← Back to branch summary

~vcs-imports/ipfire/ipfire-2.x

« back to all changes in this revision

Viewing changes to config/snort/snort.conf

  • Committer: ipfire
  • Date: 2006-02-15 21:15:54 UTC
  • Revision ID: git-v1:cd1a2927226c734d96478e12bb768256fb64a06a


git-svn-id: http://svn.ipfire.org/svn/ipfire/IPFire/source@16 ea5c0bd1-69bd-2848-81d8-4f18e57aeed8

Show diffs side-by-side

added added

removed removed

Lines of Context:
config/snort/snort.conf
 
1
###################################################
 
2
#
 
3
# This file contains the default snort configuration.
 
4
# for all IPCop Versions
 
5
# Unless you are totally happy with this file,please
 
6
# only change whats needed
 
7
#
 
8
#  1) Set the network variables for your network
 
9
#  2) Configure preprocessors
 
10
#  3) Configure output plugins
 
11
#  4) Customize your rule set
 
12
#
 
13
# $Id: snort.conf,v 1.6.2.1 2005/04/28 18:38:49 gespinasse Exp $
 
14
#
 
15
###################################################
 
16
# Only area a user needs to edit
 
17
include /etc/snort/vars
 
18
var EXTERNAL_NET    !$HOME_NET
 
19
var SMTP_SERVERS    $HOME_NET
 
20
var HTTP_SERVERS    $HOME_NET
 
21
var SQL_SERVERS     $HOME_NET
 
22
var TELNET_SERVERS  $HOME_NET
 
23
var HTTP_PORTS      80
 
24
var SHELLCODE_PORTS !80
 
25
var ORACLE_PORTS    1521
 
26
var AIM_SERVERS     [64.12.24.0/24,64.12.25.0/24,64.12.26.14/24,64.12.28.0/24,64.12.29.0/24,64.12.161.0/24,64.12.163.0/24,205.188.5.0/24,205.188.9.0/24]
 
27
var RULE_PATH       /etc/snort
 
28
 
 
29
###################################################
 
30
# Do NOT Edit past this line
 
31
###################################################
 
32
config detection: search-method lowmem
 
33
preprocessor flow: memcap 2097152, stats_interval 0, hash 2
 
34
preprocessor frag2: memcap 2097152
 
35
preprocessor stream4: memcap 2097152, detect_scans, disable_evasion_alerts
 
36
preprocessor stream4_reassemble: noalerts
 
37
preprocessor http_inspect: global iis_unicode_map unicode.map 1252
 
38
preprocessor http_inspect_server: server default profile all ports { 80 8080 }
 
39
preprocessor rpc_decode: 111 32771
 
40
preprocessor bo
 
41
preprocessor telnet_decode
 
42
preprocessor flow-portscan: \
 
43
        scoreboard-memcap-talker 1048576 \
 
44
        scoreboard-rows-talker 10000 \
 
45
        talker-sliding-scale-factor 0.50 \
 
46
        talker-fixed-threshold 30 \
 
47
        talker-sliding-threshold 30 \
 
48
        talker-sliding-window 20 \
 
49
        talker-fixed-window 30 \
 
50
        scoreboard-memcap-scanner 1048576 \
 
51
        scoreboard-rows-scanner 10000 \
 
52
        scanner-sliding-window 20 \
 
53
        scanner-sliding-scale-factor 0.50 \
 
54
        scanner-fixed-threshold 15 \
 
55
        scanner-sliding-threshold 40 \
 
56
        scanner-fixed-window 15 \
 
57
        unique-memcap 1048576 \
 
58
        unique-rows 10000 \
 
59
        server-memcap 1048576 \
 
60
        server-rows 10000 \
 
61
        server-watchnet $HOME_NET \
 
62
        server-ignore-limit 100 \
 
63
        server-learning-time 3600 \
 
64
        server-scanner-limit 4 \
 
65
        alert-mode once \
 
66
        output-mode msg \
 
67
        tcp-penalties on
 
68
preprocessor xlink2state: ports { 25 691 }
 
69
#=========================================
 
70
include $RULE_PATH/classification.config
 
71
include $RULE_PATH/reference.config
 
72
#=========================================
 
73
include $RULE_PATH/bad-traffic.rules
 
74
include $RULE_PATH/exploit.rules
 
75
include $RULE_PATH/scan.rules
 
76
include $RULE_PATH/finger.rules
 
77
include $RULE_PATH/ftp.rules
 
78
include $RULE_PATH/telnet.rules
 
79
include $RULE_PATH/rpc.rules
 
80
include $RULE_PATH/rservices.rules
 
81
include $RULE_PATH/dos.rules
 
82
include $RULE_PATH/ddos.rules
 
83
include $RULE_PATH/dns.rules
 
84
include $RULE_PATH/tftp.rules
 
85
 
 
86
include $RULE_PATH/web-cgi.rules
 
87
include $RULE_PATH/web-coldfusion.rules
 
88
include $RULE_PATH/web-iis.rules
 
89
include $RULE_PATH/web-frontpage.rules
 
90
include $RULE_PATH/web-misc.rules
 
91
include $RULE_PATH/web-client.rules
 
92
include $RULE_PATH/web-php.rules
 
93
 
 
94
include $RULE_PATH/sql.rules
 
95
include $RULE_PATH/x11.rules
 
96
include $RULE_PATH/icmp.rules
 
97
include $RULE_PATH/netbios.rules
 
98
include $RULE_PATH/misc.rules
 
99
include $RULE_PATH/attack-responses.rules
 
100
include $RULE_PATH/oracle.rules
 
101
include $RULE_PATH/mysql.rules
 
102
include $RULE_PATH/snmp.rules
 
103
 
 
104
include $RULE_PATH/smtp.rules
 
105
include $RULE_PATH/imap.rules
 
106
include $RULE_PATH/pop2.rules
 
107
include $RULE_PATH/pop3.rules
 
108
 
 
109
include $RULE_PATH/nntp.rules
 
110
include $RULE_PATH/other-ids.rules
 
111
# include $RULE_PATH/web-attacks.rules
 
112
# include $RULE_PATH/backdoor.rules
 
113
# include $RULE_PATH/shellcode.rules
 
114
# include $RULE_PATH/policy.rules
 
115
# include $RULE_PATH/porn.rules
 
116
# include $RULE_PATH/info.rules
 
117
# include $RULE_PATH/icmp-info.rules
 
118
# include $RULE_PATH/virus.rules
 
119
# include $RULE_PATH/chat.rules
 
120
# include $RULE_PATH/multimedia.rules
 
121
# include $RULE_PATH/p2p.rules
 
122
# include $RULE_PATH/experimental.rules
 
123
include $RULE_PATH/local.rules