Jason Zhao wrote: > > The new webrev is updated, please review it again and tell me your > comments. > http://cr.opensolaris.org/~jxzhao/snort/webrev
usr/src/cmd/snort/Patches/snort.conf.patch - I would keep all these lines and just make them all comments so it is easy for the user to include desired rules files. 40 -include $RULE_PATH/local.rules 41 -include $RULE_PATH/bad-traffic.rules 42 -include $RULE_PATH/exploit.rules 43 -include $RULE_PATH/scan.rules 44 -include $RULE_PATH/finger.rules 45 -include $RULE_PATH/ftp.rules 46 -include $RULE_PATH/telnet.rules 47 -include $RULE_PATH/rpc.rules 48 -include $RULE_PATH/rservices.rules 49 -include $RULE_PATH/dos.rules 50 -include $RULE_PATH/ddos.rules 51 -include $RULE_PATH/dns.rules 52 -include $RULE_PATH/tftp.rules 53 - 54 -include $RULE_PATH/web-cgi.rules 55 -include $RULE_PATH/web-coldfusion.rules 56 -include $RULE_PATH/web-iis.rules 57 -include $RULE_PATH/web-frontpage.rules 58 -include $RULE_PATH/web-misc.rules 59 -include $RULE_PATH/web-client.rules 60 -include $RULE_PATH/web-php.rules 61 - 62 -include $RULE_PATH/sql.rules 63 -include $RULE_PATH/x11.rules 64 -include $RULE_PATH/icmp.rules 65 -include $RULE_PATH/netbios.rules 66 -include $RULE_PATH/misc.rules 67 -include $RULE_PATH/attack-responses.rules 68 -include $RULE_PATH/oracle.rules 69 -include $RULE_PATH/mysql.rules 70 -include $RULE_PATH/snmp.rules 71 - 72 -include $RULE_PATH/smtp.rules 73 -include $RULE_PATH/imap.rules 74 -include $RULE_PATH/pop2.rules 75 -include $RULE_PATH/pop3.rules 76 - 77 -include $RULE_PATH/nntp.rules 78 -include $RULE_PATH/other-ids.rules 79 -# include $RULE_PATH/web-attacks.rules 80 -# include $RULE_PATH/backdoor.rules 81 -# include $RULE_PATH/shellcode.rules 82 -# include $RULE_PATH/policy.rules 83 -# include $RULE_PATH/porn.rules 84 -# include $RULE_PATH/info.rules 85 -# include $RULE_PATH/icmp-info.rules 86 -# include $RULE_PATH/virus.rules 87 -# include $RULE_PATH/chat.rules 88 -# include $RULE_PATH/multimedia.rules 89 -# include $RULE_PATH/p2p.rules 90 -# include $RULE_PATH/spyware-put.rules 91 -# include $RULE_PATH/specific-threats.rules 92 -include $RULE_PATH/experimental.rules 93 - 94 -# include $PREPROC_RULE_PATH/preprocessor.rules 95 -# include $PREPROC_RULE_PATH/decoder.rules 96 - 97 # Include any thresholding or suppression commands. See threshold.conf in the 98 # <snort src>/etc directory for details. Commands don't necessarily need to be 99 # contained in this conf, but a separate conf makes it easier to maintain them. usr/src/pkgdefs/SUNWsnortu/depend -shouldn't SUNWopensslr be included to support when snort is run with ssl libraries? Cheers, Jim
