upgrade wireless-tools to v28 pre13
[openwrt.git] / package / snort-wireless / patches / 750-lightweight-config.patch
1 --- snort-wireless-2.4.3-alpha04/etc/snort.conf 2005-10-21 09:41:01.000000000 +0200
2 +++ /Users/florian/telechargements/snort.conf 2005-10-30 13:20:17.000000000 +0100
3 @@ -6,6 +6,7 @@
4 #
5 ###################################################
6 # This file contains a sample snort configuration.
7 +# Most preprocessors and rules were disabled to save memory.
8 # You can take the following steps to create your own custom configuration:
9 #
10 # 1) Set the variables for your network
11 @@ -42,10 +43,10 @@
12 # or you can specify the variable to be any IP address
13 # like this:
14
15 -var HOME_NET any
16 +var HOME_NET 192.168.1.0/24
17
18 # Set up the external network addresses as well. A good start may be "any"
19 -var EXTERNAL_NET any
20 +var EXTERNAL_NET !$HOME_NET
21
22 # Configure your wireless AP lists. This allows snort to look for attacks
23 # against your wireless network, such as rogue access points or adhoc wireless
24 @@ -137,7 +138,7 @@
25 # Path to your rules files (this can be a relative path)
26 # Note for Windows users: You are advised to make this an absolute path,
27 # such as: c:\snort\rules
28 -var RULE_PATH ../rules
29 +var RULE_PATH /etc/snort/rules
30
31 # Configure the snort decoder
32 # ============================
33 @@ -413,11 +414,11 @@
34 # lots of options available here. See doc/README.http_inspect.
35 # unicode.map should be wherever your snort.conf lives, or given
36 # a full path to where snort can find it.
37 -preprocessor http_inspect: global \
38 - iis_unicode_map unicode.map 1252
39 +#preprocessor http_inspect: global \
40 +# iis_unicode_map unicode.map 1252
41
42 -preprocessor http_inspect_server: server default \
43 - profile all ports { 80 8080 8180 } oversize_dir_length 500
44 +#preprocessor http_inspect_server: server default \
45 +# profile all ports { 80 8080 8180 } oversize_dir_length 500
46
47 #
48 # Example unique server configuration
49 @@ -451,7 +452,7 @@
50 # no_alert_incomplete - don't alert when a single segment
51 # exceeds the current packet size
52
53 -preprocessor rpc_decode: 111 32771
54 +#preprocessor rpc_decode: 111 32771
55
56 # bo: Back Orifice detector
57 # -------------------------
58 @@ -474,7 +475,7 @@
59 # 3 Back Orifice Server Traffic Detected
60 # 4 Back Orifice Snort Buffer Attack
61
62 -preprocessor bo
63 +#preprocessor bo
64
65 # telnet_decode: Telnet negotiation string normalizer
66 # ---------------------------------------------------
67 @@ -486,7 +487,7 @@
68 # This preprocessor requires no arguments.
69 # Portscan uses Generator ID 109 and does not generate any SID currently.
70
71 -preprocessor telnet_decode
72 +#preprocessor telnet_decode
73
74 # sfPortscan
75 # ----------
76 @@ -537,9 +538,9 @@
77 # are still watched as scanner hosts. The 'ignore_scanned' option is
78 # used to tune alerts from very active hosts such as syslog servers, etc.
