1 --- snort-2.9.2/etc/snort.conf.orig 2013-05-15 07:26:24.138736340 -0700 |
1 Solaris specific changes to the snort configuration file that will be |
2 +++ snort-2.9.2/etc/snort.conf 2013-05-15 07:36:06.628399989 -0700 |
2 installed under /etc/snort/. |
3 @@ -143,7 +143,7 @@ |
3 |
|
4 These changes will not be submitted upstream. |
|
5 |
|
6 --- etc/snort.conf.orig 2014-09-25 07:56:45.270217768 -0700 |
|
7 +++ etc/snort.conf 2014-10-06 06:02:57.202660631 -0700 |
|
8 @@ -101,13 +101,13 @@ |
|
9 # Path to your rules files (this can be a relative path) |
|
10 # Note for Windows users: You are advised to make this an absolute path, |
|
11 # such as: c:\snort\rules |
|
12 -var RULE_PATH ../rules |
|
13 -var SO_RULE_PATH ../so_rules |
|
14 -var PREPROC_RULE_PATH ../preproc_rules |
|
15 +var RULE_PATH rules |
|
16 +var SO_RULE_PATH so_rules |
|
17 +var PREPROC_RULE_PATH preproc_rules |
|
18 |
|
19 # If you are using reputation preprocessor set these |
|
20 -var WHITE_LIST_PATH ../rules |
|
21 -var BLACK_LIST_PATH ../rules |
|
22 +var WHITE_LIST_PATH rules |
|
23 +var BLACK_LIST_PATH rules |
|
24 |
|
25 ################################################### |
|
26 # Step #2: Configure the decoder. For more information, see README.decode |
|
27 @@ -153,7 +153,7 @@ |
4 # Configure DAQ related options for inline operation. For more information, see README.daq |
28 # Configure DAQ related options for inline operation. For more information, see README.daq |
5 # |
29 # |
6 # config daq: <type> |
30 # config daq: <type> |
7 -# config daq_dir: <dir> |
31 -# config daq_dir: <dir> |
8 +config daq_dir: /usr/lib/64/daq/ |
32 +config daq_dir: /usr/lib/64/daq/ |
9 # config daq_mode: <mode> |
33 # config daq_mode: <mode> |
10 # config daq_var: <var> |
34 # config daq_var: <var> |
11 # |
35 # |
12 @@ -217,13 +217,13 @@ |
36 @@ -240,13 +240,13 @@ |
13 ################################################### |
37 ################################################### |
14 |
38 |
15 # path to dynamic preprocessor libraries |
39 # path to dynamic preprocessor libraries |
16 -dynamicpreprocessor directory /usr/local/lib/snort_dynamicpreprocessor/ |
40 -dynamicpreprocessor directory /usr/local/lib/snort_dynamicpreprocessor/ |
17 +dynamicpreprocessor directory /usr/lib/64/snort_dynamicpreprocessor/ |
41 +dynamicpreprocessor directory /usr/lib/64/snort_dynamicpreprocessor/ |
24 -dynamicdetection directory /usr/local/lib/snort_dynamicrules |
48 -dynamicdetection directory /usr/local/lib/snort_dynamicrules |
25 +dynamicdetection directory /usr/lib/64/snort_dynamicrules |
49 +dynamicdetection directory /usr/lib/64/snort_dynamicrules |
26 |
50 |
27 ################################################### |
51 ################################################### |
28 # Step #5: Configure preprocessors |
52 # Step #5: Configure preprocessors |
29 @@ -264,34 +264,34 @@ |
53 @@ -499,12 +499,12 @@ |
30 # preprocessor perfmonitor: time 300 file /var/snort/snort.stats pktcnt 10000 |
54 check_crc |
31 |
55 |
32 # HTTP normalization and anomaly detection. For more information, see README.http_inspect |
56 # Reputation preprocessor. For more information see README.reputation |
33 -preprocessor http_inspect: global iis_unicode_map unicode.map 1252 compress_depth 65535 decompress_depth 65535 |
