(ids) add classification and reference configs to template

2026-03-16 01:24:38 +00:00 · 2015-07-01 11:46:38 +02:00 · 2015-07-01 11:46:38 +02:00 · a0faa39abf
commit a0faa39abf
parent 7be9871fa6
3 changed files with 69 additions and 0 deletions
--- a/src/opnsense/service/templates/OPNsense/IDS/+TARGETS
+++ b/src/opnsense/service/templates/OPNsense/IDS/+TARGETS
@ -3,3 +3,5 @@ rules.config:/usr/local/etc/suricata/rules.config
 suricata.yaml:/usr/local/etc/suricata/suricata.yaml
 newsyslog.conf:/etc/newsyslog.conf.d/suricata
 rule-updater.config:/usr/local/etc/suricata/rule-updater.config
+classification.config:/usr/local/etc/suricata/classification.config
+reference.config:/usr/local/etc/suricata/reference.config
--- a/src/opnsense/service/templates/OPNsense/IDS/classification.config
+++ b/src/opnsense/service/templates/OPNsense/IDS/classification.config
@ -0,0 +1,41 @@
+# AUTO GENERATED, DO NOT EDIT.
+# config classification:shortname,short description,priority
+#
+
+#Traditional classifications. These will be replaced soon
+
+config classification: not-suspicious,Not Suspicious Traffic,3
+config classification: unknown,Unknown Traffic,3
+config classification: bad-unknown,Potentially Bad Traffic, 2
+config classification: attempted-recon,Attempted Information Leak,2
+config classification: successful-recon-limited,Information Leak,2
+config classification: successful-recon-largescale,Large Scale Information Leak,2
+config classification: attempted-dos,Attempted Denial of Service,2
+config classification: successful-dos,Denial of Service,2
+config classification: attempted-user,Attempted User Privilege Gain,1
+config classification: unsuccessful-user,Unsuccessful User Privilege Gain,1
+config classification: successful-user,Successful User Privilege Gain,1
+config classification: attempted-admin,Attempted Administrator Privilege Gain,1
+config classification: successful-admin,Successful Administrator Privilege Gain,1
+config classification: rpc-portmap-decode,Decode of an RPC Query,2
+config classification: shellcode-detect,Executable Code was Detected,1
+config classification: string-detect,A Suspicious String was Detected,3
+config classification: suspicious-filename-detect,A Suspicious Filename was Detected,2
+config classification: suspicious-login,An Attempted Login Using a Suspicious Username was Detected,2
+config classification: system-call-detect,A System Call was Detected,2
+config classification: tcp-connection,A TCP Connection was Detected,4
+config classification: trojan-activity,A Network Trojan was Detected, 1
+config classification: unusual-client-port-connection,A Client was Using an Unusual Port,2
+config classification: network-scan,Detection of a Network Scan,3
+config classification: denial-of-service,Detection of a Denial of Service Attack,2
+config classification: non-standard-protocol,Detection of a Non-Standard Protocol or Event,2
+config classification: protocol-command-decode,Generic Protocol Command Decode,3
+config classification: web-application-activity,Access to a Potentially Vulnerable Web Application,2
+config classification: web-application-attack,Web Application Attack,1
+config classification: misc-activity,Misc activity,3
+config classification: misc-attack,Misc Attack,2
+config classification: icmp-event,Generic ICMP event,3
+config classification: inappropriate-content,Inappropriate Content was Detected,1
+config classification: policy-violation,Potential Corporate Privacy Violation,1
+config classification: default-login-attempt,Attempt to Login By a Default Username and Password,2
+
--- a/src/opnsense/service/templates/OPNsense/IDS/reference.config
+++ b/src/opnsense/service/templates/OPNsense/IDS/reference.config
@ -0,0 +1,26 @@
+# config reference: system URL
+
+config reference: bugtraq   http://www.securityfocus.com/bid/
+config reference: bid	    http://www.securityfocus.com/bid/
+config reference: cve       http://cve.mitre.org/cgi-bin/cvename.cgi?name=
+#config reference: cve       http://cvedetails.com/cve/
+config reference: secunia   http://www.secunia.com/advisories/
+
+#whitehats is unfortunately gone
+config reference: arachNIDS http://www.whitehats.com/info/IDS
+
+config reference: McAfee    http://vil.nai.com/vil/content/v_
+config reference: nessus    http://cgi.nessus.org/plugins/dump.php3?id=
+config reference: url       http://
+config reference: et        http://doc.emergingthreats.net/
+config reference: etpro     http://doc.emergingthreatspro.com/
+config reference: telus     http://
+config reference: osvdb     http://osvdb.org/show/osvdb/
+config reference: threatexpert http://www.threatexpert.com/report.aspx?md5=
+config reference: md5	    http://www.threatexpert.com/report.aspx?md5=
+config reference: exploitdb http://www.exploit-db.com/exploits/
+config reference: openpacket https://www.openpacket.org/capture/grab/
+config reference: securitytracker http://securitytracker.com/id?
+config reference: secunia   http://secunia.com/advisories/
+config reference: xforce    http://xforce.iss.net/xforce/xfdb/
+config reference: msft      http://technet.microsoft.com/security/bulletin/