author | Alan Coopersmith <Alan.Coopersmith@Oracle.COM> |
Thu, 20 Oct 2016 09:26:57 -0700 | |
changeset 7140 | dda35b00b768 |
parent 2198 | 168b8acace5f |
child 7650 | 2e39c59b83f8 |
permissions | -rw-r--r-- |
2198
168b8acace5f
PSARC 2014/346 Data Acquisition library (DAQ) 2.0.2
Rich Burridge <rich.burridge@oracle.com>
parents:
1345
diff
changeset
|
1 |
Solaris specific changes to the snort configuration file that will be |
168b8acace5f
PSARC 2014/346 Data Acquisition library (DAQ) 2.0.2
Rich Burridge <rich.burridge@oracle.com>
parents:
1345
diff
changeset
|
2 |
installed under /etc/snort/. |
168b8acace5f
PSARC 2014/346 Data Acquisition library (DAQ) 2.0.2
Rich Burridge <rich.burridge@oracle.com>
parents:
1345
diff
changeset
|
3 |
|
168b8acace5f
PSARC 2014/346 Data Acquisition library (DAQ) 2.0.2
Rich Burridge <rich.burridge@oracle.com>
parents:
1345
diff
changeset
|
4 |
These changes will not be submitted upstream. |
168b8acace5f
PSARC 2014/346 Data Acquisition library (DAQ) 2.0.2
Rich Burridge <rich.burridge@oracle.com>
parents:
1345
diff
changeset
|
5 |
|
168b8acace5f
PSARC 2014/346 Data Acquisition library (DAQ) 2.0.2
Rich Burridge <rich.burridge@oracle.com>
parents:
1345
diff
changeset
|
6 |
--- etc/snort.conf.orig 2014-09-25 07:56:45.270217768 -0700 |
168b8acace5f
PSARC 2014/346 Data Acquisition library (DAQ) 2.0.2
Rich Burridge <rich.burridge@oracle.com>
parents:
1345
diff
changeset
|
7 |
+++ etc/snort.conf 2014-10-06 06:02:57.202660631 -0700 |
168b8acace5f
PSARC 2014/346 Data Acquisition library (DAQ) 2.0.2
Rich Burridge <rich.burridge@oracle.com>
parents:
1345
diff
changeset
|
8 |
@@ -101,13 +101,13 @@ |
168b8acace5f
PSARC 2014/346 Data Acquisition library (DAQ) 2.0.2
Rich Burridge <rich.burridge@oracle.com>
parents:
1345
diff
changeset
|
9 |
# Path to your rules files (this can be a relative path) |
168b8acace5f
PSARC 2014/346 Data Acquisition library (DAQ) 2.0.2
Rich Burridge <rich.burridge@oracle.com>
parents:
1345
diff
changeset
|
10 |
# Note for Windows users: You are advised to make this an absolute path, |
168b8acace5f
PSARC 2014/346 Data Acquisition library (DAQ) 2.0.2
Rich Burridge <rich.burridge@oracle.com>
parents:
1345
diff
changeset
|
11 |
# such as: c:\snort\rules |
168b8acace5f
PSARC 2014/346 Data Acquisition library (DAQ) 2.0.2
Rich Burridge <rich.burridge@oracle.com>
parents:
1345
diff
changeset
|
12 |
-var RULE_PATH ../rules |
168b8acace5f
PSARC 2014/346 Data Acquisition library (DAQ) 2.0.2
Rich Burridge <rich.burridge@oracle.com>
parents:
1345
diff
changeset
|
13 |
-var SO_RULE_PATH ../so_rules |
168b8acace5f
PSARC 2014/346 Data Acquisition library (DAQ) 2.0.2
Rich Burridge <rich.burridge@oracle.com>
parents:
1345
diff
changeset
|
14 |
-var PREPROC_RULE_PATH ../preproc_rules |
168b8acace5f
PSARC 2014/346 Data Acquisition library (DAQ) 2.0.2
Rich Burridge <rich.burridge@oracle.com>
parents:
1345
diff
changeset
|
15 |
+var RULE_PATH rules |
168b8acace5f
PSARC 2014/346 Data Acquisition library (DAQ) 2.0.2
Rich Burridge <rich.burridge@oracle.com>
parents:
1345
diff
changeset
|
16 |
+var SO_RULE_PATH so_rules |
168b8acace5f
PSARC 2014/346 Data Acquisition library (DAQ) 2.0.2
Rich Burridge <rich.burridge@oracle.com>
parents:
1345
diff
changeset
|
17 |
+var PREPROC_RULE_PATH preproc_rules |
168b8acace5f
PSARC 2014/346 Data Acquisition library (DAQ) 2.0.2
Rich Burridge <rich.burridge@oracle.com>
parents:
1345
diff
changeset
|
18 |
|
168b8acace5f
PSARC 2014/346 Data Acquisition library (DAQ) 2.0.2
Rich Burridge <rich.burridge@oracle.com>
parents:
1345
diff
changeset
|
19 |
# If you are using reputation preprocessor set these |
168b8acace5f
PSARC 2014/346 Data Acquisition library (DAQ) 2.0.2
Rich Burridge <rich.burridge@oracle.com>
parents:
1345
diff
changeset
|
20 |
-var WHITE_LIST_PATH ../rules |
168b8acace5f
PSARC 2014/346 Data Acquisition library (DAQ) 2.0.2
Rich Burridge <rich.burridge@oracle.com>
parents:
1345
diff
changeset
|
21 |
-var BLACK_LIST_PATH ../rules |
168b8acace5f
PSARC 2014/346 Data Acquisition library (DAQ) 2.0.2
Rich Burridge <rich.burridge@oracle.com>
parents:
1345
diff
changeset
|
22 |
+var WHITE_LIST_PATH rules |
168b8acace5f
PSARC 2014/346 Data Acquisition library (DAQ) 2.0.2
Rich Burridge <rich.burridge@oracle.com>
parents:
1345
diff
changeset
|
23 |
+var BLACK_LIST_PATH rules |
168b8acace5f
PSARC 2014/346 Data Acquisition library (DAQ) 2.0.2
Rich Burridge <rich.burridge@oracle.com>
parents:
1345
diff
changeset
|
24 |
|
168b8acace5f
PSARC 2014/346 Data Acquisition library (DAQ) 2.0.2
Rich Burridge <rich.burridge@oracle.com>
parents:
1345
diff
changeset
|
25 |
################################################### |
168b8acace5f
PSARC 2014/346 Data Acquisition library (DAQ) 2.0.2
Rich Burridge <rich.burridge@oracle.com>
parents:
1345
diff
changeset
|
26 |
# Step #2: Configure the decoder. For more information, see README.decode |
168b8acace5f
PSARC 2014/346 Data Acquisition library (DAQ) 2.0.2
Rich Burridge <rich.burridge@oracle.com>
parents:
1345
diff
changeset
|
27 |
@@ -153,7 +153,7 @@ |
1345
ee87318d9935
PSARC 2013/113 snort 2.9.2
Rich Burridge <rich.burridge@oracle.com>
parents:
213
diff
changeset
|
28 |
# Configure DAQ related options for inline operation. For more information, see README.daq |
213
7d4229dba5ed
7041863 move snort to userland
Mike Sullivan <Mike.Sullivan@Oracle.COM>
parents:
diff
changeset
|
29 |
# |
1345
ee87318d9935
PSARC 2013/113 snort 2.9.2
Rich Burridge <rich.burridge@oracle.com>
parents:
213
diff
changeset
|
30 |
# config daq: <type> |
ee87318d9935
PSARC 2013/113 snort 2.9.2
Rich Burridge <rich.burridge@oracle.com>
parents:
213
diff
changeset
|
31 |
-# config daq_dir: <dir> |
ee87318d9935
PSARC 2013/113 snort 2.9.2
Rich Burridge <rich.burridge@oracle.com>
parents:
213
diff
changeset
|
32 |
+config daq_dir: /usr/lib/64/daq/ |
ee87318d9935
PSARC 2013/113 snort 2.9.2
Rich Burridge <rich.burridge@oracle.com>
parents:
213
diff
changeset
|
33 |
# config daq_mode: <mode> |
ee87318d9935
PSARC 2013/113 snort 2.9.2
Rich Burridge <rich.burridge@oracle.com>
parents:
213
diff
changeset
|
34 |
# config daq_var: <var> |
213
7d4229dba5ed
7041863 move snort to userland
Mike Sullivan <Mike.Sullivan@Oracle.COM>
parents:
diff
changeset
|
35 |
# |
2198
168b8acace5f
PSARC 2014/346 Data Acquisition library (DAQ) 2.0.2
Rich Burridge <rich.burridge@oracle.com>
parents:
1345
diff
changeset
|
36 |
@@ -240,13 +240,13 @@ |
1345
ee87318d9935
PSARC 2013/113 snort 2.9.2
Rich Burridge <rich.burridge@oracle.com>
parents:
213
diff
changeset
|
37 |
################################################### |
ee87318d9935
PSARC 2013/113 snort 2.9.2
Rich Burridge <rich.burridge@oracle.com>
parents:
213
diff
changeset
|
