I've been looking for an effective intrusion prevention system (IPS) for an Ubuntu 14.04 server, something like what Symantec or F-Prot might offer for a Windows server. I've contacted major companies which say they support products for Ubuntu and other Linux distros, but they end up being anti-virus only and do not offer any protection against known vulnerabilities.
I found documentation about Snort and Suricata combined with rule managers like PulledPork and OinkMaster, but as I got deeper into it it seemed to me that these were meant to turn a server into a dedicated hardware IPS solution for a network.
- Can Suricata be used instead on an existing web server to simply provide intrusion prevention for that server?
- Is there a sample configuration available for this scenario?
- Would doing this slow performance down such that it would be inadvisable?