Snort scripts and config update.

2026-04-28 11:43:25 +02:00 · 2010-06-17 23:23:02 +02:00
parent 6886b70cfc
commit 8dc25f04ba
6 changed files with 68 additions and 54 deletions
--- a/config/snort/snort.conf
+++ b/config/snort/snort.conf
@@ -21,14 +21,18 @@
 # Step #1: Set the network variables.  For more information, see README.variables
 ###################################################

+include /etc/snort/vars
+
 # Setup the network addresses you are protecting
-var HOME_NET any
+# taken from /etc/snort vars
+#var HOME_NET any

 # Set up the external network addresses.  A good start may be "any"
 var EXTERNAL_NET any

 # List of DNS servers on your network 
-var DNS_SERVERS $HOME_NET
+# taken from /etc/snort vars
+#var DNS_SERVERS $HOME_NET

 # List of SMTP servers on your network
 var SMTP_SERVERS $HOME_NET
@@ -45,6 +49,9 @@ var TELNET_SERVERS $HOME_NET
 # List of ports you run web servers on
 portvar HTTP_PORTS  [80,2301,3128,7777,7779,8000,8008,8028,8080,8180,8888,9999]

+# List of ssh ports
+portvar SSH_PORTS  [22,222]
+
 # List of ports you want to look for SHELLCODE on.
 portvar SHELLCODE_PORTS !80

@@ -61,6 +68,7 @@ var RULE_PATH /etc/snort/rules
 var SO_RULE_PATH /etc/snort/so_rules
 var PREPROC_RULE_PATH /etc/snort/preproc_rules

+
 ###################################################
 # Step #2: Configure the decoder.  For more information, see README.decode
 ###################################################
@@ -299,5 +307,3 @@ include /etc/snort/rules/reference.config

 # site specific rules

-# Event thresholding or suppression commands. See threshold.conf 
-# include threshold.conf