]>
Commit | Line | Data |
---|---|---|
cd1a2927 MT |
1 | ################################################### |
2 | # | |
3 | # This file contains the default snort configuration. | |
4 | # for all IPCop Versions | |
5 | # Unless you are totally happy with this file,please | |
6 | # only change whats needed | |
7 | # | |
8 | # 1) Set the network variables for your network | |
9 | # 2) Configure preprocessors | |
10 | # 3) Configure output plugins | |
11 | # 4) Customize your rule set | |
12 | # | |
13 | # $Id: snort.conf,v 1.6.2.1 2005/04/28 18:38:49 gespinasse Exp $ | |
14 | # | |
15 | ################################################### | |
16 | # Only area a user needs to edit | |
17 | include /etc/snort/vars | |
18 | var EXTERNAL_NET !$HOME_NET | |
19 | var SMTP_SERVERS $HOME_NET | |
20 | var HTTP_SERVERS $HOME_NET | |
21 | var SQL_SERVERS $HOME_NET | |
22 | var TELNET_SERVERS $HOME_NET | |
23 | var HTTP_PORTS 80 | |
24 | var SHELLCODE_PORTS !80 | |
25 | var ORACLE_PORTS 1521 | |
26 | var AIM_SERVERS [64.12.24.0/24,64.12.25.0/24,64.12.26.14/24,64.12.28.0/24,64.12.29.0/24,64.12.161.0/24,64.12.163.0/24,205.188.5.0/24,205.188.9.0/24] | |
27 | var RULE_PATH /etc/snort | |
28 | ||
29 | ################################################### | |
30 | # Do NOT Edit past this line | |
31 | ################################################### | |
32 | config detection: search-method lowmem | |
33 | preprocessor flow: memcap 2097152, stats_interval 0, hash 2 | |
34 | preprocessor frag2: memcap 2097152 | |
35 | preprocessor stream4: memcap 2097152, detect_scans, disable_evasion_alerts | |
36 | preprocessor stream4_reassemble: noalerts | |
37 | preprocessor http_inspect: global iis_unicode_map unicode.map 1252 | |
38 | preprocessor http_inspect_server: server default profile all ports { 80 8080 } | |
39 | preprocessor rpc_decode: 111 32771 | |
40 | preprocessor bo | |
41 | preprocessor telnet_decode | |
42 | preprocessor flow-portscan: \ | |
43 | scoreboard-memcap-talker 1048576 \ | |
44 | scoreboard-rows-talker 10000 \ | |
45 | talker-sliding-scale-factor 0.50 \ | |
46 | talker-fixed-threshold 30 \ | |
47 | talker-sliding-threshold 30 \ | |
48 | talker-sliding-window 20 \ | |
49 | talker-fixed-window 30 \ | |
50 | scoreboard-memcap-scanner 1048576 \ | |
51 | scoreboard-rows-scanner 10000 \ | |
52 | scanner-sliding-window 20 \ | |
53 | scanner-sliding-scale-factor 0.50 \ | |
54 | scanner-fixed-threshold 15 \ | |
55 | scanner-sliding-threshold 40 \ | |
56 | scanner-fixed-window 15 \ | |
57 | unique-memcap 1048576 \ | |
58 | unique-rows 10000 \ | |
59 | server-memcap 1048576 \ | |
60 | server-rows 10000 \ | |
61 | server-watchnet $HOME_NET \ | |
62 | server-ignore-limit 100 \ | |
63 | server-learning-time 3600 \ | |
64 | server-scanner-limit 4 \ | |
65 | alert-mode once \ | |
66 | output-mode msg \ | |
67 | tcp-penalties on | |
68 | preprocessor xlink2state: ports { 25 691 } | |
69 | #========================================= | |
70 | include $RULE_PATH/classification.config | |
71 | include $RULE_PATH/reference.config | |
72 | #========================================= | |
73 | include $RULE_PATH/bad-traffic.rules | |
74 | include $RULE_PATH/exploit.rules | |
75 | include $RULE_PATH/scan.rules | |
76 | include $RULE_PATH/finger.rules | |
77 | include $RULE_PATH/ftp.rules | |
78 | include $RULE_PATH/telnet.rules | |
79 | include $RULE_PATH/rpc.rules | |
80 | include $RULE_PATH/rservices.rules | |
81 | include $RULE_PATH/dos.rules | |
82 | include $RULE_PATH/ddos.rules | |
83 | include $RULE_PATH/dns.rules | |
84 | include $RULE_PATH/tftp.rules | |
85 | ||
86 | include $RULE_PATH/web-cgi.rules | |
87 | include $RULE_PATH/web-coldfusion.rules | |
88 | include $RULE_PATH/web-iis.rules | |
89 | include $RULE_PATH/web-frontpage.rules | |
90 | include $RULE_PATH/web-misc.rules | |
91 | include $RULE_PATH/web-client.rules | |
92 | include $RULE_PATH/web-php.rules | |
93 | ||
94 | include $RULE_PATH/sql.rules | |
95 | include $RULE_PATH/x11.rules | |
96 | include $RULE_PATH/icmp.rules | |
97 | include $RULE_PATH/netbios.rules | |
98 | include $RULE_PATH/misc.rules | |
99 | include $RULE_PATH/attack-responses.rules | |
100 | include $RULE_PATH/oracle.rules | |
101 | include $RULE_PATH/mysql.rules | |
102 | include $RULE_PATH/snmp.rules | |
103 | ||
104 | include $RULE_PATH/smtp.rules | |
105 | include $RULE_PATH/imap.rules | |
106 | include $RULE_PATH/pop2.rules | |
107 | include $RULE_PATH/pop3.rules | |
108 | ||
109 | include $RULE_PATH/nntp.rules | |
110 | include $RULE_PATH/other-ids.rules | |
111 | # include $RULE_PATH/web-attacks.rules | |
112 | # include $RULE_PATH/backdoor.rules | |
113 | # include $RULE_PATH/shellcode.rules | |
114 | # include $RULE_PATH/policy.rules | |
115 | # include $RULE_PATH/porn.rules | |
116 | # include $RULE_PATH/info.rules | |
117 | # include $RULE_PATH/icmp-info.rules | |
118 | # include $RULE_PATH/virus.rules | |
119 | # include $RULE_PATH/chat.rules | |
120 | # include $RULE_PATH/multimedia.rules | |
121 | # include $RULE_PATH/p2p.rules | |
122 | # include $RULE_PATH/experimental.rules | |
123 | include $RULE_PATH/local.rules |