--- etc/snort.conf 2013-04-15 15:59:32.000000000 -0400 +++ etc/snort.conf.dlucio 2013-04-25 08:20:29.862041361 -0400 @@ -165,6 +165,9 @@ config checksum_mode: all # <mode> ::= read-file | passive | inline # <var> ::= arbitrary <name>=<value passed to DAQ # <dir> ::= path as to where to look for DAQ module so's +config daq: pcap +config daq_dir: /usr/local/lib/daq +config daq_mode: passive # Configure specific UID and GID to run snort as after dropping privs. For more information see snort -h command line options # @@ -184,7 +187,7 @@ config checksum_mode: all # Configure default log directory for snort to log to. For more information see snort -h command line options (-l) # # config logdir: - +config cs_dir: /run/snort ################################################### # Step #3: Configure the base detection engine. For more information, see README.decode @@ -250,7 +253,7 @@ dynamicpreprocessor directory /usr/local dynamicengine /usr/local/lib/snort_dynamicengine/libsf_engine.so # path to dynamic rules libraries -dynamicdetection directory /usr/local/lib/snort_dynamicrules +#dynamicdetection directory /usr/local/lib/snort_dynamicrules ################################################### # Step #5: Configure preprocessors @@ -548,8 +551,8 @@ include $RULE_PATH/app-detect.rules include $RULE_PATH/attack-responses.rules include $RULE_PATH/backdoor.rules include $RULE_PATH/bad-traffic.rules -include $RULE_PATH/blacklist.rules -include $RULE_PATH/botnet-cnc.rules +# include $RULE_PATH/blacklist.rules +# include $RULE_PATH/botnet-cnc.rules include $RULE_PATH/browser-chrome.rules include $RULE_PATH/browser-firefox.rules include $RULE_PATH/browser-ie.rules @@ -557,7 +560,7 @@ include $RULE_PATH/browser-other.rules include $RULE_PATH/browser-plugins.rules include $RULE_PATH/browser-webkit.rules include $RULE_PATH/chat.rules -include $RULE_PATH/content-replace.rules +# include $RULE_PATH/content-replace.rules include $RULE_PATH/ddos.rules include $RULE_PATH/dns.rules include $RULE_PATH/dos.rules @@ -597,7 +600,7 @@ include $RULE_PATH/os-solaris.rules include $RULE_PATH/os-windows.rules include $RULE_PATH/other-ids.rules include $RULE_PATH/p2p.rules -include $RULE_PATH/phishing-spam.rules +# include $RULE_PATH/phishing-spam.rules include $RULE_PATH/policy-multimedia.rules include $RULE_PATH/policy-other.rules include $RULE_PATH/policy.rules @@ -618,7 +621,7 @@ include $RULE_PATH/pua-p2p.rules include $RULE_PATH/pua-toolbars.rules include $RULE_PATH/rpc.rules include $RULE_PATH/rservices.rules -include $RULE_PATH/scada.rules +# include $RULE_PATH/scada.rules include $RULE_PATH/scan.rules include $RULE_PATH/server-apache.rules include $RULE_PATH/server-iis.rules @@ -631,14 +634,14 @@ include $RULE_PATH/server-webapp.rules include $RULE_PATH/shellcode.rules include $RULE_PATH/smtp.rules include $RULE_PATH/snmp.rules -include $RULE_PATH/specific-threats.rules -include $RULE_PATH/spyware-put.rules +# include $RULE_PATH/specific-threats.rules +# include $RULE_PATH/spyware-put.rules include $RULE_PATH/sql.rules include $RULE_PATH/telnet.rules include $RULE_PATH/tftp.rules include $RULE_PATH/virus.rules -include $RULE_PATH/voip.rules -include $RULE_PATH/web-activex.rules +# include $RULE_PATH/voip.rules +# include $RULE_PATH/web-activex.rules include $RULE_PATH/web-attacks.rules include $RULE_PATH/web-cgi.rules include $RULE_PATH/web-client.rules