Re: snort-stats without mailing...

To: debian-security@lists.debian.org
Subject: Re: snort-stats without mailing...
From: Mike Renfro <renfro@tntech.edu>
Date: Wed, 12 Feb 2003 21:04:09 -0600
Message-id: <[🔎] 20030213030409.GB8277@ch208h>
In-reply-to: <[🔎] 1045095355.695.51.camel@phoenix>
References: <[🔎] 1045095355.695.51.camel@phoenix>

On Thu, Feb 13, 2003 at 12:15:55AM +0000, Ricardo Sousa wrote:

> How can i send/view snort stats without mailing them ?!?

I may be missing how snort sends its logs, but:

* If you're reading the mail on the same system that snort's installed
  on, you can use the "local delivery only" option in eximconfig.

* If you're reading the mail on a different system, I'd think you
  could configure exim (or some other MTA) to not listen on any port
  at all (make sure it's not in inetd, and remove all startup links in
  /etc/rc?.d, since snort probably just uses mail, mailx, or pipes to
  /usr/sbin/sendmail.

Neither option should require an open smtp port, and you'd only be
vulnerable to remote holes in snort or ssh, plus local holes in
whatever else is on the system.

-- 
Mike Renfro  / R&D Engineer, Center for Manufacturing Research,
931 372-3601 / Tennessee Technological University -- renfro@tntech.edu

Reply to:

References:
- snort-stats without mailing...
  - From: Ricardo Sousa <rjsousa@softhome.net>

Prev by Date: Re: snort-stats without mailing...
Next by Date: Unusable Update for Stable
Previous by thread: Re: snort-stats without mailing...
Next by thread: Re: snort-stats without mailing...
Index(es):
- Date
- Thread