X-Git-Url: http://git.ipfire.org/?p=people%2Fpmueller%2Fipfire-2.x.git;a=blobdiff_plain;f=config%2Fsnort%2Fsnort.conf;fp=config%2Fsnort%2Fsnort.conf;h=382ded86349e4bc1ea09ea94ca5d0474ea2795be;hp=0000000000000000000000000000000000000000;hb=cd1a2927226c734d96478e12bb768256fb64a06a;hpb=6d63f4c4b39f65e9923eb2e3f664879d7b1b62be

diff --git a/config/snort/snort.conf b/config/snort/snort.conf
new file mode 100644
index 0000000000..382ded8634
--- /dev/null
+++ b/config/snort/snort.conf
@@ -0,0 +1,123 @@
+###################################################
+#
+# This file contains the default snort configuration.
+# for all IPCop Versions
+# Unless you are totally happy with this file,please
+# only change whats needed
+#
+#  1) Set the network variables for your network
+#  2) Configure preprocessors
+#  3) Configure output plugins
+#  4) Customize your rule set
+#
+# $Id: snort.conf,v 1.6.2.1 2005/04/28 18:38:49 gespinasse Exp $
+#
+###################################################
+# Only area a user needs to edit
+include /etc/snort/vars
+var EXTERNAL_NET    !$HOME_NET
+var SMTP_SERVERS    $HOME_NET
+var HTTP_SERVERS    $HOME_NET
+var SQL_SERVERS     $HOME_NET
+var TELNET_SERVERS  $HOME_NET
+var HTTP_PORTS      80
+var SHELLCODE_PORTS !80
+var ORACLE_PORTS    1521
+var AIM_SERVERS     [64.12.24.0/24,64.12.25.0/24,64.12.26.14/24,64.12.28.0/24,64.12.29.0/24,64.12.161.0/24,64.12.163.0/24,205.188.5.0/24,205.188.9.0/24]
+var RULE_PATH       /etc/snort
+
+###################################################
+# Do NOT Edit past this line
+###################################################
+config detection: search-method lowmem
+preprocessor flow: memcap 2097152, stats_interval 0, hash 2
+preprocessor frag2: memcap 2097152
+preprocessor stream4: memcap 2097152, detect_scans, disable_evasion_alerts
+preprocessor stream4_reassemble: noalerts
+preprocessor http_inspect: global iis_unicode_map unicode.map 1252
+preprocessor http_inspect_server: server default profile all ports { 80 8080 }
+preprocessor rpc_decode: 111 32771
+preprocessor bo
+preprocessor telnet_decode
+preprocessor flow-portscan: \
+	scoreboard-memcap-talker 1048576 \
+	scoreboard-rows-talker 10000 \
+	talker-sliding-scale-factor 0.50 \
+	talker-fixed-threshold 30 \
+	talker-sliding-threshold 30 \
+	talker-sliding-window 20 \
+	talker-fixed-window 30 \
+	scoreboard-memcap-scanner 1048576 \
+	scoreboard-rows-scanner 10000 \
+	scanner-sliding-window 20 \
+	scanner-sliding-scale-factor 0.50 \
+	scanner-fixed-threshold 15 \
+	scanner-sliding-threshold 40 \
+	scanner-fixed-window 15 \
+	unique-memcap 1048576 \
+	unique-rows 10000 \
+	server-memcap 1048576 \
+	server-rows 10000 \
+	server-watchnet $HOME_NET \
+	server-ignore-limit 100 \
+	server-learning-time 3600 \
+	server-scanner-limit 4 \
+	alert-mode once \
+	output-mode msg \
+	tcp-penalties on
+preprocessor xlink2state: ports { 25 691 }
+#=========================================
+include $RULE_PATH/classification.config
+include $RULE_PATH/reference.config
+#=========================================
+include $RULE_PATH/bad-traffic.rules
+include $RULE_PATH/exploit.rules
+include $RULE_PATH/scan.rules
+include $RULE_PATH/finger.rules
+include $RULE_PATH/ftp.rules
+include $RULE_PATH/telnet.rules
+include $RULE_PATH/rpc.rules
+include $RULE_PATH/rservices.rules
+include $RULE_PATH/dos.rules
+include $RULE_PATH/ddos.rules
+include $RULE_PATH/dns.rules
+include $RULE_PATH/tftp.rules
+
+include $RULE_PATH/web-cgi.rules
+include $RULE_PATH/web-coldfusion.rules
+include $RULE_PATH/web-iis.rules
+include $RULE_PATH/web-frontpage.rules
+include $RULE_PATH/web-misc.rules
+include $RULE_PATH/web-client.rules
+include $RULE_PATH/web-php.rules
+
+include $RULE_PATH/sql.rules
+include $RULE_PATH/x11.rules
+include $RULE_PATH/icmp.rules
+include $RULE_PATH/netbios.rules
+include $RULE_PATH/misc.rules
+include $RULE_PATH/attack-responses.rules
+include $RULE_PATH/oracle.rules
+include $RULE_PATH/mysql.rules
+include $RULE_PATH/snmp.rules
+
+include $RULE_PATH/smtp.rules
+include $RULE_PATH/imap.rules
+include $RULE_PATH/pop2.rules
+include $RULE_PATH/pop3.rules
+
+include $RULE_PATH/nntp.rules
+include $RULE_PATH/other-ids.rules
+# include $RULE_PATH/web-attacks.rules
+# include $RULE_PATH/backdoor.rules
+# include $RULE_PATH/shellcode.rules
+# include $RULE_PATH/policy.rules
+# include $RULE_PATH/porn.rules
+# include $RULE_PATH/info.rules
+# include $RULE_PATH/icmp-info.rules
+# include $RULE_PATH/virus.rules
+# include $RULE_PATH/chat.rules
+# include $RULE_PATH/multimedia.rules
+# include $RULE_PATH/p2p.rules
+# include $RULE_PATH/experimental.rules
+include $RULE_PATH/local.rules