57 -preprocessor reputation: \ |
34 -preprocessor http_inspect_server: server default \ |
58 - memcap 500, \ |
35 - chunk_length 500000 \ |
59 - priority whitelist, \ |
36 - server_flow_depth 0 \ |
60 - nested_ip inner, \ |
37 - client_flow_depth 0 \ |
61 - whitelist $WHITE_LIST_PATH/white_list.rules, \ |
38 - post_depth 65495 \ |
62 - blacklist $BLACK_LIST_PATH/black_list.rules |
39 - oversize_dir_length 500 \ |
63 +#preprocessor reputation: \ |
40 - max_header_length 750 \ |
64 +# memcap 500, \ |
41 - max_headers 100 \ |
65 +# priority whitelist, \ |
42 - ports { 80 81 311 591 593 901 1220 1414 1830 2301 2381 2809 3128 3702 5250 7001 7777 7779 8000 8008 8028 8080 8088 8118 8123 8180 8181 8243 8280 8888 9090 9091 9443 9999 11371 } \ |
66 +# nested_ip inner, \ |
43 - non_rfc_char { 0x00 0x01 0x02 0x03 0x04 0x05 0x06 0x07 } \ |
67 +# whitelist $WHITE_LIST_PATH/white_list.rules, \ |
44 - enable_cookie \ |
68 +# blacklist $BLACK_LIST_PATH/black_list.rules |
45 - extended_response_inspection \ |
69 |
46 - inspect_gzip \ |
70 ################################################### |
47 - normalize_utf \ |
71 # Step #6: Configure output plugins |
48 - unlimited_decompress \ |
72 @@ -538,123 +538,123 @@ |
49 - apache_whitespace no \ |
|
50 - ascii no \ |
|
51 - bare_byte no \ |
|
52 - directory no \ |
|
53 - double_decode no \ |
|
54 - iis_backslash no \ |
|
55 - iis_delimiter no \ |
|
56 - iis_unicode no \ |
|
57 - multi_slash no \ |
|
58 - utf_8 no \ |
|
59 - u_encode yes \ |
|
60 - webroot no |
|
61 +#preprocessor http_inspect: global iis_unicode_map unicode.map 1252 compress_depth 65535 decompress_depth 65535 |
|
62 +#preprocessor http_inspect_server: server default \ |
|
63 +# chunk_length 500000 \ |
|
64 +# server_flow_depth 0 \ |
|
65 +# client_flow_depth 0 \ |
|
66 +# post_depth 65495 \ |
|
67 +# oversize_dir_length 500 \ |
|
68 +# max_header_length 750 \ |
|
69 +# max_headers 100 \ |
|
70 +# ports { 80 81 311 591 593 901 1220 1414 1830 2301 2381 2809 3128 3702 5250 7001 7777 7779 8000 8008 8028 8080 8088 8118 8123 8180 8181 8243 8280 8888 9090 9091 9443 9999 11371 } \ |
|
71 +# non_rfc_char { 0x00 0x01 0x02 0x03 0x04 0x05 0x06 0x07 } \ |
|
72 +# enable_cookie \ |
|
73 +# extended_response_inspection \ |
|
74 +# inspect_gzip \ |
|
75 +# normalize_utf \ |
|
76 +# unlimited_decompress \ |
|
77 +# apache_whitespace no \ |
|
78 +# ascii no \ |
|
79 +# bare_byte no \ |
|
80 +# directory no \ |
|
81 +# double_decode no \ |
|
82 +# iis_backslash no \ |
|
83 +# iis_delimiter no \ |
|
84 +# iis_unicode no \ |
|
85 +# multi_slash no \ |
|
86 +# utf_8 no \ |
|
87 +# u_encode yes \ |
|
88 +# webroot no |
|
89 |
|
90 # ONC-RPC normalization and anomaly detection. For more information, see the Snort Manual, Configuring Snort - Preprocessors - RPC Decode |
|
91 preprocessor rpc_decode: 111 32770 32771 32772 32773 32774 32775 32776 32777 32778 32779 no_alert_multiple_requests no_alert_large_fragments no_alert_incomplete |
|
92 @@ -487,8 +487,8 @@ |
|
93 # output alert_prelude |
|
94 |
|
95 # metadata reference data. do not modify these lines |
|
96 -include classification.config |
|
97 -include reference.config |
|
98 +# include classification.config |
|
99 +# include reference.config |
|
100 |
|
