diff options
Diffstat (limited to 'config')
| -rwxr-xr-x | config/openvpn-client-export/client-export/template/config-import | 6 | ||||
| -rwxr-xr-x | config/openvpn-client-export/client-export/template/config-standard | 6 | ||||
| -rwxr-xr-x | config/openvpn-client-export/client-export/template/procchain-import | 4 | ||||
| -rwxr-xr-x | config/openvpn-client-export/client-export/template/procchain-standard | 4 | ||||
| -rwxr-xr-x | config/openvpn-client-export/readme.txt | 88 | ||||
| -rwxr-xr-x | config/openvpn-client-export/source/openvpn-postinstall.nsi | 224 | ||||
| -rwxr-xr-x | config/openvpn-client-export/source/procchain.cpp | 160 | ||||
| -rwxr-xr-x[-rw-r--r--] | config/snort/snort.inc | 216 | ||||
| -rw-r--r-- | config/snort/snort.xml | 2 |
9 files changed, 420 insertions, 290 deletions
diff --git a/config/openvpn-client-export/client-export/template/config-import b/config/openvpn-client-export/client-export/template/config-import index 6b4465c2..74f273bd 100755 --- a/config/openvpn-client-export/client-export/template/config-import +++ b/config/openvpn-client-export/client-export/template/config-import @@ -1,3 +1,3 @@ -;!@Install@!UTF-8!
-RunProgram="procchain.exe procchain-import"
-;!@InstallEnd@!
+;!@Install@!UTF-8! +RunProgram="procchain.exe procchain-import" +;!@InstallEnd@! diff --git a/config/openvpn-client-export/client-export/template/config-standard b/config/openvpn-client-export/client-export/template/config-standard index 19e410e9..2dfce2dc 100755 --- a/config/openvpn-client-export/client-export/template/config-standard +++ b/config/openvpn-client-export/client-export/template/config-standard @@ -1,3 +1,3 @@ -;!@Install@!UTF-8!
-RunProgram="procchain.exe procchain-standard"
-;!@InstallEnd@!
+;!@Install@!UTF-8! +RunProgram="procchain.exe procchain-standard" +;!@InstallEnd@! diff --git a/config/openvpn-client-export/client-export/template/procchain-import b/config/openvpn-client-export/client-export/template/procchain-import index 3b7c74fb..c70ad842 100755 --- a/config/openvpn-client-export/client-export/template/procchain-import +++ b/config/openvpn-client-export/client-export/template/procchain-import @@ -1,2 +1,2 @@ -"openvpn-install.exe"
-"openvpn-postinstall.exe" /Import
+"openvpn-install.exe" +"openvpn-postinstall.exe" /Import diff --git a/config/openvpn-client-export/client-export/template/procchain-standard b/config/openvpn-client-export/client-export/template/procchain-standard index b9d1a1e5..670aadea 100755 --- a/config/openvpn-client-export/client-export/template/procchain-standard +++ b/config/openvpn-client-export/client-export/template/procchain-standard @@ -1,2 +1,2 @@ -"openvpn-install.exe"
-"openvpn-postinstall.exe"
+"openvpn-install.exe" +"openvpn-postinstall.exe" diff --git a/config/openvpn-client-export/readme.txt b/config/openvpn-client-export/readme.txt index c1c0e3b7..071b6d59 100755 --- a/config/openvpn-client-export/readme.txt +++ b/config/openvpn-client-export/readme.txt @@ -1,44 +1,44 @@ -pfSense OpenVPN Client Export Package
--------------------------------------
-
-This package includes a webConfigurator interface that allows for easy
-expory of user based OpenVPN configurations and pre-configured windows
-installer packages.
