diff options
| author | bmeeks8 <bmeeks8@bellsouth.net> | 2014-07-23 15:37:29 -0400 |
|---|---|---|
| committer | bmeeks8 <bmeeks8@bellsouth.net> | 2014-07-23 15:37:29 -0400 |
| commit | ae3323845cd71bfae33f12203e6362f03fc634d9 (patch) | |
| tree | 38295cc2d83fec4133aa91af0150c4b49704e3b9 /config/snort/snort_conf_template.inc | |
| parent | 413a8566ef8508972e1f663f269619f26a9c543a (diff) | |
| download | pfsense-packages-ae3323845cd71bfae33f12203e6362f03fc634d9.tar.gz pfsense-packages-ae3323845cd71bfae33f12203e6362f03fc634d9.tar.bz2 pfsense-packages-ae3323845cd71bfae33f12203e6362f03fc634d9.zip | |
Update Snort package to latest 2.9.6.2 binary and fix some GUI bugs.
Diffstat (limited to 'config/snort/snort_conf_template.inc')
| -rw-r--r-- | config/snort/snort_conf_template.inc | 112 |
1 files changed, 112 insertions, 0 deletions
diff --git a/config/snort/snort_conf_template.inc b/config/snort/snort_conf_template.inc new file mode 100644 index 00000000..be4791af --- /dev/null +++ b/config/snort/snort_conf_template.inc @@ -0,0 +1,112 @@ +<?php + +// This is the template used to generate the snort.conf +// configuration file for the interface. The contents of +// this file are written to the snort.conf file for +// the interface. Key parameters are provided by the +// included string variables which are populated by the +// snort_generate_conf.php file. + +$snort_conf_text = <<<EOD +# snort configuration file +# generated automatically by the pfSense subsystems do not modify manually + +# Define Local Network # +ipvar HOME_NET [{$home_net}] +ipvar EXTERNAL_NET [{$external_net}] + +# Define Rule Path # +var RULE_PATH {$snortcfgdir}/rules + +# Define Servers # +{$ipvardef} + +# Define Server Ports # +{$portvardef} + +# Configure quiet startup mode # +config quiet + +# Configure the snort decoder # +config checksum_mode: {$cksumcheck} +config disable_decode_alerts +config disable_tcpopt_experimental_alerts +config disable_tcpopt_obsolete_alerts +config disable_ttcp_alerts +config disable_tcpopt_alerts +config disable_ipopt_alerts +config disable_decode_drops + +# Enable the GTP decoder # +config enable_gtp + +# Configure PCRE match limitations +config pcre_match_limit: 3500 +config pcre_match_limit_recursion: 1500 + +# Configure the detection engine # +config detection: {$cfg_detect_settings} +config event_queue: max_queue 8 log 5 order_events content_length + +# Configure to show year in timestamps +config show_year + +# Configure protocol aware flushing # +# For more information see README.stream5 # +{$paf_max_pdu_config} + +# Configure dynamically loaded libraries +dynamicpreprocessor directory {$snort_dirs['dynamicpreprocessor']} +dynamicengine directory {$snort_dirs['dynamicengine']} +dynamicdetection directory {$snort_dirs['dynamicrules']} + +# Inline packet normalization. For more information, see README.normalize +# Disabled since we do not use "inline" mode with pfSense +# preprocessor normalize_ip4 +# preprocessor normalize_tcp: ips ecn stream +# preprocessor normalize_icmp4 +# preprocessor normalize_ip6 +# preprocessor normalize_icmp6 + +# Flow and stream # +{$frag3_global} + +{$frag3_engine} + +{$stream5_global} + +{$stream5_tcp_engine} + +{$stream5_udp_engine} + +{$stream5_icmp_engine} + +# HTTP Inspect # +{$http_inspect_global} + +{$http_inspect_servers} +{$snort_preprocessors} +{$host_attrib_config} + +# Snort Output Logs # +output alert_csv: alert timestamp,sig_generator,sig_id,sig_rev,msg,proto,src,srcport,dst,dstport,id,classification,priority +{$alertsystemlog_type} +{$snortunifiedlog_type} +{$spoink_type} + +# Misc Includes # +{$snort_misc_include_rules} + +{$suppress_file_name} + +# Snort user pass through configuration +{$snort_config_pass_thru} + +# Rules Selection # +{$selected_rules_sections} +EOD; + +// End of snort.conf template code + +?> + |