From: Oleksii Shumeiko -X (oshumeik - SOFTSERVE INC at Cisco) Date: Thu, 22 Sep 2022 12:52:19 +0000 (+0000) Subject: Pull request #3596: ips_options: set ips.obfuscate_pii to true by default X-Git-Tag: 3.1.42.0~2 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=559471d18e31144b02a471bb7548537c5c200f1b;p=thirdparty%2Fsnort3.git Pull request #3596: ips_options: set ips.obfuscate_pii to true by default Merge in SNORT/snort3 from ~VHORBATO/snort3:sd_masking to master Squashed commit of the following: commit 0df025c604ca7bb36e02b3a70c32b8463cfb5ba6 Author: Vitalii Date: Mon Sep 19 22:28:55 2022 +0300 ips_options: change ips.obfuscate_pii to be true by default --- diff --git a/doc/user/sensitive_data.txt b/doc/user/sensitive_data.txt index 391b6c7e2..10a3b9a91 100644 --- a/doc/user/sensitive_data.txt +++ b/doc/user/sensitive_data.txt @@ -87,7 +87,7 @@ in a packet, you will not see an event. Snort provides discreet logging for the built-in patterns "credit_card", "us_social", "us_social_nodashes", "us_phone" and "email". Enabling `ips.obfuscate_pii` makes Snort obfuscate the suspect packet payload which -was matched by the patterns. This configuration is disabled by default. +was matched by the patterns. This configuration is enabled by default. ips = { diff --git a/src/main/modules.cc b/src/main/modules.cc index fd9808dd5..a356fcd88 100644 --- a/src/main/modules.cc +++ b/src/main/modules.cc @@ -1150,8 +1150,8 @@ static const Parameter ips_params[] = { "mode", Parameter::PT_ENUM, "tap | inline | inline-test", nullptr, "set policy mode" }, - { "obfuscate_pii", Parameter::PT_BOOL, nullptr, "false", - "mask all but the last 4 characters of credit card and social security numbers" }, + { "obfuscate_pii", Parameter::PT_BOOL, nullptr, "true", + "mask all but the last 4 characters of credit card, SSN, phone number, and email" }, { "rules", Parameter::PT_STRING, nullptr, nullptr, "snort rules and includes (may contain states too)" }, diff --git a/src/main/policy.cc b/src/main/policy.cc index ab699fb00..0f3b07190 100644 --- a/src/main/policy.cc +++ b/src/main/policy.cc @@ -193,7 +193,7 @@ IpsPolicy::IpsPolicy(PolicyId id) : action(Actions::get_max_types(), nullptr) nonamePortVarTable = PortTableNew(); enable_builtin_rules = false; - obfuscate_pii = false; + obfuscate_pii = true; } IpsPolicy::~IpsPolicy()