mirror of
https://github.com/archlinuxarm/PKGBUILDs.git
synced 2024-11-18 22:54:00 +00:00
188 lines
6.4 KiB
Diff
188 lines
6.4 KiB
Diff
--- etc/snort.conf.orig 2008-07-03 16:44:57.000000000 -0300
|
|
+++ etc/snort.conf 2008-07-03 18:04:45.000000000 -0300
|
|
@@ -1,5 +1,5 @@
|
|
#--------------------------------------------------
|
|
-# http://www.snort.org Snort 2.8.2.1 Ruleset
|
|
+# http://www.snort.org Snort 2.8.2 Ruleset
|
|
# Contact: snort-sigs@lists.sourceforge.net
|
|
#--------------------------------------------------
|
|
# $Id$
|
|
@@ -191,7 +191,7 @@
|
|
# Load all dynamic preprocessors from the install path
|
|
# (same as command line option --dynamic-preprocessor-lib-dir)
|
|
#
|
|
-dynamicpreprocessor directory /usr/local/lib/snort_dynamicpreprocessor/
|
|
+dynamicpreprocessor directory /usr/lib/snort_dynamicpreprocessor/
|
|
#
|
|
# Load a specific dynamic preprocessor library from the install path
|
|
# (same as command line option --dynamic-preprocessor-lib)
|
|
@@ -201,12 +201,12 @@
|
|
# Load a dynamic engine from the install path
|
|
# (same as command line option --dynamic-engine-lib)
|
|
#
|
|
-dynamicengine /usr/local/lib/snort_dynamicengine/libsf_engine.so
|
|
+dynamicengine /usr/lib/snort_dynamicengine/libsf_engine.so
|
|
#
|
|
# Load all dynamic rules libraries from the install path
|
|
# (same as command line option --dynamic-detection-lib-dir)
|
|
#
|
|
-# dynamicdetection directory /usr/local/lib/snort_dynamicrule/
|
|
+dynamicdetection directory /usr/local/lib/snort_dynamicrule/
|
|
#
|
|
# Load a specific dynamic rule library from the install path
|
|
# (same as command line option --dynamic-detection-lib)
|
|
@@ -487,7 +487,7 @@
|
|
# drop { client | server | general | snort_attack }
|
|
# example:
|
|
# preprocessor bo: noalert { general server } drop { snort_attack }
|
|
-#
|
|
+
|
|
#
|
|
# The Back Orifice detector uses Generator ID 105 and uses the
|
|
# following SIDS for that GID:
|
|
@@ -936,59 +936,87 @@
|
|
# README.alert_order for how rule ordering affects how alerts are triggered.
|
|
#=========================================
|
|
|
|
-include $RULE_PATH/local.rules
|
|
-include $RULE_PATH/bad-traffic.rules
|
|
-include $RULE_PATH/exploit.rules
|
|
-include $RULE_PATH/scan.rules
|
|
-include $RULE_PATH/finger.rules
|
|
-include $RULE_PATH/ftp.rules
|
|
-include $RULE_PATH/telnet.rules
|
|
-include $RULE_PATH/rpc.rules
|
|
-include $RULE_PATH/rservices.rules
|
|
-include $RULE_PATH/dos.rules
|
|
-include $RULE_PATH/ddos.rules
|
|
-include $RULE_PATH/dns.rules
|
|
-include $RULE_PATH/tftp.rules
|
|
-
|
|
-include $RULE_PATH/web-cgi.rules
|
|
-include $RULE_PATH/web-coldfusion.rules
|
|
-include $RULE_PATH/web-iis.rules
|
|
-include $RULE_PATH/web-frontpage.rules
|
|
-include $RULE_PATH/web-misc.rules
|
|
-include $RULE_PATH/web-client.rules
|
|
-include $RULE_PATH/web-php.rules
|
|
-
|
|
-include $RULE_PATH/sql.rules
|
|
-include $RULE_PATH/x11.rules
|
|
-include $RULE_PATH/icmp.rules
|
|
-include $RULE_PATH/netbios.rules
|
|
-include $RULE_PATH/misc.rules
|
|
-include $RULE_PATH/attack-responses.rules
|
|
-include $RULE_PATH/oracle.rules
|
|
-include $RULE_PATH/mysql.rules
|
|
-include $RULE_PATH/snmp.rules
|
|
-
|
|
-include $RULE_PATH/smtp.rules
|
|
-include $RULE_PATH/imap.rules
|
|
-include $RULE_PATH/pop2.rules
|
|
-include $RULE_PATH/pop3.rules
|
|
-
|
|
-include $RULE_PATH/nntp.rules
|
|
-include $RULE_PATH/other-ids.rules
|
|
-# include $RULE_PATH/web-attacks.rules
|
|
-# include $RULE_PATH/backdoor.rules
|
|
-# include $RULE_PATH/shellcode.rules
|
|
-# include $RULE_PATH/policy.rules
|
|
-# include $RULE_PATH/porn.rules
|
|
-# include $RULE_PATH/info.rules
|
|
