preprocessor normalize_ip4
preprocessor normalize_tcp: ips ecn stream
preprocessor normalize_icmp4
-preprocessor normalize_ip6
-preprocessor normalize_icmp6
# Target-based IP defragmentation. For more inforation, see README.frag3
preprocessor frag3_global: max_frags 65536
telnet_cmds yes
# SMTP normalization and anomaly detection. For more information, see README.SMTP
-reprocessor smtp: ports { 25 465 587 691 } \
+preprocessor smtp: ports { 25 465 587 691 } \
inspection_type stateful \
enable_mime_decoding \
max_mime_depth 20480 \
xlink2state { enabled }
# Portscan detection. For more information, see README.sfportscan
- preprocessor sfportscan: proto { all } memcap { 10000000 } sense_level { medium }
+preprocessor sfportscan: proto { all } memcap { 10000000 } sense_level { medium }
# ARP spoof detection. For more information, see the Snort Manual - Configuring Snort - Preprocessors - ARP Spoof Preprocessor
# preprocessor arpspoof
@$(PREBUILD)
@rm -rf $(DIR_APP) $(DIR_SRC)/snort* && cd $(DIR_SRC) && tar zxf $(DIR_DL)/$(DL_FILE)
cd $(DIR_APP) && ./configure --prefix=/usr --disable-nls \
- --sysconfdir=/etc/snort --target=i586 \
- --enable-linux-smp-stats --enable-smb-alerts
+ --sysconfdir=/etc/snort --target=i586 \
+ --enable-linux-smp-stats --enable-smb-alerts \
+ --enable-gre --enable-mpls --enable-targetbased \
+ --enable-decoder-preprocessor-rules --enable-ppm \
+ --enable-perfprofiling --enable-zlib --enable-active-response \
+ --enable-normalizer --enable-reload --enable-react --enable-flexresp3
cd $(DIR_APP) && make
cd $(DIR_APP) && make install
mv /usr/bin/snort /usr/sbin/