38 |
|
ee87318d9935
PSARC 2013/113 snort 2.9.2
Rich Burridge <rich.burridge@oracle.com>
parents:
213
diff
changeset
|
39 |
# path to dynamic preprocessor libraries |
ee87318d9935
PSARC 2013/113 snort 2.9.2
Rich Burridge <rich.burridge@oracle.com>
parents:
213
diff
changeset
|
40 |
-dynamicpreprocessor directory /usr/local/lib/snort_dynamicpreprocessor/ |
ee87318d9935
PSARC 2013/113 snort 2.9.2
Rich Burridge <rich.burridge@oracle.com>
parents:
213
diff
changeset
|
41 |
+dynamicpreprocessor directory /usr/lib/64/snort_dynamicpreprocessor/ |
ee87318d9935
PSARC 2013/113 snort 2.9.2
Rich Burridge <rich.burridge@oracle.com>
parents:
213
diff
changeset
|
42 |
|
ee87318d9935
PSARC 2013/113 snort 2.9.2
Rich Burridge <rich.burridge@oracle.com>
parents:
213
diff
changeset
|
43 |
# path to base preprocessor engine |
213
7d4229dba5ed
7041863 move snort to userland
Mike Sullivan <Mike.Sullivan@Oracle.COM>
parents:
diff
changeset
|
44 |
-dynamicengine /usr/local/lib/snort_dynamicengine/libsf_engine.so |
1345
ee87318d9935
PSARC 2013/113 snort 2.9.2
Rich Burridge <rich.burridge@oracle.com>
parents:
213
diff
changeset
|
45 |
+dynamicengine /usr/lib/64/snort_dynamicengine/libsf_engine.so |
ee87318d9935
PSARC 2013/113 snort 2.9.2
Rich Burridge <rich.burridge@oracle.com>
parents:
213
diff
changeset
|
46 |
|
ee87318d9935
PSARC 2013/113 snort 2.9.2
Rich Burridge <rich.burridge@oracle.com>
parents:
213
diff
changeset
|
47 |
# path to dynamic rules libraries |
ee87318d9935
PSARC 2013/113 snort 2.9.2
Rich Burridge <rich.burridge@oracle.com>
parents:
213
diff
changeset
|
48 |
-dynamicdetection directory /usr/local/lib/snort_dynamicrules |
ee87318d9935
PSARC 2013/113 snort 2.9.2
Rich Burridge <rich.burridge@oracle.com>
parents:
213
diff
changeset
|
49 |
+dynamicdetection directory /usr/lib/64/snort_dynamicrules |
213
7d4229dba5ed
7041863 move snort to userland
Mike Sullivan <Mike.Sullivan@Oracle.COM>
parents:
diff
changeset
|
50 |
|
7d4229dba5ed
7041863 move snort to userland
Mike Sullivan <Mike.Sullivan@Oracle.COM>
parents:
diff
changeset
|
51 |
################################################### |
1345
ee87318d9935
PSARC 2013/113 snort 2.9.2
Rich Burridge <rich.burridge@oracle.com>
parents:
213
diff
changeset
|
52 |
# Step #5: Configure preprocessors |
2198
168b8acace5f
PSARC 2014/346 Data Acquisition library (DAQ) 2.0.2
Rich Burridge <rich.burridge@oracle.com>
parents:
1345
diff
changeset
|
53 |
@@ -499,12 +499,12 @@ |
168b8acace5f
PSARC 2014/346 Data Acquisition library (DAQ) 2.0.2
Rich Burridge <rich.burridge@oracle.com>
parents:
1345
diff
changeset
|
54 |
check_crc |
213
7d4229dba5ed
7041863 move snort to userland
Mike Sullivan <Mike.Sullivan@Oracle.COM>
parents:
diff
changeset
|
55 |
|
2198
168b8acace5f
PSARC 2014/346 Data Acquisition library (DAQ) 2.0.2
Rich Burridge <rich.burridge@oracle.com>
parents:
1345
diff
changeset
|
56 |
# Reputation preprocessor. For more information see README.reputation |
168b8acace5f
PSARC 2014/346 Data Acquisition library (DAQ) 2.0.2
Rich Burridge <rich.burridge@oracle.com>
parents:
1345
diff
changeset
|
57 |
-preprocessor reputation: \ |
168b8acace5f
PSARC 2014/346 Data Acquisition library (DAQ) 2.0.2
Rich Burridge <rich.burridge@oracle.com>
parents:
1345
diff
changeset
|
58 |
- memcap 500, \ |
168b8acace5f
PSARC 2014/346 Data Acquisition library (DAQ) 2.0.2
Rich Burridge <rich.burridge@oracle.com>
parents:
1345
diff
changeset
|
59 |
- priority whitelist, \ |
168b8acace5f
PSARC 2014/346 Data Acquisition library (DAQ) 2.0.2
Rich Burridge <rich.burridge@oracle.com>
parents:
1345
diff
changeset
|
60 |
- nested_ip inner, \ |
168b8acace5f
PSARC 2014/346 Data Acquisition library (DAQ) 2.0.2
Rich Burridge <rich.burridge@oracle.com>
parents:
1345
diff
changeset
|
61 |
- whitelist $WHITE_LIST_PATH/white_list.rules, \ |
168b8acace5f
PSARC 2014/346 Data Acquisition library (DAQ) 2.0.2
Rich Burridge <rich.burridge@oracle.com>
parents:
1345
diff
changeset
|
62 |
- blacklist $BLACK_LIST_PATH/black_list.rules |
168b8acace5f
PSARC 2014/346 Data Acquisition library (DAQ) 2.0.2
Rich Burridge <rich.burridge@oracle.com>
parents:
1345
diff
changeset
|
63 |
+#preprocessor reputation: \ |
168b8acace5f
PSARC 2014/346 Data Acquisition library (DAQ) 2.0.2
Rich Burridge <rich.burridge@oracle.com>
parents:
1345
diff
changeset
|
64 |
+# memcap 500, \ |
168b8acace5f
PSARC 2014/346 Data Acquisition library (DAQ) 2.0.2
Rich Burridge <rich.burridge@oracle.com>
parents:
1345
diff
changeset
|
65 |
+# priority whitelist, \ |
168b8acace5f
PSARC 2014/346 Data Acquisition library (DAQ) 2.0.2
Rich Burridge <rich.burridge@oracle.com>
parents:
1345
diff
changeset
|
66 |
+# nested_ip inner, \ |
168b8acace5f
PSARC 2014/346 Data Acquisition library (DAQ) 2.0.2
Rich Burridge <rich.burridge@oracle.com>
parents:
1345
diff
changeset
|
67 |
+# whitelist $WHITE_LIST_PATH/white_list.rules, \ |
168b8acace5f
PSARC 2014/346 Data Acquisition library (DAQ) 2.0.2
Rich Burridge <rich.burridge@oracle.com>
parents:
1345
diff
changeset
|
68 |
+# blacklist $BLACK_LIST_PATH/black_list.rules |
213
7d4229dba5ed
7041863 move snort to userland
Mike Sullivan <Mike.Sullivan@Oracle.COM>
parents:
diff
changeset
|
69 |
|
1345
ee87318d9935
PSARC 2013/113 snort 2.9.2
Rich Burridge <rich.burridge@oracle.com>
parents:
213
diff
changeset
|
70 |
################################################### |
2198
168b8acace5f
PSARC 2014/346 Data Acquisition library (DAQ) 2.0.2
Rich Burridge <rich.burridge@oracle.com>
parents:
1345
diff
changeset
|
71 |
# Step #6: Configure output plugins |
168b8acace5f
PSARC 2014/346 Data Acquisition library (DAQ) 2.0.2
Rich Burridge <rich.burridge@oracle.com>
parents:
1345
diff
changeset
|
72 |
@@ -538,123 +538,123 @@ |
1345
ee87318d9935
PSARC 2013/113 snort 2.9.2
Rich Burridge <rich.burridge@oracle.com>
parents:
213
diff
changeset
|
73 |
################################################### |
213
7d4229dba5ed
7041863 move snort to userland
Mike Sullivan <Mike.Sullivan@Oracle.COM>
parents:
diff
changeset
|
74 |
|
1345
ee87318d9935
PSARC 2013/113 snort 2.9.2
Rich Burridge <rich.burridge@oracle.com>
parents:
213
diff
changeset
|
75 |
# site specific rules |
ee87318d9935
PSARC 2013/113 snort 2.9.2
Rich Burridge <rich.burridge@oracle.com>
parents:
213
diff
changeset
|
76 |
-include $RULE_PATH/local.rules |
ee87318d9935
PSARC 2013/113 snort 2.9.2
Rich Burridge <rich.burridge@oracle.com>
parents:
213
diff
changeset
|
77 |
+# include $RULE_PATH/local.rules |
213
7d4229dba5ed
7041863 move snort to userland
Mike Sullivan <Mike.Sullivan@Oracle.COM>
parents:
diff
changeset
|
78 |
|
2198
168b8acace5f
PSARC 2014/346 Data Acquisition library (DAQ) 2.0.2
Rich Burridge <rich.burridge@oracle.com>
parents:
1345
diff
changeset
|
79 |
-include $RULE_PATH/app-detect.rules |
1345
ee87318d9935
PSARC 2013/113 snort 2.9.2
Rich Burridge <rich.burridge@oracle.com>
parents:
213
diff
changeset
|
80 |
-include $RULE_PATH/attack-responses.rules |
ee87318d9935
PSARC 2013/113 snort 2.9.2
Rich Burridge <rich.burridge@oracle.com>
parents:
213
diff
changeset
|
81 |
-include $RULE_PATH/backdoor.rules |
213
7d4229dba5ed
7041863 move snort to userland
Mike Sullivan <Mike.Sullivan@Oracle.COM>
parents:
diff
changeset
|
82 |
-include $RULE_PATH/bad-traffic.rules |
1345
ee87318d9935
PSARC 2013/113 snort 2.9.2
Rich Burridge <rich.burridge@oracle.com>
parents:
213
diff
changeset
|
83 |
-include $RULE_PATH/blacklist.rules |
ee87318d9935
PSARC 2013/113 snort 2.9.2
Rich Burridge <rich.burridge@oracle.com>
parents:
213
diff
changeset
|
84 |
-include $RULE_PATH/botnet-cnc.rules |
2198
168b8acace5f
PSARC 2014/346 Data Acquisition library (DAQ) 2.0.2
Rich Burridge <rich.burridge@oracle.com>
parents:
1345
diff
changeset
|
85 |
-include $RULE_PATH/browser-chrome.rules |
168b8acace5f
PSARC 2014/346 Data Acquisition library (DAQ) 2.0.2
Rich Burridge <rich.burridge@oracle.com>
parents:
1345
diff
changeset
|
86 |
-include $RULE_PATH/browser-firefox.rules |
168b8acace5f
PSARC 2014/346 Data Acquisition library (DAQ) 2.0.2
Rich Burridge <rich.burridge@oracle.com>
parents:
1345
diff
changeset
|
87 |
-include $RULE_PATH/browser-ie.rules |
168b8acace5f
PSARC 2014/346 Data Acquisition library (DAQ) 2.0.2
Rich Burridge <rich.burridge@oracle.com>
parents:
1345
diff
changeset
|
88 |
-include $RULE_PATH/browser-other.rules |
168b8acace5f
PSARC 2014/346 Data Acquisition library (DAQ) 2.0.2
Rich Burridge <rich.burridge@oracle.com>
parents:
1345
diff
changeset
|
89 |
-include $RULE_PATH/browser-plugins.rules |
168b8acace5f
PSARC 2014/346 Data Acquisition library (DAQ) 2.0.2
Rich Burridge <rich.burridge@oracle.com>
parents:
1345
diff
changeset
|
90 |
-include $RULE_PATH/browser-webkit.rules |
1345
ee87318d9935
PSARC 2013/113 snort 2.9.2
Rich Burridge <rich.burridge@oracle.com>
parents:
213
diff
changeset
|
91 |
-include $RULE_PATH/chat.rules |
ee87318d9935
PSARC 2013/113 snort 2.9.2
Rich Burridge <rich.burridge@oracle.com>
parents:
213
diff
changeset
|
92 |
-include $RULE_PATH/content-replace.rules |
ee87318d9935
PSARC 2013/113 snort 2.9.2
Rich Burridge <rich.burridge@oracle.com>
parents:
213
diff
changeset
|
93 |
-include $RULE_PATH/ddos.rules |
ee87318d9935
PSARC 2013/113 snort 2.9.2
Rich Burridge <rich.burridge@oracle.com>
parents:
213
diff
changeset
|
94 |
-include $RULE_PATH/dns.rules |
ee87318d9935
PSARC 2013/113 snort 2.9.2
Rich Burridge <rich.burridge@oracle.com>
parents:
213
diff
changeset
|
95 |
-include $RULE_PATH/dos.rules |
2198
168b8acace5f
PSARC 2014/346 Data Acquisition library (DAQ) 2.0.2
Rich Burridge <rich.burridge@oracle.com>
parents:
1345
diff
changeset
|
96 |
-include $RULE_PATH/experimental.rules |
168b8acace5f
PSARC 2014/346 Data Acquisition library (DAQ) 2.0.2
Rich Burridge <rich.burridge@oracle.com>
parents:
1345
diff
changeset
|
97 |
-include $RULE_PATH/exploit-kit.rules |
213
7d4229dba5ed
7041863 move snort to userland
Mike Sullivan <Mike.Sullivan@Oracle.COM>
parents:
diff
changeset
|
98 |
-include $RULE_PATH/exploit.rules |
2198
168b8acace5f
PSARC 2014/346 Data Acquisition library (DAQ) 2.0.2
Rich Burridge <rich.burridge@oracle.com>
parents:
1345
diff
changeset
|
99 |
-include $RULE_PATH/file-executable.rules |
168b8acace5f
PSARC 2014/346 Data Acquisition library (DAQ) 2.0.2
Rich Burridge <rich.burridge@oracle.com>
parents:
1345
diff
changeset
|
100 |
-include $RULE_PATH/file-flash.rules |
168b8acace5f
PSARC 2014/346 Data Acquisition library (DAQ) 2.0.2
Rich Burridge <rich.burridge@oracle.com>
parents:
1345
diff
changeset
|
101 |
-include $RULE_PATH/file-identify.rules |
168b8acace5f
PSARC 2014/346 Data Acquisition library (DAQ) 2.0.2
Rich Burridge <rich.burridge@oracle.com>
parents:
1345
diff
changeset
|
102 |
-include $RULE_PATH/file-image.rules |
168b8acace5f
PSARC 2014/346 Data Acquisition library (DAQ) 2.0.2
Rich Burridge <rich.burridge@oracle.com>
parents:
1345
diff
changeset
|
103 |
-include $RULE_PATH/file-java.rules |
168b8acace5f
PSARC 2014/346 Data Acquisition library (DAQ) 2.0.2
Rich Burridge <rich.burridge@oracle.com>
parents:
1345
diff
changeset
|
104 |
-include $RULE_PATH/file-multimedia.rules |
168b8acace5f
PSARC 2014/346 Data Acquisition library (DAQ) 2.0.2
Rich Burridge <rich.burridge@oracle.com>
parents:
1345
diff
changeset
|
105 |
-include $RULE_PATH/file-office.rules |
168b8acace5f
PSARC 2014/346 Data Acquisition library (DAQ) 2.0.2
Rich Burridge <rich.burridge@oracle.com>
parents:
1345
diff
changeset
|
106 |
-include $RULE_PATH/file-other.rules |
168b8acace5f
PSARC 2014/346 Data Acquisition library (DAQ) 2.0.2
Rich Burridge <rich.burridge@oracle.com>
parents:
1345
diff
changeset
|
107 |
-include $RULE_PATH/file-pdf.rules |
213
7d4229dba5ed
7041863 move snort to userland
Mike Sullivan <Mike.Sullivan@Oracle.COM>
parents:
diff
changeset
|
108 |
-include $RULE_PATH/finger.rules |
7d4229dba5ed
7041863 move snort to userland
Mike Sullivan <Mike.Sullivan@Oracle.COM>
parents:
diff
changeset
|
109 |
-include $RULE_PATH/ftp.rules |
2198
168b8acace5f
PSARC 2014/346 Data Acquisition library (DAQ) 2.0.2
Rich Burridge <rich.burridge@oracle.com>
parents:
1345
diff
changeset
|
110 |
-include $RULE_PATH/icmp-info.rules |
1345
ee87318d9935
PSARC 2013/113 snort 2.9.2
Rich Burridge <rich.burridge@oracle.com>
parents:
213
diff
changeset
|
111 |
-include $RULE_PATH/icmp.rules |
ee87318d9935
PSARC 2013/113 snort 2.9.2
Rich Burridge <rich.burridge@oracle.com>
parents:
213
diff
changeset
|
112 |
-include $RULE_PATH/imap.rules |
2198
168b8acace5f
PSARC 2014/346 Data Acquisition library (DAQ) 2.0.2
Rich Burridge <rich.burridge@oracle.com>
parents:
1345
diff
changeset
|
113 |
-include $RULE_PATH/indicator-compromise.rules |
168b8acace5f
PSARC 2014/346 Data Acquisition library (DAQ) 2.0.2
Rich Burridge <rich.burridge@oracle.com>
parents:
1345
diff
changeset
|
114 |
-include $RULE_PATH/indicator-obfuscation.rules |
168b8acace5f
PSARC 2014/346 Data Acquisition library (DAQ) 2.0.2
Rich Burridge <rich.burridge@oracle.com>
parents:
1345
diff
changeset
|
115 |
-include $RULE_PATH/indicator-scan.rules |
168b8acace5f
PSARC 2014/346 Data Acquisition library (DAQ) 2.0.2
Rich Burridge <rich.burridge@oracle.com>
parents:
1345
diff
changeset
|
116 |
-include $RULE_PATH/indicator-shellcode.rules |
1345
ee87318d9935
PSARC 2013/113 snort 2.9.2
Rich Burridge <rich.burridge@oracle.com>
parents:
213
diff
changeset
|
117 |
-include $RULE_PATH/info.rules |
2198
168b8acace5f
