📄 firestorm.conf
字号:
## name: firestorm.conf## version: 0.5.2## rcsid: $Id: firestorm.conf,v 1.84 2003/01/19 13:07:03 scara Exp $## desc: This file is for configuring firestorm### EFFECTIVE_UGID ##################################################### SYNOPSIS: Lower privileges if started as root# SYNTAX: effective_(uid|gid) (uid|gid)# NOTES: Ignored when run unprivileged. Ignored if zero. Firestorm# does not resolve names to numbers...effective_uid 303effective_gid 303########################################################################## FIRESTORM_ROOT ##################################################### SYNOPSIS: Tell firestorm what directory to live in# SYNTAX: capture type args...# NOTES: All paths are relative to this onefirestorm_root /var/firestorm########################################################################## CHROOT ############################################################# SYNOPSIS: Chroot to the working directory during operation# SYNTAX: chroot yes|no# NOTES: Ignored when run unprivileged. If ommitted or left blank# firestorm will default to "yes"chroot yes########################################################################## LOGFILE ############################################################ SYNOPSIS: Daemonise and output debugging messages to a file# SYNTAX: logfile /path/to/logfile# NOTES: If you miss this out, firestorm will run in the foregroundlogfile firestorm.log########################################################################## LOAD_PLUGINS ####################################################### SYNOPSIS: Locate plugins# SYNTAX: load_plugins /path/to/dir# NOTES: Firestorm will NOT recurse directories. Any failures will# be ignored (but complained about). load_plugins /usr/lib/firestorm/captureload_plugins /usr/lib/firestorm/protocolsload_plugins /usr/lib/firestorm/detection########################################################################## LOAD_PLUGIN ######################################################## SYNOPSIS: Locate an individually named plugin# SYNTAX: load_plugins /path/to/plugin.so# NOTES: Loading a plugin individually implicitly requires it. That# is to say, if any load_plugin fails to load, firestorm will# bail. Be careful.#load_plugin /usr/lib/another-plugin.so########################################################################## CAPTURE ############################################################ SYNOPSIS: Tell firestorm where to aquire packets from# SYNTAX: capture type args...# NOTES: You can reference files that live outside the chrootcapture pcap if='any'########################################################################## PREPROCESSOR ####################################################### SYNOPSIS: Initialise a preprocessor# SYNTAX: preprocessor name args...# NOTES: Preprocessors wont run at all unless they are specified# here. Current preprocessors are:# ipfrag : IPv4 defragmentation# tcpstream : TCP stateful inspection / stream reassemblypreprocessor ipfrag mem_hi=1024k mem_lo=768k minttl=0 timeout=30preprocessor tcpstream num_streams=32k num_flows=16k reassemble=yes########################################################################## OUTPUT ############################################################# SYNOPSIS: Configure alert logging parameters# SYNTAX: output size=NN minutes=NN stormwall=(none|wait|fail)# NOTES: This directive can only be specified once. The 'dir'# option is the path of the log directory. The 'minutes'# option specifies an upper bound on the amount of time# between log rotations in minutes. The 'size' directive sets# the maximum size of a logfile before rotating.output dir='log' minutes=60 size=1024k stormwall=none########################################################################## SIGNATURES ######################################################### SYNOPSIS: Loads a signature file# SYNTAX: signatures type filename# NOTES: Available types are "snort"signatures snort ./firestorm.rulessignatures snort ./snort-rules/classification.configsignatures snort ./snort-rules/finger.rulessignatures snort ./snort-rules/virus.rulessignatures snort ./snort-rules/dns.rulessignatures snort ./snort-rules/scan.rulessignatures snort ./snort-rules/x11.rulessignatures snort ./snort-rules/web-frontpage.rulessignatures snort ./snort-rules/shellcode.rulessignatures snort ./snort-rules/web-misc.rulessignatures snort ./snort-rules/policy.rulessignatures snort ./snort-rules/ftp.rulessignatures snort ./snort-rules/sql.rulessignatures snort ./snort-rules/smtp.rulessignatures snort ./snort-rules/web-coldfusion.rulessignatures snort ./snort-rules/web-cgi.rulessignatures snort ./snort-rules/exploit.rulessignatures snort ./snort-rules/rservices.rulessignatures snort ./snort-rules/web-iis.rulessignatures snort ./snort-rules/telnet.rulessignatures snort ./snort-rules/netbios.rulessignatures snort ./snort-rules/attack-responses.rulessignatures snort ./snort-rules/tftp.rulessignatures snort ./snort-rules/web-attacks.rulessignatures snort ./snort-rules/ddos.rulessignatures snort ./snort-rules/dos.rulessignatures snort ./snort-rules/backdoor.rulessignatures snort ./snort-rules/info.rulessignatures snort ./snort-rules/porn.rulessignatures snort ./snort-rules/misc.rulessignatures snort ./snort-rules/bad-traffic.rulessignatures snort ./snort-rules/oracle.rulessignatures snort ./snort-rules/p2p.rulessignatures snort ./snort-rules/chat.rulessignatures snort ./snort-rules/multimedia.rulessignatures snort ./snort-rules/experimental.rulessignatures snort ./snort-rules/imap.rulessignatures snort ./snort-rules/snmp.rulessignatures snort ./snort-rules/web-php.rulessignatures snort ./snort-rules/web-client.rulessignatures snort ./snort-rules/pop3.rulessignatures snort ./snort-rules/mysql.rulessignatures snort ./snort-rules/nntp.rulessignatures snort ./snort-rules/other-ids.rulessignatures snort ./snort-rules/icmp.rules#signatures snort ./snort-rules/icmp-info.rulessignatures snort ./snort-rules/rpc.rules#######################################################################⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -