[plug] 1) interpreting snort data 2) Security Patches for kernel 2.4

[Daniel]

Hi Mike and Plug,
I was just musing over my lack of understanding of firewalls and logs 
[among other things]... then I found the following.  Is this what you are 
after?

1) interpreting snort data
http://www.grsecurity.net/misc.htm
"grsparse is the only snort logfile parser written in pure c that acts as a 
cgi and outputs the logs in an organized way in HTML format. It's 
incredibly fast, features ip whois, nslookup, and domain whois all with 
internal code. It also allows you to sort by any criteria, and gives you a 
rundown of the most and least recurring of each field. It requires snort 
v1.8+ and the the snort config available on www.snort.org Now uses 
autoconf, so it will work on any operating system that can run snort. "

2) Security Patches for kernel 2.4
http://www.grsecurity.net/
"Grsecurity is the most extensive set of security patches to the 2.4 tree 
of Linux kernels to date. It features ports of popular security patches for 
the 2.2 tree of Linux kernels (such as Openwall, available at 
http://www.openwall.com/linux), its own ACL system, various other adapted 
features (such as the Trusted Path Execution and random IP ID 
implementations), as well as a great deal of enhanced auditing/logging 
features. It also includes the work of PaX, available at 
http://pageexec.virtualave.net. The goal of the project is to create the 
most secure system possible while requiring minimum configuration. With 
every new version that is released, that goal is being more fully realized."

Regards,
Daniel.
At 19:03 3/01/2002 +0800, Michael Hunt wrote:
>...snip...
>Anyone have any links on how to interpret snort data ???
>
>Maybe a Linux security guru could give a PLUG talk ??? Maybe a Linux
>security guru will give a talk at LCA 2002 ??? Or maybe even at 2003 ???
>(Can I wait that long ????)
>
>Maybe I should become a Linux security guru !!!
>Michael Hunt