refactor: Remove WinPcap installation from Install-Snort function

ADORSYS-GIS · Sep 5, 2024 · 01c4fdf · 01c4fdf
1 parent a2e2dfd
commit 01c4fdf
Showing 1 changed file with 105 additions and 105 deletions.
diff --git a/scripts/windows/snort.conf b/scripts/windows/snort.conf
@@ -526,7 +526,7 @@ preprocessor dnp3: ports { 20000 } \
 # output log_unified2: filename snort.log, limit 128, nostamp 
 
 # syslog
-output alert_syslog: LOG_AUTH LOG_ALERT
+#output alert_syslog: LOG_AUTH LOG_ALERT
 
 # pcap
 # output log_tcpdump: tcpdump.log
@@ -546,110 +546,110 @@ include reference.config
 # site specific rules
 include $RULE_PATH\local.rules
 
-include $RULE_PATH\app-detect.rules
-include $RULE_PATH\attack-responses.rules
-include $RULE_PATH\backdoor.rules
-include $RULE_PATH\bad-traffic.rules
-include $RULE_PATH\blacklist.rules
-include $RULE_PATH\botnet-cnc.rules
-include $RULE_PATH\browser-chrome.rules
-include $RULE_PATH\browser-firefox.rules
-include $RULE_PATH\browser-ie.rules
-include $RULE_PATH\browser-other.rules
-include $RULE_PATH\browser-plugins.rules
-include $RULE_PATH\browser-webkit.rules
-include $RULE_PATH\chat.rules
-include $RULE_PATH\content-replace.rules
-include $RULE_PATH\ddos.rules
-include $RULE_PATH\dns.rules
-include $RULE_PATH\dos.rules
-include $RULE_PATH\experimental.rules
-include $RULE_PATH\exploit-kit.rules
-include $RULE_PATH\exploit.rules
-include $RULE_PATH\file-executable.rules
-include $RULE_PATH\file-flash.rules
-include $RULE_PATH\file-identify.rules
-include $RULE_PATH\file-image.rules
-include $RULE_PATH\file-multimedia.rules
-include $RULE_PATH\file-office.rules
-include $RULE_PATH\file-other.rules
-include $RULE_PATH\file-pdf.rules
-include $RULE_PATH\finger.rules
-include $RULE_PATH\ftp.rules
-include $RULE_PATH\icmp-info.rules
-include $RULE_PATH\icmp.rules
-include $RULE_PATH\imap.rules
-include $RULE_PATH\indicator-compromise.rules
-include $RULE_PATH\indicator-obfuscation.rules
-include $RULE_PATH\indicator-shellcode.rules
-include $RULE_PATH\info.rules
-include $RULE_PATH\malware-backdoor.rules
-include $RULE_PATH\malware-cnc.rules
-include $RULE_PATH\malware-other.rules
-include $RULE_PATH\malware-tools.rules
-include $RULE_PATH\misc.rules
-include $RULE_PATH\multimedia.rules
-include $RULE_PATH\mysql.rules
-include $RULE_PATH\netbios.rules
-include $RULE_PATH\nntp.rules
-include $RULE_PATH\oracle.rules
-include $RULE_PATH\os-linux.rules
-include $RULE_PATH\os-other.rules
-include $RULE_PATH\os-solaris.rules
-include $RULE_PATH\os-windows.rules
-include $RULE_PATH\other-ids.rules
-include $RULE_PATH\p2p.rules
-include $RULE_PATH\phishing-spam.rules
-include $RULE_PATH\policy-multimedia.rules
-include $RULE_PATH\policy-other.rules
-include $RULE_PATH\policy.rules
-include $RULE_PATH\policy-social.rules
-include $RULE_PATH\policy-spam.rules
-include $RULE_PATH\pop2.rules
-include $RULE_PATH\pop3.rules
-include $RULE_PATH\protocol-finger.rules
-include $RULE_PATH\protocol-ftp.rules
-include $RULE_PATH\protocol-icmp.rules
-include $RULE_PATH\protocol-imap.rules
-include $RULE_PATH\protocol-pop.rules
-include $RULE_PATH\protocol-services.rules
-include $RULE_PATH\protocol-voip.rules
-include $RULE_PATH\pua-adware.rules
-include $RULE_PATH\pua-other.rules
-include $RULE_PATH\pua-p2p.rules
-include $RULE_PATH\pua-toolbars.rules
-include $RULE_PATH\rpc.rules
-include $RULE_PATH\rservices.rules
-include $RULE_PATH\scada.rules
-include $RULE_PATH\scan.rules
-include $RULE_PATH\server-apache.rules
-include $RULE_PATH\server-iis.rules
-include $RULE_PATH\server-mail.rules
-include $RULE_PATH\server-mssql.rules
-include $RULE_PATH\server-mysql.rules
-include $RULE_PATH\server-oracle.rules
-include $RULE_PATH\server-other.rules
-include $RULE_PATH\server-webapp.rules
-include $RULE_PATH\shellcode.rules
-include $RULE_PATH\smtp.rules
-include $RULE_PATH\snmp.rules
-include $RULE_PATH\specific-threats.rules
-include $RULE_PATH\spyware-put.rules
-include $RULE_PATH\sql.rules
-include $RULE_PATH\telnet.rules
-include $RULE_PATH\tftp.rules
-include $RULE_PATH\virus.rules
-include $RULE_PATH\voip.rules
-include $RULE_PATH\web-activex.rules
-include $RULE_PATH\web-attacks.rules
-include $RULE_PATH\web-cgi.rules
-include $RULE_PATH\web-client.rules
-include $RULE_PATH\web-coldfusion.rules
