118
Chapter 3     Working with Snort Rules
included file into the main configuration file at the point where it is included. In fact,
most of the predefined rules that come with the Snort distribution are found in include
files. All files in the Snort distribution whose name ends with .rules contain rules
and they are included in the snort.conf file. These rule files are included in the
main snort.conf file using the  include  keyword. The following is an example of
including myrules.rules file in the main configuration file.
include myrules.rules
It is not necessary that the name of the rules file must end with .rule. You can
use a name of your choice for your rule file.
3.7.8
Sample snort.conf File
The following is a sample configuration file for Snort. All lines starting with the #
character are comment lines. Whenever you modify the configuration file, you have to
restart Snort for the changes to take effect.
# Variable Definitions
var HOME_NET 192.168.1.0/24
var EXTERNAL_NET any
var HTTP_SERVERS $HOME_NET
var DNS_SERVERS $HOME_NET
var RULE_PATH ./
# preprocessors
preprocessor frag2
preprocessor stream4: detect_scans
preprocessor stream4_reassemble
preprocessor http_decode: 80  unicode  cginull
preprocessor unidecode: 80  unicode  cginull
preprocessor bo:  nobrute
preprocessor telnet_decode
preprocessor portscan: $HOME_NET 4 3 portscan.log
preprocessor arpspoof
# output modules
output alert_syslog: LOG_AUTH LOG_ALERT
output log_tcpdump: snort.log
output database: log, mysql, user=rr password=boota \
   dbname=snort host=localhost
output xml: log, file=/var/log/snortxml
# Rules and include files
include $RULE_PATH/bad traffic.rules
include $RULE_PATH/exploit.rules






footer




 

 

 

 

 Home | About Us | Network | Services | Support | FAQ | Control Panel | Order Online | Sitemap | Contact

toronto web hosting

 

Our partners: PHP: Hypertext Preprocessor Cheap Web Hosting JSP Web Hosting Ontario Web Hosting  Jsp Web Hosting

Cheapest Web Hosting Java Hosting Cheapest Hosting

Visionwebhosting.net Business web hosting division of Vision Web Hosting Inc.. All rights reserved