Clearing disk
-
Yes I am well aware of the old irc days and slapping someone with a trout..
Do you understand the other meanings that can have? :) And the negative connotation of what a squirrel could mean?
-
@johnpoz Looks like you guys are having a lots of fun without me. Rather than brut force removing files in the consol I went into the two programs that are generating these logs and removed the many check marks for the various things being logged. Additionally I changed the number of days that the logs are saved to 1 day for now until more disk space is freed up. This seems to be working. I think I'll keep these two on for now until I know more of what I'm doing to protect myself. Thanks for the assistance.
-
@ILIKENETGATE said in Clearing disk:
So if you aren't using these two packages what do you use for intrusion protection?
@johnpoz said in Clearing disk:
Why do you think he would need to be using that... What are you doing that you think you need to be using it?
These two - three questions are important.
@ILIKENETGATE : do you really think that snort or Suricata can scan traffic that users, using devices on a local LAN, brought in from the 'dangerous' Internet to their devices ? Nearly all traffic is SSL protected these days.
I do not want - and I do not even want to try, to 'see' what traffic comes over.Btw : by default : nothing comes in what wasn't request (from LAN).
And yes, I'm old school in this way : I do get angry when people do things that they shouldn't do with their PC's.
Like putting the gear box in their car in R (of Race) when they reached 120 miles per hours,
Or opening that mails that really promised a lot of money,
Or it really came from Trump himself.
Etc.
I've seen them all - and still, now and then it get's better every day. I don't need a program to tell me when I see bullshit. A GUI is just great for this : it has always a garbage button, and, like Windows 10, it's they only icon you have on your screen !!Also : command line management isn't human, shouldn't be considered normal, and should be band forever. But, fortunately, I was there when the first 6502 (and 6800) came out. Intel followed just after that with a architectural disgusting 8088 (but history tells us the 'won' the market). In that time everybody searched to control those animals, there was no VGA (or CHA, or Hercules) screen then. A VT compatible terminal was what you got.
So, cryptic commands are what we had to control.
The same commands are still used to control Windows server 2012 these days - big mail and web servers, all the DNS stuff, and better : there is NO web interface to control Internet.
If you really could see what an email is today, you wouldn't believe it : a bunch of 'commands' back from the seventies (last century). But Outlook (or Thunderbird) hides all that for you : these programs use these commands for you.I still do think, today, that people should know what a filesystem is, and how, at least, they can navigate into it, see sizes - you saw your disk full, right ? - so : delete that file (and because were are smarter as other animals : make a backup first ^^)
Btw : FreeBSD (pfSense) is not Linux - isn't iOS (from Apple) but they are all very similar - Our Fat32 or NTFS is just a more modern version of what had before.
Well .. ok... all these words weren't needed, so I'll pound you a real (my !) view of the situation :
When you decided to use packages as Snort and Suricate, you should able able to manage them.Using the GUI where it is possible. Console access isn't an option anymore for 'other' tasks. -
@Gertjan Well I think we're from the same generation. I put myself through college selling Apple ]['s with that 6502 so I realize how far we've come from that. Thank God for the GUI or otherwise we'd be read our news online from a news service called The Source with green letters scrolling across the screen at 300 baud. I was a victim of a hack recently so I'm trying to get my "chops" up better to protect myself so getting the better router and putting up a my best defense has now been planted in my DNA. All your preventative methods you speak of are nice and were practiced by me but to no avail. I can tell you there are a lot of shitty people out there and I would like to do whatever I can to keep them at bay short of simply throwing out my computer but that isn't too practical these days.
...so I keep on keeping on...
-
https://people.clarkson.edu/~jmatthew/publications/SPIE_SnortSuricata_2013.pdf
-
@JohnKaul Thanks John. A bit dated but interesting nonetheless.
-
@ILIKENETGATE said in Clearing disk:
I think I'll keep these two on for now
Your going to continue to run 2 IPS, both at the same time? Really? And you don't see a problem with that?
Dude pick one and use it, if you think is protecting you... Not both! You don't run 2!!
-
@ILIKENETGATE said in Clearing disk:
@JohnKaul Thanks John. A bit dated but interesting nonetheless.
No problem but I hope you didn't miss the point. Date has nothing to do with it; that link was to show you the history -i.e. that one is the replacement for the other (you use one or the other, not both). Read the paper, it's a quick 15 minute read (and it's quite interesting).
@johnpoz said in Clearing disk:
<snip>
Dude pick one and use it, if you think is protecting you... Not both! You don't run 2!!^^ What he said.
-
@JohnKaul No I did read the article. My comment about the datedness of it was that haven't these two leapfrogged each other over the past 6 years since they were both tested. Snort seemed interesting to me with it's $30 a year subscription that helps pay for what they do. Playing devil's advocate, what's wrong using both? It seems my 3100 is keeping up with it and computers are speedy when browsing. Go easy on me as I'm a newby and want learn...
-
@ILIKENETGATE, I'm a newbie too. If the 3100 has more then one core, just run Suricata. But before you turn it on, establish what you want to do with it -i.e. monitor certain aspects of your infrastructure or etc. The point behind them both/either is that you need to check your logs. You use the tool to keep an eye on your setup and make improvements (it is not a "turn it on to keep me safe" thing, per se).
I know nothing, other then a very, very high-level overview of these types of tool(s)--because I hate this hardware and network stuff--so, I'd do a lot of reading if I were you (take what I say with a grain of salt). And if I'm honest, I have a friend--into this network security stuff--who's been urging me down a certain path but what he wants to do will require me to actually do some work, so I'm here only because I'm researching an easy way out. ...I want to just buy a thin client and install OpenBSD on it for my firewall.
-
@ILIKENETGATE Another question. So it looks like reading the article again that Suricata is better overall. I caught a sentence in there that Suricata gleans it's beginnings from Snort's initial work. So does the data that Snort gathers NIDS wise and releases every 30 days in the form of updates, and my $30 a year subscription, work on Suricata if so I'll kill Snort?
-
@JohnKaul Thanks John for your candor...so we'll learn together. Sure wish this was as easy as "turn it on to keep me safe"...
-
You have to pay for snort? I wouldn't pay for anything like that; if Suricata is free, go with it.
@ILIKENETGATE said in Clearing disk:
@JohnKaul Thanks John for your candor...so we'll learn together. Sure wish this was as easy as "turn it on to keep me safe"...
Sure! Me too (and that's why I'm here hanging with you guys, for the moment). I'm more of a SSH/CLI guy (the
/var/logdiscussion above) so you're going to yell at me bit when it comes down to management. -
@JohnKaul No it would take much more than SSH for me to get mad :)
