3433N/ASolaris specific changes to the snort configuration file that will be

3433N/Ainstalled under /etc/snort/.

3433N/A

3433N/AThese changes will not be submitted upstream.

3433N/A

3433N/A--- etc/snort.conf.orig 2014-09-25 07:56:45.270217768 -0700

3433N/A+++ etc/snort.conf 2014-10-06 06:02:57.202660631 -0700

3433N/A@@ -101,13 +101,13 @@

3433N/A # Path to your rules files (this can be a relative path)

3433N/A # Note for Windows users: You are advised to make this an absolute path,

3433N/A # such as: c:\snort\rules

3433N/A-var RULE_PATH ../rules

3433N/A-var SO_RULE_PATH ../so_rules

3433N/A-var PREPROC_RULE_PATH ../preproc_rules

3433N/A+var RULE_PATH rules

3433N/A+var SO_RULE_PATH so_rules

3433N/A+var PREPROC_RULE_PATH preproc_rules

3433N/A

3433N/A # If you are using reputation preprocessor set these

3433N/A-var WHITE_LIST_PATH ../rules

3433N/A-var BLACK_LIST_PATH ../rules

3433N/A+var WHITE_LIST_PATH rules

3433N/A+var BLACK_LIST_PATH rules

3433N/A

3433N/A ###################################################

3433N/A # Step #2: Configure the decoder. For more information, see README.decode

3433N/A@@ -153,7 +153,7 @@

1768N/A # Configure DAQ related options for inline operation. For more information, see README.daq

