Update snort.conf

Removing shared object rules that are incompatible with Snort version
2022-01-19 13:31:40 -05:00 · 2022-01-19 13:31:40 -05:00 · 0bab9298d0
commit 0bab9298d0
parent 3f9e541164
1 changed files with 0 additions and 40 deletions
--- a/docker/etc/snort.conf
+++ b/docker/etc/snort.conf
@ -247,9 +247,6 @@ dynamicpreprocessor directory /usr/local/lib/snort_dynamicpreprocessor/
 # path to base preprocessor engine
 dynamicengine /usr/local/lib/snort_dynamicengine/libsf_engine.so

-# path to dynamic rules libraries
-dynamicdetection directory /etc/snort/so_rules
-
 ###################################################
 # Step #5: Configure preprocessors
 # For more information, see the Snort Manual, Configuring Snort - Preprocessors
@ -660,43 +657,6 @@ include $PREPROC_RULE_PATH/sensitive-data.rules
 # For more information, see http://vrt-blog.snort.org/2009/01/using-vrt-certified-shared-object-rules.html
 ###################################################

-# dynamic library rules
-include $SO_RULE_PATH/browser-ie.rules
-include $SO_RULE_PATH/browser-other.rules
-include $SO_RULE_PATH/exploit-kit.rules
-include $SO_RULE_PATH/file-executable.rules
-include $SO_RULE_PATH/file-flash.rules
-include $SO_RULE_PATH/file-image.rules
-include $SO_RULE_PATH/file-java.rules
-include $SO_RULE_PATH/file-multimedia.rules
-include $SO_RULE_PATH/file-office.rules
-include $SO_RULE_PATH/file-other.rules
-include $SO_RULE_PATH/file-pdf.rules
-include $SO_RULE_PATH/indicator-shellcode.rules
-include $SO_RULE_PATH/malware-cnc.rules
-include $SO_RULE_PATH/malware-other.rules
-include $SO_RULE_PATH/netbios.rules
-include $SO_RULE_PATH/os-linux.rules
-include $SO_RULE_PATH/os-other.rules
-include $SO_RULE_PATH/os-windows.rules
-include $SO_RULE_PATH/policy-other.rules
-include $SO_RULE_PATH/policy-social.rules
-include $SO_RULE_PATH/protocol-dns.rules
-include $SO_RULE_PATH/protocol-nntp.rules
-include $SO_RULE_PATH/protocol-other.rules
-include $SO_RULE_PATH/protocol-scada.rules
-include $SO_RULE_PATH/protocol-snmp.rules
-include $SO_RULE_PATH/protocol-tftp.rules
-include $SO_RULE_PATH/protocol-voip.rules
-include $SO_RULE_PATH/pua-p2p.rules
-include $SO_RULE_PATH/server-apache.rules
-include $SO_RULE_PATH/server-iis.rules
-include $SO_RULE_PATH/server-mail.rules
-include $SO_RULE_PATH/server-mysql.rules
-include $SO_RULE_PATH/server-oracle.rules
-include $SO_RULE_PATH/server-other.rules
-include $SO_RULE_PATH/server-webapp.rules
-
 # Event thresholding or suppression commands. See threshold.conf 
 include threshold.conf
 include /root/pcaps/local.rules