Ryan Tandy wrote:
Timothy A. Holmes wrote:
At this point then, I am going to actually build a second box for snort
perhaps using the hardened sources (I am not in the least comfortable
with running hardened on a production box).
Wrong. The correct sentiment should be "I am not in the least
comfortable with running NON-hardened on a production box". :)
ESPECIALLY for network-accessible devices.
While true the first time moving to hardened sources is "interesting"
at minimum and downright painful at its worst. The time is worth it, but
you will break and app or two as well as pull some hair out along the
way depending on the complexity of your environment. However if you're
building a new system do it now if possible rather than after you've got
your applications working or you'll fall victim to the "don't fix what
isn't broken" rule. :)
kashani
--
gentoo-user@gentoo.org mailing list