-
-Contents
---------
-client-export - tgz archive root path
-client-export/vpn_openvpn_export.php - pfSense php interface code
-client-export/template - installer template path
-client-export/template/7zS.sfx - 7zip windows self extractor
-client-export/template/config-import - 7zip sfx configuration
-client-export/template/config-standard - 7zip sfx configuration
-client-export/template/procchain.exe - process chain utility
-client-export/template/openvpn-install.exe - openvpn installer
-client-export/template/openvpn-postinstall.exe - post installer
-client-export/template/procchain-import - procchain configuration
-client-export/template/procchain-standard - procchain configuration
-client-export/template/config - OpenVPN configuration import path
-source/openvpn-postinstall.nsi - post install NSIS script
-source/openvpn-postinstall.ico - post install icon
-source/procchain.cpp - C++ source for process chain utility
-openvpn-client-export.inc - pfSense php pagkage include file
-openvpn-client-export.xml - pfSense xml package description
-
-Configuration
--------------
-Before the package can be used, place the OpenVPN installer of your
-choice in the template directory and name it 'openvpn-install.exe'.
-Then use tar to archive the entire client-export directory from the
-root package directory using the following command ...
-
-tar zcvf openvpn-client-export.tgz client-export
-
-With the archive created, you will have three relevent files in the
-root package directory ...
-
-openvpn-client-export.inc
-openvpn-client-export.tgz
-openvpn-client-export.xml
-
-These files are the only files required for distribution.
+pfSense OpenVPN Client Export Package +------------------------------------- + +This package includes a webConfigurator interface that allows for easy +expory of user based OpenVPN configurations and pre-configured windows +installer packages. + +Contents +-------- +client-export - tgz archive root path +client-export/vpn_openvpn_export.php - pfSense php interface code +client-export/template - installer template path +client-export/template/7zS.sfx - 7zip windows self extractor +client-export/template/config-import - 7zip sfx configuration +client-export/template/config-standard - 7zip sfx configuration +client-export/template/procchain.exe - process chain utility +client-export/template/openvpn-install.exe - openvpn installer +client-export/template/openvpn-postinstall.exe - post installer +client-export/template/procchain-import - procchain configuration +client-export/template/procchain-standard - procchain configuration +client-export/template/config - OpenVPN configuration import path +source/openvpn-postinstall.nsi - post install NSIS script +source/openvpn-postinstall.ico - post install icon +source/procchain.cpp - C++ source for process chain utility +openvpn-client-export.inc - pfSense php pagkage include file +openvpn-client-export.xml - pfSense xml package description + +Configuration +------------- +Before the package can be used, place the OpenVPN installer of your +choice in the template directory and name it 'openvpn-install.exe'. +Then use tar to archive the entire client-export directory from the +root package directory using the following command ... + +tar zcvf openvpn-client-export.tgz client-export + +With the archive created, you will have three relevent files in the +root package directory ... + +openvpn-client-export.inc +openvpn-client-export.tgz +openvpn-client-export.xml + +These files are the only files required for distribution. diff --git a/config/openvpn-client-export/source/openvpn-postinstall.nsi b/config/openvpn-client-export/source/openvpn-postinstall.nsi index d23ecdb4..4f03783d 100755 --- a/config/openvpn-client-export/source/openvpn-postinstall.nsi +++ b/config/openvpn-client-export/source/openvpn-postinstall.nsi @@ -1,112 +1,112 @@ -;--------------------------------
-; OpenVPN NSIS Post-Installer
-;--------------------------------
-
-;--------------------------------
-;Include Modern UI
-
- !include "MUI.nsh"
- !include "FileFunc.nsh"
- !include "LogicLib.nsh"
-
-;--------------------------------
-; General
-;--------------------------------
-
- Name "OpenVPN Configuration"
- OutFile "openvpn-postinstall.exe"
- SetCompressor /SOLID lzma
-
- ShowInstDetails show
-
-;--------------------------------
-;Include Settings
-;--------------------------------
-
- !define MUI_ICON "openvpn-postinstall.ico"
- !define MUI_ABORTWARNING
-
-;--------------------------------
-;Pages
-;--------------------------------
-
- !insertmacro MUI_PAGE_INSTFILES
- !insertmacro Locate
- !insertmacro GetParameters
- !insertmacro GetOptions
-
-;--------------------------------
-;Languages
-;--------------------------------
-
- !insertmacro MUI_LANGUAGE "English"
-
-;--------------------------------
-;Functions
-;--------------------------------
-
-Function .onInit
-
- Var /GLOBAL CONFPATH
- ReadRegStr $CONFPATH HKLM "Software\OpenVPN" "config_dir"
-
-FunctionEnd
-
-Function CopyConfFile
-
- CopyFiles $R9 $CONFPATH\$R7
- Push $0
-
-FunctionEnd
-
-Function ImportConfFile
-
- ExecWait "rundll32.exe cryptext.dll,CryptExtAddPFX $R9"
- Push $0
-
-FunctionEnd
-
-;--------------------------------
-;Installer Sections
-;--------------------------------
-
-Section "Imort Configuration" SectionImport
-
- DetailPrint "Installing configuration files ..."
