webadmin/bpfire
1
0
Fork 0
mirror of https://github.com/vincentmli/bpfire.git synced 2026-04-28 03:33:25 +02:00
Code Issues Packages Projects Releases Wiki Activity
Files
4fba936cc84379c039c5be634a4dc5571cd86dc3
bpfire/config/snort/snort.conf
Stefan Schantl 4fba936cc8 Updated snort to Version 2.8.3.2
2009-04-07 12:11:15 +02:00

120 lines
4.3 KiB
Plaintext
Raw Blame History

###################################################
#
# This file contains the default snort configuration.
# for all IPFire Versions
# Unless you are totally happy with this file, please
# only change whats needed
# This file is automatically changed by
# the webinterface, too.
#
# 1) Set the network variables for your network
# 2) Configure preprocessors
# 3) Configure output plugins
# 4) Customize your rule set
#
###################################################
# Only area a user needs to edit
include /etc/snort/vars
var EXTERNAL_NET !$HOME_NET
var SMTP_SERVERS $HOME_NET
var HTTP_SERVERS $HOME_NET
var SQL_SERVERS $HOME_NET
var TELNET_SERVERS $HOME_NET
var HTTP_PORTS 80
var SSH_PORTS 22 222
var SHELLCODE_PORTS !80
var ORACLE_PORTS 1521
var AIM_SERVERS [64.12.24.0/24,64.12.25.0/24,64.12.26.14/24,64.12.28.0/24,64.12.29.0/24,64.12.161.0/24,64.12.163.0/24,205.188.5.0/24,205.188.9.0/24]
var RULE_PATH /etc/snort/rules
dynamicengine /usr/lib/snort_dynamicengine/libsf_engine.so
dynamicpreprocessor directory /usr/lib/snort_dynamicpreprocessor/
###################################################
# Do NOT Edit past this line
###################################################
config detection: search-method lowmem
preprocessor flow: memcap 2097152, stats_interval 0, hash 2
#preprocessor frag2: memcap 2097152
preprocessor frag3_global: max_frags 65536
preprocessor frag3_engine: policy first detect_anomalies
preprocessor stream4: memcap 2097152, detect_scans, disable_evasion_alerts
preprocessor stream4_reassemble: noalerts
# preprocessor http_inspect: global iis_unicode_map unicode.map 1252
# preprocessor http_inspect_server: server default profile all ports { 80 8080 }
preprocessor rpc_decode: 111 32771
preprocessor bo
#preprocessor telnet_decode
preprocessor ftp_telnet: global \
encrypted_traffic yes \
inspection_type stateful
preprocessor ftp_telnet_protocol: telnet \
normalize \
ayt_attack_thresh 200
preprocessor ftp_telnet_protocol: ftp server default \
def_max_param_len 100 \
alt_max_param_len 200 { CWD } \
cmd_validity MODE < char ASBCZ > \
cmd_validity MDTM < [ date nnnnnnnnnnnnnn[.n[n[n]]] ] string > \
chk_str_fmt { USER PASS RNFR RNTO SITE MKD } \
telnet_cmds yes \
data_chan
preprocessor ftp_telnet_protocol: ftp client default \
max_resp_len 256 \
bounce yes \
telnet_cmds yes
preprocessor flow-portscan: \
scoreboard-memcap-talker 1048576 \
scoreboard-rows-talker 10000 \
talker-sliding-scale-factor 0.50 \
talker-fixed-threshold 30 \
talker-sliding-threshold 30 \
talker-sliding-window 20 \
talker-fixed-window 30 \
scoreboard-memcap-scanner 1048576 \
scoreboard-rows-scanner 10000 \
scanner-sliding-window 20 \
scanner-sliding-scale-factor 0.50 \
scanner-fixed-threshold 15 \
scanner-sliding-threshold 40 \
scanner-fixed-window 15 \
unique-memcap 1048576 \
unique-rows 10000 \
server-memcap 1048576 \
server-rows 10000 \
server-watchnet $HOME_NET \
server-ignore-limit 100 \
server-learning-time 3600 \
server-scanner-limit 4 \
alert-mode once \
output-mode msg \
tcp-penalties on
#=========================================
include $RULE_PATH/classification.config
include $RULE_PATH/reference.config
#=========================================
include $RULE_PATH/community-bot.rules
include $RULE_PATH/community-deleted.rules
include $RULE_PATH/community-dos.rules
include $RULE_PATH/community-exploit.rules
include $RULE_PATH/community-ftp.rules
include $RULE_PATH/community-game.rules
include $RULE_PATH/community-icmp.rules
include $RULE_PATH/community-imap.rules
include $RULE_PATH/community-inappropriate.rules
include $RULE_PATH/community-mail-client.rules
include $RULE_PATH/community-misc.rules
include $RULE_PATH/community-nntp.rules
include $RULE_PATH/community-oracle.rules
include $RULE_PATH/community-policy.rules
include $RULE_PATH/community-sip.rules
include $RULE_PATH/community-smtp.rules
include $RULE_PATH/community-sql-injection.rules
include $RULE_PATH/community-virus.rules
include $RULE_PATH/community-web-attacks.rules
include $RULE_PATH/community-web-cgi.rules
include $RULE_PATH/community-web-client.rules
include $RULE_PATH/community-web-dos.rules
include $RULE_PATH/community-web-iis.rules
include $RULE_PATH/community-web-misc.rules
include $RULE_PATH/community-web-php.rules
Reference in New Issue View Git Blame Copy Permalink