TABLE OF CONTENTS In this chapter, we?re going to be using our Snort sensor in a security server context, so we ve got lots to consider with regard to our operating system choice. When choosing an operating system for your Snort sensor, you need to think about how the OS really affects the sensor in the long term. You need to be prepared to deal with patching, upgrading, and maintenance issues.
Our objective is pretty straightforward: build a solid Snort sensor that operates efficiently in any environment. We will be building a network security system; in particular, an IDS or IPS. As such, our system will be tasked with a variety of duties, including:
Packet capture
Packet analysis
Writing data to disk
Alerting
Remediation or response
The operating system will be the tool with which you will solve your problems and perform the necessary work these duties require. The operating system will interact with many pieces of the system in order to accomplish its duties, and it must do so effectively and efficiently. To do this the operating system must rely on several critical components, including the following:
CPUs
Network interface cards (NICs)
Disk drives
RAM
System bus
Snort will for the most part run on most operating systems (and of course, because you can get the source code, you can compile it for any OS you want if you are willing to spend a little time), but we should pay...
