diff options
Diffstat (limited to 'net/snort3/files')
| -rw-r--r-- | net/snort3/files/homenet.lua | 3 | ||||
| -rw-r--r-- | net/snort3/files/local.lua | 52 | ||||
| -rw-r--r-- | net/snort3/files/snort.config | 1 | ||||
| -rw-r--r-- | net/snort3/files/snort.init | 3 |
4 files changed, 56 insertions, 3 deletions
diff --git a/net/snort3/files/homenet.lua b/net/snort3/files/homenet.lua new file mode 100644 index 000000000..975f70254 --- /dev/null +++ b/net/snort3/files/homenet.lua @@ -0,0 +1,3 @@ +-- setup HOME_NET below with your IP range/ranges to protect +HOME_NET = [[ 192.168.1.0/24 10.1.0.1/24 ]] +EXTERNAL_NET = "!$HOME_NET" diff --git a/net/snort3/files/local.lua b/net/snort3/files/local.lua new file mode 100644 index 000000000..7929388ba --- /dev/null +++ b/net/snort3/files/local.lua @@ -0,0 +1,52 @@ +-- use ths file to customize any functions defined in /etc/snort/snort.lua + +-- switch tap to inline in ips and uncomment the below to run snort in inline mode +--snort = {} +--snort["-Q"] = '' + +ips = { + mode = tap, + -- mode = inline, + variables = default_variables, + -- uncomment and change the below to reflect rules or symlinks to rules on your filesystem + -- include = RULE_PATH .. '/snort.rules', +} + +daq = { + module_dirs = { + '/usr/lib/daq', + }, + modules = { + { + name = 'afpacket', + mode = 'inline', + } + } +} + +alert_syslog = { + level = 'info', +} + +-- To log to a file, uncomment the below and manually create the dir defined in output.logdir +--output.logdir = '/var/log/snort' +--alert_fast = { +-- file = true, +-- packet = false, +--} + +normalizer = { + tcp = { + ips = true, + } +} + +file_policy = { + enable_type = true, + enable_signature = true, + rules = { + use = { + verdict = 'log', enable_file_type = true, enable_file_signature = true + } + } +} diff --git a/net/snort3/files/snort.config b/net/snort3/files/snort.config index 92e42959d..84f5e96d9 100644 --- a/net/snort3/files/snort.config +++ b/net/snort3/files/snort.config @@ -1,4 +1,3 @@ config snort 'snort' option config_dir '/etc/snort/' - option alert_module 'alert_syslog' option interface 'eth0' diff --git a/net/snort3/files/snort.init b/net/snort3/files/snort.init index 4549e26ea..ff864e02b 100644 --- a/net/snort3/files/snort.init +++ b/net/snort3/files/snort.init @@ -9,7 +9,6 @@ PROG=/usr/bin/snort validate_snort_section() { uci_validate_section snort snort "${1}" \ 'config_dir:string' \ - 'alert_module:string' \ 'interface:string' } @@ -22,7 +21,7 @@ start_service() { } procd_open_instance - procd_set_param command $PROG -q --daq-dir /usr/lib/daq/ -i "$interface" -c "$config_dir/snort.lua" -A "$alert_module" + procd_set_param command $PROG -q -i "$interface" -c "${config_dir%/}/snort.lua" --tweaks local procd_set_param env SNORT_LUA_PATH="$config_dir" procd_set_param file $CONFIGFILE procd_set_param respawn |