PSARC 2014/346 Data Acquisition library (DAQ) 2.0.2
Rich Burridge <rich.burridge@oracle.com>
parents:
1345
diff
changeset
|
118 |
-include $RULE_PATH/malware-backdoor.rules |
168b8acace5f
PSARC 2014/346 Data Acquisition library (DAQ) 2.0.2
Rich Burridge <rich.burridge@oracle.com>
parents:
1345
diff
changeset
|
119 |
-include $RULE_PATH/malware-cnc.rules |
168b8acace5f
PSARC 2014/346 Data Acquisition library (DAQ) 2.0.2
Rich Burridge <rich.burridge@oracle.com>
parents:
1345
diff
changeset
|
120 |
-include $RULE_PATH/malware-other.rules |
168b8acace5f
PSARC 2014/346 Data Acquisition library (DAQ) 2.0.2
Rich Burridge <rich.burridge@oracle.com>
parents:
1345
diff
changeset
|
121 |
-include $RULE_PATH/malware-tools.rules |
1345
ee87318d9935
PSARC 2013/113 snort 2.9.2
Rich Burridge <rich.burridge@oracle.com>
parents:
213
diff
changeset
|
122 |
-include $RULE_PATH/misc.rules |
ee87318d9935
PSARC 2013/113 snort 2.9.2
Rich Burridge <rich.burridge@oracle.com>
parents:
213
diff
changeset
|
123 |
-include $RULE_PATH/multimedia.rules |
ee87318d9935
PSARC 2013/113 snort 2.9.2
Rich Burridge <rich.burridge@oracle.com>
parents:
213
diff
changeset
|
124 |
-include $RULE_PATH/mysql.rules |
ee87318d9935
PSARC 2013/113 snort 2.9.2
Rich Burridge <rich.burridge@oracle.com>
parents:
213
diff
changeset
|
125 |
-include $RULE_PATH/netbios.rules |
ee87318d9935
PSARC 2013/113 snort 2.9.2
Rich Burridge <rich.burridge@oracle.com>
parents:
213
diff
changeset
|
126 |
-include $RULE_PATH/nntp.rules |
ee87318d9935
PSARC 2013/113 snort 2.9.2
Rich Burridge <rich.burridge@oracle.com>
parents:
213
diff
changeset
|
127 |
-include $RULE_PATH/oracle.rules |
2198
168b8acace5f
PSARC 2014/346 Data Acquisition library (DAQ) 2.0.2
Rich Burridge <rich.burridge@oracle.com>
parents:
1345
diff
changeset
|
128 |
-include $RULE_PATH/os-linux.rules |
168b8acace5f
PSARC 2014/346 Data Acquisition library (DAQ) 2.0.2
Rich Burridge <rich.burridge@oracle.com>
parents:
1345
diff
changeset
|
129 |
-include $RULE_PATH/os-mobile.rules |
168b8acace5f
PSARC 2014/346 Data Acquisition library (DAQ) 2.0.2
Rich Burridge <rich.burridge@oracle.com>
parents:
1345
diff
changeset
|
130 |
-include $RULE_PATH/os-other.rules |
168b8acace5f
PSARC 2014/346 Data Acquisition library (DAQ) 2.0.2
Rich Burridge <rich.burridge@oracle.com>
parents:
1345
diff
changeset
|
131 |
-include $RULE_PATH/os-solaris.rules |
168b8acace5f
PSARC 2014/346 Data Acquisition library (DAQ) 2.0.2
Rich Burridge <rich.burridge@oracle.com>
parents:
1345
diff
changeset
|
132 |
-include $RULE_PATH/os-windows.rules |
1345
ee87318d9935
PSARC 2013/113 snort 2.9.2
Rich Burridge <rich.burridge@oracle.com>
parents:
213
diff
changeset
|
133 |
-include $RULE_PATH/other-ids.rules |
ee87318d9935
PSARC 2013/113 snort 2.9.2
Rich Burridge <rich.burridge@oracle.com>
parents:
213
diff
changeset
|
134 |
-include $RULE_PATH/p2p.rules |
ee87318d9935
PSARC 2013/113 snort 2.9.2
Rich Burridge <rich.burridge@oracle.com>
parents:
213
diff
changeset
|
135 |
-include $RULE_PATH/phishing-spam.rules |
2198
168b8acace5f
PSARC 2014/346 Data Acquisition library (DAQ) 2.0.2
Rich Burridge <rich.burridge@oracle.com>
parents:
1345
diff
changeset
|
136 |
-include $RULE_PATH/policy-multimedia.rules |
168b8acace5f
PSARC 2014/346 Data Acquisition library (DAQ) 2.0.2
Rich Burridge <rich.burridge@oracle.com>
parents:
1345
diff
changeset
|
137 |
-include $RULE_PATH/policy-other.rules |
1345
ee87318d9935
PSARC 2013/113 snort 2.9.2
Rich Burridge <rich.burridge@oracle.com>
parents:
213
diff
changeset
|
138 |
-include $RULE_PATH/policy.rules |
2198
168b8acace5f
PSARC 2014/346 Data Acquisition library (DAQ) 2.0.2
Rich Burridge <rich.burridge@oracle.com>
parents:
1345
diff
changeset
|
139 |
-include $RULE_PATH/policy-social.rules |
168b8acace5f
PSARC 2014/346 Data Acquisition library (DAQ) 2.0.2
Rich Burridge <rich.burridge@oracle.com>
parents:
1345
diff
changeset
|
140 |
-include $RULE_PATH/policy-spam.rules |
1345
ee87318d9935
PSARC 2013/113 snort 2.9.2
Rich Burridge <rich.burridge@oracle.com>
parents:
213
diff
changeset
|
141 |
-include $RULE_PATH/pop2.rules |
ee87318d9935
PSARC 2013/113 snort 2.9.2
Rich Burridge <rich.burridge@oracle.com>
parents:
213
diff
changeset
|
142 |
-include $RULE_PATH/pop3.rules |
2198
168b8acace5f
PSARC 2014/346 Data Acquisition library (DAQ) 2.0.2
Rich Burridge <rich.burridge@oracle.com>
parents:
1345
diff
changeset
|
143 |
-include $RULE_PATH/protocol-dns.rules |
168b8acace5f
PSARC 2014/346 Data Acquisition library (DAQ) 2.0.2
Rich Burridge <rich.burridge@oracle.com>
parents:
1345
diff
changeset
|
144 |
-include $RULE_PATH/protocol-finger.rules |
168b8acace5f
PSARC 2014/346 Data Acquisition library (DAQ) 2.0.2
Rich Burridge <rich.burridge@oracle.com>
parents:
1345
diff
changeset
|
145 |
-include $RULE_PATH/protocol-ftp.rules |
168b8acace5f
PSARC 2014/346 Data Acquisition library (DAQ) 2.0.2
Rich Burridge <rich.burridge@oracle.com>
parents:
1345
diff
changeset
|
146 |
-include $RULE_PATH/protocol-icmp.rules |
168b8acace5f
PSARC 2014/346 Data Acquisition library (DAQ) 2.0.2
Rich Burridge <rich.burridge@oracle.com>
parents:
1345
diff
changeset
|
147 |
-include $RULE_PATH/protocol-imap.rules |
168b8acace5f
PSARC 2014/346 Data Acquisition library (DAQ) 2.0.2
Rich Burridge <rich.burridge@oracle.com>
parents:
1345
diff
changeset
|
148 |
-include $RULE_PATH/protocol-nntp.rules |
168b8acace5f
PSARC 2014/346 Data Acquisition library (DAQ) 2.0.2
Rich Burridge <rich.burridge@oracle.com>
parents:
1345
diff
changeset
|
149 |
-include $RULE_PATH/protocol-pop.rules |
168b8acace5f
PSARC 2014/346 Data Acquisition library (DAQ) 2.0.2
Rich Burridge <rich.burridge@oracle.com>
parents:
1345
diff
changeset
|
150 |
-include $RULE_PATH/protocol-rpc.rules |
168b8acace5f
PSARC 2014/346 Data Acquisition library (DAQ) 2.0.2
Rich Burridge <rich.burridge@oracle.com>
parents:
1345
diff
changeset
|
151 |
-include $RULE_PATH/protocol-scada.rules |
168b8acace5f
PSARC 2014/346 Data Acquisition library (DAQ) 2.0.2
Rich Burridge <rich.burridge@oracle.com>
parents:
1345
diff
changeset
|
152 |
-include $RULE_PATH/protocol-services.rules |
168b8acace5f
PSARC 2014/346 Data Acquisition library (DAQ) 2.0.2
Rich Burridge <rich.burridge@oracle.com>
parents:
1345
diff
changeset
|
153 |
-include $RULE_PATH/protocol-snmp.rules |
168b8acace5f
PSARC 2014/346 Data Acquisition library (DAQ) 2.0.2
Rich Burridge <rich.burridge@oracle.com>
parents:
1345
diff
changeset
|
154 |
-include $RULE_PATH/protocol-telnet.rules |
168b8acace5f
PSARC 2014/346 Data Acquisition library (DAQ) 2.0.2
Rich Burridge <rich.burridge@oracle.com>
parents:
1345
diff
changeset
|
155 |
-include $RULE_PATH/protocol-tftp.rules |
168b8acace5f
