From 159f7aa6503168db8f0f8541312e55e1f67a8ee6 Mon Sep 17 00:00:00 2001 From: Ermal Date: Sat, 26 Jan 2013 21:28:43 +0100 Subject: Include sip preprocessor which is needed for VRT policy secure --- config/snort/snort.inc | 14 ++++++++++++-- config/snort/snort_define_servers.php | 2 +- config/snort/snort_preprocessors.php | 12 ++++++++++++ 3 files changed, 25 insertions(+), 3 deletions(-) (limited to 'config/snort') diff --git a/config/snort/snort.inc b/config/snort/snort.inc index 80088779..de0ac58f 100755 --- a/config/snort/snort.inc +++ b/config/snort/snort.inc @@ -1893,7 +1893,7 @@ function snort_generate_conf($snortcfg) { "telnet_ports" => "23","snmp_ports" => "161", "ftp_ports" => "21", "ssh_ports" => $ssh_port, "pop2_ports" => "109", "pop3_ports" => "110", "imap_ports" => "143", "sip_proxy_ports" => "5060:5090,16384:32768", - "sip_ports" => "5060:5090,16384:32768", "auth_ports" => "113", "finger_ports" => "79", + "sip_ports" => "5060, 5061", "auth_ports" => "113", "finger_ports" => "79", "irc_ports" => "6665,6666,6667,6668,6669,7000", "smb_ports" => "139,445", "nntp_ports" => "119", "rlogin_ports" => "513", "rsh_ports" => "514", "ssl_ports" => "443,465,563,636,989,990,992,993,994,995", @@ -2092,6 +2092,16 @@ preprocessor dcerpc2_server: default, policy WinXP, \ autodetect [tcp 1025:, udp 1025:, rpc-over-http-server 1025:], \ smb_max_chain 3, smb_invalid_shares ["C$", "D$", "ADMIN$"] +EOD; + + $sip_ports = str_replace(",", " ", $snort_ports['sip_ports']); + $sip_preproc = << "ssl_preproc", "dnp3_preproc" => "dnp3_preproc", "modbus_preproc" => "modbus_preproc" ); $snort_preproc = array ( - "perform_stat", "http_inspect", "other_preprocs", "ftp_preprocessor", "smtp_preprocessor", "ssl_preproc", + "perform_stat", "http_inspect", "other_preprocs", "ftp_preprocessor", "smtp_preprocessor", "ssl_preproc", "sip_preproc", "sf_portscan", "dce_rpc_2", "dns_preprocessor", "sensitive_data", "pop_preproc", "imap_preproc", "dnp3_preproc", "modbus_preproc" ); $snort_preprocessors = ""; diff --git a/config/snort/snort_define_servers.php b/config/snort/snort_define_servers.php index ca153d68..3a12b284 100755 --- a/config/snort/snort_define_servers.php +++ b/config/snort/snort_define_servers.php @@ -72,7 +72,7 @@ $snort_ports = array( "telnet_ports" => "23","snmp_ports" => "161", "ftp_ports" => "21", "ssh_ports" => $ssh_port, "pop2_ports" => "109", "pop3_ports" => "110", "imap_ports" => "143", "sip_proxy_ports" => "5060:5090,16384:32768", -"sip_ports" => "5060:5090,16384:32768", "auth_ports" => "113", "finger_ports" => "79", +"sip_ports" => "5060,5061", "auth_ports" => "113", "finger_ports" => "79", "irc_ports" => "6665,6666,6667,6668,6669,7000", "smb_ports" => "139,445", "nntp_ports" => "119", "rlogin_ports" => "513", "rsh_ports" => "514", "ssl_ports" => "443,465,563,636,989,990,992,993,994,995", diff --git a/config/snort/snort_preprocessors.php b/config/snort/snort_preprocessors.php index 25e176cb..916fd413 100755 --- a/config/snort/snort_preprocessors.php +++ b/config/snort/snort_preprocessors.php @@ -72,6 +72,7 @@ if (isset($id) && $a_nat[$id]) { $pconfig['ssl_preproc'] = $a_nat[$id]['ssl_preproc']; $pconfig['pop_preproc'] = $a_nat[$id]['pop_preproc']; $pconfig['imap_preproc'] = $a_nat[$id]['imap_preproc']; + $pconfig['sip_preproc'] = $a_nat[$id]['sip_preproc']; $pconfig['dnp3_preproc'] = $a_nat[$id]['dnp3_preproc']; $pconfig['modbus_preproc'] = $a_nat[$id]['modbus_preproc']; } @@ -104,6 +105,8 @@ if ($_POST) { $natent['imap_preproc'] = $_POST['imap_preproc'] ? 'on' : 'off'; $natent['dnp3_preproc'] = $_POST['dnp3_preproc'] ? 'on' : 'off'; $natent['modbus_preproc'] = $_POST['modbus_preproc'] ? 'on' : 'off'; + $natent['sip_preproc'] = $_POST['sip_preproc'] ? 'on' : 'off'; + $natent['modbus_preproc'] = $_POST['modbus_preproc'] ? 'on' : 'off'; if (isset($id) && $a_nat[$id]) $a_nat[$id] = $natent; @@ -361,6 +364,15 @@ include_once("head.inc"); onClick="enable_change(false)">
+ +
+ + + onClick="enable_change(false)">
+ +
-- cgit v1.2.3