1
0

750-lightweight-config.patch 5.8 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178
  1. --- snort-wireless-2.4.3-alpha04/etc/snort.conf 2005-10-21 09:41:01.000000000 +0200
  2. +++ /Users/florian/telechargements/snort.conf 2005-10-30 13:20:17.000000000 +0100
  3. @@ -6,6 +6,7 @@
  4. #
  5. ###################################################
  6. # This file contains a sample snort configuration.
  7. +# Most preprocessors and rules were disabled to save memory.
  8. # You can take the following steps to create your own custom configuration:
  9. #
  10. # 1) Set the variables for your network
  11. @@ -42,10 +43,10 @@
  12. # or you can specify the variable to be any IP address
  13. # like this:
  14. -var HOME_NET any
  15. +var HOME_NET 192.168.1.0/24
  16. # Set up the external network addresses as well. A good start may be "any"
  17. -var EXTERNAL_NET any
  18. +var EXTERNAL_NET !$HOME_NET
  19. # Configure your wireless AP lists. This allows snort to look for attacks
  20. # against your wireless network, such as rogue access points or adhoc wireless
  21. @@ -137,7 +138,7 @@
  22. # Path to your rules files (this can be a relative path)
  23. # Note for Windows users: You are advised to make this an absolute path,
  24. # such as: c:\snort\rules
  25. -var RULE_PATH ../rules
  26. +var RULE_PATH /etc/snort/rules
  27. # Configure the snort decoder
  28. # ============================
  29. @@ -413,11 +414,11 @@
  30. # lots of options available here. See doc/README.http_inspect.
  31. # unicode.map should be wherever your snort.conf lives, or given
  32. # a full path to where snort can find it.
  33. -preprocessor http_inspect: global \
  34. - iis_unicode_map unicode.map 1252
  35. +#preprocessor http_inspect: global \
  36. +# iis_unicode_map unicode.map 1252
  37. -preprocessor http_inspect_server: server default \
  38. - profile all ports { 80 8080 8180 } oversize_dir_length 500
  39. +#preprocessor http_inspect_server: server default \
  40. +# profile all ports { 80 8080 8180 } oversize_dir_length 500
  41. #
  42. # Example unique server configuration
  43. @@ -451,7 +452,7 @@
  44. # no_alert_incomplete - don't alert when a single segment
  45. # exceeds the current packet size
  46. -preprocessor rpc_decode: 111 32771
  47. +#preprocessor rpc_decode: 111 32771
  48. # bo: Back Orifice detector
  49. # -------------------------
  50. @@ -474,7 +475,7 @@
  51. # 3 Back Orifice Server Traffic Detected
  52. # 4 Back Orifice Snort Buffer Attack
  53. -preprocessor bo
  54. +#preprocessor bo
  55. # telnet_decode: Telnet negotiation string normalizer
  56. # ---------------------------------------------------
  57. @@ -486,7 +487,7 @@
  58. # This preprocessor requires no arguments.
  59. # Portscan uses Generator ID 109 and does not generate any SID currently.
  60. -preprocessor telnet_decode
  61. +#preprocessor telnet_decode
  62. # sfPortscan
  63. # ----------
  64. @@ -537,9 +538,9 @@
  65. # are still watched as scanner hosts. The 'ignore_scanned' option is
  66. # used to tune alerts from very active hosts such as syslog servers, etc.
