On Tue, Feb 27, 2007 at 09:14:06PM +0000, David Ramsden wrote:
> Hi,
>
> I'm just testing a server I've been building to host a NOC (Network
> Operations Centre). The server has on it:
>
> - Apache with SSL and PHP.
> - Nessus for vulnerability scanning.
> - Nagios for network monitoring.
> - Snort for IDS on various network segments.
> - (In the future: RCS for device configs).
>
> The server is running Debian stable, for now. Normally this doesn't
> present a problem but Snort in Debian is really out of date. Even
> unstable has quite a dated version and now I've hit a problem where some
> of the IDS rules I'm using stop Snort from loading because they're
> designed for the 2.6.x tree of snort. There's also a bug in libpcap
> which isn't fixed yet.
>
> So I'm considering changing distributions to something that can offer me
> "bleeding edge" software but also a stable base OS. Does anyone have any
> recommendations? I may be asking for an impossible OS ;-)
>
> At the moment I'm considering:
>
> - CentOS
> - FreeBSD
> - Gentoo
>
> The plus side with CentOS is that there's lots of RPMs floating around.
> The downside is, I don't really like RPMs. They bring back bad memories.
> I'd like to use a "no crap" OS. i.e. it installs a very very basic base
> system and I can add what I want, rather than spending my time removing
> the rubbish I don't need (which once again reminds me of when I've used
> RedHat and SuSE in the past).
If you're looking for something along those lines, I'd highly recommend that
you take a look at NetBSD and OpenBSD. I currently use OpenBSD on my
gateway machine and NetBSD on my DEC Alpha-based systems.
>
> I like FreeBSD and I'm assuming Gentoo is on a par with FreeBSD in terms
> of emerge v's FreeBSD's ports and the ability to "make world" to upgrade
> the entire install?
>
> I have searched for 3rd party Debian repositories that contain newer
> builds of Snort but can't find anything good. Building the latest
> Snort version from source isn't an option, from what I can tell, because
> the libraries in Debian are also out of date.
>
If you are interested in trying out another operating system, then I would
suggest NetBSD or OpenBSD[1], as I've already said. If you were to try OpenBSD,
then you would need to use -current, as this version has snort-2.6.x in the
ports collection. In OpenBSD, the packages/ports that you use are designed
to be used with a specific versoin of the OS i.e. if you want to use the
-current ports tree, then you need to run OpenBSD current. This version will
be released as the stable OpenBSD 4.1 on 1st May, with ports tree.
NetBSD uses pkgsrc, or binary packages. The -current archive of pkgsrc has a
2.6.x version of snort[2].
PkgSrc[3] is actually available for a number of operating systems, including
Linux. Perhaps you could try using pkgsrc on your Debian system. I've not used
it on Linux, but all of the software installed on my NetBSD/Alpha systems is
installed and managed via pkgsrc, and I'm really impressed by it. Also,
the packages are usually available as precompiled binaries. Obviously I'd
recommend reading the documentation carefully to check that you are happy with
the idea of using pkgsrc before going any further with it.
Hope this helps a little.
Cheers,
Steve
[1]
http://www.openbsd.org/
[2]
ftp://ftp.netbsd.org/pub/pkgsrc/current/pkgsrc/net/snort/README.html
[3]
http://www.netbsd.org/Documentation/pkgsrc/
