diff options
author | robiscool <robrob2626@yahoo.com> | 2009-11-30 20:42:34 -0800 |
---|---|---|
committer | robiscool <robrob2626@yahoo.com> | 2009-11-30 20:42:34 -0800 |
commit | 84f9461274f2d25c1e0a4da0557158a6bb36d817 (patch) | |
tree | a06b80f4cf2b4d5cee7231277830afb22cd36073 /config/snort-dev/snort.inc | |
parent | 4a7d90c3e640171e85d43e3c063348d1fa3e52c7 (diff) | |
download | pfsense-packages-84f9461274f2d25c1e0a4da0557158a6bb36d817.tar.gz pfsense-packages-84f9461274f2d25c1e0a4da0557158a6bb36d817.tar.bz2 pfsense-packages-84f9461274f2d25c1e0a4da0557158a6bb36d817.zip |
snort-dev, add interface gui options, add check if interface is in use
Diffstat (limited to 'config/snort-dev/snort.inc')
-rw-r--r-- | config/snort-dev/snort.inc | 20 |
1 files changed, 6 insertions, 14 deletions
diff --git a/config/snort-dev/snort.inc b/config/snort-dev/snort.inc index 5e49cad2..b1300e1a 100644 --- a/config/snort-dev/snort.inc +++ b/config/snort-dev/snort.inc @@ -293,7 +293,7 @@ rc_start_real() { # Start the interfaces - /usr/local/bin/snort -G $id$if_real -R $id$if_real -c /usr/local/etc/snort/snort_$id$if_real/snort.conf -l /var/log/snort -D -i $if_real -q + /usr/local/bin/snort -G $id -R $id$if_real -c /usr/local/etc/snort/snort_$id$if_real/snort.conf -l /var/log/snort -D -i $if_real -q sleep 3 AFTER_MEM=`/usr/bin/top | /usr/bin/grep Wired | /usr/bin/awk '{print $12}'` @@ -1295,7 +1295,7 @@ portvar DCERPC_BRIGHTSTORE [6503,6504] # ##################### -var RULE_PATH /usr/local/etc/snort/rules +var RULE_PATH /usr/local/etc/snort/snort_$id$if_real/rules # var PREPROC_RULE_PATH ./preproc_rules ################################ @@ -1336,17 +1336,10 @@ dynamicdetection directory /usr/local/lib/snort/dynamicrules/ ################### preprocessor frag3_global: max_frags 8192 -preprocessor frag3_engine: policy windows -preprocessor frag3_engine: policy linux -preprocessor frag3_engine: policy first preprocessor frag3_engine: policy bsd detect_anomalies preprocessor stream5_global: max_tcp 8192, track_tcp yes, \ track_udp yes, track_icmp yes -preprocessor stream5_tcp: bind_to any, policy windows -preprocessor stream5_tcp: bind_to any, policy linux -preprocessor stream5_tcp: bind_to any, policy vista -preprocessor stream5_tcp: bind_to any, policy macos preprocessor stream5_tcp: policy BSD, ports both all, use_static_footprint_sizes preprocessor stream5_udp preprocessor stream5_icmp @@ -1358,7 +1351,7 @@ preprocessor stream5_icmp # ########################## -preprocessor perfmonitor: time 300 file /var/log/snort/snort.stats pktcnt 10000 +preprocessor perfmonitor: time 300 file /var/log/snort/snort_$id$if_real.stats pktcnt 10000 ################# # @@ -1370,7 +1363,6 @@ preprocessor http_inspect: global iis_unicode_map unicode.map 1252 preprocessor http_inspect_server: server default \ ports { 80 8080 } \ - no_alerts \ non_strict \ non_rfc_char { 0x00 0x01 0x02 0x03 0x04 0x05 0x06 0x07 } \ flow_depth 0 \ @@ -1542,9 +1534,9 @@ $spoink_type # ################# -include /usr/local/etc/snort/reference.config -include /usr/local/etc/snort/classification.config -include /usr/local/etc/snort/threshold.conf +include /usr/local/etc/snort/snort_$id$if_real/reference.config +include /usr/local/etc/snort/snort_$id$if_real/classification.config +include /usr/local/etc/snort/snort_$id$if_real/threshold.conf # Snort user pass through configuration {$snort_config_pass_thru} |