On Thu, Jan 31, 2008 at 12:10:57PM -0800, Rami Sik wrote:
> Hi All,
>
> I am planning to use an old hardware for snort with mysql on top of
> openBSD 4.2. I would appreciate comments/suggestions from anybody using
> snort on openBSD!
Unless you *really*, *really* know what you're doing, don't do this.
IDSes take up a *lot* of time that could almost always be spent more
productively, and this goes double if you are running OSS that you can
audit/patch yourself.
Plus, running Snort doesn't exactly increase the security of the
underlying system. Be careful, at least.
Even if you do decide to run an IDS, set up a log watcher first. It's a
lot more generally useful, finding a lot of other problems as well, and
easier.
And yes, Reyk is right: is there an actual question in there?
Joachim
--
TFMotD: tcpdmatch (8) - tcp wrapper oracle
