cpet/openbsd-ports
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
3468bf1fd7
openbsd-ports/net/snort/patches/patch-etc_snort_conf
lteo 53898bf3e1 Make various improvements to the Snort port: 
* Add an rc.d script.

* In snort.conf, provide the URL to the official Snort rules so that
  users know where to get them.

* In snort.conf, provide the URL to the Emerging Threats rules along
  with a commented include line to allow users to easily load the
  Emerging Threats rules if they wish.

* Revise pkg/README with details on where to obtain Snort rules, the
  differences between the official Snort rules and Emerging Threats
  rules, how to download them, and provide some guidance on setting up
  Snort.

snort.conf and README changes OK Markus Lude (maintainer), sthen@
rc.d script OK sthen@
2012-10-11 02:40:48 +00:00

75 lines
2.7 KiB
Plaintext
Raw Blame History

$OpenBSD: patch-etc_snort_conf,v 1.7 2012/10/11 02:40:48 lteo Exp $
reputation preprocessor disabled, still experimental
--- etc/snort.conf.orig Tue Jul 31 12:21:16 2012
+++ etc/snort.conf Sat Oct 6 22:13:19 2012
@@ -101,17 +101,17 @@ ipvar AIM_SERVERS [64.12.24.0/23,64.12.28.0/23,64.12.1
# Path to your rules files (this can be a relative path)
# Note for Windows users: You are advised to make this an absolute path,
# such as: c:\snort\rules
-var RULE_PATH ../rules
-var SO_RULE_PATH ../so_rules
-var PREPROC_RULE_PATH ../preproc_rules
+var RULE_PATH ${SYSCONFDIR}/snort/rules
+var SO_RULE_PATH ${SYSCONFDIR}/snort/so_rules
+var PREPROC_RULE_PATH ${SYSCONFDIR}/snort/preproc_rules
# If you are using reputation preprocessor set these
# Currently there is a bug with relative paths, they are relative to where snort is
# not relative to snort.conf like the above variables
# This is completely inconsistent with how other vars work, BUG 89986
# Set the absolute path appropriately
-var WHITE_LIST_PATH ../rules
-var BLACK_LIST_PATH ../rules
+var WHITE_LIST_PATH ${SYSCONFDIR}/snort/rules
+var BLACK_LIST_PATH ${SYSCONFDIR}/snort/rules
###################################################
# Step #2: Configure the decoder. For more information, see README.decode
@@ -158,6 +158,7 @@ config checksum_mode: all
#
# config daq: <type>
# config daq_dir: <dir>
+config daq_dir: ${PREFIX}/lib/daq/
# config daq_mode: <mode>
# config daq_var: <var>
#
@@ -503,12 +504,12 @@ preprocessor dnp3: ports { 20000 } \
check_crc
# Reputation preprocessor. For more information see README.reputation
-preprocessor reputation: \
- memcap 500, \
- priority whitelist, \
- nested_ip inner, \
- whitelist $WHITE_LIST_PATH/white_list.rules, \
- blacklist $BLACK_LIST_PATH/black_list.rules
+#preprocessor reputation: \
+# memcap 500, \
+# priority whitelist, \
+# nested_ip inner, \
+# whitelist $WHITE_LIST_PATH/white_list.rules, \
+# blacklist $BLACK_LIST_PATH/black_list.rules
###################################################
# Step #6: Configure output plugins
@@ -544,6 +545,7 @@ include reference.config
# site specific rules
include $RULE_PATH/local.rules
+# Official Sourcefire VRT rules from http://www.snort.org/snort-rules/
include $RULE_PATH/attack-responses.rules
include $RULE_PATH/backdoor.rules
include $RULE_PATH/bad-traffic.rules
@@ -598,6 +600,9 @@ include $RULE_PATH/web-iis.rules
include $RULE_PATH/web-misc.rules
include $RULE_PATH/web-php.rules
include $RULE_PATH/x11.rules
+
+# Emerging Threats rules from http://rules.emergingthreats.net/open/snort-2.9.0/
+# include $RULE_PATH/emerging.conf
###################################################
# Step #8: Customize your preprocessor and decoder alerts
Reference in New Issue View Git Blame Copy Permalink