Update snort.conf

Removing shared object rules that are incompatible with Snort version
This commit is contained in:
The Talos Group at Cisco 2022-01-19 13:31:40 -05:00 committed by GitHub
parent 3f9e541164
commit 0bab9298d0
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23

View File

@ -247,9 +247,6 @@ dynamicpreprocessor directory /usr/local/lib/snort_dynamicpreprocessor/
# path to base preprocessor engine # path to base preprocessor engine
dynamicengine /usr/local/lib/snort_dynamicengine/libsf_engine.so dynamicengine /usr/local/lib/snort_dynamicengine/libsf_engine.so
# path to dynamic rules libraries
dynamicdetection directory /etc/snort/so_rules
################################################### ###################################################
# Step #5: Configure preprocessors # Step #5: Configure preprocessors
# For more information, see the Snort Manual, Configuring Snort - Preprocessors # For more information, see the Snort Manual, Configuring Snort - Preprocessors
@ -660,43 +657,6 @@ include $PREPROC_RULE_PATH/sensitive-data.rules
# For more information, see http://vrt-blog.snort.org/2009/01/using-vrt-certified-shared-object-rules.html # For more information, see http://vrt-blog.snort.org/2009/01/using-vrt-certified-shared-object-rules.html
################################################### ###################################################
# dynamic library rules
include $SO_RULE_PATH/browser-ie.rules
include $SO_RULE_PATH/browser-other.rules
include $SO_RULE_PATH/exploit-kit.rules
include $SO_RULE_PATH/file-executable.rules
include $SO_RULE_PATH/file-flash.rules
include $SO_RULE_PATH/file-image.rules
include $SO_RULE_PATH/file-java.rules
include $SO_RULE_PATH/file-multimedia.rules
include $SO_RULE_PATH/file-office.rules
include $SO_RULE_PATH/file-other.rules
include $SO_RULE_PATH/file-pdf.rules
include $SO_RULE_PATH/indicator-shellcode.rules
include $SO_RULE_PATH/malware-cnc.rules
include $SO_RULE_PATH/malware-other.rules
include $SO_RULE_PATH/netbios.rules
include $SO_RULE_PATH/os-linux.rules
include $SO_RULE_PATH/os-other.rules
include $SO_RULE_PATH/os-windows.rules
include $SO_RULE_PATH/policy-other.rules
include $SO_RULE_PATH/policy-social.rules
include $SO_RULE_PATH/protocol-dns.rules
include $SO_RULE_PATH/protocol-nntp.rules
include $SO_RULE_PATH/protocol-other.rules
include $SO_RULE_PATH/protocol-scada.rules
include $SO_RULE_PATH/protocol-snmp.rules
include $SO_RULE_PATH/protocol-tftp.rules
include $SO_RULE_PATH/protocol-voip.rules
include $SO_RULE_PATH/pua-p2p.rules
include $SO_RULE_PATH/server-apache.rules
include $SO_RULE_PATH/server-iis.rules
include $SO_RULE_PATH/server-mail.rules
include $SO_RULE_PATH/server-mysql.rules
include $SO_RULE_PATH/server-oracle.rules
include $SO_RULE_PATH/server-other.rules
include $SO_RULE_PATH/server-webapp.rules
# Event thresholding or suppression commands. See threshold.conf # Event thresholding or suppression commands. See threshold.conf
include threshold.conf include threshold.conf
include /root/pcaps/local.rules include /root/pcaps/local.rules