Snort mailing list archives
Re: Snort - VPS web server (Debian)
From: "johnny.venter" <johnny.venter () zoho com>
Date: Mon, 29 Aug 2011 08:41:26 -0700
Could you elaborate on using the "lightest memory setting for the fast pattern matcher"? ---- On Sun, 28 Aug 2011 12:00:54 -0700 Martin Holste<mcholste () gmail com> wrote ----
On such a small server and with such a specific use, I'm not sure running Snort is the right tool for the job. I think mod_security with centralized logging would be a better fit, especially since it's serving mostly static content. That said, Snort should run ok, but make sure you use the lightest memory setting for the fast pattern matcher, and most importantly, that you only run signatures applicable to the services it runs. When you've done all that, what you'll end up with is a system that will create alerts when it notices generic web attacks and high-level HTTP violations, like the Apache range vulnerability of late. All of this will be less specific and more resource-intensive than mod_security, which is why I recommend that you just start with that to begin with. On Sun, Aug 28, 2011 at 12:26 PM, Johnny Venter <Johnny.Venter () zoho com> wrote:Hello, I am looking for guidance/advice. I have a VPS server that is running Debian with Lighttpd and sendmail. The memory is 256MB and the HD space is 10GB. The website I have is very light and mainly static content. Currently, I have iptables installed that permits port 80/443 inbound. I would like to install Snort on this VPS in IPS mode without bringing my system to a crawl. I assume I can disable the preprocessors that I will not need. So I can just enable the web preprocessors? Is this correct and can someone add input if they have completed the same project before? Thanks, Johnny ------------------------------------------------------------------------------ EMC VNX: the world's simplest storage, starting under $10K The only unified storage solution that offers unified management Up to 160% more powerful than alternatives and 25% more efficient. Guaranteed. http://p.sf.net/sfu/emc-vnx-dev2dev _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users Please visit http://blog.snort.org to stay current on all the latest Snort news!
------------------------------------------------------------------------------ EMC VNX: the world's simplest storage, starting under $10K The only unified storage solution that offers unified management Up to 160% more powerful than alternatives and 25% more efficient. Guaranteed. http://p.sf.net/sfu/emc-vnx-dev2dev _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users Please visit http://blog.snort.org to stay current on all the latest Snort news!
Current thread:
- Snort - VPS web server (Debian) Johnny Venter (Aug 28)
- Re: Snort - VPS web server (Debian) Martin Holste (Aug 28)
- Re: Snort - VPS web server (Debian) johnny.venter (Aug 29)
- Re: Snort - VPS web server (Debian) Martin Holste (Aug 29)
- Re: Snort - VPS web server (Debian) Mike Lococo (Aug 30)
- Re: Snort - VPS web server (Debian) johnny.venter (Aug 30)
- Re: Snort - VPS web server (Debian) Martin Holste (Aug 30)
- Re: Snort - VPS web server (Debian) Edward Fjellskål (Aug 30)
- Re: Snort - VPS web server (Debian) johnny.venter (Aug 29)
- Re: Snort - VPS web server (Debian) Martin Holste (Aug 28)