[WBEL-users] Re: OT: best IDS / Securesystem with / for WBEL
Jason Becker
jason@coalescentsystems.ca
Wed, 21 Jul 2004 12:51:35 -0600
From: Stefan Sabolowitsch <Stefan.Sabolowitsch@feltengmbh.de>
To: whitebox-users@beau.org
Date: Wed, 21 Jul 2004 12:22:35 +0200
Subject: [WBEL-users] OT: best IDS / Securesystem with / for WBEL
Ask onto the experts : -) .
How do I make my server(s) secure?
What is the best combination?
To example with samhain + snare + snort (possibly with central log server
for that).
***
I'm no security expert so take my comments with a grain of salt but... IDS are notorious for producing false positives and in general are difficult to use in practice.
My suggestion would be to run Nessus against your server and follow the advice/suggestions it offers. Bastille Linux also provides a hardening "script" which may work with WBEL (Can anyone else confirm? I haven't tried it...)
Cheers
Jason
P.S.
Nessus will report a "Security Hole" on the version of openssh server used in WBEL but that is not the case. Red Hat backport security fixes. Check the mailing list archives for coverage of this concern.