webadmin/bpfire
1
0
Fork 0
mirror of https://github.com/vincentmli/bpfire.git synced 2026-04-14 13:02:58 +02:00
Code Issues Packages Projects Releases Wiki Activity
Files
70631572ba3fbf1e7ea83fc4e020081ecef3c4e3
bpfire/config/snort/snort.conf
maniacikarus ce8e4c835e kleiner Snort Fix und fehlendes Icon nachgeliefert 
git-svn-id: http://svn.ipfire.org/svn/ipfire/trunk@662 ea5c0bd1-69bd-2848-81d8-4f18e57aeed8
2007-07-08 21:11:50 +00:00

98 lines
3.5 KiB
Plaintext
Raw Blame History

###################################################
#
# This file contains the default snort configuration.
# for all IPFire Versions
# Unless you are totally happy with this file, please
# only change whats needed
# This file is automatically changed by
# the webinterface, too.
#
# 1) Set the network variables for your network
# 2) Configure preprocessors
# 3) Configure output plugins
# 4) Customize your rule set
#
###################################################
# Only area a user needs to edit
include /etc/snort/vars
var EXTERNAL_NET !$HOME_NET
var SMTP_SERVERS $HOME_NET
var HTTP_SERVERS $HOME_NET
var SQL_SERVERS $HOME_NET
var TELNET_SERVERS $HOME_NET
var HTTP_PORTS 80
var SSH_PORTS 22 222
var SHELLCODE_PORTS !80
var ORACLE_PORTS 1521
var AIM_SERVERS [64.12.24.0/24,64.12.25.0/24,64.12.26.14/24,64.12.28.0/24,64.12.29.0/24,64.12.161.0/24,64.12.163.0/24,205.188.5.0/24,205.188.9.0/24]
var RULE_PATH /etc/snort/rules
###################################################
# Do NOT Edit past this line
###################################################
config detection: search-method lowmem
preprocessor flow: memcap 2097152, stats_interval 0, hash 2
preprocessor frag2: memcap 2097152
preprocessor stream4: memcap 2097152, detect_scans, disable_evasion_alerts
preprocessor stream4_reassemble: noalerts
preprocessor http_inspect: global iis_unicode_map unicode.map 1252
preprocessor http_inspect_server: server default profile all ports { 80 8080 }
preprocessor rpc_decode: 111 32771
preprocessor bo
preprocessor telnet_decode
preprocessor flow-portscan: \
scoreboard-memcap-talker 1048576 \
scoreboard-rows-talker 10000 \
talker-sliding-scale-factor 0.50 \
talker-fixed-threshold 30 \
talker-sliding-threshold 30 \
talker-sliding-window 20 \
talker-fixed-window 30 \
scoreboard-memcap-scanner 1048576 \
scoreboard-rows-scanner 10000 \
scanner-sliding-window 20 \
scanner-sliding-scale-factor 0.50 \
scanner-fixed-threshold 15 \
scanner-sliding-threshold 40 \
scanner-fixed-window 15 \
unique-memcap 1048576 \
unique-rows 10000 \
server-memcap 1048576 \
server-rows 10000 \
server-watchnet $HOME_NET \
server-ignore-limit 100 \
server-learning-time 3600 \
server-scanner-limit 4 \
alert-mode once \
output-mode msg \
tcp-penalties on
#=========================================
include $RULE_PATH/classification.config
include $RULE_PATH/reference.config
#=========================================
include $RULE_PATH/community-bot.rules
include $RULE_PATH/community-deleted.rules
include $RULE_PATH/community-dos.rules
include $RULE_PATH/community-exploit.rules
include $RULE_PATH/community-ftp.rules
include $RULE_PATH/community-game.rules
include $RULE_PATH/community-icmp.rules
include $RULE_PATH/community-imap.rules
include $RULE_PATH/community-inappropriate.rules
include $RULE_PATH/community-mail-client.rules
include $RULE_PATH/community-misc.rules
include $RULE_PATH/community-nntp.rules
include $RULE_PATH/community-oracle.rules
include $RULE_PATH/community-policy.rules
include $RULE_PATH/community-sip.rules
include $RULE_PATH/community-smtp.rules
include $RULE_PATH/community-sql-injection.rules
include $RULE_PATH/community-virus.rules
include $RULE_PATH/community-web-attacks.rules
include $RULE_PATH/community-web-cgi.rules
include $RULE_PATH/community-web-client.rules
include $RULE_PATH/community-web-dos.rules
include $RULE_PATH/community-web-iis.rules
include $RULE_PATH/community-web-misc.rules
include $RULE_PATH/community-web-php.rules
Reference in New Issue View Git Blame Copy Permalink