x
Contents
3.6.34
The uricontent Keyword
111
3.7 The Snort Configuration File
112
3.7.1
Using Variables in Rules
112
3.7.2
The config Directives
114
3.7.3
Preprocessor Configuration
116
3.7.4
Output Module Configuration
116
3.7.5
Defining New Action Types
117
3.7.6
Rules Configuration
117
3.7.7
Include Files
117
3.7.8
Sample snort.conf File
118
3.8 Order of Rules Based upon Action
119
3.9 Automatically Updating Snort Rules
120
3.9.1
The Simple Method
120
3.9.2
The Sophisticated and Complex Method
122
3.10 Default Snort Rules and Classes
125
3.10.1
The local.rules File
127
3.11 Sample Default Rules
127
3.11.1
Checking su Attempts from a Telnet Session
127
3.11.2
Checking for Incorrect Login on Telnet Sessions
128
3.12 Writing Good Rules
128
3.13 References 129
Chapter 4
Plugins, Preprocessors and Output Modules
131
4.1 Preprocessors 132
4.1.1
HTTP Decode
133
4.1.2
Port Scanning
134
4.1.3
The frag2 Module
135
4.1.4
The stream4 Module
136
4.1.5
The spade Module
137
4.1.6
ARP Spoofing
138
4.2 Output Modules
139
4.2.1
The alert_syslog Output Module
140
4.2.1
The alert_full Output Module
143
4.2.1
The alert_fast Output Module
143
4.2.1
The alert_smb Module
143
4.2.1
The log_tcpdump Output Module
144
4.2.1
The XML Output Module
146
4.2.1
Logging to Databases
150
4.2.1
CSV Output Module
151
footer
Our partners:
PHP: Hypertext Preprocessor Cheap Web Hosting
JSP Web Hosting
Ontario Web Hosting
Jsp Web Hosting
Cheapest Web Hosting
Java Hosting
Cheapest Hosting
Visionwebhosting.net Business web hosting division of Vision Web Hosting Inc.. All rights reserved