- ${Locate} ".\config" "/L=F /M=*.ovpn" "CopyConfFile"
-
- DetailPrint "Installing certificate and key files ..."
- ${Locate} ".\config" "/L=F /M=*.crt" "CopyConfFile"
- ${Locate} ".\config" "/L=F /M=*.key" "CopyConfFile"
-
- ${GetParameters} $R0
- ${GetOptions} $R0 "/Import" $R1
- IfErrors p12_copy p12_import
-
- p12_copy:
- ${Locate} ".\config" "/L=F /M=*.p12" "CopyConfFile"
- Goto p12_done
-
- p12_import:
- ${Locate} ".\config" "/L=F /M=*.p12" "ImportConfFile"
- Goto p12_done
-
- p12_done:
-
-SectionEnd
-
-;--------------------------------
-;Descriptions
-;--------------------------------
-
- ;Language strings
- LangString DESC_SectionImport ${LANG_ENGLISH} "Import OpenVPN Configurations and Key Files."
-
- ;Assign language strings to sections
- !insertmacro MUI_FUNCTION_DESCRIPTION_BEGIN
- !insertmacro MUI_DESCRIPTION_TEXT ${SectionImport} $(DESC_SectionImport)
- !insertmacro MUI_FUNCTION_DESCRIPTION_END
-
-;--------------------------------
-; END
-;--------------------------------
+;-------------------------------- +; OpenVPN NSIS Post-Installer +;-------------------------------- + +;-------------------------------- +;Include Modern UI + + !include "MUI.nsh" + !include "FileFunc.nsh" + !include "LogicLib.nsh" + +;-------------------------------- +; General +;-------------------------------- + + Name "OpenVPN Configuration" + OutFile "openvpn-postinstall.exe" + SetCompressor /SOLID lzma + + ShowInstDetails show + +;-------------------------------- +;Include Settings +;-------------------------------- + + !define MUI_ICON "openvpn-postinstall.ico" + !define MUI_ABORTWARNING + +;-------------------------------- +;Pages +;-------------------------------- + + !insertmacro MUI_PAGE_INSTFILES + !insertmacro Locate + !insertmacro GetParameters + !insertmacro GetOptions + +;-------------------------------- +;Languages +;-------------------------------- + + !insertmacro MUI_LANGUAGE "English" + +;-------------------------------- +;Functions +;-------------------------------- + +Function .onInit + + Var /GLOBAL CONFPATH + ReadRegStr $CONFPATH HKLM "Software\OpenVPN" "config_dir" + +FunctionEnd + +Function CopyConfFile + + CopyFiles $R9 $CONFPATH\$R7 + Push $0 + +FunctionEnd + +Function ImportConfFile + + ExecWait "rundll32.exe cryptext.dll,CryptExtAddPFX $R9" + Push $0 + +FunctionEnd + +;-------------------------------- +;Installer Sections +;-------------------------------- + +Section "Imort Configuration" SectionImport + + DetailPrint "Installing configuration files ..." + ${Locate} ".\config" "/L=F /M=*.ovpn" "CopyConfFile" + + DetailPrint "Installing certificate and key files ..." + ${Locate} ".\config" "/L=F /M=*.crt" "CopyConfFile" + ${Locate} ".\config" "/L=F /M=*.key" "CopyConfFile" + + ${GetParameters} $R0 + ${GetOptions} $R0 "/Import" $R1 + IfErrors p12_copy p12_import + + p12_copy: + ${Locate} ".\config" "/L=F /M=*.p12" "CopyConfFile" + Goto p12_done + + p12_import: + ${Locate} ".