git-svn-id: http://svn.ipfire.org/svn/ipfire/IPFire/source@16 ea5c0bd1-69bd-2848...

[people/pmueller/ipfire-2.x.git] / config / snort / snort.conf

diff --git a/config/snort/snort.conf b/config/snort/snort.conf
new file mode 100644 (file)
index 0000000..382ded8
--- /dev/null
+++ b/config/snort/snort.conf
@@ -0,0 +1,123 @@
+###################################################
+#
+# This file contains the default snort configuration.
+# for all IPCop Versions
+# Unless you are totally happy with this file,please
+# only change whats needed
+#
+#  1) Set the network variables for your network
+#  2) Configure preprocessors
+#  3) Configure output plugins
+#  4) Customize your rule set
+#
+# $Id: snort.conf,v 1.6.2.1 2005/04/28 18:38:49 gespinasse Exp $
+#
+###################################################
+# Only area a user needs to edit
+include /etc/snort/vars
+var EXTERNAL_NET    !$HOME_NET
+var SMTP_SERVERS    $HOME_NET
+var HTTP_SERVERS    $HOME_NET
+var SQL_SERVERS     $HOME_NET
+var TELNET_SERVERS  $HOME_NET
+var HTTP_PORTS      80
+var SHELLCODE_PORTS !80
+var ORACLE_PORTS    1521
+var AIM_SERVERS     [64.12.24.0/24,64.12.25.0/24,64.12.26.14/24,64.12.28.0/24,64.12.29.0/24,64.12.161.0/24,64.12.163.0/24,205.188.5.0/24,205.188.9.0/24]
+var RULE_PATH       /etc/snort
+
+###################################################
+# Do NOT Edit past this line
+###################################################
+config detection: search-method lowmem
+preprocessor flow: memcap 2097152, stats_interval 0, hash 2
+preprocessor frag2: memcap 2097152
+preprocessor stream4: memcap 2097152, detect_scans, disable_evasion_alerts
+preprocessor stream4_reassemble: noalerts
+preprocessor http_inspect: global iis_unicode_map unicode.map 1252
+preprocessor http_inspect_server: server default profile all ports { 80 8080 }
+preprocessor rpc_decode: 111 32771
+preprocessor bo
+preprocessor telnet_decode
+preprocessor flow-portscan: \
+       scoreboard-memcap-talker 1048576 \
+       scoreboard-rows-talker 10000 \
+       talker-sliding-scale-factor 0.50 \
+       talker-fixed-threshold 30 \
+       talker-sliding-threshold 30 \
+       talker-sliding-window 20 \
+       talker-fixed-window 30 \
+       scoreboard-memcap-scanner 1048576 \
+       scoreboard-rows-scanner 10000 \
+       scanner-sliding-window 20 \
+       scanner-sliding-scale-factor 0.50 \
+       scanner-fixed-threshold 15 \
+       scanner-sliding-threshold 40 \
+       scanner-fixed-window 15 \
+       unique-memcap 1048576 \
+       unique-rows 10000 \
+       server-memcap 1048576 \
+       server-rows 10000 \
+       server-watchnet $HOME_NET \
+       server-ignore-limit 100 \
+       server-learning-time 3600 \
+       server-scanner-limit 4 \
+       alert-mode once \
+       output-mode msg \
+       tcp-penalties on
+preprocessor xlink2state: ports { 25 691 }
+#=========================================
+include $RULE_PATH/classification.config
+include $RULE_PATH/reference.config
+#=========================================
+include $RULE_PATH/bad-traffic.rules
+include $RULE_PATH/exploit.rules
+include $RULE_PATH/scan.rules
+include $RULE_PATH/finger.rules
+include $RULE_PATH/ftp.rules
+include $RULE_PATH/telnet.rules
+include $RULE_PATH/rpc.rules
+include $RULE_PATH/rservices.rules
+include $RULE_PATH/dos.rules
+include $RULE_PATH/ddos.rules
+include $RULE_PATH/dns.rules
+include $RULE_PATH/tftp.rules
+
+include $RULE_PATH/web-cgi.rules
+include $RULE_PATH/web-coldfusion.rules
+include $RULE_PATH/web-iis.rules
+include $RULE_PATH/web-frontpage.rules
+include $RULE_PATH/web-misc.rules
+include $RULE_PATH/web-client.rules
+include $RULE_PATH/web-php.rules
+
+include $RULE_PATH/sql.rules
+include $RULE_PATH/x11.rules
+include $RULE_PATH/icmp.rules
+include $RULE_PATH/netbios.rules
+include $RULE_PATH/misc.rules
+include $RULE_PATH/attack-responses.rules
+include $RULE_PATH/oracle.rules
+include $RULE_PATH/mysql.rules
+include $RULE_PATH/snmp.rules
+
+include $RULE_PATH/smtp.rules
+include $RULE_PATH/imap.rules
+include $RULE_PATH/pop2.rules
+include $RULE_PATH/pop3.rules
+
+include $RULE_PATH/nntp.rules
+include $RULE_PATH/other-ids.rules
+# include $RULE_PATH/web-attacks.rules
+# include $RULE_PATH/backdoor.rules
+# include $RULE_PATH/shellcode.rules
+# include $RULE_PATH/policy.rules
+# include $RULE_PATH/porn.rules
+# include $RULE_PATH/info.rules
+# include $RULE_PATH/icmp-info.rules
+# include $RULE_PATH/virus.rules
+# include $RULE_PATH/chat.rules
+# include $RULE_PATH/multimedia.rules
+# include $RULE_PATH/p2p.rules
+# include $RULE_PATH/experimental.rules
+include $RULE_PATH/local.rules