From a0faa39abf475eb976744f8d40ef66b7bba35dd7 Mon Sep 17 00:00:00 2001 From: Ad Schellevis Date: Wed, 1 Jul 2015 11:46:38 +0200 Subject: [PATCH] (ids) add classification and reference configs to template --- .../service/templates/OPNsense/IDS/+TARGETS | 2 + .../OPNsense/IDS/classification.config | 41 +++++++++++++++++++ .../templates/OPNsense/IDS/reference.config | 26 ++++++++++++ 3 files changed, 69 insertions(+) create mode 100644 src/opnsense/service/templates/OPNsense/IDS/classification.config create mode 100644 src/opnsense/service/templates/OPNsense/IDS/reference.config diff --git a/src/opnsense/service/templates/OPNsense/IDS/+TARGETS b/src/opnsense/service/templates/OPNsense/IDS/+TARGETS index 47226255f..e166f6634 100644 --- a/src/opnsense/service/templates/OPNsense/IDS/+TARGETS +++ b/src/opnsense/service/templates/OPNsense/IDS/+TARGETS @@ -3,3 +3,5 @@ rules.config:/usr/local/etc/suricata/rules.config suricata.yaml:/usr/local/etc/suricata/suricata.yaml newsyslog.conf:/etc/newsyslog.conf.d/suricata rule-updater.config:/usr/local/etc/suricata/rule-updater.config +classification.config:/usr/local/etc/suricata/classification.config +reference.config:/usr/local/etc/suricata/reference.config diff --git a/src/opnsense/service/templates/OPNsense/IDS/classification.config b/src/opnsense/service/templates/OPNsense/IDS/classification.config new file mode 100644 index 000000000..750246f54 --- /dev/null +++ b/src/opnsense/service/templates/OPNsense/IDS/classification.config @@ -0,0 +1,41 @@ +# AUTO GENERATED, DO NOT EDIT. +# config classification:shortname,short description,priority +# + +#Traditional classifications. These will be replaced soon + +config classification: not-suspicious,Not Suspicious Traffic,3 +config classification: unknown,Unknown Traffic,3 +config classification: bad-unknown,Potentially Bad Traffic, 2 +config classification: attempted-recon,Attempted Information Leak,2 +config classification: successful-recon-limited,Information Leak,2 +config classification: successful-recon-largescale,Large Scale Information Leak,2 +config classification: attempted-dos,Attempted Denial of Service,2 +config classification: successful-dos,Denial of Service,2 +config classification: attempted-user,Attempted User Privilege Gain,1 +config classification: unsuccessful-user,Unsuccessful User Privilege Gain,1 +config classification: successful-user,Successful User Privilege Gain,1 +config classification: attempted-admin,Attempted Administrator Privilege Gain,1 +config classification: successful-admin,Successful Administrator Privilege Gain,1 +config classification: rpc-portmap-decode,Decode of an RPC Query,2 +config classification: shellcode-detect,Executable Code was Detected,1 +config classification: string-detect,A Suspicious String was Detected,3 +config classification: suspicious-filename-detect,A Suspicious Filename was Detected,2 +config classification: suspicious-login,An Attempted Login Using a Suspicious Username was Detected,2 +config classification: system-call-detect,A System Call was Detected,2 +config classification: tcp-connection,A TCP Connection was Detected,4 +config classification: trojan-activity,A Network Trojan was Detected, 1 +config classification: unusual-client-port-connection,A Client was Using an Unusual Port,2 +config classification: network-scan,Detection of a Network Scan,3 +config classification: denial-of-service,Detection of a Denial of Service Attack,2 +config classification: non-standard-protocol,Detection of a Non-Standard Protocol or Event,2 +config classification: protocol-command-decode,Generic Protocol Command Decode,3 +config classification: web-application-activity,Access to a Potentially Vulnerable Web Application,2 +config classification: web-application-attack,Web Application Attack,1 +config classification: misc-activity,Misc activity,3 +config classification: misc-attack,Misc Attack,2 +config classification: icmp-event,Generic ICMP event,3 +config classification: inappropriate-content,Inappropriate Content was Detected,1 +config classification: policy-violation,Potential Corporate Privacy Violation,1 +config classification: default-login-attempt,Attempt to Login By a Default Username and Password,2 + diff --git a/src/opnsense/service/templates/OPNsense/IDS/reference.config b/src/opnsense/service/templates/OPNsense/IDS/reference.config new file mode 100644 index 000000000..ff4f53ddb --- /dev/null +++ b/src/opnsense/service/templates/OPNsense/IDS/reference.config @@ -0,0 +1,26 @@ +# config reference: system URL + +config reference: bugtraq http://www.securityfocus.com/bid/ +config reference: bid http://www.securityfocus.com/bid/ +config reference: cve http://cve.mitre.org/cgi-bin/cvename.cgi?name= +#config reference: cve http://cvedetails.com/cve/ +config reference: secunia http://www.secunia.com/advisories/ + +#whitehats is unfortunately gone +config reference: arachNIDS http://www.whitehats.com/info/IDS + +config reference: McAfee http://vil.nai.com/vil/content/v_ +config reference: nessus http://cgi.nessus.org/plugins/dump.php3?id= +config reference: url http:// +config reference: et http://doc.emergingthreats.net/ +config reference: etpro http://doc.emergingthreatspro.com/ +config reference: telus http:// +config reference: osvdb http://osvdb.org/show/osvdb/ +config reference: threatexpert http://www.threatexpert.com/report.aspx?md5= +config reference: md5 http://www.threatexpert.com/report.aspx?md5= +config reference: exploitdb http://www.exploit-db.com/exploits/ +config reference: openpacket https://www.openpacket.org/capture/grab/ +config reference: securitytracker http://securitytracker.com/id? +config reference: secunia http://secunia.com/advisories/ +config reference: xforce http://xforce.iss.net/xforce/xfdb/ +config reference: msft http://technet.microsoft.com/security/bulletin/