[Snort-users] Snort - VPS web server (Debian)

johnny.venter johnny.venter at ...15370...
Mon Aug 29 11:41:26 EDT 2011


Could you elaborate on using the "lightest memory setting for the fast pattern matcher"?

---- On Sun, 28 Aug 2011 12:00:54 -0700 Martin Holste<mcholste at ...11827...> wrote ---- 

 > On such a small server and with such a specific use, I'm not sure 
 > running Snort is the right tool for the job.  I think mod_security 
 > with centralized logging would be a better fit, especially since it's 
 > serving mostly static content.  That said, Snort should run ok, but 
 > make sure you use the lightest memory setting for the fast pattern 
 > matcher, and most importantly, that you only run signatures applicable 
 > to the services it runs.  When you've done all that, what you'll end 
 > up with is a system that will create alerts when it notices generic 
 > web attacks and high-level HTTP violations, like the Apache range 
 > vulnerability of late.  All of this will be less specific and more 
 > resource-intensive than mod_security, which is why I recommend that 
 > you just start with that to begin with. 
 >  
 > On Sun, Aug 28, 2011 at 12:26 PM, Johnny Venter <Johnny.Venter at ...15370...> wrote: 
 > > Hello, 
 > > 
 > > I am looking for guidance/advice. 
 > > 
 > > I have a VPS server that is running Debian with Lighttpd and sendmail.  The memory is 256MB and the HD space is 10GB. 
 > > 
 > > The website I have is very light and mainly static content. 
 > > 
 > > Currently, I have iptables installed that permits port 80/443 inbound. 
 > > 
 > > I would like to install Snort on this VPS in IPS mode without bringing my system to a crawl.  I assume I can disable the preprocessors that I will not need.  So I can just enable the web preprocessors? 
 > > 
 > > Is this correct and can someone add input if they have completed the same project before? 
 > > 
 > > 
 > > Thanks, Johnny 
 > > 
 > > ------------------------------------------------------------------------------ 
 > > EMC VNX: the world's simplest storage, starting under $10K 
 > > The only unified storage solution that offers unified management 
 > > Up to 160% more powerful than alternatives and 25% more efficient. 
 > > Guaranteed. http://p.sf.net/sfu/emc-vnx-dev2dev 
 > > _______________________________________________ 
 > > Snort-users mailing list 
 > > Snort-users at lists.sourceforge.net 
 > > Go to this URL to change user options or unsubscribe: 
 > > https://lists.sourceforge.net/lists/listinfo/snort-users 
 > > Snort-users list archive: 
 > > http://www.geocrawler.com/redir-sf.php3?list=snort-users 
 > > 
 > > Please visit http://blog.snort.org to stay current on all the latest Snort news! 
 > > 
 > 





More information about the Snort-users mailing list