Changeset 1659

Show
Ignore:
Timestamp:
11/13/06 01:03:49 (2 years ago)
Author:
mbr
Message:

Added the ENABLE_INTF_LOCAL_NETS variable

Files:

Legend:

Unmodified
Added
Removed
Modified
Copied
Moved

  • psad/branches/sigdevel/psad.conf

    r1653 r1659  
    2828HOSTNAME                    _CHANGEME_; 
    2929 
    30 ### Specify the home network.  This variable is used to identify 
    31 ### traffic that matches snort rules in the iptables FORWARD chain. 
    32 ### Traffic that is directed to, or originates from, the firewall 
    33 ### itself (i.e. in the INPUT or OUTPUT chains respectively) is 
    34 ### treated as traffic to or from the HOME_NET by default and hence 
    35 ### even if the HOME_NET variable is not defined, psad will still 
    36 ### be able to detect matching scans.  A syslog and email warning 
    37 ### message will be generated if this variable is not defined. 
    38 ### Normally the network(s) specified here should match a directly 
    39 ### network(s) on the local machine.  Multiple networks are supported 
    40 ### as a comma separated list.  The network(s) should be specified 
    41 ### in CIDR notation.  The following two lines provide example 
    42 ### definitions for the HOME_NET variable.  NOTE: The HOME_NET 
    43 ### variable is not used if there is only one network interface on 
    44 ### the system (i.e. no traffic will be logged via iptables through 
    45 ### the FORWARD chain).  If there is only one network interface on 
    46 ### the box, then just set this variable to "NOT_USED". 
     30### Specify the home and external networks.  Note that by default the 
     31### ENABLE_INTF_LOCAL_NETS is enabled, so psad automatically detects 
     32### all of the directly connected subnets and uses this information as 
     33#@@ the HOME_NET variable. 
    4734HOME_NET                    any; 
    4835EXTERNAL_NET                any; 
    49  
    50 ### List of servers.  Fwsnort supports the same variable resolution as 
    51 #### Snort. 
    52 HTTP_SERVERS                $HOME_NET; 
    53 SMTP_SERVERS                $HOME_NET; 
    54 DNS_SERVERS                 $HOME_NET; 
    55 SQL_SERVERS                 $HOME_NET; 
    56 TELNET_SERVERS              $HOME_NET; 
    57  
    58 #### AOL AIM server nets 
    59 AIM_SERVERS                 [64.12.24.0/24, 64.12.25.0/24, 64.12.26.14/24, 64.12.28.0/24, 64.12.29.0/24, 64.12.161.0/24, 64.12.163.0/24, 205.188.5.0/24, 205.188.9.0/24]; 
    60  
    61 ### Configurable port numbers 
    62 HTTP_PORTS                  80; 
    63 SHELLCODE_PORTS             !80; 
    64 ORACLE_PORTS                1521; 
    6536 
    6637### Firewall message search strings.  NOTE: the FW_MSG_SEARCH variable 
     
    154125EMAIL_ALERT_DANGER_LEVEL    1; 
    155126 
     127### Treat all subnets on local interfaces as part of HOME_NET (this 
     128### means that these networks do not have to be manually defined) 
     129ENABLE_INTF_LOCAL_NETS      Y; 
     130 
    156131### Include MAC addresses in email alert 
    157132ENABLE_MAC_ADDR_REPORTING   N; 
     
    210185### in DShield email alerts). 
    211186DSHIELD_DL_THRESHOLD        0; 
     187 
     188### List of servers.  Fwsnort supports the same variable resolution as 
     189#### Snort. 
     190HTTP_SERVERS                $HOME_NET; 
     191SMTP_SERVERS                $HOME_NET; 
     192DNS_SERVERS                 $HOME_NET; 
     193SQL_SERVERS                 $HOME_NET; 
     194TELNET_SERVERS              $HOME_NET; 
     195 
     196#### AOL AIM server nets 
     197AIM_SERVERS                 [64.12.24.0/24, 64.12.25.0/24, 64.12.26.14/24, 64.12.28.0/24, 64.12.29.0/24, 64.12.161.0/24, 64.12.163.0/24, 205.188.5.0/24, 205.188.9.0/24]; 
     198 
     199### Configurable port numbers 
     200HTTP_PORTS                  80; 
     201SHELLCODE_PORTS             !80; 
     202ORACLE_PORTS                1521; 
    212203 
    213204### If "Y", enable automated IDS response (auto manages