Web Hosting Talk






PDA

View Full Version : Snort on Ensim ?

doug357
02-21-2002, 11:01 PM
Does anyone know if snort-1.8.3 can be used with an ensim box with WEBppliance LS . Any resources or info would be apreciated.
remarkable
02-22-2002, 01:00 AM
Are you asking if snort will work with WEBppliance LS or on an Ensim Private Server? Ensim is a company name not a product.

There is no reason why snort would not work with or on either.
doug357
02-22-2002, 01:14 AM
Thanks, sorry i was not more clear in my request. I have modified the posting accordingly. Sorry i am just a newbie :dunce:
remarkable
02-22-2002, 01:15 AM
there is no reason why not.
doug357
02-22-2002, 03:40 PM
Will snort be a major load on the server and is it worth utalizing to help detect intruders? Can anyone suggest any other tools that could help me monitor possible hack attempts?
doug357
02-22-2002, 05:41 PM
I did not want to start another thread, so would like to refine my request. Thanks for the help!

Does anyone know if it is possible to run ARIS extractor from securityfocus.com with WEBppliance LS 3.0? If so, is this the corect process to install it?

"To install this RPM, run :

# rpm --install aris-sensor-1.6-beta.i386.rpm

This will install the included programs in /usr/local/aris-sensor. Next, run the "install.pl" script within the aris-sensor directory to configure ARIS extractor to automatically upload your data."

Does anyone do this to monitor your servers? Is it necisary?

What security configuration would you recomend with WEBppliance LS 3.0?

Thanks!
:)
DigitalXWeb
02-22-2002, 05:57 PM
I would recommend first checking what or if the above rpm has any dependecies. If it doesn't it should install just fine. If it does post here what they are, as it may no work properly with the Ensim Rpms.
doug357
02-22-2002, 10:19 PM
Follow up

I would recommend first checking what or if the above rpm has any dependecies. If it doesn't it should install just fine. If it does post here what they are, as it may no work properly with the Ensim Rpms.
Extractor is compiled statically (no dependencies), while Snort has the
following dependencies:

[chaddon@victim extractor]$ ldd /usr/local/aris-sensor/snort
libm.so.6 => /lib/libm.so.6 (0x40019000)
libnsl.so.1 => /lib/libnsl.so.1 (0x40036000)
libc.so.6 => /lib/libc.so.6 (0x4004c000)
/lib/ld-linux.so.2 => /lib/ld-linux.so.2 (0x40000000)

I don't imagine you should have any difficulties runnning it with
WEBppliance