PSARC 2014/346 Data Acquisition library (DAQ) 2.0.2
Rich Burridge <rich.burridge@oracle.com>
parents:
1345
diff
changeset
|
156 |
-include $RULE_PATH/protocol-voip.rules |
168b8acace5f
PSARC 2014/346 Data Acquisition library (DAQ) 2.0.2
Rich Burridge <rich.burridge@oracle.com>
parents:
1345
diff
changeset
|
157 |
-include $RULE_PATH/pua-adware.rules |
168b8acace5f
PSARC 2014/346 Data Acquisition library (DAQ) 2.0.2
Rich Burridge <rich.burridge@oracle.com>
parents:
1345
diff
changeset
|
158 |
-include $RULE_PATH/pua-other.rules |
168b8acace5f
PSARC 2014/346 Data Acquisition library (DAQ) 2.0.2
Rich Burridge <rich.burridge@oracle.com>
parents:
1345
diff
changeset
|
159 |
-include $RULE_PATH/pua-p2p.rules |
168b8acace5f
PSARC 2014/346 Data Acquisition library (DAQ) 2.0.2
Rich Burridge <rich.burridge@oracle.com>
parents:
1345
diff
changeset
|
160 |
-include $RULE_PATH/pua-toolbars.rules |
213
7d4229dba5ed
7041863 move snort to userland
Mike Sullivan <Mike.Sullivan@Oracle.COM>
parents:
diff
changeset
|
161 |
-include $RULE_PATH/rpc.rules |
7d4229dba5ed
7041863 move snort to userland
Mike Sullivan <Mike.Sullivan@Oracle.COM>
parents:
diff
changeset
|
162 |
-include $RULE_PATH/rservices.rules |
1345
ee87318d9935
PSARC 2013/113 snort 2.9.2
Rich Burridge <rich.burridge@oracle.com>
parents:
213
diff
changeset
|
163 |
-include $RULE_PATH/scada.rules |
ee87318d9935
PSARC 2013/113 snort 2.9.2
Rich Burridge <rich.burridge@oracle.com>
parents:
213
diff
changeset
|
164 |
-include $RULE_PATH/scan.rules |
2198
168b8acace5f
PSARC 2014/346 Data Acquisition library (DAQ) 2.0.2
Rich Burridge <rich.burridge@oracle.com>
parents:
1345
diff
changeset
|
165 |
-include $RULE_PATH/server-apache.rules |
168b8acace5f
PSARC 2014/346 Data Acquisition library (DAQ) 2.0.2
Rich Burridge <rich.burridge@oracle.com>
parents:
1345
diff
changeset
|
166 |
-include $RULE_PATH/server-iis.rules |
168b8acace5f
PSARC 2014/346 Data Acquisition library (DAQ) 2.0.2
Rich Burridge <rich.burridge@oracle.com>
parents:
1345
diff
changeset
|
167 |
-include $RULE_PATH/server-mail.rules |
168b8acace5f
PSARC 2014/346 Data Acquisition library (DAQ) 2.0.2
Rich Burridge <rich.burridge@oracle.com>
parents:
1345
diff
changeset
|
168 |
-include $RULE_PATH/server-mssql.rules |
168b8acace5f
PSARC 2014/346 Data Acquisition library (DAQ) 2.0.2
Rich Burridge <rich.burridge@oracle.com>
parents:
1345
diff
changeset
|
169 |
-include $RULE_PATH/server-mysql.rules |
168b8acace5f
PSARC 2014/346 Data Acquisition library (DAQ) 2.0.2
Rich Burridge <rich.burridge@oracle.com>
parents:
1345
diff
changeset
|
170 |
-include $RULE_PATH/server-oracle.rules |
168b8acace5f
PSARC 2014/346 Data Acquisition library (DAQ) 2.0.2
Rich Burridge <rich.burridge@oracle.com>
parents:
1345
diff
changeset
|
171 |
-include $RULE_PATH/server-other.rules |
168b8acace5f
PSARC 2014/346 Data Acquisition library (DAQ) 2.0.2
Rich Burridge <rich.burridge@oracle.com>
parents:
1345
diff
changeset
|
172 |
-include $RULE_PATH/server-samba.rules |
168b8acace5f
PSARC 2014/346 Data Acquisition library (DAQ) 2.0.2
Rich Burridge <rich.burridge@oracle.com>
parents:
1345
diff
changeset
|
173 |
-include $RULE_PATH/server-webapp.rules |
1345
ee87318d9935
PSARC 2013/113 snort 2.9.2
Rich Burridge <rich.burridge@oracle.com>
parents:
213
diff
changeset
|
174 |
-include $RULE_PATH/shellcode.rules |
ee87318d9935
PSARC 2013/113 snort 2.9.2
Rich Burridge <rich.burridge@oracle.com>
parents:
213
diff
changeset
|
175 |
-include $RULE_PATH/smtp.rules |
ee87318d9935
PSARC 2013/113 snort 2.9.2
Rich Burridge <rich.burridge@oracle.com>
parents:
213
diff
changeset
|
176 |
-include $RULE_PATH/snmp.rules |
ee87318d9935
PSARC 2013/113 snort 2.9.2
Rich Burridge <rich.burridge@oracle.com>
parents:
213
diff
changeset
|
177 |
-include $RULE_PATH/specific-threats.rules |
ee87318d9935
PSARC 2013/113 snort 2.9.2
Rich Burridge <rich.burridge@oracle.com>
parents:
213
diff
changeset
|
178 |
-include $RULE_PATH/spyware-put.rules |
ee87318d9935
PSARC 2013/113 snort 2.9.2
Rich Burridge <rich.burridge@oracle.com>
parents:
213
diff
changeset
|
179 |
-include $RULE_PATH/sql.rules |
ee87318d9935
PSARC 2013/113 snort 2.9.2
Rich Burridge <rich.burridge@oracle.com>
parents:
213
diff
changeset
|
180 |
-include $RULE_PATH/telnet.rules |
213
7d4229dba5ed
7041863 move snort to userland
Mike Sullivan <Mike.Sullivan@Oracle.COM>
parents:
diff
changeset
|
181 |
-include $RULE_PATH/tftp.rules |
1345
ee87318d9935
PSARC 2013/113 snort 2.9.2
Rich Burridge <rich.burridge@oracle.com>
parents:
213
diff
changeset
|
182 |
-include $RULE_PATH/virus.rules |
ee87318d9935
PSARC 2013/113 snort 2.9.2
Rich Burridge <rich.burridge@oracle.com>
parents:
213
diff
changeset
|
183 |
-include $RULE_PATH/voip.rules |
ee87318d9935
PSARC 2013/113 snort 2.9.2
Rich Burridge <rich.burridge@oracle.com>
parents:
213
diff
changeset
|
184 |
-include $RULE_PATH/web-activex.rules |
ee87318d9935
PSARC 2013/113 snort 2.9.2
Rich Burridge <rich.burridge@oracle.com>
parents:
213
diff
changeset
|
185 |
-include $RULE_PATH/web-attacks.rules |
ee87318d9935
PSARC 2013/113 snort 2.9.2
Rich Burridge <rich.burridge@oracle.com>
parents:
213
diff
changeset
|
186 |
-include $RULE_PATH/web-cgi.rules |
ee87318d9935
PSARC 2013/113 snort 2.9.2
Rich Burridge <rich.burridge@oracle.com>
parents:
213
diff
changeset
|
187 |
-include $RULE_PATH/web-client.rules |
ee87318d9935
PSARC 2013/113 snort 2.9.2
Rich Burridge <rich.burridge@oracle.com>
parents:
213
diff
changeset
|
188 |
-include $RULE_PATH/web-coldfusion.rules |
ee87318d9935
PSARC 2013/113 snort 2.9.2
Rich Burridge <rich.burridge@oracle.com>
parents:
213
diff
changeset
|
189 |
-include $RULE_PATH/web-frontpage.rules |
ee87318d9935
PSARC 2013/113 snort 2.9.2
Rich Burridge <rich.burridge@oracle.com>
parents:
213
diff
changeset
|
190 |
-include $RULE_PATH/web-iis.rules |
ee87318d9935
PSARC 2013/113 snort 2.9.2
Rich Burridge <rich.burridge@oracle.com>
parents:
213
diff
changeset
|
191 |
-include $RULE_PATH/web-misc.rules |
ee87318d9935
PSARC 2013/113 snort 2.9.2
Rich Burridge <rich.burridge@oracle.com>
parents:
213
diff
changeset
|
192 |
-include $RULE_PATH/web-php.rules |
ee87318d9935
PSARC 2013/113 snort 2.9.2
Rich Burridge <rich.burridge@oracle.com>
parents:
213
diff
changeset
|
193 |
-include $RULE_PATH/x11.rules |
2198
168b8acace5f
PSARC 2014/346 Data Acquisition library (DAQ) 2.0.2
Rich Burridge <rich.burridge@oracle.com>
parents:
1345
diff
changeset
|
194 |
+# include $RULE_PATH/app-detect.rules |
1345
ee87318d9935
PSARC 2013/113 snort 2.9.2
Rich Burridge <rich.burridge@oracle.com>
parents:
213
diff
changeset
|
195 |
+# include $RULE_PATH/attack-responses.rules |
ee87318d9935
PSARC 2013/113 snort 2.9.2
Rich Burridge <rich.burridge@oracle.com>
