|
-
May 20th, 2004, 09:07 PM
#1
snort and other services
Hi all. Its that time of year again. I pick up a dozen projects and run with it.
For this project I'm going to be setting up a server that will function as three things:
HTTP(S)(Apache)/SSHD/SMTP (SquirrelMail)
I figured it'd be a good chance to mess around with snort while I'm doing it.
I have a checklist that Im putting together to make sure that I do it right and want some advice/commnets about the setup.
Here is the setup I'd like...
This is going to be for a small home network and mostly for learning. My buddy runs his websites from a box now that is having more and more problems everyday and we're to the point where we have a script restarting httpd every hour. Rather than fix that box... we are just going to build a new one.
Hardware:
PII 400mhz 384MB RAM
6GB HDD
1 10/100 NIC
cheapo video card
OS = Fedora Core 2
This server will function as a web/smtp/and ssh server. I will have a firewall on it using iptables (policy built with fwbulder). I plan on hardening it further with bastille linux and TCP wrappers, tripwire (if I can still get it), port sentry/log sentry, BitDefenter AV and TIGER (which also has rootkit detection and host based IDS and security checks... nice little set of scripts... though don't hear much about it except from me). For the NIDS I was going to use SNORT, but unsure if its ok to run the other services on the same box. This box will be in the DMZ.
DMZ (setup listed above) --> Router/Firewall --> LAN
The SNORT install guide I'm using is one I found on snort.org and is for installing Snort, Apache, PHP, MySQL and ACID on RH9 (but I'm going to use Fedora Core 2). I also have the user guide... which I'll be tearing through this weekend and fine tuning SNORT until I get what I like.
1.) Is it stupid to run snort and a firewall that is also running the services listed above?
2.) Is it ok to use the HTTPD for both SNORT and for serving webpages?
3.) How does this setup sound to you?
4.) What would you do to make it better?
5.) Any advice you can give me while working on this project?
6.) Is it ok to use bastille even though I'm also be using Core 2 which has the 2.6 kernel and SELinux?
7.) If the firewall is blocking attacks... will SNORT still log them?
8.) If snort will not log them due to the FW... I can just put in a second NIC and unbind everything from that and have that interface go to a hub before the router?
I'm planning on doing this next Wednesday and have the weekend to do further research.
I got some really good answers/feedback on my Win2k3 project (which by the way went very well). So, I figured that I'd try to get some more feedback/suggestions/advice from AO.
Aparently they have already released Core2... I thought that only Core2 (test 3) had been released... so, it'll be Core 2 that I'll be using.
Quitmzilla is a firefox extension that gives you stats on how long you have quit smoking, how much money you\'ve saved, how much you haven\'t smoked and recent milestones. Very helpful for people who quit smoking and used to smoke at their computers... Helps out with the urges.
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
|
Reply With Quote