Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
- Loading branch information
Showing
3 changed files
with
701 additions
and
0 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,116 @@ | ||
# | ||
########################################################################### | ||
# | ||
# This is the configuration file for fwsnort. There are some similarities | ||
# between this file and the configuration file for Snort. | ||
# | ||
########################################################################### | ||
# | ||
|
||
### Fwsnort treats all traffic directed to / originating from the local | ||
### machine as going to / coming from the HOME_NET in Snort rule parlance. | ||
### If there is only one interface on the local system, then there will be | ||
### no rules processed via the FWSNORT_FORWARD chain because no traffic | ||
### would make it into the iptables FORWARD chain. | ||
HOME_NET any; | ||
EXTERNAL_NET any; | ||
|
||
### List of servers. Fwsnort supports the same variable resolution as | ||
### Snort. | ||
HTTP_SERVERS $HOME_NET; | ||
SMTP_SERVERS $HOME_NET; | ||
DNS_SERVERS $HOME_NET; | ||
SQL_SERVERS $HOME_NET; | ||
TELNET_SERVERS $HOME_NET; | ||
|
||
### AOL AIM server nets | ||
AIM_SERVERS [64.12.24.0/24, 64.12.25.0/24, 64.12.26.14/24, 64.12.28.0/24, 64.12.29.0/24, 64.12.161.0/24, 64.12.163.0/24, 205.188.5.0/24, 205.188.9.0/24]; | ||
|
||
### Configurable port numbers | ||
SSH_PORTS 22; | ||
HTTP_PORTS 80; | ||
SHELLCODE_PORTS !80; | ||
ORACLE_PORTS 1521; | ||
|
||
### Default update URL for new rules. This variable can be given multiple | ||
### times on separate lines in order to specify multiple update URL's: | ||
#UPDATE_RULES_URL <url1> | ||
#UPDATE_RULES_URL <url2> | ||
UPDATE_RULES_URL http://rules.emergingthreats.net/open/snort-2.9.0/emerging-all.rules; | ||
|
||
### define average packet lengths and maximum frame length. This is | ||
### used for iptables length match emulation of the Snort dsize option. | ||
AVG_IP_HEADER_LEN 20; ### IP options are not usually used. | ||
AVG_TCP_HEADER_LEN 30; ### Include 10 bytes for options | ||
MAX_FRAME_LEN 1500; | ||
|
||
### define the max length of the content (null terminated string) that | ||
### can be passed to either the --hex-string or --string iptables matches. | ||
### Note that as of fwsnort-1.5, the max string length supported by the | ||
### local iptables instance is automatically determined, so this variable | ||
### is not really needed, and just allows a max value to be set | ||
### independently of what iptables supports. | ||
MAX_STRING_LEN 1024; | ||
|
||
### Use the WHITELIST variable to define a list of hosts/networks | ||
### that should be completely ignored by fwsnort. For example, if you | ||
### want to whitelist the IP 192.168.10.1 and the network 10.1.1.0/24, | ||
### you would use (note that you can also specify multiple WHITELIST | ||
### variables, one per line): | ||
#WHITELIST 192.168.10.1, 10.1.1.0/24; | ||
WHITELIST NONE; | ||
|
||
### Use the BLACKLIST variable to define a list of hosts/networks | ||
### that for which fwsnort should DROP or REJECT all traffic. For | ||
### example, to DROP all traffic from the 192.168.10.0/24 network, you | ||
### can use: | ||
### BLACKLIST 192.168.10.0/24 DROP; | ||
### To have fwsnort REJECT all traffic from 192.168.10.0/24, you would | ||
### use: | ||
### BLACKLIST 192.168.10.0/24 REJECT; | ||
BLACKLIST NONE; | ||
|
||
### define the jump position in the built-in chains to jump to the | ||
### fwsnort chains | ||
FWSNORT_INPUT_JUMP 1; | ||
FWSNORT_OUTPUT_JUMP 1; | ||
FWSNORT_FORWARD_JUMP 1; | ||
|
||
### iptables chains (these do not normally need to be changed). | ||
FWSNORT_INPUT FWSNORT_INPUT; | ||
FWSNORT_INPUT_ESTAB FWSNORT_INPUT_ESTAB; | ||
FWSNORT_OUTPUT FWSNORT_OUTPUT; | ||
FWSNORT_OUTPUT_ESTAB FWSNORT_OUTPUT_ESTAB; | ||
FWSNORT_FORWARD FWSNORT_FORWARD; | ||
FWSNORT_FORWARD_ESTAB FWSNORT_FORWARD_ESTAB; | ||
|
||
### fwsnort filesystem paths | ||
INSTALL_ROOT fwsnort-install; | ||
CONF_DIR $INSTALL_ROOT/etc/fwsnort; | ||
RULES_DIR $CONF_DIR/snort_rules; | ||
LOG_DIR $INSTALL_ROOT/var/log/fwsnort; | ||
LIBS_DIR $INSTALL_ROOT/usr/lib/fwsnort; ### for perl modules | ||
STATE_DIR $INSTALL_ROOT/var/lib/fwsnort; | ||
QUEUE_RULES_DIR $STATE_DIR/snort_rules_queue; | ||
ARCHIVE_DIR $STATE_DIR/archive; | ||
|
||
CONF_FILE $CONF_DIR/fwsnort.conf; | ||
LOG_FILE $LOG_DIR/fwsnort.log; | ||
FWSNORT_SCRIPT $STATE_DIR/fwsnort_iptcmds.sh; ### slow version | ||
FWSNORT_SAVE_EXEC_FILE $STATE_DIR/fwsnort.sh; ### main fwsnort.sh script | ||
FWSNORT_SAVE_FILE $STATE_DIR/fwsnort.save; ### main fwsnort.save file | ||
IPT_BACKUP_SAVE_FILE $STATE_DIR/iptables.save; ### iptables policy backup | ||
|
||
### system binaries | ||
shCmd /bin/sh; | ||
echoCmd /bin/echo; | ||
tarCmd /bin/tar; | ||
wgetCmd /usr/bin/wget; | ||
unameCmd /usr/bin/uname; | ||
ifconfigCmd /sbin/ifconfig; | ||
iptablesCmd /sbin/iptables; | ||
iptables-saveCmd /sbin/iptables-save; | ||
iptables-restoreCmd /sbin/iptables-restore; | ||
ip6tablesCmd /sbin/ip6tables; | ||
ip6tables-saveCmd /sbin/ip6tables-save; | ||
ip6tables-restoreCmd /sbin/ip6tables-restore; |
Oops, something went wrong.