diff options
Diffstat (limited to 'config/snort/snort.xml')
| -rw-r--r-- | config/snort/snort.xml | 274 |
1 files changed, 274 insertions, 0 deletions
diff --git a/config/snort/snort.xml b/config/snort/snort.xml new file mode 100644 index 00000000..6ba362c0 --- /dev/null +++ b/config/snort/snort.xml @@ -0,0 +1,274 @@ +<?xml version="1.0" encoding="utf-8" ?> +<!DOCTYPE packagegui SYSTEM "../schema/packages.dtd"> +<?xml-stylesheet type="text/xsl" href="../xsl/package.xsl"?> +<packagegui> + <copyright> + <![CDATA[ +/* $Id$ */ +/* ========================================================================== */ +/* + authng.xml + part of pfSense (http://www.pfsense.com) + Copyright (C) 2007 to whom it may belong + All rights reserved. + + Based on m0n0wall (http://m0n0.ch/wall) + Copyright (C) 2003-2006 Manuel Kasper <mk@neon1.net>. + All rights reserved. + */ +/* ========================================================================== */ +/* + Redistribution and use in source and binary forms, with or without + modification, are permitted provided that the following conditions are met: + + 1. Redistributions of source code must retain the above copyright notice, + this list of conditions and the following disclaimer. + + 2. Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. + + THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, + INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY + AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, + OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF + SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS + INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN + CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE + POSSIBILITY OF SUCH DAMAGE. + */ +/* ========================================================================== */ + ]]> + </copyright> + <description>Describe your package here</description> + <requirements>Describe your package requirements here</requirements> + <faq>Currently there are no FAQ items provided.</faq> + <name>Snort</name> + <version>2.8.2.2</version> + <title>Services: Snort</title> + <include_file>/usr/local/pkg/snort.inc</include_file> + <menu> + <name>Snort</name> + <tooltiptext>Setup snort specific settings</tooltiptext> + <section>Services</section> + <url>/pkg_edit.php?xml=snort.xml&id=0</url> + </menu> + <service> + <name>snort</name> + <rcfile>snort.sh</rcfile> + <executable>snort</executable> + </service> + <tabs> + <tab> + <text>Settings</text> + <url>/pkg_edit.php?xml=snort.xml&id=0</url> + <active/> + </tab> + <tab> + <text>Update Rules</text> + <url>/snort_download_rules.php</url> + </tab> + <tab> + <text>Categories</text> + <url>/snort_rulesets.php</url> + </tab> + <tab> + <text>Rules</text> + <url>/snort_rules.php</url> + </tab> + <tab> + <text>Blocked</text> + <url>/snort_blocked.php</url> + </tab> + <tab> + <text>Whitelist</text> + <url>/pkg.php?xml=snort_whitelist.xml</url> + </tab> + <tab> + <text>Alerts</text> + <url>/snort_alerts.php</url> + </tab> + <tab> + <text>Advanced</text> + <url>/pkg_edit.php?xml=snort_advanced.xml&id=0</url> + </tab> + </tabs> + <additional_files_needed> + <prefix>/usr/local/pkg/</prefix> + <chmod>077</chmod> + <item>http://www.pfsense.com/packages/config/snort/snort.inc</item> + </additional_files_needed> + <additional_files_needed> + <prefix>/usr/local/bin/</prefix> + <chmod>077</chmod> + <item>http://www.pfsense.com/packages/config/snort/bin/snort2c</item> + </additional_files_needed> + <additional_files_needed> + <prefix>/usr/local/bin/</prefix> + <chmod>077</chmod> + <item>http://www.pfsense.com/packages/config/snort/bin/mons2c</item> + </additional_files_needed> + <additional_files_needed> + <prefix>/usr/local/www/</prefix> + <chmod>077</chmod> + <item>http://www.pfsense.com/packages/config/snort/snort_download_rules.php</item> + </additional_files_needed> + <additional_files_needed> + <prefix>/usr/local/www/</prefix> + <chmod>077</chmod> + <item>http://www.pfsense.com/packages/config/snort/snort_rules.php</item> + </additional_files_needed> + <additional_files_needed> + <prefix>/usr/local/www/</prefix> + <chmod>077</chmod> + <item>http://www.pfsense.com/packages/config/snort/snort_rules_edit.php</item> + </additional_files_needed> + <additional_files_needed> + <prefix>/usr/local/www/</prefix> + <chmod>077</chmod> + <item>http://www.pfsense.com/packages/config/snort/snort_rulesets.php</item> + </additional_files_needed> + <additional_files_needed> + <prefix>/usr/local/pkg/</prefix> + <chmod>077</chmod> + <item>http://www.pfsense.com/packages/config/snort/snort_whitelist.xml</item> + </additional_files_needed> + <additional_files_needed> + <prefix>/usr/local/www/</prefix> + <chmod>077</chmod> + <item>http://www.pfsense.com/packages/config/snort/snort_blocked.php</item> + </additional_files_needed> + <additional_files_needed> + <prefix>/usr/local/pkg/</prefix> + <chmod>077</chmod> + <item>http://www.pfsense.com/packages/config/snort/snort_check_for_rule_updates.php</item> + </additional_files_needed> + <additional_files_needed> + <prefix>/usr/local/www/</prefix> + <chmod>077</chmod> + <item>http://www.pfsense.com/packages/config/snort/snort_alerts.php</item> + </additional_files_needed> + <additional_files_needed> + <prefix>/usr/local/pkg/</prefix> + <chmod>077</chmod> + <item>http://www.pfsense.com/packages/config/snort/snort_dynamic_ip_reload.php</item> + </additional_files_needed> + <additional_files_needed> + <prefix>/usr/local/pkg/</prefix> + <chmod>077</chmod> + <item>http://www.pfsense.com/packages/config/snort/snort_advanced.xml</item> + </additional_files_needed> + <fields> + <field> + <fielddescr>Interface</fielddescr> + <fieldname>iface_array</fieldname> + <description>Select the interface(s) Snort will listen on.</description> + <type>interfaces_selection</type> + <size>3</size> + <value>lan</value> + <multiple>true</multiple> + </field> + <field> + <fielddescr>Performance</fielddescr> + <fieldname>performance</fieldname> + <description>ac method is the fastest startup but consumes a lot more memory. acs/ac-banded and ac-sparsebands/mwm/lowmem methods use quite a bit less. ac-sparsebands is recommended.</description> + <type>select</type> + <options> + <option> + <name>ac-bnfa</name> + <value>ac-bnfa</value> + </option> + <option> + <name>lowmem</name> + <value>lowmem</value> + </option> + <option> + <name>ac-std</name> + <value>ac-std</value> + </option> + <option> + <name>ac</name> + <value>ac</value> + </option> + <option> + <name>ac-banded</name> + <value>ac-banded</value> + </option> + <option> + <name>ac-sparsebands</name> + <value>ac-sparsebands</value> + </option> + <option> + <name>acs</name> + <value>acs</value> + </option> + </options> + </field> + <field> + <fielddescr>Oinkmaster code</fielddescr> + <fieldname>oinkmastercode</fieldname> + <description>Obtain a snort.org Oinkmaster code and paste here.</description> + <type>input</type> + <size>60</size> + <value></value> + </field> + <field> + <fielddescr>Snort.org subscriber</fielddescr> + <fieldname>subscriber</fieldname> + <description>Check this box if you are a Snort.org subscriber (premium rules).</description> + <type>checkbox</type> + <size>60</size> + </field> + <field> + <fielddescr>Block offenders</fielddescr> + <fieldname>blockoffenders</fieldname> + <description>Checking this option will automatically block hosts that generate a snort alert.</description> + <type>checkbox</type> + <size>60</size> + </field> + <field> + <fielddescr>Update rules automatically</fielddescr> + <fieldname>automaticrulesupdate</fieldname> + <description>Checking this option will automatically check for and update rules once a week from snort.org.</description> + <type>checkbox</type> + </field> + <field> + <fielddescr>Whitelist VPNs automatically</fielddescr> + <fieldname>whitelistvpns</fieldname> + <description>Checking this option will install whitelists for all VPNs.</description> + <type>checkbox</type> + </field> + <field> + <fielddescr>Convert Snort alerts urls to clickable links</fielddescr> + <fieldname>clickablalerteurls</fieldname> + <description>Checking this option will automatically convert URLs in the Snort alerts tab to clickable links.</description> + <type>checkbox</type> + </field> + <field> + <fielddescr>Associate events on Blocked tab</fielddescr> + <fieldname>associatealertip</fieldname> + <description>Checking this option will automatically associate the blocked reason from the snort alerts file.</description> + <type>checkbox</type> + </field> + <field> + <fielddescr>Sync Snort configuration to secondary cluster members</fielddescr> + <fieldname>syncxmlrpc</fieldname> + <description>Checking this option will automatically sync the snort configuration via XMLRPC to CARP cluster members.</description> + <type>checkbox</type> + </field> + </fields> + <custom_add_php_command> + sync_package_snort(); + </custom_add_php_command> + <custom_php_resync_config_command> + sync_package_snort(); + </custom_php_resync_config_command> + <custom_php_install_command> + sync_package_snort_reinstall(); + </custom_php_install_command> + <custom_php_deinstall_command> + snort_deinstall(); + </custom_php_deinstall_command> +</packagegui> |