Snort mailing list archives
Re: Snort - VPS web server (Debian)
From: Mike Lococo <mikelococo () gmail com>
Date: Tue, 30 Aug 2011 11:08:42 -0400
On 08/28/2011 03:00 PM, Martin Holste wrote:
On such a small server and with such a specific use, I'm not sure running Snort is the right tool for the job. I think mod_security with centralized logging would be a better fit, especially since it's serving mostly static content.
I would reiterate that Snort is probably a poor match for this environment. You say "mostly" dynamic, but are you running a DB at all? You're going to need 32-64MB of memory for that. Do you run PHP? Another 30-120MB depending on the application and the number of processes you use serve active content. You may end up needing a second VPS just to run Snort, and needing to have it do packet forwarding to the web-server. Is anyone actually running Snort with a memory footprint of 128MB or less? Most of my experience is with fairly large high-throughput setups, so maybe I have a warped view of how little RAM Snort can take at the low end. As mentioned, mod-security will let you do signature-based blocking of http attacks (the kind that really matter for a web-server) in just a couple of megs of ram and there are some rulesets that I believe are decent out there like the owasp set. Cheers, Mike Lococo ------------------------------------------------------------------------------ Special Offer -- Download ArcSight Logger for FREE! Finally, a world-class log management solution at an even better price-free! And you'll get a free "Love Thy Logs" t-shirt when you download Logger. Secure your free ArcSight Logger TODAY! http://p.sf.net/sfu/arcsisghtdev2dev _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users Please visit http://blog.snort.org to stay current on all the latest Snort news!
Current thread:
- Snort - VPS web server (Debian) Johnny Venter (Aug 28)
- Re: Snort - VPS web server (Debian) Martin Holste (Aug 28)
- Re: Snort - VPS web server (Debian) johnny.venter (Aug 29)
- Re: Snort - VPS web server (Debian) Martin Holste (Aug 29)
- Re: Snort - VPS web server (Debian) Mike Lococo (Aug 30)
- Re: Snort - VPS web server (Debian) johnny.venter (Aug 30)
- Re: Snort - VPS web server (Debian) Martin Holste (Aug 30)
- Re: Snort - VPS web server (Debian) Edward Fjellskål (Aug 30)
- Re: Snort - VPS web server (Debian) johnny.venter (Aug 29)
- Re: Snort - VPS web server (Debian) Martin Holste (Aug 28)