Re: SnortCenter2 on FBSD?
--On February 5, 2006 8:50:24 AM -0800 Drew Tomlinson <[EMAIL PROTECTED]> wrote: Thank you for your response. I'm running 6.0 but perl is perl so it shouldn't matter. I'll give it a try and post my results for the archives. Are you going to pursue using it any further even though it allows the admin access through a web interface? If you do, I'd be interested in your results. No. I won't be using snortcenter. I'm working on porting sguil over to FreeBSD, and I do all the rules and other maintenance on the commandline, either manually or through scripting. Paul Schmehl ([EMAIL PROTECTED]) Adjunct Information Security Officer University of Texas at Dallas AVIEN Founding Member http://www.utdallas.edu/ ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: SnortCenter2 on FBSD?
On 2/4/2006 10:53 AM Paul Schmehl wrote: --On February 4, 2006 10:19:09 AM -0800 Drew Tomlinson <[EMAIL PROTECTED]> wrote: Is anyone using SnortCenter2 (http://sourceforge.net/projects/snortcenter2/) on FreeBSD? I see there's a Linux agent but not a FBSD. Maybe it works with FBSD Linux emulation? Not finding any docs on this via Google. Just looking for a little encouragement and direction before heading down this path. Any suggestions appreciated. I just downloaded, unpacked and ran the installs on both parts (sensor and console). They installed just fine. The sensor is written in perl and "knows about" FreeBSD (but only up to version 5.0, which is a little behind). During setup you'll be prompted for the OS you're using and its version. It runs fine on my 5.4 box. The console is written in php and requires nothing more than creating a directory, editing your httpd.conf file and running the setup program through your web browser (if you don't already have your db setup.) It doesn't look like there's much to it, but I've never used it, so I can't really say how well it works or whether it's worthwhile. It *does* use its own copy of webmin, and runs its own webserver on an unprivileged port. I personally don't care for *any* tool that allows admins to access a box through a web interface to do administrative work, but that's personal preference. Your situation may be completely different from mine, and your risk factors may be completely different from mine. Thank you for your response. I'm running 6.0 but perl is perl so it shouldn't matter. I'll give it a try and post my results for the archives. Are you going to pursue using it any further even though it allows the admin access through a web interface? If you do, I'd be interested in your results. Thanks, Drew -- Visit The Alchemist's Warehouse Magic Tricks, DVDs, Videos, Books, & More! http://www.alchemistswarehouse.com ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: SnortCenter2 on FBSD?
--On February 4, 2006 10:19:09 AM -0800 Drew Tomlinson <[EMAIL PROTECTED]> wrote: Is anyone using SnortCenter2 (http://sourceforge.net/projects/snortcenter2/) on FreeBSD? I see there's a Linux agent but not a FBSD. Maybe it works with FBSD Linux emulation? Not finding any docs on this via Google. Just looking for a little encouragement and direction before heading down this path. Any suggestions appreciated. I just downloaded, unpacked and ran the installs on both parts (sensor and console). They installed just fine. The sensor is written in perl and "knows about" FreeBSD (but only up to version 5.0, which is a little behind). During setup you'll be prompted for the OS you're using and its version. It runs fine on my 5.4 box. The console is written in php and requires nothing more than creating a directory, editing your httpd.conf file and running the setup program through your web browser (if you don't already have your db setup.) It doesn't look like there's much to it, but I've never used it, so I can't really say how well it works or whether it's worthwhile. It *does* use its own copy of webmin, and runs its own webserver on an unprivileged port. I personally don't care for *any* tool that allows admins to access a box through a web interface to do administrative work, but that's personal preference. Your situation may be completely different from mine, and your risk factors may be completely different from mine. Paul Schmehl ([EMAIL PROTECTED]) Adjunct Information Security Officer University of Texas at Dallas AVIEN Founding Member http://www.utdallas.edu/ ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