parents:
213
diff
changeset
|
196 |
+# include $RULE_PATH/backdoor.rules |
213
7d4229dba5ed
7041863 move snort to userland
Mike Sullivan <Mike.Sullivan@Oracle.COM>
parents:
diff
changeset
|
197 |
+# include $RULE_PATH/bad-traffic.rules |
1345
ee87318d9935
PSARC 2013/113 snort 2.9.2
Rich Burridge <rich.burridge@oracle.com>
parents:
213
diff
changeset
|
198 |
+# include $RULE_PATH/blacklist.rules |
ee87318d9935
PSARC 2013/113 snort 2.9.2
Rich Burridge <rich.burridge@oracle.com>
parents:
213
diff
changeset
|
199 |
+# include $RULE_PATH/botnet-cnc.rules |
2198
168b8acace5f
PSARC 2014/346 Data Acquisition library (DAQ) 2.0.2
Rich Burridge <rich.burridge@oracle.com>
parents:
1345
diff
changeset
|
200 |
+# include $RULE_PATH/browser-chrome.rules |
168b8acace5f
PSARC 2014/346 Data Acquisition library (DAQ) 2.0.2
Rich Burridge <rich.burridge@oracle.com>
parents:
1345
diff
changeset
|
201 |
+# include $RULE_PATH/browser-firefox.rules |
168b8acace5f
PSARC 2014/346 Data Acquisition library (DAQ) 2.0.2
Rich Burridge <rich.burridge@oracle.com>
parents:
1345
diff
changeset
|
202 |
+# include $RULE_PATH/browser-ie.rules |
168b8acace5f
PSARC 2014/346 Data Acquisition library (DAQ) 2.0.2
Rich Burridge <rich.burridge@oracle.com>
parents:
1345
diff
changeset
|
203 |
+# include $RULE_PATH/browser-other.rules |
168b8acace5f
PSARC 2014/346 Data Acquisition library (DAQ) 2.0.2
Rich Burridge <rich.burridge@oracle.com>
parents:
1345
diff
changeset
|
204 |
+# include $RULE_PATH/browser-plugins.rules |
168b8acace5f
PSARC 2014/346 Data Acquisition library (DAQ) 2.0.2
Rich Burridge <rich.burridge@oracle.com>
parents:
1345
diff
changeset
|
205 |
+# include $RULE_PATH/browser-webkit.rules |
1345
ee87318d9935
PSARC 2013/113 snort 2.9.2
Rich Burridge <rich.burridge@oracle.com>
parents:
213
diff
changeset
|
206 |
+# include $RULE_PATH/chat.rules |
ee87318d9935
PSARC 2013/113 snort 2.9.2
Rich Burridge <rich.burridge@oracle.com>
parents:
213
diff
changeset
|
207 |
+# include $RULE_PATH/content-replace.rules |
213
7d4229dba5ed
7041863 move snort to userland
Mike Sullivan <Mike.Sullivan@Oracle.COM>
parents:
diff
changeset
|
208 |
+# include $RULE_PATH/ddos.rules |
7d4229dba5ed
7041863 move snort to userland
Mike Sullivan <Mike.Sullivan@Oracle.COM>
parents:
diff
changeset
|
209 |
+# include $RULE_PATH/dns.rules |
1345
ee87318d9935
PSARC 2013/113 snort 2.9.2
Rich Burridge <rich.burridge@oracle.com>
parents:
213
diff
changeset
|
210 |
+# include $RULE_PATH/dos.rules |
2198
168b8acace5f
PSARC 2014/346 Data Acquisition library (DAQ) 2.0.2
Rich Burridge <rich.burridge@oracle.com>
parents:
1345
diff
changeset
|
211 |
+# include $RULE_PATH/experimental.rules |
168b8acace5f
PSARC 2014/346 Data Acquisition library (DAQ) 2.0.2
Rich Burridge <rich.burridge@oracle.com>
parents:
1345
diff
changeset
|
212 |
+# include $RULE_PATH/exploit-kit.rules |
1345
ee87318d9935
PSARC 2013/113 snort 2.9.2
Rich Burridge <rich.burridge@oracle.com>
parents:
213
diff
changeset
|
213 |
+# include $RULE_PATH/exploit.rules |
2198
168b8acace5f
PSARC 2014/346 Data Acquisition library (DAQ) 2.0.2
Rich Burridge <rich.burridge@oracle.com>
parents:
1345
diff
changeset
|
214 |
+# include $RULE_PATH/file-executable.rules |
168b8acace5f
PSARC 2014/346 Data Acquisition library (DAQ) 2.0.2
Rich Burridge <rich.burridge@oracle.com>
parents:
1345
diff
changeset
|
215 |
+# include $RULE_PATH/file-flash.rules |
168b8acace5f
PSARC 2014/346 Data Acquisition library (DAQ) 2.0.2
Rich Burridge <rich.burridge@oracle.com>
parents:
1345
diff
changeset
|
216 |
+# include $RULE_PATH/file-identify.rules |
168b8acace5f
PSARC 2014/346 Data Acquisition library (DAQ) 2.0.2
Rich Burridge <rich.burridge@oracle.com>
parents:
1345
diff
changeset
|
217 |
+# include $RULE_PATH/file-image.rules |
168b8acace5f
PSARC 2014/346 Data Acquisition library (DAQ) 2.0.2
Rich Burridge <rich.burridge@oracle.com>
parents:
1345
diff
changeset
|
218 |
+# include $RULE_PATH/file-java.rules |
168b8acace5f
PSARC 2014/346 Data Acquisition library (DAQ) 2.0.2
Rich Burridge <rich.burridge@oracle.com>
parents:
1345
diff
changeset
|
219 |
+# include $RULE_PATH/file-multimedia.rules |
168b8acace5f
PSARC 2014/346 Data Acquisition library (DAQ) 2.0.2
Rich Burridge <rich.burridge@oracle.com>
parents:
1345
diff
changeset
|
220 |
+# include $RULE_PATH/file-office.rules |
168b8acace5f
PSARC 2014/346 Data Acquisition library (DAQ) 2.0.2
Rich Burridge <rich.burridge@oracle.com>
parents:
1345
diff
changeset
|
221 |
+# include $RULE_PATH/file-other.rules |
168b8acace5f
PSARC 2014/346 Data Acquisition library (DAQ) 2.0.2
Rich Burridge <rich.burridge@oracle.com>
parents:
1345
diff
changeset
|
222 |
+# include $RULE_PATH/file-pdf.rules |
1345
ee87318d9935
PSARC 2013/113 snort 2.9.2
Rich Burridge <rich.burridge@oracle.com>
parents:
213
diff
changeset
|
223 |
+# include $RULE_PATH/finger.rules |
ee87318d9935
PSARC 2013/113 snort 2.9.2
Rich Burridge <rich.burridge@oracle.com>
parents:
213
diff
changeset
|
224 |
+# include $RULE_PATH/ftp.rules |
2198
168b8acace5f
PSARC 2014/346 Data Acquisition library (DAQ) 2.0.2
Rich Burridge <rich.burridge@oracle.com>
parents:
1345
diff
changeset
|
225 |
+# include $RULE_PATH/icmp-info.rules |
213
7d4229dba5ed
7041863 move snort to userland
Mike Sullivan <Mike.Sullivan@Oracle.COM>
parents:
diff
changeset
|
226 |
+# include $RULE_PATH/icmp.rules |
1345
ee87318d9935
PSARC 2013/113 snort 2.9.2
Rich Burridge <rich.burridge@oracle.com>
parents:
213
diff
changeset
|
227 |
+# include $RULE_PATH/imap.rules |
2198
168b8acace5f
PSARC 2014/346 Data Acquisition library (DAQ) 2.0.2
Rich Burridge <rich.burridge@oracle.com>
parents:
1345
diff
changeset
|
228 |
+# include $RULE_PATH/indicator-compromise.rules |
168b8acace5f
PSARC 2014/346 Data Acquisition library (DAQ) 2.0.2
Rich Burridge <rich.burridge@oracle.com>
parents:
1345
diff
changeset
|
229 |
+# include $RULE_PATH/indicator-obfuscation.rules |
168b8acace5f
PSARC 2014/346 Data Acquisition library (DAQ) 2.0.2
Rich Burridge <rich.burridge@oracle.com>
parents:
1345
diff
changeset
|
230 |
+# include $RULE_PATH/indicator-scan.rules |
168b8acace5f
PSARC 2014/346 Data Acquisition library (DAQ) 2.0.2
Rich Burridge <rich.burridge@oracle.com>
parents:
1345
diff
changeset
|
231 |
+# include $RULE_PATH/indicator-shellcode.rules |
1345
ee87318d9935
PSARC 2013/113 snort 2.9.2
Rich Burridge <rich.burridge@oracle.com>
parents:
213
diff
changeset
|
232 |
+# include $RULE_PATH/info.rules |
2198
168b8acace5f
PSARC 2014/346 Data Acquisition library (DAQ) 2.0.2
Rich Burridge <rich.burridge@oracle.com>
parents:
1345
diff
changeset
|
233 |
+# include $RULE_PATH/malware-backdoor.rules |
168b8acace5f
PSARC 2014/346 Data Acquisition library (DAQ) 2.0.2
