Snort Konfiguration

• # $Id: snort.xml,v 1.2 2002/09/07 10:52:41 spenneb Exp spenneb $

• #

• var HOME_NET 192.168.111.0/24

• var EXTERNAL_NET any

• var DNS_SERVERS 192.168.111.53

• var INCLUDEPATH ./

• # Verwende Interface eth0

• config interface: eth0

• # Verwende einen anderen Benutzerkontext

• config set_gid: snort

• config set_uid: snort

• Preprocessor frag2

• Preprocessor stream4

• Preprocessor http_decode: 80 8080

• Preprocessor portscan: $HOME_NET 4 2 portscan.log

• Preprocessor portscan_ignorehosts: $DNS_SERVERS

• Output log_tcpdump: binary.log

• Output alert_syslog: LOG_AUTH LOG_ALERT

• Output database: log, mysql, user=snortuser dbname=snortdb host=localhost

• Include $INCLUDEPATH/rules.conf