Snort mailing list archives
Re: Linux distro for Snort inline as IPS
From: Sec_Aficiondado <secaficionado () gmail com>
Date: Tue, 26 Jan 2016 12:59:04 -0500
Thanks to all that replied. I haven't tried CentOS or FreeBSD but I'll look into both. I also thought of LFS, but it might be too much work to keep it up to date. If I find something really outstanding out there I'll report back.
On Jan 26, 2016, at 9:17 AM, Avery Rozar <avery.rozar () insecure-it com> wrote: I use both CentOS and FreeBSD both minimal and they work fantastic. For great inline throughput on CentOS you will want to try PF_RING ZC (Zero Copy) but you will need a license, but on FreeBSD you can use netmap and it requires no license. Also with FreeBSD if you uke pkg to install packages you can run "pkg audit" and find known vulnerabilities in installed packages.On Tue, Jan 26, 2016 at 8:45 AM, <wkitty42 () windstream net> wrote: On 01/25/2016 09:47 PM, Jeff H wrote:I don't think Security Onion would be a good fit. Inline IPS mode isn't supported and it has quite a bit of additional NSM software running by default that would need to be disabled if only Snort is required. I'm not aware of any specific stripped down distros for running Snort inline, I would start with a well supported minimal Linux distro and add what is needed.i agree with this... not only a well supported distro but one with long term support, too... you do not want a rolling bleeding edge to deal with in addition trying to stay up on network security... -- NOTE: No off-list assistance is given without prior approval. *Please keep mailing list traffic on the list* unless private contact is specifically requested and granted. ------------------------------------------------------------------------------ Site24x7 APM Insight: Get Deep Visibility into Application Performance APM + Mobile APM + RUM: Monitor 3 App instances at just $35/Month Monitor end-to-end web transactions and take corrective actions now Troubleshoot faster and improve end-user experience. Signup Now! http://pubads.g.doubleclick.net/gampad/clk?id=267308311&iu=/4140 _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users Please visit http://blog.snort.org to stay current on all the latest Snort news!------------------------------------------------------------------------------ Site24x7 APM Insight: Get Deep Visibility into Application Performance APM + Mobile APM + RUM: Monitor 3 App instances at just $35/Month Monitor end-to-end web transactions and take corrective actions now Troubleshoot faster and improve end-user experience. Signup Now! http://pubads.g.doubleclick.net/gampad/clk?id=267308311&iu=/4140 _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users Please visit http://blog.snort.org to stay current on all the latest Snort news!
------------------------------------------------------------------------------ Site24x7 APM Insight: Get Deep Visibility into Application Performance APM + Mobile APM + RUM: Monitor 3 App instances at just $35/Month Monitor end-to-end web transactions and take corrective actions now Troubleshoot faster and improve end-user experience. Signup Now! http://pubads.g.doubleclick.net/gampad/clk?id=267308311&iu=/4140
_______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users Please visit http://blog.snort.org to stay current on all the latest Snort news!
Current thread:
- Linux distro for Snort inline as IPS Sec_Aficiondado (Jan 25)
- Re: Linux distro for Snort inline as IPS James Lay (Jan 25)
- Re: Linux distro for Snort inline as IPS Jeff H (Jan 25)
- Re: Linux distro for Snort inline as IPS wkitty42 (Jan 26)
- Re: Linux distro for Snort inline as IPS Avery Rozar (Jan 26)
- Re: Linux distro for Snort inline as IPS Sec_Aficiondado (Jan 26)
- Re: Linux distro for Snort inline as IPS Jeff H (Jan 25)
- Re: Linux distro for Snort inline as IPS James Lay (Jan 25)