  67. #
  68. -preprocessor sfportscan: proto { all } \
  69. - memcap { 10000000 } \
  70. - sense_level { low }
  71. +#preprocessor sfportscan: proto { all } \
  72. +# memcap { 10000000 } \
  73. +# sense_level { low }
  74. # arpspoof
  75. #----------------------------------------
  76. @@ -814,41 +815,41 @@
  77. include $RULE_PATH/bad-traffic.rules
  78. include $RULE_PATH/exploit.rules
  79. include $RULE_PATH/scan.rules
  80. -include $RULE_PATH/finger.rules
  81. -include $RULE_PATH/ftp.rules
  82. -include $RULE_PATH/telnet.rules
  83. -include $RULE_PATH/rpc.rules
  84. -include $RULE_PATH/rservices.rules
  85. -include $RULE_PATH/dos.rules
  86. -include $RULE_PATH/ddos.rules
  87. -include $RULE_PATH/dns.rules
  88. -include $RULE_PATH/tftp.rules
  89. -
  90. -include $RULE_PATH/web-cgi.rules
  91. -include $RULE_PATH/web-coldfusion.rules
  92. -include $RULE_PATH/web-iis.rules
  93. -include $RULE_PATH/web-frontpage.rules
  94. -include $RULE_PATH/web-misc.rules
  95. -include $RULE_PATH/web-client.rules
  96. -include $RULE_PATH/web-php.rules
  97. -
  98. -include $RULE_PATH/sql.rules
  99. -include $RULE_PATH/x11.rules
  100. -include $RULE_PATH/icmp.rules
  101. -include $RULE_PATH/netbios.rules
  102. -include $RULE_PATH/misc.rules
  103. -include $RULE_PATH/attack-responses.rules
  104. -include $RULE_PATH/oracle.rules
  105. -include $RULE_PATH/mysql.rules
  106. -include $RULE_PATH/snmp.rules
  107. -
  108. -include $RULE_PATH/smtp.rules
  109. -include $RULE_PATH/imap.rules
  110. -include $RULE_PATH/pop2.rules
  111. -include $RULE_PATH/pop3.rules
  112. +#include $RULE_PATH/finger.rules
  113. +#include $RULE_PATH/ftp.rules
  114. +#include $RULE_PATH/telnet.rules
  115. +#include $RULE_PATH/rpc.rules
  116. +#include $RULE_PATH/rservices.rules
  117. +#include $RULE_PATH/dos.rules
  118. +#include $RULE_PATH/ddos.rules
  119. +#include $RULE_PATH/dns.rules
  120. +#include $RULE_PATH/tftp.rules
  121. +
  122. +#include $RULE_PATH/web-cgi.rules
  123. +#include $RULE_PATH/web-coldfusion.rules
  124. +#include $RULE_PATH/web-iis.rules
  125. +#include $RULE_PATH/web-frontpage.rules
  126. +#include $RULE_PATH/web-misc.rules
  127. +#include $RULE_PATH/web-client.rules
  128. +#include $RULE_PATH/web-php.rules
  129. +
  130. +#include $RULE_PATH/sql.rules
  131. +#include $RULE_PATH/x11.rules
  132. +#include $RULE_PATH/icmp.rules
  133. +#include $RULE_PATH/netbios.rules
  134. +#include $RULE_PATH/misc.rules
  135. +#include $RULE_PATH/attack-responses.rules
  136. +#include $RULE_PATH/oracle.rules
  137. +#include $RULE_PATH/mysql.rules
  138. +#include $RULE_PATH/snmp.rules
  139. +
  140. +#include $RULE_PATH/smtp.rules
  141. +#include $RULE_PATH/imap.rules
  142. +#include $RULE_PATH/pop2.rules
  143. +#include $RULE_PATH/pop3.rules
  144. -include $RULE_PATH/nntp.rules
  145. -include $RULE_PATH/other-ids.rules
  146. +#include $RULE_PATH/nntp.rules
  147. +#include $RULE_PATH/other-ids.rules
  148. # include $RULE_PATH/web-attacks.rules
  149. # include $RULE_PATH/backdoor.rules
  150. # include $RULE_PATH/shellcode.rules
  151. @@ -856,11 +857,11 @@
  152. # include $RULE_PATH/porn.rules
  153. # include $RULE_PATH/info.rules
  154. # include $RULE_PATH/icmp-info.rules
  155. - include $RULE_PATH/virus.rules
  156. +# include $RULE_PATH/virus.rules
  157. # include $RULE_PATH/chat.rules
  158. # include $RULE_PATH/multimedia.rules
  159. # include $RULE_PATH/p2p.rules
  160. -include $RULE_PATH/experimental.rules
  161. +#include $RULE_PATH/experimental.rules
  162. #include $RULE_PATH/wifi.rules
  163. # Include any thresholding or suppression commands. See threshold.conf in the