components/snort/patches/snort.conf.patch
changeset 213 7d4229dba5ed
child 1345 ee87318d9935
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/components/snort/patches/snort.conf.patch	Thu May 05 10:28:18 2011 -0700
@@ -0,0 +1,159 @@
+--- etc/snort.conf.orig	Wed Mar 11 21:22:03 2009
++++ etc/snort.conf	Wed May 20 15:22:07 2009
[email protected]@ -191,27 +191,27 @@
+ # Load all dynamic preprocessors from the install path
+ # (same as command line option --dynamic-preprocessor-lib-dir)
+ #
+-dynamicpreprocessor directory /usr/local/lib/snort_dynamicpreprocessor/
++dynamicpreprocessor directory /usr/lib/snort_dynamicpreprocessor/
+ #
+ # Load a specific dynamic preprocessor library from the install path
+ # (same as command line option --dynamic-preprocessor-lib)
+ #
+-# dynamicpreprocessor file /usr/local/lib/snort_dynamicpreprocessor/libdynamicexample.so
++# dynamicpreprocessor file /usr/lib/snort_dynamicpreprocessor/libdynamicexample.so
+ #
+ # Load a dynamic engine from the install path
+ # (same as command line option --dynamic-engine-lib)
+ #
+-dynamicengine /usr/local/lib/snort_dynamicengine/libsf_engine.so
++dynamicengine /usr/lib/snort_dynamicengine/libsf_engine.so
+ #
+ # Load all dynamic rules libraries from the install path
+ # (same as command line option --dynamic-detection-lib-dir)
+ #
+-# dynamicdetection directory /usr/local/lib/snort_dynamicrule/
++# dynamicdetection directory /usr/lib/snort_dynamicrule/
+ #
+ # Load a specific dynamic rule library from the install path
+ # (same as command line option --dynamic-detection-lib)
+ #
+-# dynamicdetection file /usr/local/lib/snort_dynamicrule/libdynamicexamplerule.so
++# dynamicdetection file /usr/lib/snort_dynamicrule/libdynamicexamplerule.so
+ #
+ 
+ ###################################################
[email protected]@ -307,11 +307,11 @@
+ # lots of options available here. See doc/README.http_inspect.
+ # unicode.map should be wherever your snort.conf lives, or given
+ # a full path to where snort can find it.
+-preprocessor http_inspect: global \
+-    iis_unicode_map unicode.map 1252 
++#preprocessor http_inspect: global \
++#    iis_unicode_map unicode.map 1252 
+ 
+-preprocessor http_inspect_server: server default \
+-    profile all ports { 80 8080 8180 } oversize_dir_length 500
++#preprocessor http_inspect_server: server default \
++#    profile all ports { 80 8080 8180 } oversize_dir_length 500
+ 
+ #
+ #  Example unique server configuration
[email protected]@ -760,7 +760,7 @@
+ # such as:  c:\snort\etc\classification.config
+ #
+ 
+-include classification.config
++#include classification.config
+ 
+ #
+ # Include reference systems
[email protected]@ -768,7 +768,7 @@
+ # such as:  c:\snort\etc\reference.config
+ #
+ 
+-include reference.config
++#include reference.config
+ 
+ ####################################################################
+ # Step #5: Configure snort with config statements
[email protected]@ -807,45 +807,45 @@
+ # README.alert_order for how rule ordering affects how alerts are triggered.
+ #=========================================
+ 
+-include $RULE_PATH/local.rules
+-include $RULE_PATH/bad-traffic.rules
+-include $RULE_PATH/exploit.rules
+-include $RULE_PATH/scan.rules
+-include $RULE_PATH/finger.rules
+-include $RULE_PATH/ftp.rules
+-include $RULE_PATH/telnet.rules
+-include $RULE_PATH/rpc.rules
+-include $RULE_PATH/rservices.rules
+-include $RULE_PATH/dos.rules
+-include $RULE_PATH/ddos.rules
+-include $RULE_PATH/dns.rules
+-include $RULE_PATH/tftp.rules
++# include $RULE_PATH/local.rules
++# include $RULE_PATH/bad-traffic.rules
++# include $RULE_PATH/exploit.rules
++# include $RULE_PATH/scan.rules
++# include $RULE_PATH/finger.rules
++# include $RULE_PATH/ftp.rules
++# include $RULE_PATH/telnet.rules
++# include $RULE_PATH/rpc.rules
++# include $RULE_PATH/rservices.rules
++# include $RULE_PATH/dos.rules
++# include $RULE_PATH/ddos.rules
++# include $RULE_PATH/dns.rules
++# include $RULE_PATH/tftp.rules
+ 
+-include $RULE_PATH/web-cgi.rules
+-include $RULE_PATH/web-coldfusion.rules
+-include $RULE_PATH/web-iis.rules
+-include $RULE_PATH/web-frontpage.rules
+-include $RULE_PATH/web-misc.rules
+-include $RULE_PATH/web-client.rules
+-include $RULE_PATH/web-php.rules
++# include $RULE_PATH/web-cgi.rules
++# include $RULE_PATH/web-coldfusion.rules
++# include $RULE_PATH/web-iis.rules
++# include $RULE_PATH/web-frontpage.rules
++# include $RULE_PATH/web-misc.rules
++# include $RULE_PATH/web-client.rules
++# include $RULE_PATH/web-php.rules
+ 
+-include $RULE_PATH/sql.rules
+-include $RULE_PATH/x11.rules
+-include $RULE_PATH/icmp.rules
+-include $RULE_PATH/netbios.rules
+-include $RULE_PATH/misc.rules
+-include $RULE_PATH/attack-responses.rules
+-include $RULE_PATH/oracle.rules
+-include $RULE_PATH/mysql.rules
+-include $RULE_PATH/snmp.rules
++# include $RULE_PATH/sql.rules
++# include $RULE_PATH/x11.rules
++# include $RULE_PATH/icmp.rules
++# include $RULE_PATH/netbios.rules
++# include $RULE_PATH/misc.rules
++# include $RULE_PATH/attack-responses.rules
++# include $RULE_PATH/oracle.rules
++# include $RULE_PATH/mysql.rules
++# include $RULE_PATH/snmp.rules
+ 
+-include $RULE_PATH/smtp.rules
+-include $RULE_PATH/imap.rules
+-include $RULE_PATH/pop2.rules
+-include $RULE_PATH/pop3.rules
++# include $RULE_PATH/smtp.rules
++# include $RULE_PATH/imap.rules
++# include $RULE_PATH/pop2.rules
++# include $RULE_PATH/pop3.rules
+ 
+-include $RULE_PATH/nntp.rules
+-include $RULE_PATH/other-ids.rules
++# include $RULE_PATH/nntp.rules
++# include $RULE_PATH/other-ids.rules
+ # include $RULE_PATH/web-attacks.rules
+ # include $RULE_PATH/backdoor.rules
+ # include $RULE_PATH/shellcode.rules
[email protected]@ -859,7 +859,7 @@
+ # include $RULE_PATH/p2p.rules
+ # include $RULE_PATH/spyware-put.rules
+ # include $RULE_PATH/specific-threats.rules
+-include $RULE_PATH/experimental.rules
++# include $RULE_PATH/experimental.rules
+ 
+ # include $PREPROC_RULE_PATH/preprocessor.rules
+ # include $PREPROC_RULE_PATH/decoder.rules