213N/A #

1768N/A # config daq: <type>

1768N/A-# config daq_dir: <dir>

1768N/A+config daq_dir: /usr/lib/64/daq/

1768N/A # config daq_mode: <mode>

1768N/A # config daq_var: <var>

213N/A #

3433N/A@@ -240,13 +240,13 @@

1768N/A ###################################################

1768N/A

1768N/A # path to dynamic preprocessor libraries

1768N/A-dynamicpreprocessor directory /usr/local/lib/snort_dynamicpreprocessor/

1768N/A+dynamicpreprocessor directory /usr/lib/64/snort_dynamicpreprocessor/

1768N/A

1768N/A # path to base preprocessor engine

213N/A-dynamicengine /usr/local/lib/snort_dynamicengine/libsf_engine.so

1768N/A+dynamicengine /usr/lib/64/snort_dynamicengine/libsf_engine.so

1768N/A

1768N/A # path to dynamic rules libraries

1768N/A-dynamicdetection directory /usr/local/lib/snort_dynamicrules

1768N/A+dynamicdetection directory /usr/lib/64/snort_dynamicrules

213N/A

213N/A ###################################################

1768N/A # Step #5: Configure preprocessors

3433N/A@@ -499,12 +499,12 @@

3433N/A check_crc

213N/A

3433N/A # Reputation preprocessor. For more information see README.reputation

3433N/A-preprocessor reputation: \

3433N/A- memcap 500, \

3433N/A- priority whitelist, \

3433N/A- nested_ip inner, \

3433N/A- whitelist $WHITE_LIST_PATH/white_list.rules, \

3433N/A- blacklist $BLACK_LIST_PATH/black_list.rules

3433N/A+#preprocessor reputation: \

3433N/A+# memcap 500, \

3433N/A+# priority whitelist, \

3433N/A+# nested_ip inner, \

3433N/A+# whitelist $WHITE_LIST_PATH/white_list.rules, \

3433N/A+# blacklist $BLACK_LIST_PATH/black_list.rules

213N/A

1768N/A ###################################################

3433N/A # Step #6: Configure output plugins

3433N/A@@ -538,123 +538,123 @@

1768N/A ###################################################

213N/A

1768N/A # site specific rules

1768N/A-include $RULE_PATH/local.rules

1768N/A+# include $RULE_PATH/local.rules

213N/A

3433N/A-include $RULE_PATH/app-detect.rules

1768N/A-include $RULE_PATH/attack-responses.rules

1768N/A-include $RULE_PATH/backdoor.rules

213N/A-include $RULE_PATH/bad-traffic.rules

1768N/A-include $RULE_PATH/blacklist.rules

1768N/A-include $RULE_PATH/botnet-cnc.rules

3433N/A-include $RULE_PATH/browser-chrome.rules

3433N/A-include $RULE_PATH/browser-firefox.rules

3433N/A-include $RULE_PATH/browser-ie.rules

3433N/A-include $RULE_PATH/browser-other.rules

3433N/A-include $RULE_PATH/browser-plugins.rules

3433N/A-include $RULE_PATH/browser-webkit.rules

1768N/A-include $RULE_PATH/chat.rules

1768N/A-include $RULE_PATH/content-replace.rules

1768N/A-include $RULE_PATH/ddos.rules

1768N/A-include $RULE_PATH/dns.rules

1768N/A-include $RULE_PATH/dos.rules

3433N/A-include $RULE_PATH/experimental.rules

3433N/A-include $RULE_PATH/exploit-kit.rules

213N/A-include $RULE_PATH/exploit.rules

3433N/A-include $RULE_PATH/file-executable.rules

3433N/A-include $RULE_PATH/file-flash.rules

3433N/A-include $RULE_PATH/file-identify.rules

3433N/A-include $RULE_PATH/file-image.rules

3433N/A-include $RULE_PATH/file-java.rules

3433N/A-include $RULE_PATH/file-multimedia.rules

3433N/A-include $RULE_PATH/file-office.rules

3433N/A-include $RULE_PATH/file-other.rules

3433N/A-include $RULE_PATH/file-pdf.rules

213N/A-include $RULE_PATH/finger.rules

213N/A-include $RULE_PATH/ftp.rules

3433N/A-include $RULE_PATH/icmp-info.rules

1768N/A-include $RULE_PATH/icmp.rules

1768N/A-include $RULE_PATH/imap.rules

3433N/A-include $RULE_PATH/indicator-compromise.rules

3433N/A-include $RULE_PATH/indicator-obfuscation.rules

3433N/A-include $RULE_PATH/indicator-scan.rules

3433N/A-include $RULE_PATH/indicator-shellcode.rules

1768N/A-include $RULE_PATH/info.rules

3433N/A-include $RULE_PATH/malware-backdoor.rules

3433N/A-include $RULE_PATH/malware-cnc.rules

3433N/A-include $RULE_PATH/malware-other.rules

3433N/A-include $RULE_PATH/malware-tools.rules

1768N/A-include $RULE_PATH/misc.rules

1768N/A-include $RULE_PATH/multimedia.rules

1768N/A-include $RULE_PATH/mysql.rules

1768N/A-include $RULE_PATH/netbios.rules

1768N/A-include $RULE_PATH/nntp.rules

1768N/A-include $RULE_PATH/oracle.rules

3433N/A-include $RULE_PATH/os-linux.rules

