I am not going to go into it too far, but gore started this thread with a specific purpose in mind. Be that as it may, I watched, saw a lot of useful information to those managing a *nix box, but waited until I could provide something constructive, . I hope it is useful.
I think I have read several, with hundreds more out there I haven't read.
An entire book could be written on custom *nix security mods, ...
I would rate it a 10, but that is me ... why waist time on file permissions if it can be overridden?
In a scale of 10, permissions done wrongly, SUID, and GUID would probably be a 9 on the uh oh.
I would never run SNORT on the same box as a firewall. Is that what was meant? Most ( unlike me ) can afford a separate commercial firewall solution, but in any case, they should be separate. ( Depending on the network design, several SNORT boxes my be necessary. )
The firewall box is running snort, with bleeding snort rules updated daily via a cron job.
As I have stated before, yes, it is GREAT fun, but could lead to problems, including a Dos attack. One must know what they are doing before implementing this filter. If you do, HAVE FUN WITH IT!
I have been playing with a few other iptables matches and extensions. The MIRROR target is great fun, ...
One of the reasons I don't use any of the freely available firewall packages is because any serious firewall will not have a GUI enabled ( x-windows ). If this is an externally facing device, why have anything enabled that does not absolutely have to be running?
With that in mind, my contribution to this thread is this:
How many of you, on a firewall, DNS box, etc., allow GPM ( general purpose mouse) to run?
If so, WHY ? It is enabled by default by all the distros I have encountered, but is unnecessary. Just another avenue to exploit.
Just my opinion.