You'll need ssh, tcpdump, and iptables on your sensor. Regards, Mike Klinke -- redhat-list mailing list unsubscribe mailto:[EMAIL PROTECTED] https://www.redhat.com/mailman/listinfo/redhat-list