\config" "/L=F /M=*.p12" "ImportConfFile" + Goto p12_done + + p12_done: + +SectionEnd + +;-------------------------------- +;Descriptions +;-------------------------------- + + ;Language strings + LangString DESC_SectionImport ${LANG_ENGLISH} "Import OpenVPN Configurations and Key Files." + + ;Assign language strings to sections + !insertmacro MUI_FUNCTION_DESCRIPTION_BEGIN + !insertmacro MUI_DESCRIPTION_TEXT ${SectionImport} $(DESC_SectionImport) + !insertmacro MUI_FUNCTION_DESCRIPTION_END + +;-------------------------------- +; END +;-------------------------------- diff --git a/config/openvpn-client-export/source/procchain.cpp b/config/openvpn-client-export/source/procchain.cpp index b95536cc..dec1c284 100755 --- a/config/openvpn-client-export/source/procchain.cpp +++ b/config/openvpn-client-export/source/procchain.cpp @@ -1,80 +1,80 @@ -
-/*
- * Copyright (c) 2008
- * Shrew Soft Inc. All rights reserved.
- *
- * AUTHOR : Matthew Grooms
- * mgrooms@shrew.net
- *
- */
-
-#include <windows.h>
-#include <stdio.h>
-
-bool runproc( char * path )
-{
- STARTUPINFO si;
- memset( &si, 0, sizeof( si ) );
- si.cb = sizeof( si );
-
- PROCESS_INFORMATION pi;
- memset( &pi, 0, sizeof( pi ) );
-
- // Start the child process.
- if( !CreateProcess(
- NULL, // No module name (use command line).
- path, // Command line.
- NULL, // Process handle not inheritable.
- NULL, // Thread handle not inheritable.
- FALSE, // Set handle inheritance to FALSE.
- 0, // No creation flags.
- NULL, // Use parent's environment block.
- NULL, // Use parent's starting directory.
- &si, // Pointer to STARTUPINFO structure.
- &pi ) ) // Pointer to PROCESS_INFORMATION structure.
- {
- return false;
- }
-
- // Wait until child process exits.
- WaitForSingleObject( pi.hProcess, INFINITE );
-
- // Get the exit code
- DWORD ExitCode;
- GetExitCodeProcess( pi.hProcess, &ExitCode );
-
- // Close process and thread handles.
- CloseHandle( pi.hProcess );
- CloseHandle( pi.hThread );
-
- return ( ExitCode == 0 );
-}
-
-int APIENTRY WinMain(
- HINSTANCE hinstance,
- HINSTANCE hPrevInstance,
- LPSTR lpCmdLine,
- int nCmdShow )
-{
- FILE * fp;
- if( fopen_s( &fp, lpCmdLine, "r" ) )
- return -1;
-
- while( true )
- {
- char cmd[ MAX_PATH ];
- memset( cmd, 0, MAX_PATH );
- if( fgets( cmd, MAX_PATH, fp ) == NULL )
- break;
-
- char * term = strchr( cmd, '\n' );
- if( term != NULL )
- *term = 0;
-
- if( !runproc( cmd ) )
- return -2;
- }
-
- return 0;
-}
-
+ +/* + * Copyright (c) 2008 + * Shrew Soft Inc. All rights reserved. + * + * AUTHOR : Matthew Grooms + * mgrooms@shrew.net + * + */ + +#include <windows.h> +#include <stdio.h> + +bool runproc( char * path ) +{ + STARTUPINFO si; + memset( &si, 0, sizeof( si ) ); + si.cb = sizeof( si ); + + PROCESS_INFORMATION pi; + memset( &pi, 0, sizeof( pi ) ); + + // Start the child process. + if( !CreateProcess( + NULL, // No module name (use command line). + path, // Command line. + NULL, // Process handle not inheritable. + NULL, // Thread handle not inheritable. + FALSE, // Set handle inheritance to FALSE. + 0, // No creation flags. + NULL, // Use parent's environment block. + NULL, // Use parent's starting directory. + &si, // Pointer to STARTUPINFO structure. + &pi ) ) // Pointer to PROCESS_INFORMATION structure. + { + return false; + } + + // Wait until child process exits. + WaitForSingleObject( pi.hProcess, INFINITE ); + + // Get the exit code + DWORD ExitCode; + GetExitCodeProcess( pi.hProcess, &ExitCode ); + + // Close process and thread handles. + CloseHandle( pi.hProcess ); + CloseHandle( pi.hThread ); + + return ( ExitCode == 0 ); +} + +int APIENTRY WinMain( + HINSTANCE hinstance, + HINSTANCE hPrevInstance, + LPSTR lpCmdLine, + int nCmdShow ) +{ + FILE * fp; + if( fopen_s( &fp, lpCmdLine, "r" ) ) + return -1; + + while( true ) + { + char cmd[ MAX_PATH ]; + memset( cmd, 0, MAX_PATH ); + if( fgets( cmd, MAX_PATH, fp ) == NULL ) + break; + + char * term = strchr( cmd, '\n' ); + if( term != NULL ) + *term = 0; + + if( !runproc( cmd ) ) + return -2; + } + + return 0; +} + diff --git a/config/snort/snort.inc b/config/snort/snort.inc index 5d6a2942..15dd1ad6 100644..100755 --- a/config/snort/snort.inc +++ b/config/snort/snort.inc @@ -138,9 +138,11 @@ function sync_package_snort() /* start a snort process for each interface -gtm */ /* Note the sleep delay. Seems to help getting mult interfaces to start -gtm */ + /* snort start options are; config file, log file, demon, interface, packet flow, alert type, quiet */ + /* TODO; get snort to start under nologin shell */ foreach($snortInterfaces as $snortIf) { - $start .= ";sleep 8;snort -c /usr/local/etc/snort/snort.conf -l /var/log/snort -D -i {$snortIf} -A fast -q"; + $start .= ";sleep 8;snort -c /usr/local/etc/snort/snort.conf -l /var/log/snort -D -i {$snortIf} -o -A fast -q"; } /* if block offenders is checked, start snort2c */ @@ -346,6 +348,7 @@ function generate_snort_conf() { conf_mount_ro(); /* build snort configuration file */ + /* TODO; feed back from pfsense users to reduce false positives */ $snort_conf_text = <<<EOD # snort configuration file @@ -354,9 +357,21 @@ function generate_snort_conf() { # see /usr/local/pkg/snort.inc # for more information +######################### + # +# Define Local Network # + # +######################### + var HOME_NET {$home_net} var EXTERNAL_NET !\$HOME_NET +################### + # +# Define Servers # + # +################### + var DNS_SERVERS \$HOME_NET var SMTP_SERVERS \$HOME_NET var HTTP_SERVERS \$HOME_NET @@ -372,6 +387,12 @@ var WWW_SERVERS \$HOME_NET var AIM_SERVERS \ [64.12.24.0/23,64.12.28.0/23,64.12.161.0/24,64.12.163.0/24,64.12.200.0/24,205.188.3.0/24,205.188.5.0/24,205.188.7.0/24,205.188.9.0/24,205.188.153.0/24,205.188.179.0/24,205.188.248.0/24] +######################## + # +# Define Server Ports # + # +######################## + portvar HTTP_PORTS 80 portvar SHELLCODE_PORTS !80 portvar ORACLE_PORTS 1521 @@ -396,9 +417,21 @@ portvar TELNET_PORTS 23 portvar MAIL_PORTS [25,143,465,691] portvar SSL_PORTS [25,443,465,636,993,995] -var RULE_PATH /usr/local/etc/snort/rules +##################### + # +# Define Rule Paths # + # +##################### + +var RULE_PATH ./rules +# var PREPROC_RULE_PATH ./preproc_rules + +################################ + # +# Configure the snort decoder # + # +################################ -# Configure the snort decoder config checksum_mode: all config disable_decode_alerts config disable_tcpopt_experimental_alerts @@ -408,32 +441,58 @@ config disable_tcpopt_alerts config disable_ipopt_alerts config disable_decode_drops -#Configure the detection engine -#Use lower memory models +################################### + # +# Configure the detection engine # +# Use lower memory models # + # +################################### + config detection: search-method {$snort_performance} config