[Snort-users] Snort - VPS web server (Debian)
mikelococo at ...11827...
Tue Aug 30 11:08:42 EDT 2011
On 08/28/2011 03:00 PM, Martin Holste wrote:
> On such a small server and with such a specific use, I'm not sure
> running Snort is the right tool for the job. I think mod_security
> with centralized logging would be a better fit, especially since it's
> serving mostly static content.
I would reiterate that Snort is probably a poor match for this
environment. You say "mostly" dynamic, but are you running a DB at all?
You're going to need 32-64MB of memory for that. Do you run PHP?
Another 30-120MB depending on the application and the number of
processes you use serve active content. You may end up needing a second
VPS just to run Snort, and needing to have it do packet forwarding to
Is anyone actually running Snort with a memory footprint of 128MB or
less? Most of my experience is with fairly large high-throughput
setups, so maybe I have a warped view of how little RAM Snort can take
at the low end.
As mentioned, mod-security will let you do signature-based blocking of
http attacks (the kind that really matter for a web-server) in just a
couple of megs of ram and there are some rulesets that I believe are
decent out there like the owasp set.
More information about the Snort-users