3433N/A-include $RULE_PATH/os-mobile.rules

3433N/A-include $RULE_PATH/os-other.rules

3433N/A-include $RULE_PATH/os-solaris.rules

3433N/A-include $RULE_PATH/os-windows.rules

1768N/A-include $RULE_PATH/other-ids.rules

1768N/A-include $RULE_PATH/p2p.rules

1768N/A-include $RULE_PATH/phishing-spam.rules

3433N/A-include $RULE_PATH/policy-multimedia.rules

3433N/A-include $RULE_PATH/policy-other.rules

1768N/A-include $RULE_PATH/policy.rules

3433N/A-include $RULE_PATH/policy-social.rules

3433N/A-include $RULE_PATH/policy-spam.rules

1768N/A-include $RULE_PATH/pop2.rules

1768N/A-include $RULE_PATH/pop3.rules

3433N/A-include $RULE_PATH/protocol-dns.rules

3433N/A-include $RULE_PATH/protocol-finger.rules

3433N/A-include $RULE_PATH/protocol-ftp.rules

3433N/A-include $RULE_PATH/protocol-icmp.rules

3433N/A-include $RULE_PATH/protocol-imap.rules

3433N/A-include $RULE_PATH/protocol-nntp.rules

3433N/A-include $RULE_PATH/protocol-pop.rules

3433N/A-include $RULE_PATH/protocol-rpc.rules

3433N/A-include $RULE_PATH/protocol-scada.rules

3433N/A-include $RULE_PATH/protocol-services.rules

3433N/A-include $RULE_PATH/protocol-snmp.rules

3433N/A-include $RULE_PATH/protocol-telnet.rules

3433N/A-include $RULE_PATH/protocol-tftp.rules

3433N/A-include $RULE_PATH/protocol-voip.rules

3433N/A-include $RULE_PATH/pua-adware.rules

3433N/A-include $RULE_PATH/pua-other.rules

3433N/A-include $RULE_PATH/pua-p2p.rules

3433N/A-include $RULE_PATH/pua-toolbars.rules

213N/A-include $RULE_PATH/rpc.rules

213N/A-include $RULE_PATH/rservices.rules

1768N/A-include $RULE_PATH/scada.rules

1768N/A-include $RULE_PATH/scan.rules

3433N/A-include $RULE_PATH/server-apache.rules

3433N/A-include $RULE_PATH/server-iis.rules

3433N/A-include $RULE_PATH/server-mail.rules

3433N/A-include $RULE_PATH/server-mssql.rules

3433N/A-include $RULE_PATH/server-mysql.rules

3433N/A-include $RULE_PATH/server-oracle.rules

3433N/A-include $RULE_PATH/server-other.rules

3433N/A-include $RULE_PATH/server-samba.rules

3433N/A-include $RULE_PATH/server-webapp.rules

1768N/A-include $RULE_PATH/shellcode.rules

1768N/A-include $RULE_PATH/smtp.rules

1768N/A-include $RULE_PATH/snmp.rules

1768N/A-include $RULE_PATH/specific-threats.rules

1768N/A-include $RULE_PATH/spyware-put.rules

1768N/A-include $RULE_PATH/sql.rules

1768N/A-include $RULE_PATH/telnet.rules

213N/A-include $RULE_PATH/tftp.rules

1768N/A-include $RULE_PATH/virus.rules

1768N/A-include $RULE_PATH/voip.rules

1768N/A-include $RULE_PATH/web-activex.rules

1768N/A-include $RULE_PATH/web-attacks.rules

1768N/A-include $RULE_PATH/web-cgi.rules

1768N/A-include $RULE_PATH/web-client.rules

1768N/A-include $RULE_PATH/web-coldfusion.rules

1768N/A-include $RULE_PATH/web-frontpage.rules

1768N/A-include $RULE_PATH/web-iis.rules

1768N/A-include $RULE_PATH/web-misc.rules

1768N/A-include $RULE_PATH/web-php.rules

1768N/A-include $RULE_PATH/x11.rules

3433N/A+# include $RULE_PATH/app-detect.rules

1768N/A+# include $RULE_PATH/attack-responses.rules

1768N/A+# include $RULE_PATH/backdoor.rules

213N/A+# include $RULE_PATH/bad-traffic.rules

1768N/A+# include $RULE_PATH/blacklist.rules

1768N/A+# include $RULE_PATH/botnet-cnc.rules

3433N/A+# include $RULE_PATH/browser-chrome.rules

3433N/A+# include $RULE_PATH/browser-firefox.rules

3433N/A+# include $RULE_PATH/browser-ie.rules

3433N/A+# include $RULE_PATH/browser-other.rules

3433N/A+# include $RULE_PATH/browser-plugins.rules

3433N/A+# include $RULE_PATH/browser-webkit.rules

1768N/A+# include $RULE_PATH/chat.rules

1768N/A+# include $RULE_PATH/content-replace.rules

213N/A+# include $RULE_PATH/ddos.rules

213N/A+# include $RULE_PATH/dns.rules

1768N/A+# include $RULE_PATH/dos.rules

3433N/A+# include $RULE_PATH/experimental.rules

3433N/A+# include $RULE_PATH/exploit-kit.rules

1768N/A+# include $RULE_PATH/exploit.rules

3433N/A+# include $RULE_PATH/file-executable.rules

3433N/A+# include $RULE_PATH/file-flash.rules

3433N/A+# include $RULE_PATH/file-identify.rules

3433N/A+# include $RULE_PATH/file-image.rules

3433N/A+# include $RULE_PATH/file-java.rules

3433N/A+# include $RULE_PATH/file-multimedia.rules

3433N/A+# include $RULE_PATH/file-office.rules

3433N/A+# include $RULE_PATH/file-other.rules

