projects / packages / snort.git / blame
| Commit | Line | Data |
|---|---|---|
| 3914b6b8 MP |
1 | # |
| 2 | # Taken and modified from "vision.conf", part of Max Vision's | |
| 3 | # ArachNIDs work. See /usr/doc/snort-stuff/README.snort-stuff for more | |
| 4 | # information on how to use this file. | |
| 5 | ||
| 6 | var INTERNAL 192.168.1.0/24 | |
| 7 | var EXTERNAL 63.87.101.0/24 | |
| 8 | var DNSSERVERS 63.87.101.90/32 63.87.101.92/32 | |
| 9 | ||
| 10 | preprocessor http_decode: 80 443 8080 | |
| 11 | preprocessor minfrag: 128 | |
| 12 | preprocessor portscan: $EXTERNAL 3 5 /var/log/snort/portscan.log | |
| 13 | preprocessor portscan-ignorehosts: $DNSSERVERS | |
| 14 | ||
| 15 | # Ruleset, available (updated hourly) from: | |
| 16 | # | |
| 17 | # http://dev.whitehats.com/ids/vision.rules | |
| 18 | ||
| 19 | # Include the latest copy of Max Vision's ruleset | |
| 20 | include /etc/snort/vision.rules | |
| 21 | ||
| 22 | # Uncomment the next line if you wish to include the latest | |
| 23 | # copy of the snort.org ruleset. Be sure to download the latest | |
| 24 | # one from http://www.snort.org/snort-files.htm#Rules | |
| 25 | # | |
| 26 | # include /etc/snort/06082k.rules | |
| 27 | ||
| 28 | # | |
| 29 | # If you wish to monitor multiple INTERNAL networks, you can include | |
| 30 | # another variable that defines the additional network, then include | |
| 31 | # the snort ruleset again. Uncomment the two following lines. | |
| 32 | # | |
| 33 | # var INTERNAL 192.168.2.0/24 | |
| 34 | # include /etc/snort/vision.rules | |
| 35 | ||
| 36 | # include other rules here if you wish. |