Rich Burridge <rich.burridge@oracle.com>
parents:
1345
diff
changeset
|
234 |
+# include $RULE_PATH/malware-cnc.rules |
168b8acace5f
PSARC 2014/346 Data Acquisition library (DAQ) 2.0.2
Rich Burridge <rich.burridge@oracle.com>
parents:
1345
diff
changeset
|
235 |
+# include $RULE_PATH/malware-other.rules |
168b8acace5f
PSARC 2014/346 Data Acquisition library (DAQ) 2.0.2
Rich Burridge <rich.burridge@oracle.com>
parents:
1345
diff
changeset
|
236 |
+# include $RULE_PATH/malware-tools.rules |
213
7d4229dba5ed
7041863 move snort to userland
Mike Sullivan <Mike.Sullivan@Oracle.COM>
parents:
diff
changeset
|
237 |
+# include $RULE_PATH/misc.rules |
1345
ee87318d9935
PSARC 2013/113 snort 2.9.2
Rich Burridge <rich.burridge@oracle.com>
parents:
213
diff
changeset
|
238 |
+# include $RULE_PATH/multimedia.rules |
213
7d4229dba5ed
7041863 move snort to userland
Mike Sullivan <Mike.Sullivan@Oracle.COM>
parents:
diff
changeset
|
239 |
+# include $RULE_PATH/mysql.rules |
1345
ee87318d9935
PSARC 2013/113 snort 2.9.2
Rich Burridge <rich.burridge@oracle.com>
parents:
213
diff
changeset
|
240 |
+# include $RULE_PATH/netbios.rules |
ee87318d9935
PSARC 2013/113 snort 2.9.2
Rich Burridge <rich.burridge@oracle.com>
parents:
213
diff
changeset
|
241 |
+# include $RULE_PATH/nntp.rules |
ee87318d9935
PSARC 2013/113 snort 2.9.2
Rich Burridge <rich.burridge@oracle.com>
parents:
213
diff
changeset
|
242 |
+# include $RULE_PATH/oracle.rules |
2198
168b8acace5f
PSARC 2014/346 Data Acquisition library (DAQ) 2.0.2
Rich Burridge <rich.burridge@oracle.com>
parents:
1345
diff
changeset
|
243 |
+# include $RULE_PATH/os-linux.rules |
168b8acace5f
PSARC 2014/346 Data Acquisition library (DAQ) 2.0.2
Rich Burridge <rich.burridge@oracle.com>
parents:
1345
diff
changeset
|
244 |
+# include $RULE_PATH/os-mobile.rules |
168b8acace5f
PSARC 2014/346 Data Acquisition library (DAQ) 2.0.2
Rich Burridge <rich.burridge@oracle.com>
parents:
1345
diff
changeset
|
245 |
+# include $RULE_PATH/os-other.rules |
168b8acace5f
PSARC 2014/346 Data Acquisition library (DAQ) 2.0.2
Rich Burridge <rich.burridge@oracle.com>
parents:
1345
diff
changeset
|
246 |
+# include $RULE_PATH/os-solaris.rules |
168b8acace5f
PSARC 2014/346 Data Acquisition library (DAQ) 2.0.2
Rich Burridge <rich.burridge@oracle.com>
parents:
1345
diff
changeset
|
247 |
+# include $RULE_PATH/os-windows.rules |
1345
ee87318d9935
PSARC 2013/113 snort 2.9.2
Rich Burridge <rich.burridge@oracle.com>
parents:
213
diff
changeset
|
248 |
+# include $RULE_PATH/other-ids.rules |
ee87318d9935
PSARC 2013/113 snort 2.9.2
Rich Burridge <rich.burridge@oracle.com>
parents:
213
diff
changeset
|
249 |
+# include $RULE_PATH/p2p.rules |
ee87318d9935
PSARC 2013/113 snort 2.9.2
Rich Burridge <rich.burridge@oracle.com>
parents:
213
diff
changeset
|
250 |
+# include $RULE_PATH/phishing-spam.rules |
2198
168b8acace5f
PSARC 2014/346 Data Acquisition library (DAQ) 2.0.2
Rich Burridge <rich.burridge@oracle.com>
parents:
1345
diff
changeset
|
251 |
+# include $RULE_PATH/policy-multimedia.rules |
168b8acace5f
PSARC 2014/346 Data Acquisition library (DAQ) 2.0.2
Rich Burridge <rich.burridge@oracle.com>
parents:
1345
diff
changeset
|
252 |
+# include $RULE_PATH/policy-other.rules |
1345
ee87318d9935
PSARC 2013/113 snort 2.9.2
Rich Burridge <rich.burridge@oracle.com>
parents:
213
diff
changeset
|
253 |
+# include $RULE_PATH/policy.rules |
2198
168b8acace5f
PSARC 2014/346 Data Acquisition library (DAQ) 2.0.2
Rich Burridge <rich.burridge@oracle.com>
parents:
1345
diff
changeset
|
254 |
+# include $RULE_PATH/policy-social.rules |
168b8acace5f
PSARC 2014/346 Data Acquisition library (DAQ) 2.0.2
Rich Burridge <rich.burridge@oracle.com>
parents:
1345
diff
changeset
|
255 |
+# include $RULE_PATH/policy-spam.rules |
213
7d4229dba5ed
7041863 move snort to userland
Mike Sullivan <Mike.Sullivan@Oracle.COM>
parents:
diff
changeset
|
256 |
+# include $RULE_PATH/pop2.rules |
7d4229dba5ed
7041863 move snort to userland
Mike Sullivan <Mike.Sullivan@Oracle.COM>
parents:
diff
changeset
|
257 |
+# include $RULE_PATH/pop3.rules |
2198
168b8acace5f
PSARC 2014/346 Data Acquisition library (DAQ) 2.0.2
Rich Burridge <rich.burridge@oracle.com>
parents:
1345
diff
changeset
|
258 |
+# include $RULE_PATH/protocol-dns.rules |
168b8acace5f
PSARC 2014/346 Data Acquisition library (DAQ) 2.0.2
Rich Burridge <rich.burridge@oracle.com>
parents:
1345
diff
changeset
|
259 |
+# include $RULE_PATH/protocol-finger.rules |
168b8acace5f
PSARC 2014/346 Data Acquisition library (DAQ) 2.0.2
Rich Burridge <rich.burridge@oracle.com>
parents:
1345
diff
changeset
|
260 |
+# include $RULE_PATH/protocol-ftp.rules |
168b8acace5f
PSARC 2014/346 Data Acquisition library (DAQ) 2.0.2
Rich Burridge <rich.burridge@oracle.com>
parents:
1345
diff
changeset
|
261 |
+# include $RULE_PATH/protocol-icmp.rules |
168b8acace5f
PSARC 2014/346 Data Acquisition library (DAQ) 2.0.2
Rich Burridge <rich.burridge@oracle.com>
parents:
1345
diff
changeset
|
262 |
+# include $RULE_PATH/protocol-imap.rules |
168b8acace5f
PSARC 2014/346 Data Acquisition library (DAQ) 2.0.2
Rich Burridge <rich.burridge@oracle.com>
parents:
1345
diff
changeset
|
263 |
+# include $RULE_PATH/protocol-nntp.rules |
168b8acace5f
PSARC 2014/346 Data Acquisition library (DAQ) 2.0.2
Rich Burridge <rich.burridge@oracle.com>
parents:
1345
diff
changeset
|
264 |
+# include $RULE_PATH/protocol-pop.rules |
168b8acace5f
PSARC 2014/346 Data Acquisition library (DAQ) 2.0.2
Rich Burridge <rich.burridge@oracle.com>
parents:
1345
diff
changeset
|
265 |
+# include $RULE_PATH/protocol-rpc.rules |
168b8acace5f
PSARC 2014/346 Data Acquisition library (DAQ) 2.0.2
Rich Burridge <rich.burridge@oracle.com>
parents:
1345
diff
changeset
|
266 |
+# include $RULE_PATH/protocol-scada.rules |
168b8acace5f
PSARC 2014/346 Data Acquisition library (DAQ) 2.0.2
Rich Burridge <rich.burridge@oracle.com>
parents:
1345
diff
changeset
|
267 |
+# include $RULE_PATH/protocol-services.rules |
168b8acace5f
PSARC 2014/346 Data Acquisition library (DAQ) 2.0.2
Rich Burridge <rich.burridge@oracle.com>
parents:
1345
diff
changeset
|
268 |
+# include $RULE_PATH/protocol-snmp.rules |
168b8acace5f
PSARC 2014/346 Data Acquisition library (DAQ) 2.0.2
Rich Burridge <rich.burridge@oracle.com>
parents:
1345
diff
changeset
|
269 |
+# include $RULE_PATH/protocol-telnet.rules |
168b8acace5f
PSARC 2014/346 Data Acquisition library (DAQ) 2.0.2
Rich Burridge <rich.burridge@oracle.com>
parents:
1345
diff
changeset
|
270 |
+# include $RULE_PATH/protocol-tftp.rules |
168b8acace5f
PSARC 2014/346 Data Acquisition library (DAQ) 2.0.2
Rich Burridge <rich.burridge@oracle.com>
parents:
1345
diff
changeset
|
271 |