79 #
80 -preprocessor sfportscan: proto { all } \
81 - memcap { 10000000 } \
82 - sense_level { low }
83 +#preprocessor sfportscan: proto { all } \
84 +# memcap { 10000000 } \
85 +# sense_level { low }
86
87 # arpspoof
88 #----------------------------------------
89 @@ -814,41 +815,41 @@
90 include $RULE_PATH/bad-traffic.rules
91 include $RULE_PATH/exploit.rules
92 include $RULE_PATH/scan.rules
93 -include $RULE_PATH/finger.rules
94 -include $RULE_PATH/ftp.rules
95 -include $RULE_PATH/telnet.rules
96 -include $RULE_PATH/rpc.rules
97 -include $RULE_PATH/rservices.rules
98 -include $RULE_PATH/dos.rules
99 -include $RULE_PATH/ddos.rules
100 -include $RULE_PATH/dns.rules
101 -include $RULE_PATH/tftp.rules
102 -
103 -include $RULE_PATH/web-cgi.rules
104 -include $RULE_PATH/web-coldfusion.rules
105 -include $RULE_PATH/web-iis.rules
106 -include $RULE_PATH/web-frontpage.rules
107 -include $RULE_PATH/web-misc.rules
108 -include $RULE_PATH/web-client.rules
109 -include $RULE_PATH/web-php.rules
110 -
111 -include $RULE_PATH/sql.rules
112 -include $RULE_PATH/x11.rules
113 -include $RULE_PATH/icmp.rules
114 -include $RULE_PATH/netbios.rules
115 -include $RULE_PATH/misc.rules
116 -include $RULE_PATH/attack-responses.rules
117 -include $RULE_PATH/oracle.rules
118 -include $RULE_PATH/mysql.rules
119 -include $RULE_PATH/snmp.rules
120 -
121 -include $RULE_PATH/smtp.rules
122 -include $RULE_PATH/imap.rules
123 -include $RULE_PATH/pop2.rules
124 -include $RULE_PATH/pop3.rules
125 +#include $RULE_PATH/finger.rules
126 +#include $RULE_PATH/ftp.rules
127 +#include $RULE_PATH/telnet.rules
128 +#include $RULE_PATH/rpc.rules
129 +#include $RULE_PATH/rservices.rules
130 +#include $RULE_PATH/dos.rules
131 +#include $RULE_PATH/ddos.rules
132 +#include $RULE_PATH/dns.rules
133 +#include $RULE_PATH/tftp.rules
134 +
135 +#include $RULE_PATH/web-cgi.rules
136 +#include $RULE_PATH/web-coldfusion.rules
137 +#include $RULE_PATH/web-iis.rules
138 +#include $RULE_PATH/web-frontpage.rules
139 +#include $RULE_PATH/web-misc.rules
140 +#include $RULE_PATH/web-client.rules
141 +#include $RULE_PATH/web-php.rules
142 +
143 +#include $RULE_PATH/sql.rules
144 +#include $RULE_PATH/x11.rules
145 +#include $RULE_PATH/icmp.rules
146 +#include $RULE_PATH/netbios.rules
147 +#include $RULE_PATH/misc.rules
148 +#include $RULE_PATH/attack-responses.rules
149 +#include $RULE_PATH/oracle.rules
150 +#include $RULE_PATH/mysql.rules
151 +#include $RULE_PATH/snmp.rules
152 +
153 +#include $RULE_PATH/smtp.rules
154 +#include $RULE_PATH/imap.rules
155 +#include $RULE_PATH/pop2.rules
156 +#include $RULE_PATH/pop3.rules
157
158 -include $RULE_PATH/nntp.rules
159 -include $RULE_PATH/other-ids.rules
160 +#include $RULE_PATH/nntp.rules
161 +#include $RULE_PATH/other-ids.rules
162 # include $RULE_PATH/web-attacks.rules
163 # include $RULE_PATH/backdoor.rules
164 # include $RULE_PATH/shellcode.rules
165 @@ -856,11 +857,11 @@
166 # include $RULE_PATH/porn.rules
167 # include $RULE_PATH/info.rules
168 # include $RULE_PATH/icmp-info.rules
169 - include $RULE_PATH/virus.rules
170 +# include $RULE_PATH/virus.rules
171 # include $RULE_PATH/chat.rules
172 # include $RULE_PATH/multimedia.rules
173 # include $RULE_PATH/p2p.rules
174 -include $RULE_PATH/experimental.rules
175 +#include $RULE_PATH/experimental.rules
176 #include $RULE_PATH/wifi.rules
177
178 # Include any thresholding or suppression commands. See threshold.conf in the
This page took 0.04595 seconds and 5 git commands to generate.