101 |
|
102 ################################################### |
|
103 @@ -499,61 +499,61 @@ |
|
104 ################################################### |
73 ################################################### |
105 |
74 |
106 # site specific rules |
75 # site specific rules |
107 -include $RULE_PATH/local.rules |
76 -include $RULE_PATH/local.rules |
108 +# include $RULE_PATH/local.rules |
77 +# include $RULE_PATH/local.rules |
109 |
78 |
|
79 -include $RULE_PATH/app-detect.rules |
110 -include $RULE_PATH/attack-responses.rules |
80 -include $RULE_PATH/attack-responses.rules |
111 -include $RULE_PATH/backdoor.rules |
81 -include $RULE_PATH/backdoor.rules |
112 -include $RULE_PATH/bad-traffic.rules |
82 -include $RULE_PATH/bad-traffic.rules |
113 -include $RULE_PATH/blacklist.rules |
83 -include $RULE_PATH/blacklist.rules |
114 -include $RULE_PATH/botnet-cnc.rules |
84 -include $RULE_PATH/botnet-cnc.rules |
|
85 -include $RULE_PATH/browser-chrome.rules |
|
86 -include $RULE_PATH/browser-firefox.rules |
|
87 -include $RULE_PATH/browser-ie.rules |
|
88 -include $RULE_PATH/browser-other.rules |
|
89 -include $RULE_PATH/browser-plugins.rules |
|
90 -include $RULE_PATH/browser-webkit.rules |
115 -include $RULE_PATH/chat.rules |
91 -include $RULE_PATH/chat.rules |
116 -include $RULE_PATH/content-replace.rules |
92 -include $RULE_PATH/content-replace.rules |
117 -include $RULE_PATH/ddos.rules |
93 -include $RULE_PATH/ddos.rules |
118 -include $RULE_PATH/dns.rules |
94 -include $RULE_PATH/dns.rules |
119 -include $RULE_PATH/dos.rules |
95 -include $RULE_PATH/dos.rules |
|
96 -include $RULE_PATH/experimental.rules |
|
97 -include $RULE_PATH/exploit-kit.rules |
120 -include $RULE_PATH/exploit.rules |
98 -include $RULE_PATH/exploit.rules |
|
99 -include $RULE_PATH/file-executable.rules |
|
100 -include $RULE_PATH/file-flash.rules |
|
101 -include $RULE_PATH/file-identify.rules |
|
102 -include $RULE_PATH/file-image.rules |
|
103 -include $RULE_PATH/file-java.rules |
|
104 -include $RULE_PATH/file-multimedia.rules |
|
105 -include $RULE_PATH/file-office.rules |
|
106 -include $RULE_PATH/file-other.rules |
|
107 -include $RULE_PATH/file-pdf.rules |
121 -include $RULE_PATH/finger.rules |
108 -include $RULE_PATH/finger.rules |
122 -include $RULE_PATH/ftp.rules |
109 -include $RULE_PATH/ftp.rules |
|
110 -include $RULE_PATH/icmp-info.rules |
123 -include $RULE_PATH/icmp.rules |
111 -include $RULE_PATH/icmp.rules |
124 -include $RULE_PATH/icmp-info.rules |
|
125 -include $RULE_PATH/imap.rules |
112 -include $RULE_PATH/imap.rules |
|
113 -include $RULE_PATH/indicator-compromise.rules |
|
114 -include $RULE_PATH/indicator-obfuscation.rules |
|
115 -include $RULE_PATH/indicator-scan.rules |
|
116 -include $RULE_PATH/indicator-shellcode.rules |
126 -include $RULE_PATH/info.rules |
117 -include $RULE_PATH/info.rules |
|
118 -include $RULE_PATH/malware-backdoor.rules |
|
119 -include $RULE_PATH/malware-cnc.rules |
|
120 -include $RULE_PATH/malware-other.rules |
|
121 -include $RULE_PATH/malware-tools.rules |
127 -include $RULE_PATH/misc.rules |
122 -include $RULE_PATH/misc.rules |
128 -include $RULE_PATH/multimedia.rules |
123 -include $RULE_PATH/multimedia.rules |
129 -include $RULE_PATH/mysql.rules |
124 -include $RULE_PATH/mysql.rules |
