]>
Commit | Line | Data |
---|---|---|
cd1a2927 MT |
1 | ################################################### |
2 | # | |
3 | # This file contains the default snort configuration. | |
46dff713 MT |
4 | # for all IPFire Versions |
5 | # Unless you are totally happy with this file, please | |
cd1a2927 | 6 | # only change whats needed |
46dff713 MT |
7 | # This file is automatically changed by |
8 | # the webinterface, too. | |
cd1a2927 MT |
9 | # |
10 | # 1) Set the network variables for your network | |
11 | # 2) Configure preprocessors | |
12 | # 3) Configure output plugins | |
13 | # 4) Customize your rule set | |
14 | # | |
cd1a2927 MT |
15 | ################################################### |
16 | # Only area a user needs to edit | |
17 | include /etc/snort/vars | |
18 | var EXTERNAL_NET !$HOME_NET | |
19 | var SMTP_SERVERS $HOME_NET | |
20 | var HTTP_SERVERS $HOME_NET | |
21 | var SQL_SERVERS $HOME_NET | |
22 | var TELNET_SERVERS $HOME_NET | |
23 | var HTTP_PORTS 80 | |
24 | var SHELLCODE_PORTS !80 | |
25 | var ORACLE_PORTS 1521 | |
26 | var AIM_SERVERS [64.12.24.0/24,64.12.25.0/24,64.12.26.14/24,64.12.28.0/24,64.12.29.0/24,64.12.161.0/24,64.12.163.0/24,205.188.5.0/24,205.188.9.0/24] | |
46dff713 | 27 | var RULE_PATH /etc/snort/rules |
cd1a2927 MT |
28 | |
29 | ################################################### | |
30 | # Do NOT Edit past this line | |
31 | ################################################### | |
32 | config detection: search-method lowmem | |
33 | preprocessor flow: memcap 2097152, stats_interval 0, hash 2 | |
34 | preprocessor frag2: memcap 2097152 | |
35 | preprocessor stream4: memcap 2097152, detect_scans, disable_evasion_alerts | |
36 | preprocessor stream4_reassemble: noalerts | |
37 | preprocessor http_inspect: global iis_unicode_map unicode.map 1252 | |
38 | preprocessor http_inspect_server: server default profile all ports { 80 8080 } | |
39 | preprocessor rpc_decode: 111 32771 | |
40 | preprocessor bo | |
41 | preprocessor telnet_decode | |
42 | preprocessor flow-portscan: \ | |
43 | scoreboard-memcap-talker 1048576 \ | |
44 | scoreboard-rows-talker 10000 \ | |
45 | talker-sliding-scale-factor 0.50 \ | |
46 | talker-fixed-threshold 30 \ | |
47 | talker-sliding-threshold 30 \ | |
48 | talker-sliding-window 20 \ | |
49 | talker-fixed-window 30 \ | |
50 | scoreboard-memcap-scanner 1048576 \ | |
51 | scoreboard-rows-scanner 10000 \ | |
52 | scanner-sliding-window 20 \ | |
53 | scanner-sliding-scale-factor 0.50 \ | |
54 | scanner-fixed-threshold 15 \ | |
55 | scanner-sliding-threshold 40 \ | |
56 | scanner-fixed-window 15 \ | |
57 | unique-memcap 1048576 \ | |
58 | unique-rows 10000 \ | |
59 | server-memcap 1048576 \ | |
60 | server-rows 10000 \ | |
61 | server-watchnet $HOME_NET \ | |
62 | server-ignore-limit 100 \ | |
63 | server-learning-time 3600 \ | |
64 | server-scanner-limit 4 \ | |
65 | alert-mode once \ | |
66 | output-mode msg \ | |
67 | tcp-penalties on | |
68 | preprocessor xlink2state: ports { 25 691 } | |
69 | #========================================= | |
70 | include $RULE_PATH/classification.config | |
71 | include $RULE_PATH/reference.config | |
72 | #========================================= | |
46dff713 MT |
73 | include $RULE_PATH/bleeding-attack_response.rules |
74 | include $RULE_PATH/bleeding-botcc-BLOCK.rules | |
75 | include $RULE_PATH/bleeding-botcc.excluded | |
76 | include $RULE_PATH/bleeding-botcc.rules | |
77 | include $RULE_PATH/bleeding-botcc.rules.dragon.xml | |
78 | include $RULE_PATH/bleeding-dos.rules | |
79 | include $RULE_PATH/bleeding-drop-BLOCK.rules | |
80 | include $RULE_PATH/bleeding-drop.rules | |
81 | include $RULE_PATH/bleeding-drop.rules.dragon.xml | |
82 | include $RULE_PATH/bleeding-dshield-BLOCK.rules | |
83 | include $RULE_PATH/bleeding-dshield.rules | |
84 | include $RULE_PATH/bleeding-exploit.rules | |
85 | include $RULE_PATH/bleeding-game.rules | |
86 | include $RULE_PATH/bleeding-inappropriate.rules | |
87 | include $RULE_PATH/bleeding-malware.rules | |
88 | include $RULE_PATH/bleeding-p2p.rules | |
89 | include $RULE_PATH/bleeding-policy.rules | |
90 | include $RULE_PATH/bleeding-scan.rules | |
91 | include $RULE_PATH/bleeding-sid-msg.map | |
92 | include $RULE_PATH/bleeding-virus.rules | |
93 | include $RULE_PATH/bleeding-voip.rules | |
94 | include $RULE_PATH/bleeding-web.rules | |
95 | include $RULE_PATH/bleeding.rules | |
96 | include $RULE_PATH/community-bot.rules | |
97 | include $RULE_PATH/community-deleted.rules | |
98 | include $RULE_PATH/community-dos.rules | |
99 | include $RULE_PATH/community-exploit.rules | |
100 | include $RULE_PATH/community-ftp.rules | |
101 | include $RULE_PATH/community-game.rules | |
102 | include $RULE_PATH/community-icmp.rules | |
103 | include $RULE_PATH/community-imap.rules | |
104 | include $RULE_PATH/community-inappropriate.rules | |
105 | include $RULE_PATH/community-mail-client.rules | |
106 | include $RULE_PATH/community-misc.rules | |
107 | include $RULE_PATH/community-nntp.rules | |
108 | include $RULE_PATH/community-oracle.rules | |
109 | include $RULE_PATH/community-policy.rules | |
110 | include $RULE_PATH/community-sid-msg.map | |
111 | include $RULE_PATH/community-sip.rules | |
112 | include $RULE_PATH/community-smtp.rules | |
113 | include $RULE_PATH/community-sql-injection.rules | |
114 | include $RULE_PATH/community-virus.rules | |
115 | include $RULE_PATH/community-web-attacks.rules | |
116 | include $RULE_PATH/community-web-cgi.rules | |
117 | include $RULE_PATH/community-web-client.rules | |
118 | include $RULE_PATH/community-web-dos.rules | |
119 | include $RULE_PATH/community-web-iis.rules | |
120 | include $RULE_PATH/community-web-misc.rules | |
121 | include $RULE_PATH/community-web-php.rules |