--- etc/snort.conf.orig 2005-10-17 06:50:55.000000000 -0700 +++ etc/snort.conf 2005-12-05 22:31:41.000000000 -0800 @@ -701,45 +701,45 @@ # README.alert_order for how rule ordering affects how alerts are triggered. #========================================= -include $RULE_PATH/local.rules -include $RULE_PATH/bad-traffic.rules -include $RULE_PATH/exploit.rules -include $RULE_PATH/scan.rules -include $RULE_PATH/finger.rules -include $RULE_PATH/ftp.rules -include $RULE_PATH/telnet.rules -include $RULE_PATH/rpc.rules -include $RULE_PATH/rservices.rules -include $RULE_PATH/dos.rules -include $RULE_PATH/ddos.rules -include $RULE_PATH/dns.rules -include $RULE_PATH/tftp.rules - -include $RULE_PATH/web-cgi.rules -include $RULE_PATH/web-coldfusion.rules -include $RULE_PATH/web-iis.rules -include $RULE_PATH/web-frontpage.rules -include $RULE_PATH/web-misc.rules -include $RULE_PATH/web-client.rules -include $RULE_PATH/web-php.rules - -include $RULE_PATH/sql.rules -include $RULE_PATH/x11.rules -include $RULE_PATH/icmp.rules -include $RULE_PATH/netbios.rules -include $RULE_PATH/misc.rules -include $RULE_PATH/attack-responses.rules -include $RULE_PATH/oracle.rules -include $RULE_PATH/mysql.rules -include $RULE_PATH/snmp.rules - -include $RULE_PATH/smtp.rules -include $RULE_PATH/imap.rules -include $RULE_PATH/pop2.rules -include $RULE_PATH/pop3.rules +# include $RULE_PATH/local.rules +# include $RULE_PATH/bad-traffic.rules +# include $RULE_PATH/exploit.rules +# include $RULE_PATH/scan.rules +# include $RULE_PATH/finger.rules +# include $RULE_PATH/ftp.rules +# include $RULE_PATH/telnet.rules +# include $RULE_PATH/rpc.rules +# include $RULE_PATH/rservices.rules +# include $RULE_PATH/dos.rules +# include $RULE_PATH/ddos.rules +# include $RULE_PATH/dns.rules +# include $RULE_PATH/tftp.rules + +# include $RULE_PATH/web-cgi.rules +# include $RULE_PATH/web-coldfusion.rules +# include $RULE_PATH/web-iis.rules +# include $RULE_PATH/web-frontpage.rules +# include $RULE_PATH/web-misc.rules +# include $RULE_PATH/web-client.rules +# include $RULE_PATH/web-php.rules + +# include $RULE_PATH/sql.rules +# include $RULE_PATH/x11.rules +# include $RULE_PATH/icmp.rules +# include $RULE_PATH/netbios.rules +# include $RULE_PATH/misc.rules +# include $RULE_PATH/attack-responses.rules +# include $RULE_PATH/oracle.rules +# include $RULE_PATH/mysql.rules +# include $RULE_PATH/snmp.rules + +# include $RULE_PATH/smtp.rules +# include $RULE_PATH/imap.rules +# include $RULE_PATH/pop2.rules +# include $RULE_PATH/pop3.rules -include $RULE_PATH/nntp.rules -include $RULE_PATH/other-ids.rules +# include $RULE_PATH/nntp.rules +# include $RULE_PATH/other-ids.rules # include $RULE_PATH/web-attacks.rules # include $RULE_PATH/backdoor.rules # include $RULE_PATH/shellcode.rules @@ -747,11 +747,11 @@ # include $RULE_PATH/porn.rules # include $RULE_PATH/info.rules # include $RULE_PATH/icmp-info.rules - include $RULE_PATH/virus.rules +# include $RULE_PATH/virus.rules # include $RULE_PATH/chat.rules # include $RULE_PATH/multimedia.rules # include $RULE_PATH/p2p.rules -include $RULE_PATH/experimental.rules +# include $RULE_PATH/experimental.rules # Include any thresholding or suppression commands. See threshold.conf in the # /etc directory for details. Commands don't necessarily need to be @@ -760,3 +760,19 @@ # such as: c:\snort\etc\threshold.conf # Uncomment if needed. # include threshold.conf + + +# Include basic community rules. + + include $RULE_PATH/community-exploit.rules + include $RULE_PATH/community-ftp.rules + include $RULE_PATH/community-game.rules + include $RULE_PATH/community-inappropriate.rules + include $RULE_PATH/community-mail-client.rules + include $RULE_PATH/community-misc.rules + include $RULE_PATH/community-sql-injection.rules + include $RULE_PATH/community-virus.rules + include $RULE_PATH/community-web-cgi.rules + include $RULE_PATH/community-web-client.rules + include $RULE_PATH/community-web-dos.rules + include $RULE_PATH/community-web-misc.rules