]>
Commit | Line | Data |
---|---|---|
cd1a2927 MT |
1 | ################################################### |
2 | # | |
3 | # This file contains the default snort configuration. | |
46dff713 MT |
4 | # for all IPFire Versions |
5 | # Unless you are totally happy with this file, please | |
cd1a2927 | 6 | # only change whats needed |
46dff713 MT |
7 | # This file is automatically changed by |
8 | # the webinterface, too. | |
cd1a2927 MT |
9 | # |
10 | # 1) Set the network variables for your network | |
11 | # 2) Configure preprocessors | |
12 | # 3) Configure output plugins | |
13 | # 4) Customize your rule set | |
14 | # | |
cd1a2927 MT |
15 | ################################################### |
16 | # Only area a user needs to edit | |
17 | include /etc/snort/vars | |
18 | var EXTERNAL_NET !$HOME_NET | |
19 | var SMTP_SERVERS $HOME_NET | |
20 | var HTTP_SERVERS $HOME_NET | |
21 | var SQL_SERVERS $HOME_NET | |
22 | var TELNET_SERVERS $HOME_NET | |
23 | var HTTP_PORTS 80 | |
83843a1c | 24 | var SSH_PORTS 22 222 |
cd1a2927 MT |
25 | var SHELLCODE_PORTS !80 |
26 | var ORACLE_PORTS 1521 | |
27 | var AIM_SERVERS [64.12.24.0/24,64.12.25.0/24,64.12.26.14/24,64.12.28.0/24,64.12.29.0/24,64.12.161.0/24,64.12.163.0/24,205.188.5.0/24,205.188.9.0/24] | |
46dff713 | 28 | var RULE_PATH /etc/snort/rules |
4fba936c SS |
29 | dynamicengine /usr/lib/snort_dynamicengine/libsf_engine.so |
30 | dynamicpreprocessor directory /usr/lib/snort_dynamicpreprocessor/ | |
cd1a2927 MT |
31 | |
32 | ################################################### | |
33 | # Do NOT Edit past this line | |
34 | ################################################### | |
35 | config detection: search-method lowmem | |
36 | preprocessor flow: memcap 2097152, stats_interval 0, hash 2 | |
4fba936c SS |
37 | #preprocessor frag2: memcap 2097152 |
38 | preprocessor frag3_global: max_frags 65536 | |
39 | preprocessor frag3_engine: policy first detect_anomalies | |
cd1a2927 MT |
40 | preprocessor stream4: memcap 2097152, detect_scans, disable_evasion_alerts |
41 | preprocessor stream4_reassemble: noalerts | |
4fba936c SS |
42 | # preprocessor http_inspect: global iis_unicode_map unicode.map 1252 |
43 | # preprocessor http_inspect_server: server default profile all ports { 80 8080 } | |
cd1a2927 MT |
44 | preprocessor rpc_decode: 111 32771 |
45 | preprocessor bo | |
4fba936c SS |
46 | #preprocessor telnet_decode |
47 | preprocessor ftp_telnet: global \ | |
48 | encrypted_traffic yes \ | |
49 | inspection_type stateful | |
50 | preprocessor ftp_telnet_protocol: telnet \ | |
51 | normalize \ | |
52 | ayt_attack_thresh 200 | |
53 | preprocessor ftp_telnet_protocol: ftp server default \ | |
54 | def_max_param_len 100 \ | |
55 | alt_max_param_len 200 { CWD } \ | |
56 | cmd_validity MODE < char ASBCZ > \ | |
57 | cmd_validity MDTM < [ date nnnnnnnnnnnnnn[.n[n[n]]] ] string > \ | |
58 | chk_str_fmt { USER PASS RNFR RNTO SITE MKD } \ | |
59 | telnet_cmds yes \ | |
60 | data_chan | |
61 | preprocessor ftp_telnet_protocol: ftp client default \ | |
62 | max_resp_len 256 \ | |
63 | bounce yes \ | |
64 | telnet_cmds yes | |
cd1a2927 MT |
65 | preprocessor flow-portscan: \ |
66 | scoreboard-memcap-talker 1048576 \ | |
67 | scoreboard-rows-talker 10000 \ | |
68 | talker-sliding-scale-factor 0.50 \ | |
69 | talker-fixed-threshold 30 \ | |
70 | talker-sliding-threshold 30 \ | |
71 | talker-sliding-window 20 \ | |
72 | talker-fixed-window 30 \ | |
73 | scoreboard-memcap-scanner 1048576 \ | |
74 | scoreboard-rows-scanner 10000 \ | |
75 | scanner-sliding-window 20 \ | |
76 | scanner-sliding-scale-factor 0.50 \ | |
77 | scanner-fixed-threshold 15 \ | |
78 | scanner-sliding-threshold 40 \ | |
79 | scanner-fixed-window 15 \ | |
80 | unique-memcap 1048576 \ | |
81 | unique-rows 10000 \ | |
82 | server-memcap 1048576 \ | |
83 | server-rows 10000 \ | |
84 | server-watchnet $HOME_NET \ | |
85 | server-ignore-limit 100 \ | |
86 | server-learning-time 3600 \ | |
87 | server-scanner-limit 4 \ | |
88 | alert-mode once \ | |
89 | output-mode msg \ | |
90 | tcp-penalties on | |
cd1a2927 MT |
91 | #========================================= |
92 | include $RULE_PATH/classification.config | |
93 | include $RULE_PATH/reference.config | |
94 | #========================================= | |
46dff713 MT |
95 | include $RULE_PATH/community-bot.rules |
96 | include $RULE_PATH/community-deleted.rules | |
97 | include $RULE_PATH/community-dos.rules | |
98 | include $RULE_PATH/community-exploit.rules | |
99 | include $RULE_PATH/community-ftp.rules | |
100 | include $RULE_PATH/community-game.rules | |
101 | include $RULE_PATH/community-icmp.rules | |
102 | include $RULE_PATH/community-imap.rules | |
103 | include $RULE_PATH/community-inappropriate.rules | |
104 | include $RULE_PATH/community-mail-client.rules | |
105 | include $RULE_PATH/community-misc.rules | |
106 | include $RULE_PATH/community-nntp.rules | |
107 | include $RULE_PATH/community-oracle.rules | |
108 | include $RULE_PATH/community-policy.rules | |
46dff713 MT |
109 | include $RULE_PATH/community-sip.rules |
110 | include $RULE_PATH/community-smtp.rules | |
111 | include $RULE_PATH/community-sql-injection.rules | |
112 | include $RULE_PATH/community-virus.rules | |
113 | include $RULE_PATH/community-web-attacks.rules | |
114 | include $RULE_PATH/community-web-cgi.rules | |
115 | include $RULE_PATH/community-web-client.rules | |
116 | include $RULE_PATH/community-web-dos.rules | |
117 | include $RULE_PATH/community-web-iis.rules | |
118 | include $RULE_PATH/community-web-misc.rules | |
119 | include $RULE_PATH/community-web-php.rules |