Re: Snort - VPS web server (Debian)

["johnny.venter" <johnny.venter () zoho com>]

Could you elaborate on using the "lightest memory setting for the fast pattern matcher"?

---- On Sun, 28 Aug 2011 12:00:54 -0700 Martin Holste<mcholste () gmail com> wrote ---- 

> On such a small server and with such a specific use, I'm not sure 
> running Snort is the right tool for the job.  I think mod_security 
> with centralized logging would be a better fit, especially since it's 
> serving mostly static content.  That said, Snort should run ok, but 
> make sure you use the lightest memory setting for the fast pattern 
> matcher, and most importantly, that you only run signatures applicable 
> to the services it runs.  When you've done all that, what you'll end 
> up with is a system that will create alerts when it notices generic 
> web attacks and high-level HTTP violations, like the Apache range 
> vulnerability of late.  All of this will be less specific and more 
> resource-intensive than mod_security, which is why I recommend that 
> you just start with that to begin with. 
>  
> On Sun, Aug 28, 2011 at 12:26 PM, Johnny Venter <Johnny.Venter () zoho com> wrote: 
> > Hello, 
> >
> > I am looking for guidance/advice. 
> >
> > I have a VPS server that is running Debian with Lighttpd and sendmail.  The memory is 256MB and the HD space is 
> > 10GB. 
> >
> > The website I have is very light and mainly static content. 
> >
> > Currently, I have iptables installed that permits port 80/443 inbound. 
> >
> > I would like to install Snort on this VPS in IPS mode without bringing my system to a crawl.  I assume I can 
> > disable the preprocessors that I will not need.  So I can just enable the web preprocessors? 
> >
> > Is this correct and can someone add input if they have completed the same project before? 
> >
> >
> > Thanks, Johnny 
> >
> > ------------------------------------------------------------------------------ 
> > EMC VNX: the world's simplest storage, starting under $10K 
> > The only unified storage solution that offers unified management 
> > Up to 160% more powerful than alternatives and 25% more efficient. 
> > Guaranteed. http://p.sf.net/sfu/emc-vnx-dev2dev 
> > _______________________________________________ 
> > Snort-users mailing list 
> > Snort-users () lists sourceforge net 
> > Go to this URL to change user options or unsubscribe: 
> > https://lists.sourceforge.net/lists/listinfo/snort-users 
> > Snort-users list archive: 
> > http://www.geocrawler.com/redir-sf.php3?list=snort-users 
> >
> > Please visit http://blog.snort.org to stay current on all the latest Snort news! 


------------------------------------------------------------------------------
EMC VNX: the world's simplest storage, starting under $10K
The only unified storage solution that offers unified management 
Up to 160% more powerful than alternatives and 25% more efficient. 
Guaranteed. http://p.sf.net/sfu/emc-vnx-dev2dev
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort news!