Domovská stránka Prehľadávať Pomoc
Prihlásiť sa
oss
/
openadk
4
1
Fork 3
Súbory Issues 1 Pull requesty 0 Wiki
Strom: d4f7c53cb3
Branche Tagy
openadk
/
package
/
snort-wireless
/
patches
/
750-lightweight-config.patch

750-lightweight-config.patch 5.8 KB
História Raw

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178 
  1. --- snort-wireless-2.4.3-alpha04/etc/snort.conf	2005-10-21 09:41:01.000000000 +0200
    2. 

  2. +++ /Users/florian/telechargements/snort.conf	2005-10-30 13:20:17.000000000 +0100
    3. 

  3. @@ -6,6 +6,7 @@
    4. 

  4.  #
    5. 

  5.  ###################################################
    6. 

  6.  # This file contains a sample snort configuration. 
    7. 

  7. +# Most preprocessors and rules were disabled to save memory.
    8. 

  8.  # You can take the following steps to create your own custom configuration:
    9. 

  9.  #
    10. 

  10.  #  1) Set the variables for your network
    11. 

  11. @@ -42,10 +43,10 @@
    12. 

  12.  # or you can specify the variable to be any IP address
    13. 

  13.  # like this:
    14. 

  14.  
    15. 

  15. -var HOME_NET any
    16. 

  16. +var HOME_NET 192.168.1.0/24
    17. 

  17.  
    18. 

  18.  # Set up the external network addresses as well.  A good start may be "any"
    19. 

  19. -var EXTERNAL_NET any
    20. 

  20. +var EXTERNAL_NET !$HOME_NET
    21. 

  21.  
    22. 

  22.  # Configure your wireless AP lists.  This allows snort to look for attacks
    23. 

  23.  # against your wireless network, such as rogue access points or adhoc wireless
    24. 

  24. @@ -137,7 +138,7 @@
    25. 

  25.  # Path to your rules files (this can be a relative path)
    26. 

  26.  # Note for Windows users:  You are advised to make this an absolute path,
    27. 

  27.  # such as:  c:\snort\rules
    28. 

  28. -var RULE_PATH ../rules
    29. 

  29. +var RULE_PATH /etc/snort/rules
    30. 

  30.  
    31. 

  31.  # Configure the snort decoder
    32. 

  32.  # ============================
    33. 

  33. @@ -413,11 +414,11 @@
    34. 

  34.  # lots of options available here. See doc/README.http_inspect.
    35. 

  35.  # unicode.map should be wherever your snort.conf lives, or given
    36. 

  36.  # a full path to where snort can find it.
    37. 

  37. -preprocessor http_inspect: global \
    38. 

  38. -    iis_unicode_map unicode.map 1252 
    39. 

  39. +#preprocessor http_inspect: global \
    40. 

  40. +#    iis_unicode_map unicode.map 1252 
    41. 

  41.  
    42. 

  42. -preprocessor http_inspect_server: server default \
    43. 

  43. -    profile all ports { 80 8080 8180 } oversize_dir_length 500
    44. 

  44. +#preprocessor http_inspect_server: server default \
    45. 

  45. +#    profile all ports { 80 8080 8180 } oversize_dir_length 500
    46. 

  46.  
    47. 

  47.  #
    48. 

  48.  #  Example unique server configuration
    49. 

  49. @@ -451,7 +452,7 @@
    50. 

  50.  # no_alert_incomplete - don't alert when a single segment
    51. 

  51.  #                       exceeds the current packet size
    52. 

  52.  
    53. 

  53. -preprocessor rpc_decode: 111 32771
    54. 

  54. +#preprocessor rpc_decode: 111 32771
    55. 

  55.  
    56. 

  56.  # bo: Back Orifice detector
    57. 

  57.  # -------------------------
    58. 

  58. @@ -474,7 +475,7 @@
    59. 

  59.  #   3       Back Orifice Server Traffic Detected
    60. 

  60.  #   4       Back Orifice Snort Buffer Attack
    61. 

  61.  
    62. 

  62. -preprocessor bo
    63. 

  63. +#preprocessor bo
    64. 

  64.  
    65. 

  65.  # telnet_decode: Telnet negotiation string normalizer
    66. 

  66.  # ---------------------------------------------------
    67. 

  67. @@ -486,7 +487,7 @@
    68. 

  68.  # This preprocessor requires no arguments.
    69. 

  69.  # Portscan uses Generator ID 109 and does not generate any SID currently.
    70. 

  70.  
    71. 

  71. -preprocessor telnet_decode
    72. 

  72. +#preprocessor telnet_decode
    73. 

  73.  
    74. 

  74.  # sfPortscan
    75. 

  75.  # ----------
    76. 

  76. @@ -537,9 +538,9 @@
    77. 

  77.  #       are still watched as scanner hosts.  The 'ignore_scanned' option is
    78. 

  78.  #       used to tune alerts from very active hosts such as syslog servers, etc.
    79. 

  79.  #
    80. 

  80. -preprocessor sfportscan: proto  { all } \
    81. 

  81. -                         memcap { 10000000 } \
    82. 

  82. -                         sense_level { low }
    83. 

  83. +#preprocessor sfportscan: proto  { all } \
    84. 

  84. +#                         memcap { 10000000 } \
    85. 

  85. +#                         sense_level { low }
    86. 

  86.  
    87. 

  87.  # arpspoof
    88. 

  88.  #----------------------------------------
    89. 

  89. @@ -814,41 +815,41 @@
    90. 

  90.  include $RULE_PATH/bad-traffic.rules
    91. 