-include $RULE_PATH\web-frontpage.rules
-include $RULE_PATH\web-iis.rules
-include $RULE_PATH\web-misc.rules
-include $RULE_PATH\web-php.rules
-include $RULE_PATH\x11.rules
+# include $RULE_PATH\app-detect.rules
+# include $RULE_PATH\attack-responses.rules
+# include $RULE_PATH\backdoor.rules
+# include $RULE_PATH\bad-traffic.rules
+# include $RULE_PATH\blacklist.rules
+# include $RULE_PATH\botnet-cnc.rules
+# include $RULE_PATH\browser-chrome.rules
+# include $RULE_PATH\browser-firefox.rules
+# include $RULE_PATH\browser-ie.rules
+# include $RULE_PATH\browser-other.rules
+# include $RULE_PATH\browser-plugins.rules
+# include $RULE_PATH\browser-webkit.rules
+# include $RULE_PATH\chat.rules
+# include $RULE_PATH\content-replace.rules
+# include $RULE_PATH\ddos.rules
+# include $RULE_PATH\dns.rules
+# include $RULE_PATH\dos.rules
+# include $RULE_PATH\experimental.rules
+# include $RULE_PATH\exploit-kit.rules
+# include $RULE_PATH\exploit.rules
+# include $RULE_PATH\file-executable.rules
+# include $RULE_PATH\file-flash.rules
+# include $RULE_PATH\file-identify.rules
+# include $RULE_PATH\file-image.rules
+# include $RULE_PATH\file-multimedia.rules
+# include $RULE_PATH\file-office.rules
+# include $RULE_PATH\file-other.rules
+# include $RULE_PATH\file-pdf.rules
+# include $RULE_PATH\finger.rules
+# include $RULE_PATH\ftp.rules
+# include $RULE_PATH\icmp-info.rules
+# include $RULE_PATH\icmp.rules
+# include $RULE_PATH\imap.rules
+# include $RULE_PATH\indicator-compromise.rules
+# include $RULE_PATH\indicator-obfuscation.rules
+# include $RULE_PATH\indicator-shellcode.rules
+# include $RULE_PATH\info.rules
+# include $RULE_PATH\malware-backdoor.rules
+# include $RULE_PATH\malware-cnc.rules
+# include $RULE_PATH\malware-other.rules
+# include $RULE_PATH\malware-tools.rules
+# include $RULE_PATH\misc.rules
+# include $RULE_PATH\multimedia.rules
+# include $RULE_PATH\mysql.rules
+# include $RULE_PATH\netbios.rules
+# include $RULE_PATH\nntp.rules
+# include $RULE_PATH\oracle.rules
+# include $RULE_PATH\os-linux.rules
+# include $RULE_PATH\os-other.rules
+# include $RULE_PATH\os-solaris.rules
+# include $RULE_PATH\os-windows.rules
+# include $RULE_PATH\other-ids.rules
+# include $RULE_PATH\p2p.rules
+# include $RULE_PATH\phishing-spam.rules
+# include $RULE_PATH\policy-multimedia.rules
+# include $RULE_PATH\policy-other.rules
+# include $RULE_PATH\policy.rules
+# include $RULE_PATH\policy-social.rules
+# include $RULE_PATH\policy-spam.rules
+# include $RULE_PATH\pop2.rules
+# include $RULE_PATH\pop3.rules
+# include $RULE_PATH\protocol-finger.rules
+# include $RULE_PATH\protocol-ftp.rules
+# include $RULE_PATH\protocol-icmp.rules
+# include $RULE_PATH\protocol-imap.rules
+# include $RULE_PATH\protocol-pop.rules
+# include $RULE_PATH\protocol-services.rules
+# include $RULE_PATH\protocol-voip.rules
+# include $RULE_PATH\pua-adware.rules
+# include $RULE_PATH\pua-other.rules
+# include $RULE_PATH\pua-p2p.rules
+# include $RULE_PATH\pua-toolbars.rules
+# include $RULE_PATH\rpc.rules
+# include $RULE_PATH\rservices.rules
+# include $RULE_PATH\scada.rules
+# include $RULE_PATH\scan.rules
+# include $RULE_PATH\server-apache.rules
+# include $RULE_PATH\server-iis.rules
+# include $RULE_PATH\server-mail.rules
+# include $RULE_PATH\server-mssql.rules
+# include $RULE_PATH\server-mysql.rules
+# include $RULE_PATH\server-oracle.rules
+# include $RULE_PATH\server-other.rules
+# include $RULE_PATH\server-webapp.rules
+# include $RULE_PATH\shellcode.rules
+# include $RULE_PATH\smtp.rules
+# include $RULE_PATH\snmp.rules
+# include $RULE_PATH\specific-threats.rules
+# include $RULE_PATH\spyware-put.rules
+# include $RULE_PATH\sql.rules
+# include $RULE_PATH\telnet.rules
+# include $RULE_PATH\tftp.rules
+# include $RULE_PATH\virus.rules
+# include $RULE_PATH\voip.rules
+# include $RULE_PATH\web-activex.rules
+# include $RULE_PATH\web-attacks.rules
+# include $RULE_PATH\web-cgi.rules
+# include $RULE_PATH\web-client.rules
+# include $RULE_PATH\web-coldfusion.rules
+# include $RULE_PATH\web-frontpage.rules
+# include $RULE_PATH\web-iis.rules
+# include $RULE_PATH\web-misc.rules
+# include $RULE_PATH\web-php.rules
+# include $RULE_PATH\x11.rules
 
 ###################################################
 # Step #8: Customize your preprocessor and decoder alerts