Snort scripts and config update.

[people/pmueller/ipfire-2.x.git] / config / snort / snort.conf

diff --git a/config/snort/snort.conf b/config/snort/snort.conf
index 2b294eb0ad10f53699ec2230883d53cad49f64ac..bf4640624b45cdb14f502a0cea26d60de829860a 100644 (file)
--- a/config/snort/snort.conf
+++ b/config/snort/snort.conf
@@ -21,14 +21,18 @@
 # Step #1: Set the network variables.  For more information, see README.variables
 ###################################################
 
+include /etc/snort/vars
+
 # Setup the network addresses you are protecting
-var HOME_NET any
+# taken from /etc/snort vars
+#var HOME_NET any
 
 # Set up the external network addresses.  A good start may be "any"
 var EXTERNAL_NET any
 
 # List of DNS servers on your network 
-var DNS_SERVERS $HOME_NET
+# taken from /etc/snort vars
+#var DNS_SERVERS $HOME_NET
 
 # List of SMTP servers on your network
 var SMTP_SERVERS $HOME_NET
@@ -45,6 +49,9 @@ var TELNET_SERVERS $HOME_NET
 # List of ports you run web servers on
 portvar HTTP_PORTS  [80,2301,3128,7777,7779,8000,8008,8028,8080,8180,8888,9999]
 
+# List of ssh ports
+portvar SSH_PORTS  [22,222]
+
 # List of ports you want to look for SHELLCODE on.
 portvar SHELLCODE_PORTS !80
 
@@ -61,6 +68,7 @@ var RULE_PATH /etc/snort/rules
 var SO_RULE_PATH /etc/snort/so_rules
 var PREPROC_RULE_PATH /etc/snort/preproc_rules
 
+
 ###################################################
 # Step #2: Configure the decoder.  For more information, see README.decode
 ###################################################
@@ -299,5 +307,3 @@ include /etc/snort/rules/reference.config
 
 # site specific rules
 
-# Event thresholding or suppression commands. See threshold.conf 
-# include threshold.conf
\ No newline at end of file