--- etc/snort.conf.orig 2008-07-03 16:44:57.000000000 -0300 +++ etc/snort.conf 2008-07-03 18:04:45.000000000 -0300 @@ -1,5 +1,5 @@ #-------------------------------------------------- -# http://www.snort.org Snort 2.8.2.1 Ruleset +# http://www.snort.org Snort 2.8.2 Ruleset # Contact: snort-sigs@lists.sourceforge.net #-------------------------------------------------- # $Id$ @@ -191,7 +191,7 @@ # Load all dynamic preprocessors from the install path # (same as command line option --dynamic-preprocessor-lib-dir) # -dynamicpreprocessor directory /usr/local/lib/snort_dynamicpreprocessor/ +dynamicpreprocessor directory /usr/lib/snort_dynamicpreprocessor/ # # Load a specific dynamic preprocessor library from the install path # (same as command line option --dynamic-preprocessor-lib) @@ -201,12 +201,12 @@ # Load a dynamic engine from the install path # (same as command line option --dynamic-engine-lib) # -dynamicengine /usr/local/lib/snort_dynamicengine/libsf_engine.so +dynamicengine /usr/lib/snort_dynamicengine/libsf_engine.so # # Load all dynamic rules libraries from the install path # (same as command line option --dynamic-detection-lib-dir) # -# dynamicdetection directory /usr/local/lib/snort_dynamicrule/ +dynamicdetection directory /usr/local/lib/snort_dynamicrule/ # # Load a specific dynamic rule library from the install path # (same as command line option --dynamic-detection-lib) @@ -487,7 +487,7 @@ # drop { client | server | general | snort_attack } # example: # preprocessor bo: noalert { general server } drop { snort_attack } -# + # # The Back Orifice detector uses Generator ID 105 and uses the # following SIDS for that GID: @@ -936,59 +936,87 @@ # README.alert_order for how rule ordering affects how alerts are triggered. #========================================= -include $RULE_PATH/local.rules -include $RULE_PATH/bad-traffic.rules -include $RULE_PATH/exploit.rules -include $RULE_PATH/scan.rules -include $RULE_PATH/finger.rules -include $RULE_PATH/ftp.rules -include $RULE_PATH/telnet.rules -include $RULE_PATH/rpc.rules -include $RULE_PATH/rservices.rules -include $RULE_PATH/dos.rules -include $RULE_PATH/ddos.rules -include $RULE_PATH/dns.rules -include $RULE_PATH/tftp.rules - -include $RULE_PATH/web-cgi.rules -include $RULE_PATH/web-coldfusion.rules -include $RULE_PATH/web-iis.rules -include $RULE_PATH/web-frontpage.rules -include $RULE_PATH/web-misc.rules -include $RULE_PATH/web-client.rules -include $RULE_PATH/web-php.rules - -include $RULE_PATH/sql.rules -include $RULE_PATH/x11.rules -include $RULE_PATH/icmp.rules -include $RULE_PATH/netbios.rules -include $RULE_PATH/misc.rules -include $RULE_PATH/attack-responses.rules -include $RULE_PATH/oracle.rules -include $RULE_PATH/mysql.rules -include $RULE_PATH/snmp.rules - -include $RULE_PATH/smtp.rules -include $RULE_PATH/imap.rules -include $RULE_PATH/pop2.rules -include $RULE_PATH/pop3.rules - -include $RULE_PATH/nntp.rules -include $RULE_PATH/other-ids.rules -# include $RULE_PATH/web-attacks.rules -# include $RULE_PATH/backdoor.rules -# include $RULE_PATH/shellcode.rules -# include $RULE_PATH/policy.rules -# include $RULE_PATH/porn.rules -# include $RULE_PATH/info.rules -# include $RULE_PATH/icmp-info.rules -# include $RULE_PATH/virus.rules -# include $RULE_PATH/chat.rules -# include $RULE_PATH/multimedia.rules -# include $RULE_PATH/p2p.rules -# include $RULE_PATH/spyware-put.rules -# include $RULE_PATH/specific-threats.rules -include $RULE_PATH/experimental.rules +#include $RULE_PATH/local.rules +#include $RULE_PATH/bad-traffic.rules +#include $RULE_PATH/exploit.rules +#include $RULE_PATH/scan.rules +#include $RULE_PATH/finger.rules +#include $RULE_PATH/ftp.rules +#include $RULE_PATH/telnet.rules +#include $RULE_PATH/rpc.rules +#include $RULE_PATH/rservices.rules +#include $RULE_PATH/dos.rules +#include $RULE_PATH/ddos.rules +#include $RULE_PATH/dns.rules +#include $RULE_PATH/tftp.rules + +#include $RULE_PATH/web-cgi.rules +#include $RULE_PATH/web-coldfusion.rules +#include $RULE_PATH/web-iis.rules +#include $RULE_PATH/web-frontpage.rules +#include $RULE_PATH/web-misc.rules +#include $RULE_PATH/web-client.rules +#include $RULE_PATH/web-php.rules + +#include $RULE_PATH/sql.rules +#include $RULE_PATH/x11.rules +#include $RULE_PATH/icmp.rules +#include $RULE_PATH/netbios.rules +#include $RULE_PATH/misc.rules +#include $RULE_PATH/attack-responses.rules +#include $RULE_PATH/oracle.rules +#include $RULE_PATH/mysql.rules +#include $RULE_PATH/snmp.rules + +#include $RULE_PATH/smtp.rules +#include $RULE_PATH/imap.rules +#include $RULE_PATH/pop2.rules +#include $RULE_PATH/pop3.rules + +#include $RULE_PATH/nntp.rules +#include $RULE_PATH/other-ids.rules +#include $RULE_PATH/web-attacks.rules +#include $RULE_PATH/backdoor.rules +#include $RULE_PATH/shellcode.rules +#include $RULE_PATH/policy.rules +#include $RULE_PATH/porn.rules +#include $RULE_PATH/info.rules +#include $RULE_PATH/icmp-info.rules +#include $RULE_PATH/virus.rules +#include $RULE_PATH/chat.rules +#include $RULE_PATH/multimedia.rules +#include $RULE_PATH/p2p.rules +#include $RULE_PATH/spyware-put.rules +#include $RULE_PATH/specific-threats.rules +#include $RULE_PATH/experimental.rules + + +# Community Rules +include $RULE_PATH/community-bot.rules +include $RULE_PATH/community-deleted.rules +include $RULE_PATH/community-dos.rules +include $RULE_PATH/community-exploit.rules +include $RULE_PATH/community-ftp.rules +include $RULE_PATH/community-game.rules +include $RULE_PATH/community-icmp.rules +include $RULE_PATH/community-imap.rules +include $RULE_PATH/community-inappropriate.rules +include $RULE_PATH/community-mail-client.rules +include $RULE_PATH/community-misc.rules +include $RULE_PATH/community-nntp.rules +include $RULE_PATH/community-oracle.rules +include $RULE_PATH/community-policy.rules +include $RULE_PATH/community-sip.rules +#include $RULE_PATH/community-smtp.rules +include $RULE_PATH/community-sql-injection.rules +#include $RULE_PATH/community-virus.rules +include $RULE_PATH/community-web-attacks.rules +include $RULE_PATH/community-web-cgi.rules +include $RULE_PATH/community-web-client.rules +include $RULE_PATH/community-web-dos.rules +include $RULE_PATH/community-web-iis.rules +include $RULE_PATH/community-web-misc.rules +include $RULE_PATH/community-web-php.rules # include $PREPROC_RULE_PATH/preprocessor.rules # include $PREPROC_RULE_PATH/decoder.rules @@ -1000,3 +1028,4 @@ # such as: c:\snort\etc\threshold.conf # Uncomment if needed. # include threshold.conf +