[plug] 1) interpreting snort data 2) Security Patches for kernel 2.4
Daniel
cottmain at yahoo.com.au
Thu Jan 3 20:42:22 WST 2002
Hi Mike and Plug,
I was just musing over my lack of understanding of firewalls and logs
[among other things]... then I found the following. Is this what you are
after?
1) interpreting snort data
http://www.grsecurity.net/misc.htm
"grsparse is the only snort logfile parser written in pure c that acts as a
cgi and outputs the logs in an organized way in HTML format. It's
incredibly fast, features ip whois, nslookup, and domain whois all with
internal code. It also allows you to sort by any criteria, and gives you a
rundown of the most and least recurring of each field. It requires snort
v1.8+ and the the snort config available on www.snort.org Now uses
autoconf, so it will work on any operating system that can run snort. "
2) Security Patches for kernel 2.4
http://www.grsecurity.net/
"Grsecurity is the most extensive set of security patches to the 2.4 tree
of Linux kernels to date. It features ports of popular security patches for
the 2.2 tree of Linux kernels (such as Openwall, available at
http://www.openwall.com/linux), its own ACL system, various other adapted
features (such as the Trusted Path Execution and random IP ID
implementations), as well as a great deal of enhanced auditing/logging
features. It also includes the work of PaX, available at
http://pageexec.virtualave.net. The goal of the project is to create the
most secure system possible while requiring minimum configuration. With
every new version that is released, that goal is being more fully realized."
Regards,
Daniel.
At 19:03 3/01/2002 +0800, Michael Hunt wrote:
>...snip...
>Anyone have any links on how to interpret snort data ???
>
>Maybe a Linux security guru could give a PLUG talk ??? Maybe a Linux
>security guru will give a talk at LCA 2002 ??? Or maybe even at 2003 ???
>(Can I wait that long ????)
>
>Maybe I should become a Linux security guru !!!
>Michael Hunt
More information about the plug
mailing list