开发学院网络安全安全技术 Snort 使用手册,第 2 部分: 配置 阅读

Snort 使用手册,第 2 部分: 配置

 2010-01-25 00:00:00 来源:WEB开发网   
核心提示: 截至最后一行为止,一切运行顺利,Snort 使用手册,第 2 部分: 配置(7),Snort 期望发现一些规则文件,但是没有找到,具有预定义的名称和函数,如果再次打开 snort.conf 文件,因此出现错误, 默认的配置文件包含一些规则文件Snort 提供了一些标准规则文件

截至最后一行为止,一切运行顺利。Snort 期望发现一些规则文件,但是没有找到,因此出现错误。

默认的配置文件包含一些规则文件

Snort 提供了一些标准规则文件,具有预定义的名称和函数。如果再次打开 snort.conf 文件,并浏览最底部的内容,将看到如清单 6 所示的一组命令:


清单 6. snort.conf 文件的底部
#################################################################### 
# Step #6: Customize your rule set 
# 
# Up to date snort rules are available at http://www.snort.org 
# 
# The snort Web site has documentation about how to write your own custom snort 
# rules. 
 
#========================================= 
# Include all relevant rulesets here 
# 
# The following rulesets are disabled by default: 
# 
#  web-attacks, backdoor, shellcode, policy, porn, info, icmp-info, virus, 
#  chat, multimedia, and p2p 
#       
# These rules are either site policy specific or require tuning in order to not 
# generate false positive alerts in most environments. 
# 
# Please read the specific include file for more information and 
# README.alert_order for how rule ordering affects how alerts are triggered. 
#========================================= 
 
include $RULE_PATH/local.rules 
include $RULE_PATH/bad-traffic.rules 
include $RULE_PATH/exploit.rules 
include $RULE_PATH/scan.rules 
include $RULE_PATH/finger.rules 
include $RULE_PATH/ftp.rules 
include $RULE_PATH/telnet.rules 
include $RULE_PATH/rpc.rules 
include $RULE_PATH/rservices.rules 
include $RULE_PATH/dos.rules 
include $RULE_PATH/ddos.rules 
include $RULE_PATH/dns.rules 
include $RULE_PATH/tftp.rules 
 
include $RULE_PATH/web-cgi.rules 
include $RULE_PATH/web-coldfusion.rules 
include $RULE_PATH/web-iis.rules 
include $RULE_PATH/web-frontpage.rules 
include $RULE_PATH/web-misc.rules 
include $RULE_PATH/web-client.rules 
include $RULE_PATH/web-php.rules 
 
include $RULE_PATH/sql.rules 
include $RULE_PATH/x11.rules 
include $RULE_PATH/icmp.rules 
include $RULE_PATH/netbios.rules 
include $RULE_PATH/misc.rules 
include $RULE_PATH/attack-responses.rules 
include $RULE_PATH/oracle.rules 
include $RULE_PATH/mysql.rules 
include $RULE_PATH/snmp.rules 
 
include $RULE_PATH/smtp.rules 
include $RULE_PATH/imap.rules 
include $RULE_PATH/pop2.rules 
include $RULE_PATH/pop3.rules 
 
include $RULE_PATH/nntp.rules 
include $RULE_PATH/other-ids.rules 
# include $RULE_PATH/web-attacks.rules 
# include $RULE_PATH/backdoor.rules 
# include $RULE_PATH/shellcode.rules 
# include $RULE_PATH/policy.rules 
# include $RULE_PATH/porn.rules 
# include $RULE_PATH/info.rules 
# include $RULE_PATH/icmp-info.rules 
# include $RULE_PATH/virus.rules 
# include $RULE_PATH/chat.rules 
# include $RULE_PATH/multimedia.rules 
# include $RULE_PATH/p2p.rules 
# include $RULE_PATH/spyware-put.rules 
# include $RULE_PATH/specific-threats.rules 
include $RULE_PATH/experimental.rules 
 
# include $PREPROC_RULE_PATH/preprocessor.rules 
# include $PREPROC_RULE_PATH/decoder.rules 
 
# Include any thresholding or suppression commands. See threshold.conf in the 
# <snort src>/etc directory for details. Commands don't necessarily need to be 
# contained in this conf, but a separate conf makes it easier to maintain them. 
# Note for Windows users: You are advised to make this an absolute path, 
# such as: c:\snort\etc\threshold.conf 
# Uncomment if needed. 
# include threshold.conf

上一页  2 3 4 5 6 7 8 9 10  下一页

Tags:Snort 使用 手册

编辑录入:爽爽 [复制链接] [打 印]
[]
  • 好
  • 好的评价 如果觉得好,就请您
      0%(0)
  • 差
  • 差的评价 如果觉得差,就请您
      0%(0)
赞助商链接