[Snort-users] Snort - VPS web server (Debian)
johnny.venter at ...15370...
Tue Aug 30 11:37:48 EDT 2011
The pages are static--not dynamic.
There is no DB at all.
It is running PHP and takes input using forms for visitor information. Sendmail runs internally according to transmit visitor submissions.
Via the lighttpd config, I have limited connections based on the IP to ensure that unnecessary resources are not taken.
Are you sure that mod_security works with lighttpd? From a cursory search, it does not appear to work.
---- On Tue, 30 Aug 2011 08:08:42 -0700 Mike Lococo wrote ----
>On 08/28/2011 03:00 PM, Martin Holste wrote:
>> On such a small server and with such a specific use, I'm not sure
>> running Snort is the right tool for the job. I think mod_security
>> with centralized logging would be a better fit, especially since it's
>> serving mostly static content.
>I would reiterate that Snort is probably a poor match for this
>environment. You say "mostly" dynamic, but are you running a DB at all?
> You're going to need 32-64MB of memory for that. Do you run PHP?
>Another 30-120MB depending on the application and the number of
>processes you use serve active content. You may end up needing a second
>VPS just to run Snort, and needing to have it do packet forwarding to
>Is anyone actually running Snort with a memory footprint of 128MB or
>less? Most of my experience is with fairly large high-throughput
>setups, so maybe I have a warped view of how little RAM Snort can take
>at the low end.
>As mentioned, mod-security will let you do signature-based blocking of
>http attacks (the kind that really matter for a web-server) in just a
>couple of megs of ram and there are some rulesets that I believe are
>decent out there like the owasp set.
>Special Offer -- Download ArcSight Logger for FREE!
>Finally, a world-class log management solution at an even better
>price-free! And you'll get a free "Love Thy Logs" t-shirt when you
>download Logger. Secure your free ArcSight Logger TODAY!
>Snort-users mailing list
>Snort-users at lists.sourceforge.net
>Go to this URL to change user options or unsubscribe:
>Snort-users list archive:
>Please visit http://blog.snort.org to stay current on all the latest Snort news!
More information about the Snort-users