  91.  include $RULE_PATH/exploit.rules
    92. 

  92.  include $RULE_PATH/scan.rules
    93. 

  93. -include $RULE_PATH/finger.rules
    94. 

  94. -include $RULE_PATH/ftp.rules
    95. 

  95. -include $RULE_PATH/telnet.rules
    96. 

  96. -include $RULE_PATH/rpc.rules
    97. 

  97. -include $RULE_PATH/rservices.rules
    98. 

  98. -include $RULE_PATH/dos.rules
    99. 

  99. -include $RULE_PATH/ddos.rules
    100. 

  100. -include $RULE_PATH/dns.rules
    101. 

  101. -include $RULE_PATH/tftp.rules
    102. 

  102. -
    103. 

  103. -include $RULE_PATH/web-cgi.rules
    104. 

  104. -include $RULE_PATH/web-coldfusion.rules
    105. 

  105. -include $RULE_PATH/web-iis.rules
    106. 

  106. -include $RULE_PATH/web-frontpage.rules
    107. 

  107. -include $RULE_PATH/web-misc.rules
    108. 

  108. -include $RULE_PATH/web-client.rules
    109. 

  109. -include $RULE_PATH/web-php.rules
    110. 

  110. -
    111. 

  111. -include $RULE_PATH/sql.rules
    112. 

  112. -include $RULE_PATH/x11.rules
    113. 

  113. -include $RULE_PATH/icmp.rules
    114. 

  114. -include $RULE_PATH/netbios.rules
    115. 

  115. -include $RULE_PATH/misc.rules
    116. 

  116. -include $RULE_PATH/attack-responses.rules
    117. 

  117. -include $RULE_PATH/oracle.rules
    118. 

  118. -include $RULE_PATH/mysql.rules
    119. 

  119. -include $RULE_PATH/snmp.rules
    120. 

  120. -
    121. 

  121. -include $RULE_PATH/smtp.rules
    122. 

  122. -include $RULE_PATH/imap.rules
    123. 

  123. -include $RULE_PATH/pop2.rules
    124. 

  124. -include $RULE_PATH/pop3.rules
    125. 

  125. +#include $RULE_PATH/finger.rules
    126. 

  126. +#include $RULE_PATH/ftp.rules
    127. 

  127. +#include $RULE_PATH/telnet.rules
    128. 

  128. +#include $RULE_PATH/rpc.rules
    129. 

  129. +#include $RULE_PATH/rservices.rules
    130. 

  130. +#include $RULE_PATH/dos.rules
    131. 

  131. +#include $RULE_PATH/ddos.rules
    132. 

  132. +#include $RULE_PATH/dns.rules
    133. 

  133. +#include $RULE_PATH/tftp.rules
    134. 

  134. +
    135. 

  135. +#include $RULE_PATH/web-cgi.rules
    136. 

  136. +#include $RULE_PATH/web-coldfusion.rules
    137. 

  137. +#include $RULE_PATH/web-iis.rules
    138. 

  138. +#include $RULE_PATH/web-frontpage.rules
    139. 

  139. +#include $RULE_PATH/web-misc.rules
    140. 

  140. +#include $RULE_PATH/web-client.rules
    141. 

  141. +#include $RULE_PATH/web-php.rules
    142. 

  142. +
    143. 

  143. +#include $RULE_PATH/sql.rules
    144. 

  144. +#include $RULE_PATH/x11.rules
    145. 

  145. +#include $RULE_PATH/icmp.rules
    146. 

  146. +#include $RULE_PATH/netbios.rules
    147. 

  147. +#include $RULE_PATH/misc.rules
    148. 

  148. +#include $RULE_PATH/attack-responses.rules
    149. 

  149. +#include $RULE_PATH/oracle.rules
    150. 

  150. +#include $RULE_PATH/mysql.rules
    151. 

  151. +#include $RULE_PATH/snmp.rules
    152. 

  152. +
    153. 

  153. +#include $RULE_PATH/smtp.rules
    154. 

  154. +#include $RULE_PATH/imap.rules
    155. 

  155. +#include $RULE_PATH/pop2.rules
    156. 

  156. +#include $RULE_PATH/pop3.rules
    157. 

  157.  
    158. 

  158. -include $RULE_PATH/nntp.rules
    159. 

  159. -include $RULE_PATH/other-ids.rules
    160. 

  160. +#include $RULE_PATH/nntp.rules
    161. 

  161. +#include $RULE_PATH/other-ids.rules
    162. 

  162.  # include $RULE_PATH/web-attacks.rules
    163. 

  163.  # include $RULE_PATH/backdoor.rules
    164. 

  164.  # include $RULE_PATH/shellcode.rules
    165. 

  165. @@ -856,11 +857,11 @@
    166. 

  166.  # include $RULE_PATH/porn.rules
    167. 

  167.  # include $RULE_PATH/info.rules
    168. 

  168.  # include $RULE_PATH/icmp-info.rules
    169. 

  169. - include $RULE_PATH/virus.rules
    170. 

  170. +# include $RULE_PATH/virus.rules
    171. 

  171.  # include $RULE_PATH/chat.rules
    172. 

  172.  # include $RULE_PATH/multimedia.rules
    173. 

  173.  # include $RULE_PATH/p2p.rules
    174. 

  174. -include $RULE_PATH/experimental.rules
    175. 

  175. +#include $RULE_PATH/experimental.rules
    176. 

  176.  #include $RULE_PATH/wifi.rules
    177. 

  177.  
    178. 

  178.  # Include any thresholding or suppression commands. See threshold.conf in the
    179.