130 -include $RULE_PATH/netbios.rules |
125 -include $RULE_PATH/netbios.rules |
131 -include $RULE_PATH/nntp.rules |
126 -include $RULE_PATH/nntp.rules |
132 -include $RULE_PATH/oracle.rules |
127 -include $RULE_PATH/oracle.rules |
|
128 -include $RULE_PATH/os-linux.rules |
|
129 -include $RULE_PATH/os-mobile.rules |
|
130 -include $RULE_PATH/os-other.rules |
|
131 -include $RULE_PATH/os-solaris.rules |
|
132 -include $RULE_PATH/os-windows.rules |
133 -include $RULE_PATH/other-ids.rules |
133 -include $RULE_PATH/other-ids.rules |
134 -include $RULE_PATH/p2p.rules |
134 -include $RULE_PATH/p2p.rules |
135 -include $RULE_PATH/phishing-spam.rules |
135 -include $RULE_PATH/phishing-spam.rules |
|
136 -include $RULE_PATH/policy-multimedia.rules |
|
137 -include $RULE_PATH/policy-other.rules |
136 -include $RULE_PATH/policy.rules |
138 -include $RULE_PATH/policy.rules |
|
139 -include $RULE_PATH/policy-social.rules |
|
140 -include $RULE_PATH/policy-spam.rules |
137 -include $RULE_PATH/pop2.rules |
141 -include $RULE_PATH/pop2.rules |
138 -include $RULE_PATH/pop3.rules |
142 -include $RULE_PATH/pop3.rules |
|
143 -include $RULE_PATH/protocol-dns.rules |
|
144 -include $RULE_PATH/protocol-finger.rules |
|
145 -include $RULE_PATH/protocol-ftp.rules |
|
146 -include $RULE_PATH/protocol-icmp.rules |
|
147 -include $RULE_PATH/protocol-imap.rules |
|
148 -include $RULE_PATH/protocol-nntp.rules |
|
149 -include $RULE_PATH/protocol-pop.rules |
|
150 -include $RULE_PATH/protocol-rpc.rules |
|
151 -include $RULE_PATH/protocol-scada.rules |
|
152 -include $RULE_PATH/protocol-services.rules |
|
153 -include $RULE_PATH/protocol-snmp.rules |
|
154 -include $RULE_PATH/protocol-telnet.rules |
|
155 -include $RULE_PATH/protocol-tftp.rules |
|
156 -include $RULE_PATH/protocol-voip.rules |
|
157 -include $RULE_PATH/pua-adware.rules |
|
158 -include $RULE_PATH/pua-other.rules |
|
159 -include $RULE_PATH/pua-p2p.rules |
|
160 -include $RULE_PATH/pua-toolbars.rules |
139 -include $RULE_PATH/rpc.rules |
161 -include $RULE_PATH/rpc.rules |
140 -include $RULE_PATH/rservices.rules |
162 -include $RULE_PATH/rservices.rules |
141 -include $RULE_PATH/scada.rules |
163 -include $RULE_PATH/scada.rules |
142 -include $RULE_PATH/scan.rules |
164 -include $RULE_PATH/scan.rules |
|
165 -include $RULE_PATH/server-apache.rules |
|
166 -include $RULE_PATH/server-iis.rules |
|
167 -include $RULE_PATH/server-mail.rules |
|
168 -include $RULE_PATH/server-mssql.rules |
|
169 -include $RULE_PATH/server-mysql.rules |
|
170 -include $RULE_PATH/server-oracle.rules |
|
171 -include $RULE_PATH/server-other.rules |
|
172 -include $RULE_PATH/server-samba.rules |
|
173 -include $RULE_PATH/server-webapp.rules |
143 -include $RULE_PATH/shellcode.rules |
174 -include $RULE_PATH/shellcode.rules |
144 -include $RULE_PATH/smtp.rules |
175 -include $RULE_PATH/smtp.rules |
145 -include $RULE_PATH/snmp.rules |
176 -include $RULE_PATH/snmp.rules |
146 -include $RULE_PATH/specific-threats.rules |
177 -include $RULE_PATH/specific-threats.rules |
147 -include $RULE_PATH/spyware-put.rules |
178 -include $RULE_PATH/spyware-put.rules |
158 -include $RULE_PATH/web-frontpage.rules |
189 -include $RULE_PATH/web-frontpage.rules |
159 -include $RULE_PATH/web-iis.rules |
