I want the maximum security for my linux vps. I found many tutorials round the net but it doesn't cover the Snort. Only those like portentry, logsentry, tripwire and so on.
So I'm beginning to think that Snort is not appropriate for a linux host. I think it's suitable only as a proxy/middle-man that checks traffic before passing to acutual targets.
I'd like to ask whether Snort can be installed on VPS which serves typical servers like web/mail.
Can Snort be in complict with OSSEC which I think it doesn't check the traffic but the log files only for Intrusion Detection/Anomaly?
Thank you.
Best Answer
Snort can be pretty memory hungry, which on a VPS may be a problem. It can run alongside ossec quite nicely - the two are both included in Ossim which correlates infosecurity events from various sources.
I'd argue that it is probably overkill for a single VPS though. If you keep all your software updated against any security releases, have good configuration settings, use tripwire and monitor logs then you're doing a really good job. And if you are protecting an entire network then I'd consider running ossim on a dedicated box.
If you're using Apache then consider mod_security to help protect potentially vulnerable scripts you are hosting. And finally be proactive in the security, scanning your box for vulnerabilities with something like Nessus.