Snort mailing list archives

Re: Installing a new SNORT box

From: John Sage <jsage () finchhaven com>
Date: Wed, 05 Dec 2001 22:22:07 -0800

Thatcher:

snort in-and-of itself doesn't need any services running (in the sensethat "sevices" is usually meant..) to run by itself on a box..

What other services you run depends on what other functionality that boxwill have..

If it's *really* a firewall some would say that it shouldn't be runningany other services at all, if by services you mean httpd, ssh, ftp,mail, dns, etc etc, but just filtering packets and sending them onwardinto the rest of your network.

How will you administer the firewall? Can you always work right at itskeyboard, or will you ever need remote access?


What sort of throughput does your LAN produce?

A 233mhz with 128meg can do a lot; but "how big a box do I need" is oneof those questions that often gets answered "That depends..."


- John


Thatcher Rea wrote:

        I have spent some time doing research about installing a snort box
onto our Windows LAN. Because I'm really a Linux newbie I don't want to have
the snort box itself hacked into, I'm trying to isolate only those
daemons/services that I need to have for SNORT. I have decided to installed
snort on a PC-clone running RedHat Linux 7.2. I have read several articles
on Linux-Sec.net, and they have given me some good starting ideas, but I'm
not certain of which services SNORT needs to run. Assuming I was going to
have an installation of SNORT 1.8.3 that used all the bells and whistles,
what needs to run? Also, what kind of hardware requirements do I need for
this machine? I have been given a PentiumII 233mhz machine with 128mb RAM
and a 2GB hard drive to use, but I'm sure if this is enough. I'm sure
questions like this have been asked before, so If someone could point me to
a site with appropriate answers rather than re-answering questions that
would be great. Cheers.





_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users

Current thread:

Installing a new SNORT box Thatcher Rea (Dec 05)
- Re: Installing a new SNORT box John Sage (Dec 05)
- Re: Installing a new SNORT box Mike Shaw (Dec 06)
- <Possible follow-ups>
- RE: Installing a new SNORT box Chris Eidem (Dec 06)