Pull request #3596: ips_options: set ips.obfuscate_pii to true by default

author Oleksii Shumeiko -X (oshumeik - SOFTSERVE INC at Cisco) <oshumeik@cisco.com>

Thu, 22 Sep 2022 12:52:19 +0000 (12:52 +0000)

committer Oleksii Shumeiko -X (oshumeik - SOFTSERVE INC at Cisco) <oshumeik@cisco.com>

Thu, 22 Sep 2022 12:52:19 +0000 (12:52 +0000)
author Oleksii Shumeiko -X (oshumeik - SOFTSERVE INC at Cisco) <oshumeik@cisco.com>
Thu, 22 Sep 2022 12:52:19 +0000 (12:52 +0000)
committer Oleksii Shumeiko -X (oshumeik - SOFTSERVE INC at Cisco) <oshumeik@cisco.com>
Thu, 22 Sep 2022 12:52:19 +0000 (12:52 +0000)
diff --git a/doc/user/sensitive_data.txt b/doc/user/sensitive_data.txt

index 391b6c7e2ec5444386c15aee3abc388978c19abd..10a3b9a9121a09748639174a9bb3b8351a996764 100644 (file)
--- a/doc/user/sensitive_data.txt
+++ b/doc/user/sensitive_data.txt
@@ -87,7 +87,7 @@ in a packet, you will not see an event.
  Snort provides discreet logging for the built-in patterns "credit_card",
  "us_social", "us_social_nodashes", "us_phone" and "email". Enabling
  `ips.obfuscate_pii` makes Snort obfuscate the suspect packet payload which
-was matched by the patterns. This configuration is disabled by default.
+was matched by the patterns. This configuration is enabled by default.
  
      ips =
      { 
diff --git a/src/main/modules.cc b/src/main/modules.cc

index fd9808dd524042401d1fdf1f412254cee000524a..a356fcd884c55b46531502e424624142d43b51fd 100644 (file)
--- a/src/main/modules.cc
+++ b/src/main/modules.cc
@@ -1150,8 +1150,8 @@ static const Parameter ips_params[] =
      { "mode", Parameter::PT_ENUM, "tap | inline | inline-test", nullptr,
        "set policy mode" },
  
-    { "obfuscate_pii", Parameter::PT_BOOL, nullptr, "false",
-      "mask all but the last 4 characters of credit card and social security numbers" },
+    { "obfuscate_pii", Parameter::PT_BOOL, nullptr, "true",
+      "mask all but the last 4 characters of credit card, SSN, phone number, and email" },
  
      { "rules", Parameter::PT_STRING, nullptr, nullptr,
        "snort rules and includes (may contain states too)" },
diff --git a/src/main/policy.cc b/src/main/policy.cc

index ab699fb00670a497a491603e1d43660c3df83354..0f3b0719010cd7691fe1772a91dacae519a64cc5 100644 (file)
--- a/src/main/policy.cc
+++ b/src/main/policy.cc
@@ -193,7 +193,7 @@ IpsPolicy::IpsPolicy(PolicyId id) : action(Actions::get_max_types(), nullptr)
      nonamePortVarTable = PortTableNew();
  
      enable_builtin_rules = false;
-    obfuscate_pii = false;
+    obfuscate_pii = true;
  }
  
  IpsPolicy::~IpsPolicy()
author	Oleksii Shumeiko -X (oshumeik - SOFTSERVE INC at Cisco) <oshumeik@cisco.com>
	Thu, 22 Sep 2022 12:52:19 +0000 (12:52 +0000)
committer	Oleksii Shumeiko -X (oshumeik - SOFTSERVE INC at Cisco) <oshumeik@cisco.com>
	Thu, 22 Sep 2022 12:52:19 +0000 (12:52 +0000)
doc/user/sensitive_data.txt		patch \| blob \| blame \| history
src/main/modules.cc		patch \| blob \| blame \| history
src/main/policy.cc		patch \| blob \| blame \| history