190 -include $RULE_PATH/web-iis.rules |
160 -include $RULE_PATH/web-misc.rules |
191 -include $RULE_PATH/web-misc.rules |
161 -include $RULE_PATH/web-php.rules |
192 -include $RULE_PATH/web-php.rules |
162 -include $RULE_PATH/x11.rules |
193 -include $RULE_PATH/x11.rules |
|
194 +# include $RULE_PATH/app-detect.rules |
163 +# include $RULE_PATH/attack-responses.rules |
195 +# include $RULE_PATH/attack-responses.rules |
164 +# include $RULE_PATH/backdoor.rules |
196 +# include $RULE_PATH/backdoor.rules |
165 +# include $RULE_PATH/bad-traffic.rules |
197 +# include $RULE_PATH/bad-traffic.rules |
166 +# include $RULE_PATH/blacklist.rules |
198 +# include $RULE_PATH/blacklist.rules |
167 +# include $RULE_PATH/botnet-cnc.rules |
199 +# include $RULE_PATH/botnet-cnc.rules |
|
200 +# include $RULE_PATH/browser-chrome.rules |
|
201 +# include $RULE_PATH/browser-firefox.rules |
|
202 +# include $RULE_PATH/browser-ie.rules |
|
203 +# include $RULE_PATH/browser-other.rules |
|
204 +# include $RULE_PATH/browser-plugins.rules |
|
205 +# include $RULE_PATH/browser-webkit.rules |
168 +# include $RULE_PATH/chat.rules |
206 +# include $RULE_PATH/chat.rules |
169 +# include $RULE_PATH/content-replace.rules |
207 +# include $RULE_PATH/content-replace.rules |
170 +# include $RULE_PATH/ddos.rules |
208 +# include $RULE_PATH/ddos.rules |
171 +# include $RULE_PATH/dns.rules |
209 +# include $RULE_PATH/dns.rules |
172 +# include $RULE_PATH/dos.rules |
210 +# include $RULE_PATH/dos.rules |
|
211 +# include $RULE_PATH/experimental.rules |
|
212 +# include $RULE_PATH/exploit-kit.rules |
173 +# include $RULE_PATH/exploit.rules |
213 +# include $RULE_PATH/exploit.rules |
|
214 +# include $RULE_PATH/file-executable.rules |
|
215 +# include $RULE_PATH/file-flash.rules |
|
216 +# include $RULE_PATH/file-identify.rules |
|
217 +# include $RULE_PATH/file-image.rules |
|
218 +# include $RULE_PATH/file-java.rules |
|
219 +# include $RULE_PATH/file-multimedia.rules |
|
220 +# include $RULE_PATH/file-office.rules |
|
221 +# include $RULE_PATH/file-other.rules |
|
222 +# include $RULE_PATH/file-pdf.rules |
174 +# include $RULE_PATH/finger.rules |
223 +# include $RULE_PATH/finger.rules |
175 +# include $RULE_PATH/ftp.rules |
224 +# include $RULE_PATH/ftp.rules |
|
225 +# include $RULE_PATH/icmp-info.rules |
176 +# include $RULE_PATH/icmp.rules |
226 +# include $RULE_PATH/icmp.rules |
177 +# include $RULE_PATH/icmp-info.rules |
|
178 +# include $RULE_PATH/imap.rules |
227 +# include $RULE_PATH/imap.rules |
|
228 +# include $RULE_PATH/indicator-compromise.rules |
|
229 +# include $RULE_PATH/indicator-obfuscation.rules |
|
230 +# include $RULE_PATH/indicator-scan.rules |
|
231 +# include $RULE_PATH/indicator-shellcode.rules |
179 +# include $RULE_PATH/info.rules |
232 +# include $RULE_PATH/info.rules |
|
233 +# include $RULE_PATH/malware-backdoor.rules |
|
234 +# include $RULE_PATH/malware-cnc.rules |
|
235 +# include $RULE_PATH/malware-other.rules |
|
236 +# include $RULE_PATH/malware-tools.rules |
180 +# include $RULE_PATH/misc.rules |
237 +# include $RULE_PATH/misc.rules |
181 +# include $RULE_PATH/multimedia.rules |
238 +# include $RULE_PATH/multimedia.rules |
182 +# include $RULE_PATH/mysql.rules |
239 +# include $RULE_PATH/mysql.rules |
