From c2b6e0ddddbc3aecd1d7d4ba1278572b0e4a1ebb Mon Sep 17 00:00:00 2001 From: robiscool Date: Thu, 1 Oct 2009 12:23:10 -0700 Subject: snort stable, add barnyard2 iterface hostname options --- config/snort-dev/snort.xml | 42 +++++++++++++++++++++++++++---------- config/snort-dev/snort_advanced.xml | 32 +++++++++++++++++++++------- 2 files changed, 55 insertions(+), 19 deletions(-) (limited to 'config/snort-dev') diff --git a/config/snort-dev/snort.xml b/config/snort-dev/snort.xml index 4f039a97..3f6f91c8 100644 --- a/config/snort-dev/snort.xml +++ b/config/snort-dev/snort.xml @@ -46,8 +46,8 @@ Describe your package requirements here Currently there are no FAQ items provided. Snort - 2.8.4.1_1 - Services: Snort 2.8.4.1_2 pkg v. 1.6 RC5 + 2.8.4.1_2 + Services: Snort 2.8.4.1_2 pkg v. 1.6 /usr/local/pkg/snort.inc Snort @@ -59,6 +59,7 @@ snort snort.sh snort + Snort is the most widely deployed IDS/IPS technology worldwide.. @@ -194,6 +195,7 @@ iface_array Select the interface(s) Snort will listen on. interfaces_selection + 3 lan true @@ -233,6 +235,16 @@ acs + + + + + + Install Snort.org rules. + installsnortrules + Free Snort.org rules that are maintained by Sourcefire. See the Pfsense Snort FAQ on how to get a subscription. + checkbox + Oinkmaster code @@ -245,10 +257,26 @@ Snort.org subscriber subscriber - Check this box if you are a Snort.org subscriber (premium rules). + Check this box if you are a Snort.org subscriber (premium rules). <b>HIGHLY RECOMMENDED!</b> checkbox 60 + + + + Install emergingthreats rules. + emergingthreats + Emerging Threats is an open source community that produces fastest moving and diverse Snort Rules. + checkbox + + + + Install Pfsense rules. + installpfsenserules + Snort rules that Pfsense maintainers have requested for their packages. + checkbox + + Block offenders blockoffenders7 @@ -300,8 +328,6 @@ - - Update rules automatically autorulesupdate7 @@ -356,12 +382,6 @@ Checking this option will automatically associate the blocked reason from the snort alerts file. checkbox - - Install emergingthreats rules. - emergingthreats - Emerging Threats is an open source community that produces fastest moving and diverse Snort Rules. - checkbox - sync_package_snort(); diff --git a/config/snort-dev/snort_advanced.xml b/config/snort-dev/snort_advanced.xml index 6e81123f..1fdddda2 100644 --- a/config/snort-dev/snort_advanced.xml +++ b/config/snort-dev/snort_advanced.xml @@ -153,12 +153,12 @@ Snort will log packets to a tcpdump-formatted file. The file then can be analyzed by a wireshark type of application. WARNING: File may become large. checkbox - - Enable Barnyard2. - snortbarnyardlog - This will enable barnyard2 in the snort package. You will also have to set the database credentials. - checkbox - + + Enable Barnyard2. + snortbarnyardlog + This will enable barnyard2 in the snort package. You will also have to set the database credentials. + checkbox + Barnyard2 Log Mysql Database. snortbarnyardlog_database @@ -168,9 +168,25 @@ - Log Alerts to a snort unified file. + Barnyard2 Configure Hostname ID. + snortbarnyardlog_hostname + Example: pfsense.local + input + 25 + + + + Barnyard2 Configure Interface ID + snortbarnyardlog_interface + Example: vr0 + input + 25 + + + + Log Alerts to a snort unified2 file. snortunifiedlog - Snort will log Alerts to a file in the UNIFIED2 format. This is a requirement barnyard2. + Snort will log Alerts to a file in the UNIFIED2 format. This is a requirement for barnyard2. checkbox -- cgit v1.2.3