From 359e5dab68fe25b4372662151dda5f2a46198d27 Mon Sep 17 00:00:00 2001 From: robiscool Date: Mon, 6 Jul 2009 13:30:36 -0700 Subject: july6, add snort_define_servers.xml, add snort_threshold.xml --- config/snort/snort_define_servers.xml | 364 ++++++++++++++++++++++++++++++++++ config/snort/snort_threshold.xml | 129 ++++++++++++ 2 files changed, 493 insertions(+) create mode 100644 config/snort/snort_define_servers.xml create mode 100644 config/snort/snort_threshold.xml (limited to 'config/snort') diff --git a/config/snort/snort_define_servers.xml b/config/snort/snort_define_servers.xml new file mode 100644 index 00000000..7df880d0 --- /dev/null +++ b/config/snort/snort_define_servers.xml @@ -0,0 +1,364 @@ + + + + + + . + All rights reserved. + */ +/* ========================================================================== */ +/* + Redistribution and use in source and binary forms, with or without + modification, are permitted provided that the following conditions are met: + + 1. Redistributions of source code must retain the above copyright notice, + this list of conditions and the following disclaimer. + + 2. Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. + + THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, + INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY + AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, + OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF + SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS + INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN + CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE + POSSIBILITY OF SUCH DAMAGE. + */ +/* ========================================================================== */ + ]]> + + Describe your package here + Describe your package requirements here + Currently there are no FAQ items provided. + SnortDefServers + none + Services: Snort Define Servers + /usr/local/pkg/snort.inc + + + Settings + /pkg_edit.php?xml=snort.xml&id=0 + + + Update Rules + /snort_download_rules.php + + + Categories + /snort_rulesets.php + + + Rules + /snort_rules.php + + + Servers + /pkg_edit.php?xml=snort_define_servers.xml&id=0 + + + + Blocked + /snort_blocked.php + + + Whitelist + /pkg.php?xml=snort_whitelist.xml + + + Threshold + /pkg.php?xml=snort_threshold.xml + + + Alerts + /snort_alerts.php + + + Advanced + /pkg_edit.php?xml=snort_advanced.xml&id=0 + + + + + Define DNS_SERVERS + def_dns_servers + Example: "192.168.1.3/24,192.168.1.4/24". Leave blank to scan all networks. + input + 101 + + + + Define DNS_PORTS + def_dns_ports + Example: Specific ports "25,443" or All ports betwen "5060:5090 . Default is 53. + input + 43 + + + + Define SMTP_SERVERS + def_smtp_servers + Example: "192.168.1.3/24,192.168.1.4/24". Leave blank to scan all networks. + input + 101 + + + + Define SMTP_PORTS + def_smtp_ports + Example: Specific ports "25,443" or All ports betwen "5060:5090 . Default is 25. + input + 43 + + + + Define Mail_Ports + def_mail_ports + Example: Specific ports "25,443" or All ports betwen "5060:5090 . Default is 25,143,465,691. + input + 43 + + + + Define HTTP_SERVERS + def_http_servers + Example: "192.168.1.3/24,192.168.1.4/24". Leave blank to scan all networks. + input + 101 + + + + Define WWW_SERVERS + def_www_servers + Example: "192.168.1.3/24,192.168.1.4/24". Leave blank to scan all networks. + input + 101 + + + + Define HTTP_PORTS + def_http_ports + Example: Specific ports "25,443" or All ports betwen "5060:5090 . Default is 80. + input + 43 + + + + Define SQL_SERVERS + def_sql_servers + Example: "192.168.1.3/24,192.168.1.4/24". Leave blank to scan all networks. + input + 101 + + + + Define ORACLE_PORTS + def_oracle_ports + Example: Specific ports "25,443" or All ports betwen "5060:5090 . Default is 1521. + input + 43 + + + + Define MSSQL_PORTS + def_mssql_ports + Example: Specific ports "25,443" or All ports betwen "5060:5090 . Default is 1433. + input + 43 + + + + Define TELNET_SERVERS + def_telnet_servers + Example: "192.168.1.3/24,192.168.1.4/24". Leave blank to scan all networks. + input + 101 + + + + Define TELNET_PORTS + def_telnet_ports + Example: Specific ports "25,443" or All ports betwen "5060:5090 . Default is 23. + input + 43 + + + + Define SNMP_SERVERS + def_snmp_servers + Example: "192.168.1.3/24,192.168.1.4/24". Leave blank to scan all networks. + input + 101 + + + + Define SNMP_PORTS + def_snmp_ports + Example: Specific ports "25,443" or All ports betwen "5060:5090 . Default is 161. + input + 43 + + + + Define FTP_SERVERS + def_ftp_servers + Example: "192.168.1.3/24,192.168.1.4/24". Leave blank to scan all networks. + input + 101 + + + + Define FTP_PORTS + def_ftp_ports + Example: Specific ports "25,443" or All ports betwen "5060:5090 . Default is 21. + input + 43 + + + + Define SSH_SERVERS + def_ssh_servers + Example: "192.168.1.3/24,192.168.1.4/24". Leave blank to scan all networks. + input + 101 + + + + Define SSH_PORTS + def_ssh_ports + Example: Specific ports "25,443" or All ports betwen "5060:5090 . Default is Pfsense SSH port. + input + 43 + + + + Define POP_SERVERS + def_pop_servers + Example: "192.168.1.3/24,192.168.1.4/24". Leave blank to scan all networks. + input + 101 + + + + Define POP2_PORTS + def_pop2_ports + Example: Specific ports "25,443" or All ports betwen "5060:5090 . Default is 109. + input + 43 + + + + Define POP3_PORTS + def_pop3_ports + Example: Specific ports "25,443" or All ports betwen "5060:5090 . Default is 110. + input + 43 + + + + Define IMAP_SERVERS + def_imap_servers + Example: "192.168.1.3/24,192.168.1.4/24". Leave blank to scan all networks. + input + 101 + + + + Define IMAP_PORTS + def_imap_ports + Example: Specific ports "25,443" or All ports betwen "5060:5090 . Default is 143. + input + 43 + + + + Define SIP_PROXY_IP + def_sip_proxy_ip + Example: "192.168.1.3/24,192.168.1.4/24". Leave blank to scan all networks. + input + 101 + + + + Define SIP_PROXY_PORTS + def_sip_proxy_ports + Example: Specific ports "25,443" or All ports betwen "5060:5090 . Default is 5060:5090,16384:32768. + input + 43 + + + + Define AUTH_PORTS + def_auth_ports + Example: Specific ports "25,443" or All ports betwen "5060:5090 . Default is 113. + input + 43 + + + + Define FINGER_PORTS + def_finger_ports + Example: Specific ports "25,443" or All ports betwen "5060:5090 . Default is 79. + input + 43 + + + + Define IRC_PORTS + def_irc_ports + Example: Specific ports "25,443" or All ports betwen "5060:5090 . Default is 6665,6666,6667,6668,6669,7000. + input + 43 + + + + Define NNTP_PORTS + def_nntp_ports + Example: Specific ports "25,443" or All ports betwen "5060:5090 . Default is 119. + input + 43 + + + + Define RLOGIN_PORTS + def_rlogin_ports + Example: Specific ports "25,443" or All ports betwen "5060:5090 . Default is 513. + input + 43 + + + + Define RSH_PORTS + def_rsh_ports + Example: Specific ports "25,443" or All ports betwen "5060:5090 . Default is 514. + input + 43 + + + + Define SSL_PORTS + def_ssl_ports + Example: Specific ports "25,443" or All ports betwen "5060:5090 . Default is 25,443,465,636,993,995. + input + 43 + + + + + snort_define_servers(); + + diff --git a/config/snort/snort_threshold.xml b/config/snort/snort_threshold.xml new file mode 100644 index 00000000..f9075d3d --- /dev/null +++ b/config/snort/snort_threshold.xml @@ -0,0 +1,129 @@ + + + + + + . + All rights reserved. + */ +/* ========================================================================== */ +/* + Redistribution and use in source and binary forms, with or without + modification, are permitted provided that the following conditions are met: + + 1. Redistributions of source code must retain the above copyright notice, + this list of conditions and the following disclaimer. + + 2. Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. + + THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, + INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY + AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, + OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF + SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS + INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN + CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE + POSSIBILITY OF SUCH DAMAGE. + */ +/* ========================================================================== */ + ]]> + + Describe your package here + Describe your package requirements here + Currently there are no FAQ items provided. + snort-threshold + 0.1.0 + Snort: Alert Thresholding and Suppression + /usr/local/pkg/snort.inc + + + + Settings + /pkg_edit.php?xml=snort.xml&id=0 + + + Update Rules + /snort_download_rules.php + + + Categories + /snort_rulesets.php + + + Rules + /snort_rules.php + + + Servers + /pkg_edit.php?xml=snort_define_servers.xml&id=0 + + + Blocked + /snort_blocked.php + + + Whitelist + /pkg.php?xml=snort_whitelist.xml + + + Threshold + /pkg.php?xml=snort_threshold.xml + + + + Alerts + /snort_alerts.php + + + Advanced + /pkg_edit.php?xml=snort_advanced.xml&id=0 + + + + + Thresholding or Suppression Rule + threshrule + + + Description + description + + + + + Thresholding or Suppression Rule + threshrule + Enter the Rule. Example; "suppress gen_id 125, sig_id 4" or "threshold gen_id 1, sig_id 1851, type limit, track by_src, count 1, seconds 60" + input + 40 + + + Description + description + Enter the description for this item + input + 60 + + + + + + + + create_snort_conf(); + + \ No newline at end of file -- cgit v1.2.3