-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
I'll tell brad spangler where to send the check ;)
But seriously, byte_jump is absolutely correct here -- PaX and
GRSecurity (hell, hardened Gentoo too) are awesome security solutions
for linux systems. PaX/GRSec are kernel patches that stop many common
exploits dead in the water. Harened Gentoo is all of the above plus
more. They are not hackerproof (dare I say nothing is, most vuln
developers are smarter than the average coder), but they should stop a
good number of the script-kiddies out there.
Hardened Gentoo can be a little difficult to get up and running
(ofcourse, I was running it almost 2 years ago and had to do things the
HARD way before they fixed Xorg, tool chain problems, etc) but once you
get the hang of it, it's beautiful.
If I was (re)building all my snort sensors I'd go the pax/grsec route.
What's the point of an IDS if it gets hacked?
Oh, and solar (of Hardened Gentoo) says that the harened Gentoo Herd
explicitly brands gcc to provide the SSP/PIE info in gcc -v; the rest
don't show that info even if they have it. A better way to check if
your GCC has -fstack-protector is to look in the man page. You can't
just try running 'gcc -fstack-protector' either, because it will simply
accept it as a valid switch even if it isn't.
byte_jump wrote:
ProPolice:
http://www.research.ibm.com/trl/projects/security/ssp/
You need to have a GCC that has stack-smash-protector (SSP)
functionality. You can see if your GCC does by issuing the following
command:
gcc -v
If your gcc has SSP built in, it will output something like this:
gcc version 3.3.4 20040623 (Gentoo Hardened Linux 3.3.4-r1,
ssp-3.3.2-2, pie-8.7.6)
The "ssp" and "pie" (Position-Independent Executable) are what you
want to see. During compilation you want to see something like
"fstack-protector" in the compilation output. You can Google for more
info, but those are the basics.
Grsecurity and PaX can be found here:
http://grsecurity.net/
http://pax.grsecurity.net/
Those are patches for the Linux kernel and I highly recommend that you
read the info available on grsecurity's site. The "features" page has
quite a list describing what grsecurity does:
http://grsecurity.net/features.php
On 10/26/05, Ron Jenkins <rjenkins@dibr.net> wrote:
Hello
Do you have web links for those two? I am interested in looking at them.
Thanks much...
-------------------------------------------------------
This SF.Net email is sponsored by the JBoss Inc.
Get Certified Today * Register for a JBoss Training Course
Free Certification Exam for All Training Attendees Through End of 2005
Visit http://www.jboss.com/services/certification for more information
_______________________________________________
Snort-users mailing list
Snort-users@lists.sourceforge.net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.6 (GNU/Linux)
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org
iD8DBQFDYFLH3rKdb192Vz8RAgogAKCQDyXpef+pgOS01adOHMh2EGlUOACfT7Kj
6mM/mhTssnvtDeEHqAAmwGQ=
=84+c
-----END PGP SIGNATURE-----
-------------------------------------------------------
This SF.Net email is sponsored by the JBoss Inc.
Get Certified Today * Register for a JBoss Training Course
Free Certification Exam for All Training Attendees Through End of 2005
Visit http://www.jboss.com/services/certification for more information
_______________________________________________
Snort-users mailing list
Snort-users@lists.sourceforge.net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