3433N/A+# include $RULE_PATH/file-pdf.rules

1768N/A+# include $RULE_PATH/finger.rules

1768N/A+# include $RULE_PATH/ftp.rules

3433N/A+# include $RULE_PATH/icmp-info.rules

213N/A+# include $RULE_PATH/icmp.rules

1768N/A+# include $RULE_PATH/imap.rules

3433N/A+# include $RULE_PATH/indicator-compromise.rules

3433N/A+# include $RULE_PATH/indicator-obfuscation.rules

3433N/A+# include $RULE_PATH/indicator-scan.rules

3433N/A+# include $RULE_PATH/indicator-shellcode.rules

1768N/A+# include $RULE_PATH/info.rules

3433N/A+# include $RULE_PATH/malware-backdoor.rules

3433N/A+# include $RULE_PATH/malware-cnc.rules

3433N/A+# include $RULE_PATH/malware-other.rules

3433N/A+# include $RULE_PATH/malware-tools.rules

213N/A+# include $RULE_PATH/misc.rules

1768N/A+# include $RULE_PATH/multimedia.rules

213N/A+# include $RULE_PATH/mysql.rules

1768N/A+# include $RULE_PATH/netbios.rules

1768N/A+# include $RULE_PATH/nntp.rules

1768N/A+# include $RULE_PATH/oracle.rules

3433N/A+# include $RULE_PATH/os-linux.rules

3433N/A+# include $RULE_PATH/os-mobile.rules

3433N/A+# include $RULE_PATH/os-other.rules

3433N/A+# include $RULE_PATH/os-solaris.rules

3433N/A+# include $RULE_PATH/os-windows.rules

1768N/A+# include $RULE_PATH/other-ids.rules

1768N/A+# include $RULE_PATH/p2p.rules

1768N/A+# include $RULE_PATH/phishing-spam.rules

3433N/A+# include $RULE_PATH/policy-multimedia.rules

3433N/A+# include $RULE_PATH/policy-other.rules

1768N/A+# include $RULE_PATH/policy.rules

3433N/A+# include $RULE_PATH/policy-social.rules

3433N/A+# include $RULE_PATH/policy-spam.rules

213N/A+# include $RULE_PATH/pop2.rules

213N/A+# include $RULE_PATH/pop3.rules

3433N/A+# include $RULE_PATH/protocol-dns.rules

3433N/A+# include $RULE_PATH/protocol-finger.rules

3433N/A+# include $RULE_PATH/protocol-ftp.rules

3433N/A+# include $RULE_PATH/protocol-icmp.rules

3433N/A+# include $RULE_PATH/protocol-imap.rules

3433N/A+# include $RULE_PATH/protocol-nntp.rules

3433N/A+# include $RULE_PATH/protocol-pop.rules

3433N/A+# include $RULE_PATH/protocol-rpc.rules

3433N/A+# include $RULE_PATH/protocol-scada.rules

3433N/A+# include $RULE_PATH/protocol-services.rules

3433N/A+# include $RULE_PATH/protocol-snmp.rules

3433N/A+# include $RULE_PATH/protocol-telnet.rules

3433N/A+# include $RULE_PATH/protocol-tftp.rules

3433N/A+# include $RULE_PATH/protocol-voip.rules

3433N/A+# include $RULE_PATH/pua-adware.rules

3433N/A+# include $RULE_PATH/pua-other.rules

3433N/A+# include $RULE_PATH/pua-p2p.rules

3433N/A+# include $RULE_PATH/pua-toolbars.rules

1768N/A+# include $RULE_PATH/rpc.rules

1768N/A+# include $RULE_PATH/rservices.rules

1768N/A+# include $RULE_PATH/scada.rules

1768N/A+# include $RULE_PATH/scan.rules

3433N/A+# include $RULE_PATH/server-apache.rules

3433N/A+# include $RULE_PATH/server-iis.rules

3433N/A+# include $RULE_PATH/server-mail.rules

3433N/A+# include $RULE_PATH/server-mssql.rules

3433N/A+# include $RULE_PATH/server-mysql.rules

3433N/A+# include $RULE_PATH/server-oracle.rules

3433N/A+# include $RULE_PATH/server-other.rules

3433N/A+# include $RULE_PATH/server-samba.rules

3433N/A+# include $RULE_PATH/server-webapp.rules

1768N/A+# include $RULE_PATH/shellcode.rules

1768N/A+# include $RULE_PATH/smtp.rules

1768N/A+# include $RULE_PATH/snmp.rules

1768N/A+# include $RULE_PATH/specific-threats.rules

1768N/A+# include $RULE_PATH/spyware-put.rules

1768N/A+# include $RULE_PATH/sql.rules

1768N/A+# include $RULE_PATH/telnet.rules

1768N/A+# include $RULE_PATH/tftp.rules

1768N/A+# include $RULE_PATH/virus.rules

1768N/A+# include $RULE_PATH/voip.rules

1768N/A+# include $RULE_PATH/web-activex.rules

1768N/A+# include $RULE_PATH/web-attacks.rules

1768N/A+# include $RULE_PATH/web-cgi.rules

1768N/A+# include $RULE_PATH/web-client.rules

1768N/A+# include $RULE_PATH/web-coldfusion.rules

1768N/A+# include $RULE_PATH/web-frontpage.rules

1768N/A+# include $RULE_PATH/web-iis.rules

1768N/A+# include $RULE_PATH/web-misc.rules

1768N/A+# include $RULE_PATH/web-php.rules

1768N/A+# include $RULE_PATH/x11.rules

213N/A

1768N/A ###################################################

1768N/A # Step #8: Customize your preprocessor and decoder alerts