-# include $RULE_PATH/icmp-info.rules
|
|
-# include $RULE_PATH/virus.rules
|
|
-# include $RULE_PATH/chat.rules
|
|
-# include $RULE_PATH/multimedia.rules
|
|
-# include $RULE_PATH/p2p.rules
|
|
-# include $RULE_PATH/spyware-put.rules
|
|
-# include $RULE_PATH/specific-threats.rules
|
|
-include $RULE_PATH/experimental.rules
|
|
+#include $RULE_PATH/local.rules
|
|
+#include $RULE_PATH/bad-traffic.rules
|
|
+#include $RULE_PATH/exploit.rules
|
|
+#include $RULE_PATH/scan.rules
|
|
+#include $RULE_PATH/finger.rules
|
|
+#include $RULE_PATH/ftp.rules
|
|
+#include $RULE_PATH/telnet.rules
|
|
+#include $RULE_PATH/rpc.rules
|
|
+#include $RULE_PATH/rservices.rules
|
|
+#include $RULE_PATH/dos.rules
|
|
+#include $RULE_PATH/ddos.rules
|
|
+#include $RULE_PATH/dns.rules
|
|
+#include $RULE_PATH/tftp.rules
|
|
+
|
|
+#include $RULE_PATH/web-cgi.rules
|
|
+#include $RULE_PATH/web-coldfusion.rules
|
|
+#include $RULE_PATH/web-iis.rules
|
|
+#include $RULE_PATH/web-frontpage.rules
|
|
+#include $RULE_PATH/web-misc.rules
|
|
+#include $RULE_PATH/web-client.rules
|
|
+#include $RULE_PATH/web-php.rules
|
|
+
|
|
+#include $RULE_PATH/sql.rules
|
|
+#include $RULE_PATH/x11.rules
|
|
+#include $RULE_PATH/icmp.rules
|
|
+#include $RULE_PATH/netbios.rules
|
|
+#include $RULE_PATH/misc.rules
|
|
+#include $RULE_PATH/attack-responses.rules
|
|
+#include $RULE_PATH/oracle.rules
|
|
+#include $RULE_PATH/mysql.rules
|
|
+#include $RULE_PATH/snmp.rules
|
|
+
|
|
+#include $RULE_PATH/smtp.rules
|
|
+#include $RULE_PATH/imap.rules
|
|
+#include $RULE_PATH/pop2.rules
|
|
+#include $RULE_PATH/pop3.rules
|
|
+
|
|
+#include $RULE_PATH/nntp.rules
|
|
+#include $RULE_PATH/other-ids.rules
|
|
+#include $RULE_PATH/web-attacks.rules
|
|
+#include $RULE_PATH/backdoor.rules
|
|
+#include $RULE_PATH/shellcode.rules
|
|
+#include $RULE_PATH/policy.rules
|
|
+#include $RULE_PATH/porn.rules
|
|
+#include $RULE_PATH/info.rules
|
|
+#include $RULE_PATH/icmp-info.rules
|
|
+#include $RULE_PATH/virus.rules
|
|
+#include $RULE_PATH/chat.rules
|
|
+#include $RULE_PATH/multimedia.rules
|
|
+#include $RULE_PATH/p2p.rules
|
|
+#include $RULE_PATH/spyware-put.rules
|
|
+#include $RULE_PATH/specific-threats.rules
|
|
+#include $RULE_PATH/experimental.rules
|
|
+
|
|
+
|
|
+# Community Rules
|
|
+include $RULE_PATH/community-bot.rules
|
|
+include $RULE_PATH/community-deleted.rules
|
|
+include $RULE_PATH/community-dos.rules
|
|
+include $RULE_PATH/community-exploit.rules
|
|
+include $RULE_PATH/community-ftp.rules
|
|
+include $RULE_PATH/community-game.rules
|
|
+include $RULE_PATH/community-icmp.rules
|
|
+include $RULE_PATH/community-imap.rules
|
|
+include $RULE_PATH/community-inappropriate.rules
|
|
+include $RULE_PATH/community-mail-client.rules
|
|
+include $RULE_PATH/community-misc.rules
|
|
+include $RULE_PATH/community-nntp.rules
|
|
+include $RULE_PATH/community-oracle.rules
|
|
+include $RULE_PATH/community-policy.rules
|
|
+include $RULE_PATH/community-sip.rules
|
|
+#include $RULE_PATH/community-smtp.rules
|
|
+include $RULE_PATH/community-sql-injection.rules
|
|
+#include $RULE_PATH/community-virus.rules
|
|
+include $RULE_PATH/community-web-attacks.rules
|
|
+include $RULE_PATH/community-web-cgi.rules
|
|
+include $RULE_PATH/community-web-client.rules
|
|
+include $RULE_PATH/community-web-dos.rules
|
|
+include $RULE_PATH/community-web-iis.rules
|
|
+include $RULE_PATH/community-web-misc.rules
|
|
+include $RULE_PATH/community-web-php.rules
|
|
|
|
# include $PREPROC_RULE_PATH/preprocessor.rules
|
|
# include $PREPROC_RULE_PATH/decoder.rules
|
|
@@ -1000,3 +1028,4 @@
|
|
# such as: c:\snort\etc\threshold.conf
|
|
# Uncomment if needed.
|
|
# include threshold.conf
|
|
+
|