detection: max_queue_events 5 config event_queue: max_queue 8 log 3 order_events content_length #Configure dynamic loaded libraries -dynamicpreprocessor file /usr/local/lib/snort/dynamicpreprocessor/libsf_dcerpc_preproc.so -dynamicpreprocessor file /usr/local/lib/snort/dynamicpreprocessor/libsf_dns_preproc.so -dynamicpreprocessor file /usr/local/lib/snort/dynamicpreprocessor/libsf_ftptelnet_preproc.so -dynamicpreprocessor file /usr/local/lib/snort/dynamicpreprocessor/libsf_smtp_preproc.so -dynamicpreprocessor file /usr/local/lib/snort/dynamicpreprocessor/libsf_ssh_preproc.so - +dynamicpreprocessor directory /usr/local/lib/snort/dynamicpreprocessor/ dynamicengine /usr/local/lib/snort/dynamicengine/libsf_engine.so -#Flow and stream +################### + # +# Flow and stream # + # +################### preprocessor frag3_global: max_frags 8192 -preprocessor frag3_engine: policy last detect_anomalies +preprocessor frag3_engine: policy windows +preprocessor frag3_engine: policy linux +preprocessor frag3_engine: policy first +preprocessor frag3_engine: policy bsd detect_anomalies + preprocessor stream5_global: max_tcp 8192, track_tcp yes, \ track_udp yes, track_icmp yes +preprocessor stream5_tcp: bind_to any, policy windows +preprocessor stream5_tcp: bind_to any, policy linux +preprocessor stream5_tcp: bind_to any, policy vista +preprocessor stream5_tcp: bind_to any, policy macos preprocessor stream5_tcp: policy BSD, ports both all, use_static_footprint_sizes preprocessor stream5_udp preprocessor stream5_icmp -#HTTP Inspect +########################## + # +# NEW # +# Performance Statistics # + # +########################## + +preprocessor perfmonitor: time 300 file /var/log/snort/snort.stats pktcnt 10000 + +################# + # +# HTTP Inspect # + # +################# + preprocessor http_inspect: global iis_unicode_map unicode.map 1252 preprocessor http_inspect_server: server default \ @@ -454,12 +513,28 @@ preprocessor http_inspect_server: server default \ iis_delimiter yes \ multi_slash no -#Other preprocs +################## + # +# Other preprocs # + # +################## + preprocessor rpc_decode: 111 32770 32771 32772 32773 32774 32775 32776 32777 32778 32779 preprocessor bo +##################### + # +# ftp preprocessor # + # +##################### + preprocessor ftp_telnet: global \ inspection_type stateless + +preprocessor ftp_telnet_protocol: telnet \ + normalize \ + ayt_attack_thresh 200 + preprocessor ftp_telnet_protocol: \ ftp server default \ def_max_param_len 100 \ @@ -469,12 +544,12 @@ preprocessor ftp_telnet_protocol: \ ftp_cmds { LIST NLST SITE SYST STAT HELP NOOP } \ ftp_cmds { AUTH ADAT PROT PBSZ CONF ENC } \ ftp_cmds { FEAT OPTS CEL CMD MACB } \ - ftp_cmds { MDTM REST SIZE MLST MLSD EPSV } \ + ftp_cmds { MDTM REST SIZE MLST MLSD } \ ftp_cmds { XPWD XCWD XCUP XMKD XRMD TEST CLNT } \ alt_max_param_len 0 { CDUP QUIT REIN PASV STOU ABOR PWD SYST NOOP } \ alt_max_param_len 100 { MDTM CEL XCWD SITE USER PASS REST DELE RMD SYST TEST STAT MACB EPSV CLNT LPRT } \ alt_max_param_len 200 { XMKD NLST ALLO STOU APPE RETR STOR CMD RNFR HELP } \ - alt_max_param_len 256 { RNTO CWD } \ + alt_max_param_len 256 { RNTO CWD } \ alt_max_param_len 400 { PORT } \ alt_max_param_len 512 { SIZE } \ chk_str_fmt { USER PASS ACCT CWD SDUP SMNT PORT TYPE STRU MODE } \ @@ -490,8 +565,17 @@ preprocessor ftp_telnet_protocol: \ cmd_validity TYPE < { char AE [ char NTC ] | char I | char L [ number ] } > \ cmd_validity MDTM < [ date nnnnnnnnnnnnnn[.n[n[n]]] ] string > \ cmd_validity PORT < host_port > + preprocessor ftp_telnet_protocol: ftp client default \ - max_resp_len 100 + max_resp_len 256 \ + bounce yes \ + telnet_cmds yes + +##################### + # +# SMTP preprocessor # + # +##################### preprocessor SMTP: \ ports { 25 465 691 } \ @@ -512,39 +596,85 @@ PIPELINING CHUNKING DATA DSN RSET QUIT ONEX QUEU STARTTLS TICK TIME TURNME VERB alt_max_command_line_len 246 { XAUTH XCIR XEXCH50 XGEN XLICENSE XQUEU XSTA XTRN XUSR } \ xlink2state { enable } +################ + # +# sf Portscan # + # +################ + +preprocessor sfportscan: scan_type { all } \ + proto { all } \ + memcap { 10000000 } \ + sense_level { medium } \ + ignore_scanners { \$HOME_NET } + +############################ + # +# OLD # +# preprocessor dcerpc: \ # +# autodetect \ # +# max_frag_size 3000 \ # +# memcap 100000 # + # +############################ + +############### + # +# NEW # +# DCE/RPC 2 # + # +############### + +preprocessor dcerpc2 +preprocessor dcerpc2_server: default + +#################### + # +# DNS preprocessor # + # +#################### + +preprocessor dns: \ + ports { 53 } \ + enable_rdata_overflow + +############################## + # +# NEW # +# Ignore SSL and Encryption # + # +############################## + +preprocessor ssl: noinspect_encrypted, trustservers + +##################### + # +# Snort Output Logs # + # +##################### - - -#sf Portscan -preprocessor sfportscan: proto { all } \ - scan_type { all } \ - sense_level { low } \ - ignore_scanners { \$HOME_NET } - -preprocessor dcerpc: \ - autodetect \ - max_frag_size 3000 \ - memcap 100000 - -preprocessor dns: ports { 53 } enable_rdata_overflow - -#Output plugins -#output database: alert output alert_syslog: LOG_AUTH LOG_ALERT LOG_CONS LOG_NDELAY LOG_PERROR LOG_PID - -output alert_unified: filename alert +output alert_unified: filename snort.alert, limit 128 -#Required files -include /usr/local/etc/snort/classification.config -include /usr/local/etc/snort/reference.config +################# + # +# Misc Includes # + # +################# -# Include any thresholding or suppression commands. See threshold.conf in the -# include threshold.conf +include /usr/local/etc/snort/reference.config +include /usr/local/etc/snort/classification.config +include /usr/local/etc/snort/threshold.conf # Snort user pass through configuration {$snort_config_pass_thru} -#Rulesets, all optional +################### + # +# Rules Selection # + # +################### + {$selected_rules_sections} EOD; diff --git a/config/snort/snort.xml b/config/snort/snort.xml index 22b8e874..af549a27 100644 --- a/config/snort/snort.xml +++ b/config/snort/snort.xml @@ -46,7 +46,7 @@ <requirements>Describe your package requirements here</requirements> <faq>Currently there are no FAQ items provided.</faq> <name>Snort</name> - <version>2.8.3.2</version> + <version>2.8.4.3</version> <title>Services: Snort</title> <include_file>/usr/local/pkg/snort.inc</include_file> <menu> |