+# include $RULE_PATH/protocol-voip.rules |
168b8acace5f
PSARC 2014/346 Data Acquisition library (DAQ) 2.0.2
Rich Burridge <rich.burridge@oracle.com>
parents:
1345
diff
changeset
|
272 |
+# include $RULE_PATH/pua-adware.rules |
168b8acace5f
PSARC 2014/346 Data Acquisition library (DAQ) 2.0.2
Rich Burridge <rich.burridge@oracle.com>
parents:
1345
diff
changeset
|
273 |
+# include $RULE_PATH/pua-other.rules |
168b8acace5f
PSARC 2014/346 Data Acquisition library (DAQ) 2.0.2
Rich Burridge <rich.burridge@oracle.com>
parents:
1345
diff
changeset
|
274 |
+# include $RULE_PATH/pua-p2p.rules |
168b8acace5f
PSARC 2014/346 Data Acquisition library (DAQ) 2.0.2
Rich Burridge <rich.burridge@oracle.com>
parents:
1345
diff
changeset
|
275 |
+# include $RULE_PATH/pua-toolbars.rules |
1345
ee87318d9935
PSARC 2013/113 snort 2.9.2
Rich Burridge <rich.burridge@oracle.com>
parents:
213
diff
changeset
|
276 |
+# include $RULE_PATH/rpc.rules |
ee87318d9935
PSARC 2013/113 snort 2.9.2
Rich Burridge <rich.burridge@oracle.com>
parents:
213
diff
changeset
|
277 |
+# include $RULE_PATH/rservices.rules |
ee87318d9935
PSARC 2013/113 snort 2.9.2
Rich Burridge <rich.burridge@oracle.com>
parents:
213
diff
changeset
|
278 |
+# include $RULE_PATH/scada.rules |
ee87318d9935
PSARC 2013/113 snort 2.9.2
Rich Burridge <rich.burridge@oracle.com>
parents:
213
diff
changeset
|
279 |
+# include $RULE_PATH/scan.rules |
2198
168b8acace5f
PSARC 2014/346 Data Acquisition library (DAQ) 2.0.2
Rich Burridge <rich.burridge@oracle.com>
parents:
1345
diff
changeset
|
280 |
+# include $RULE_PATH/server-apache.rules |
168b8acace5f
PSARC 2014/346 Data Acquisition library (DAQ) 2.0.2
Rich Burridge <rich.burridge@oracle.com>
parents:
1345
diff
changeset
|
281 |
+# include $RULE_PATH/server-iis.rules |
168b8acace5f
PSARC 2014/346 Data Acquisition library (DAQ) 2.0.2
Rich Burridge <rich.burridge@oracle.com>
parents:
1345
diff
changeset
|
282 |
+# include $RULE_PATH/server-mail.rules |
168b8acace5f
PSARC 2014/346 Data Acquisition library (DAQ) 2.0.2
Rich Burridge <rich.burridge@oracle.com>
parents:
1345
diff
changeset
|
283 |
+# include $RULE_PATH/server-mssql.rules |
168b8acace5f
PSARC 2014/346 Data Acquisition library (DAQ) 2.0.2
Rich Burridge <rich.burridge@oracle.com>
parents:
1345
diff
changeset
|
284 |
+# include $RULE_PATH/server-mysql.rules |
168b8acace5f
PSARC 2014/346 Data Acquisition library (DAQ) 2.0.2
Rich Burridge <rich.burridge@oracle.com>
parents:
1345
diff
changeset
|
285 |
+# include $RULE_PATH/server-oracle.rules |
168b8acace5f
PSARC 2014/346 Data Acquisition library (DAQ) 2.0.2
Rich Burridge <rich.burridge@oracle.com>
parents:
1345
diff
changeset
|
286 |
+# include $RULE_PATH/server-other.rules |
168b8acace5f
PSARC 2014/346 Data Acquisition library (DAQ) 2.0.2
Rich Burridge <rich.burridge@oracle.com>
parents:
1345
diff
changeset
|
287 |
+# include $RULE_PATH/server-samba.rules |
168b8acace5f
PSARC 2014/346 Data Acquisition library (DAQ) 2.0.2
Rich Burridge <rich.burridge@oracle.com>
parents:
1345
diff
changeset
|
288 |
+# include $RULE_PATH/server-webapp.rules |
1345
ee87318d9935
PSARC 2013/113 snort 2.9.2
Rich Burridge <rich.burridge@oracle.com>
parents:
213
diff
changeset
|
289 |
+# include $RULE_PATH/shellcode.rules |
ee87318d9935
PSARC 2013/113 snort 2.9.2
Rich Burridge <rich.burridge@oracle.com>
parents:
213
diff
changeset
|
290 |
+# include $RULE_PATH/smtp.rules |
ee87318d9935
PSARC 2013/113 snort 2.9.2
Rich Burridge <rich.burridge@oracle.com>
parents:
213
diff
changeset
|
291 |
+# include $RULE_PATH/snmp.rules |
ee87318d9935
PSARC 2013/113 snort 2.9.2
Rich Burridge <rich.burridge@oracle.com>
parents:
213
diff
changeset
|
292 |
+# include $RULE_PATH/specific-threats.rules |
ee87318d9935
PSARC 2013/113 snort 2.9.2
Rich Burridge <rich.burridge@oracle.com>
parents:
213
diff
changeset
|
293 |
+# include $RULE_PATH/spyware-put.rules |
ee87318d9935
PSARC 2013/113 snort 2.9.2
Rich Burridge <rich.burridge@oracle.com>
parents:
213
diff
changeset
|
294 |
+# include $RULE_PATH/sql.rules |
ee87318d9935
PSARC 2013/113 snort 2.9.2
Rich Burridge <rich.burridge@oracle.com>
parents:
213
diff
changeset
|
295 |
+# include $RULE_PATH/telnet.rules |
ee87318d9935
PSARC 2013/113 snort 2.9.2
Rich Burridge <rich.burridge@oracle.com>
parents:
213
diff
changeset
|
296 |
+# include $RULE_PATH/tftp.rules |
ee87318d9935
PSARC 2013/113 snort 2.9.2
Rich Burridge <rich.burridge@oracle.com>
parents:
213
diff
changeset
|
297 |
+# include $RULE_PATH/virus.rules |
ee87318d9935
PSARC 2013/113 snort 2.9.2
Rich Burridge <rich.burridge@oracle.com>
parents:
213
diff
changeset
|
298 |
+# include $RULE_PATH/voip.rules |
ee87318d9935
PSARC 2013/113 snort 2.9.2
Rich Burridge <rich.burridge@oracle.com>
parents:
213
diff
changeset
|
299 |
+# include $RULE_PATH/web-activex.rules |
ee87318d9935
PSARC 2013/113 snort 2.9.2
Rich Burridge <rich.burridge@oracle.com>
parents:
213
diff
changeset
|
300 |
+# include $RULE_PATH/web-attacks.rules |
ee87318d9935
PSARC 2013/113 snort 2.9.2
Rich Burridge <rich.burridge@oracle.com>
parents:
213
diff
changeset
|
301 |
+# include $RULE_PATH/web-cgi.rules |
ee87318d9935
PSARC 2013/113 snort 2.9.2
Rich Burridge <rich.burridge@oracle.com>
parents:
213
diff
changeset
|
302 |
+# include $RULE_PATH/web-client.rules |
ee87318d9935
PSARC 2013/113 snort 2.9.2
Rich Burridge <rich.burridge@oracle.com>
parents:
213
diff
changeset
|
303 |
+# include $RULE_PATH/web-coldfusion.rules |
ee87318d9935
PSARC 2013/113 snort 2.9.2
Rich Burridge <rich.burridge@oracle.com>
parents:
213
diff
changeset
|
304 |
+# include $RULE_PATH/web-frontpage.rules |
ee87318d9935
PSARC 2013/113 snort 2.9.2
Rich Burridge <rich.burridge@oracle.com>
parents:
213
diff
changeset
|
305 |
+# include $RULE_PATH/web-iis.rules |
ee87318d9935
PSARC 2013/113 snort 2.9.2
Rich Burridge <rich.burridge@oracle.com>
parents:
213
diff
changeset
|
306 |
+# include $RULE_PATH/web-misc.rules |
ee87318d9935
PSARC 2013/113 snort 2.9.2
Rich Burridge <rich.burridge@oracle.com>
parents:
213
diff
changeset
|
307 |
+# include $RULE_PATH/web-php.rules |
ee87318d9935
PSARC 2013/113 snort 2.9.2
Rich Burridge <rich.burridge@oracle.com>
parents:
213
diff
changeset
|
308 |
+# include $RULE_PATH/x11.rules |
213
7d4229dba5ed
7041863 move snort to userland
Mike Sullivan <Mike.Sullivan@Oracle.COM>
parents:
diff
changeset
|
309 |
|
1345
ee87318d9935
PSARC 2013/113 snort 2.9.2
Rich Burridge <rich.burridge@oracle.com>
parents:
213
diff
changeset
|
310 |
################################################### |
ee87318d9935
PSARC 2013/113 snort 2.9.2
Rich Burridge <rich.burridge@oracle.com>
parents:
213
diff
changeset
|
311 |
# Step #8: Customize your preprocessor and decoder alerts |