183 +# include $RULE_PATH/netbios.rules |
240 +# include $RULE_PATH/netbios.rules |
184 +# include $RULE_PATH/nntp.rules |
241 +# include $RULE_PATH/nntp.rules |
185 +# include $RULE_PATH/oracle.rules |
242 +# include $RULE_PATH/oracle.rules |
|
243 +# include $RULE_PATH/os-linux.rules |
|
244 +# include $RULE_PATH/os-mobile.rules |
|
245 +# include $RULE_PATH/os-other.rules |
|
246 +# include $RULE_PATH/os-solaris.rules |
|
247 +# include $RULE_PATH/os-windows.rules |
186 +# include $RULE_PATH/other-ids.rules |
248 +# include $RULE_PATH/other-ids.rules |
187 +# include $RULE_PATH/p2p.rules |
249 +# include $RULE_PATH/p2p.rules |
188 +# include $RULE_PATH/phishing-spam.rules |
250 +# include $RULE_PATH/phishing-spam.rules |
|
251 +# include $RULE_PATH/policy-multimedia.rules |
|
252 +# include $RULE_PATH/policy-other.rules |
189 +# include $RULE_PATH/policy.rules |
253 +# include $RULE_PATH/policy.rules |
|
254 +# include $RULE_PATH/policy-social.rules |
|
255 +# include $RULE_PATH/policy-spam.rules |
190 +# include $RULE_PATH/pop2.rules |
256 +# include $RULE_PATH/pop2.rules |
191 +# include $RULE_PATH/pop3.rules |
257 +# include $RULE_PATH/pop3.rules |
|
258 +# include $RULE_PATH/protocol-dns.rules |
|
259 +# include $RULE_PATH/protocol-finger.rules |
|
260 +# include $RULE_PATH/protocol-ftp.rules |
|
261 +# include $RULE_PATH/protocol-icmp.rules |
|
262 +# include $RULE_PATH/protocol-imap.rules |
|
263 +# include $RULE_PATH/protocol-nntp.rules |
|
264 +# include $RULE_PATH/protocol-pop.rules |
|
265 +# include $RULE_PATH/protocol-rpc.rules |
|
266 +# include $RULE_PATH/protocol-scada.rules |
|
267 +# include $RULE_PATH/protocol-services.rules |
|
268 +# include $RULE_PATH/protocol-snmp.rules |
|
269 +# include $RULE_PATH/protocol-telnet.rules |
|
270 +# include $RULE_PATH/protocol-tftp.rules |
|
271 +# include $RULE_PATH/protocol-voip.rules |
|
272 +# include $RULE_PATH/pua-adware.rules |
|
273 +# include $RULE_PATH/pua-other.rules |
|
274 +# include $RULE_PATH/pua-p2p.rules |
|
275 +# include $RULE_PATH/pua-toolbars.rules |
192 +# include $RULE_PATH/rpc.rules |
276 +# include $RULE_PATH/rpc.rules |
193 +# include $RULE_PATH/rservices.rules |
277 +# include $RULE_PATH/rservices.rules |
194 +# include $RULE_PATH/scada.rules |
278 +# include $RULE_PATH/scada.rules |
195 +# include $RULE_PATH/scan.rules |
279 +# include $RULE_PATH/scan.rules |
|
280 +# include $RULE_PATH/server-apache.rules |
|
281 +# include $RULE_PATH/server-iis.rules |
|
282 +# include $RULE_PATH/server-mail.rules |
|
283 +# include $RULE_PATH/server-mssql.rules |
|
284 +# include $RULE_PATH/server-mysql.rules |
|
285 +# include $RULE_PATH/server-oracle.rules |
|
286 +# include $RULE_PATH/server-other.rules |
|
287 +# include $RULE_PATH/server-samba.rules |
|
288 +# include $RULE_PATH/server-webapp.rules |
196 +# include $RULE_PATH/shellcode.rules |
289 +# include $RULE_PATH/shellcode.rules |
197 +# include $RULE_PATH/smtp.rules |
290 +# include $RULE_PATH/smtp.rules |
198 +# include $RULE_PATH/snmp.rules |
291 +# include $RULE_PATH/snmp.rules |
199 +# include $RULE_PATH/specific-threats.rules |
292 +# include $RULE_PATH/specific-threats.rules |
200 +# include $RULE_PATH/spyware-put.rules |
293 +# include $RULE_PATH/spyware-put.rules |