# Step #1: Set the network variables. For more information, see README.variables
###################################################
+include /etc/snort/vars
+
# Setup the network addresses you are protecting
-var HOME_NET any
+# taken from /etc/snort vars
+#var HOME_NET any
# Set up the external network addresses. A good start may be "any"
var EXTERNAL_NET any
# List of DNS servers on your network
-var DNS_SERVERS $HOME_NET
+# taken from /etc/snort vars
+#var DNS_SERVERS $HOME_NET
# List of SMTP servers on your network
var SMTP_SERVERS $HOME_NET
# List of ports you run web servers on
portvar HTTP_PORTS [80,2301,3128,7777,7779,8000,8008,8028,8080,8180,8888,9999]
+# List of ssh ports
+portvar SSH_PORTS [22,222]
+
# List of ports you want to look for SHELLCODE on.
portvar SHELLCODE_PORTS !80
var SO_RULE_PATH /etc/snort/so_rules
var PREPROC_RULE_PATH /etc/snort/preproc_rules
+
###################################################
# Step #2: Configure the decoder. For more information, see README.decode
###################################################
# site specific rules
-# Event thresholding or suppression commands. See threshold.conf
-# include threshold.conf
\ No newline at end of file