I am configuring a stand alone email server. I want to protect it with snort inline can it be done with everything on the one server? circumstances at this time does not allow me to have more servers at this time. please help me.
rhlnewbie p.s. I'm using Ubuntu 9.04 now sorry should have deleted this post when I reposted to linux security. my mistake. miles sakaguchi |
Are there any particular requirements that force you to use inline?
|
mmmmm
iIthought inline was for IPS at least thats how I read my research on snort.
miles p.s. my mistake that this is a duplicate post from linux-software. sorry I didn't know how to delete that post. |
Sure but using inline requires a machine in bridge or router mode. In router mode you make all traffic go through an iptables QUEUE target. If neither bridge or router mode is feasible and you can't add another machine then the only thing I can think of is trying to use virtualization, have the VM guest be other end of the bridge and host the services (or maybe the other way around: have a VM guest with two network cards play snort-inline). I don't know if that will work, be secure or performant enough and I can't judge if the overhead of running a complete OS for it is ludicrous to start with.
* If you don't need Snort in inline mode then maybe adding some third party app to trigger blocking traffic by managing iptables rules (anything newer than Guardian?) could do? |
All times are GMT -5. The time now is 07:35 PM. |