|
|
|---|
# README.alert_order for how rule ordering affects how alerts are triggered. | # README.alert_order for how rule ordering affects how alerts are triggered. |
#========================================= | #========================================= |
| |
include $RULE_PATH/local.rules |
# include $RULE_PATH/local.rules |
include $RULE_PATH/bad-traffic.rules |
# include $RULE_PATH/bad-traffic.rules |
include $RULE_PATH/exploit.rules |
# include $RULE_PATH/exploit.rules |
include $RULE_PATH/scan.rules |
# include $RULE_PATH/scan.rules |
include $RULE_PATH/finger.rules |
# include $RULE_PATH/finger.rules |
include $RULE_PATH/ftp.rules |
# include $RULE_PATH/ftp.rules |
include $RULE_PATH/telnet.rules |
# include $RULE_PATH/telnet.rules |
include $RULE_PATH/rpc.rules |
# include $RULE_PATH/rpc.rules |
include $RULE_PATH/rservices.rules |
# include $RULE_PATH/rservices.rules |
include $RULE_PATH/dos.rules |
# include $RULE_PATH/dos.rules |
include $RULE_PATH/ddos.rules |
# include $RULE_PATH/ddos.rules |
include $RULE_PATH/dns.rules |
# include $RULE_PATH/dns.rules |
include $RULE_PATH/tftp.rules |
# include $RULE_PATH/tftp.rules |
|
|
include $RULE_PATH/web-cgi.rules |
# include $RULE_PATH/web-cgi.rules |
include $RULE_PATH/web-coldfusion.rules |
# include $RULE_PATH/web-coldfusion.rules |
include $RULE_PATH/web-iis.rules |
# include $RULE_PATH/web-iis.rules |
include $RULE_PATH/web-frontpage.rules |
# include $RULE_PATH/web-frontpage.rules |
include $RULE_PATH/web-misc.rules |
# include $RULE_PATH/web-misc.rules |
include $RULE_PATH/web-client.rules |
# include $RULE_PATH/web-client.rules |
include $RULE_PATH/web-php.rules |
# include $RULE_PATH/web-php.rules |
|
|
include $RULE_PATH/sql.rules |
# include $RULE_PATH/sql.rules |
include $RULE_PATH/x11.rules |
# include $RULE_PATH/x11.rules |
include $RULE_PATH/icmp.rules |
# include $RULE_PATH/icmp.rules |
include $RULE_PATH/netbios.rules |
# include $RULE_PATH/netbios.rules |
include $RULE_PATH/misc.rules |
# include $RULE_PATH/misc.rules |
include $RULE_PATH/attack-responses.rules |
# include $RULE_PATH/attack-responses.rules |
include $RULE_PATH/oracle.rules |
# include $RULE_PATH/oracle.rules |
include $RULE_PATH/mysql.rules |
# include $RULE_PATH/mysql.rules |
include $RULE_PATH/snmp.rules |
# include $RULE_PATH/snmp.rules |
|
|
include $RULE_PATH/smtp.rules |
# include $RULE_PATH/smtp.rules |
include $RULE_PATH/imap.rules |
# include $RULE_PATH/imap.rules |
include $RULE_PATH/pop2.rules |
# include $RULE_PATH/pop2.rules |
include $RULE_PATH/pop3.rules |
# include $RULE_PATH/pop3.rules |
| |
include $RULE_PATH/nntp.rules |
# include $RULE_PATH/nntp.rules |
include $RULE_PATH/other-ids.rules |
# include $RULE_PATH/other-ids.rules |
# include $RULE_PATH/web-attacks.rules | # include $RULE_PATH/web-attacks.rules |
# include $RULE_PATH/backdoor.rules | # include $RULE_PATH/backdoor.rules |
# include $RULE_PATH/shellcode.rules | # include $RULE_PATH/shellcode.rules |
|
|
|---|
# include $RULE_PATH/porn.rules | # include $RULE_PATH/porn.rules |
# include $RULE_PATH/info.rules | # include $RULE_PATH/info.rules |
# include $RULE_PATH/icmp-info.rules | # include $RULE_PATH/icmp-info.rules |
include $RULE_PATH/virus.rules |
# include $RULE_PATH/virus.rules |
# include $RULE_PATH/chat.rules | # include $RULE_PATH/chat.rules |
# include $RULE_PATH/multimedia.rules | # include $RULE_PATH/multimedia.rules |
# include $RULE_PATH/p2p.rules | # include $RULE_PATH/p2p.rules |
include $RULE_PATH/experimental.rules |
# include $RULE_PATH/experimental.rules |
| |
# Include any thresholding or suppression commands. See threshold.conf in the | # Include any thresholding or suppression commands. See threshold.conf in the |
# <snort src>/etc directory for details. Commands don't necessarily need to be | # <snort src>/etc directory for details. Commands don't necessarily need to be |
|
|
|---|
# such as: c:\snort\etc\threshold.conf | # such as: c:\snort\etc\threshold.conf |
# Uncomment if needed. | # Uncomment if needed. |
# include threshold.conf | # include threshold.conf |
|
|
|
|
|
# Include basic community rules. |
|
|
|
include $RULE_PATH/community-exploit.rules |
|
include $RULE_PATH/community-ftp.rules |
|
include $RULE_PATH/community-game.rules |
|
include $RULE_PATH/community-inappropriate.rules |
|
include $RULE_PATH/community-mail-client.rules |
|
include $RULE_PATH/community-misc.rules |
|
include $RULE_PATH/community-sql-injection.rules |
|
include $RULE_PATH/community-virus.rules |
|
include $RULE_PATH/community-web-cgi.rules |
|
include $RULE_PATH/community-web-client.rules |
|
include $RULE_PATH/community-web-dos.rules |
|
include $RULE_PATH/community-web-misc.rules |
