--- etc/snort.conf.orig 2009-03-19 22:26:24.376016699 -0300 +++ etc/snort.conf 2009-03-19 22:33:04.085107881 -0300 @@ -43,7 +43,7 @@ # or you can specify the variable to be any IP address # like this: -var HOME_NET any +var HOME_NET $eth0_ADDRESS # Set up the external network addresses as well. A good start may be "any" var EXTERNAL_NET any @@ -107,7 +107,7 @@ # Path to your rules files (this can be a relative path) # Note for Windows users: You are advised to make this an absolute path, # such as: c:\snort\rules -var RULE_PATH ../rules +var RULE_PATH /etc/snort/rules var PREPROC_RULE_PATH ../preproc_rules # Configure the snort decoder @@ -191,7 +191,7 @@ # Load all dynamic preprocessors from the install path # (same as command line option --dynamic-preprocessor-lib-dir) # -dynamicpreprocessor directory /usr/local/lib/snort_dynamicpreprocessor/ +dynamicpreprocessor directory /usr/lib/snort_dynamicpreprocessor/ # # Load a specific dynamic preprocessor library from the install path # (same as command line option --dynamic-preprocessor-lib) @@ -201,7 +201,7 @@ # Load a dynamic engine from the install path # (same as command line option --dynamic-engine-lib) # -dynamicengine /usr/local/lib/snort_dynamicengine/libsf_engine.so +dynamicengine /usr/lib/snort_dynamicengine/libsf_engine.so # # Load all dynamic rules libraries from the install path # (same as command line option --dynamic-detection-lib-dir) @@ -211,7 +211,7 @@ # Load a specific dynamic rule library from the install path # (same as command line option --dynamic-detection-lib) # -# dynamicdetection file /usr/local/lib/snort_dynamicrule/libdynamicexamplerule.so +dynamicdetection directory /usr/lib/snort_dynamicrule/ # ################################################### @@ -924,59 +924,34 @@ # README.alert_order for how rule ordering affects how alerts are triggered. #========================================= -include $RULE_PATH/local.rules -include $RULE_PATH/bad-traffic.rules -include $RULE_PATH/exploit.rules -include $RULE_PATH/scan.rules -include $RULE_PATH/finger.rules -include $RULE_PATH/ftp.rules -include $RULE_PATH/telnet.rules -include $RULE_PATH/rpc.rules -include $RULE_PATH/rservices.rules -include $RULE_PATH/dos.rules -include $RULE_PATH/ddos.rules -include $RULE_PATH/dns.rules -include $RULE_PATH/tftp.rules - -include $RULE_PATH/web-cgi.rules -include $RULE_PATH/web-coldfusion.rules -include $RULE_PATH/web-iis.rules -include $RULE_PATH/web-frontpage.rules -include $RULE_PATH/web-misc.rules -include $RULE_PATH/web-client.rules -include $RULE_PATH/web-php.rules - -include $RULE_PATH/sql.rules -include $RULE_PATH/x11.rules -include $RULE_PATH/icmp.rules -include $RULE_PATH/netbios.rules -include $RULE_PATH/misc.rules -include $RULE_PATH/attack-responses.rules -include $RULE_PATH/oracle.rules -include $RULE_PATH/mysql.rules -include $RULE_PATH/snmp.rules - -include $RULE_PATH/smtp.rules -include $RULE_PATH/imap.rules -include $RULE_PATH/pop2.rules -include $RULE_PATH/pop3.rules - -include $RULE_PATH/nntp.rules -include $RULE_PATH/other-ids.rules -# include $RULE_PATH/web-attacks.rules -# include $RULE_PATH/backdoor.rules -# include $RULE_PATH/shellcode.rules -# include $RULE_PATH/policy.rules -# include $RULE_PATH/porn.rules -# include $RULE_PATH/info.rules -# include $RULE_PATH/icmp-info.rules -# include $RULE_PATH/virus.rules -# include $RULE_PATH/chat.rules -# include $RULE_PATH/multimedia.rules -# include $RULE_PATH/p2p.rules -# include $RULE_PATH/spyware-put.rules -# include $RULE_PATH/specific-threats.rules -include $RULE_PATH/experimental.rules +# Community Rules +include $RULE_PATH/community-bot.rules +include $RULE_PATH/community-deleted.rules +include $RULE_PATH/community-dos.rules +include $RULE_PATH/community-exploit.rules +include $RULE_PATH/community-ftp.rules +include $RULE_PATH/community-game.rules +include $RULE_PATH/community-icmp.rules +include $RULE_PATH/community-imap.rules +include $RULE_PATH/community-inappropriate.rules +include $RULE_PATH/community-mail-client.rules +include $RULE_PATH/community-misc.rules +include $RULE_PATH/community-nntp.rules +include $RULE_PATH/community-oracle.rules +include $RULE_PATH/community-policy.rules +include $RULE_PATH/community-sip.rules +include $RULE_PATH/community-smtp.rules +include $RULE_PATH/community-sql-injection.rules +include $RULE_PATH/community-virus.rules +include $RULE_PATH/community-web-attacks.rules +include $RULE_PATH/community-web-cgi.rules +include $RULE_PATH/community-web-client.rules +include $RULE_PATH/community-web-dos.rules +include $RULE_PATH/community-web-iis.rules +include $RULE_PATH/community-web-misc.rules +include $RULE_PATH/community-web-php.rules + + # include $PREPROC_RULE_PATH/preprocessor.rules # include $PREPROC_RULE_PATH/decoder.rules