forked from snort3/snort3
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathconfig_changes.txt
346 lines (346 loc) · 16.2 KB
/
config_changes.txt
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
change -> attribute_table: 'STREAM_POLICY' ==> 'hosts: tcp_policy'
change -> attribute_table: 'filename <file_name>' ==> 'hosts[]'
change -> config 'addressspace_agnostic' ==> 'packets.address_space_agnostic'
change -> config 'checksum_mode' ==> 'network.checksum_eval'
change -> config 'daq_dir' ==> 'daq.module_dirs'
change -> config 'detection_filter' ==> 'alerts.detection_filter_memcap'
change -> config 'enable_deep_teredo_inspection' ==> 'udp.deep_teredo_inspection'
change -> config 'event_filter' ==> 'alerts.event_filter_memcap'
change -> config 'max_attribute_hosts' ==> 'attribute_table.max_hosts'
change -> config 'max_attribute_services_per_host' ==> 'attribute_table.max_services_per_host'
change -> config 'nopcre' ==> 'detection.pcre_enable'
change -> config 'pkt_count' ==> 'packets.limit'
change -> config 'rate_filter' ==> 'alerts.rate_filter_memcap'
change -> config 'react' ==> 'react.page'
change -> config 'threshold' ==> 'alerts.event_filter_memcap'
change -> converter: 'gen_id' ==> 'gid'
change -> converter: 'sid_id' ==> 'sid'
change -> csv: 'csv' ==> 'fields'
change -> csv: 'dgmlen' ==> 'pkt_len'
change -> csv: 'dst' ==> 'dst_addr'
change -> csv: 'dstport' ==> 'dst_port'
change -> csv: 'ethdst' ==> 'eth_dst'
change -> csv: 'ethlen' ==> 'eth_len'
change -> csv: 'ethsrc' ==> 'eth_src'
change -> csv: 'ethtype' ==> 'eth_type'
change -> csv: 'icmpcode' ==> 'icmp_code'
change -> csv: 'icmpid' ==> 'icmp_id'
change -> csv: 'icmpseq' ==> 'icmp_seq'
change -> csv: 'icmptype' ==> 'icmp_type'
change -> csv: 'id' ==> 'ip_id'
change -> csv: 'iplen' ==> 'ip_len'
change -> csv: 'sig_generator' ==> 'gid'
change -> csv: 'sig_id' ==> 'sid'
change -> csv: 'sig_rev' ==> 'rev'
change -> csv: 'src' ==> 'src_addr'
change -> csv: 'srcport' ==> 'src_port'
change -> csv: 'tcpack' ==> 'tcp_ack'
change -> csv: 'tcpflags' ==> 'tcp_flags'
change -> csv: 'tcplen' ==> 'tcp_len'
change -> csv: 'tcpseq' ==> 'tcp_seq'
change -> csv: 'tcpwindow' ==> 'tcp_win'
change -> csv: 'udplength' ==> 'udp_len'
change -> daq: 'config daq:' ==> 'name'
change -> daq_mode: 'config daq_mode:' ==> 'mode'
change -> daq_var: 'config daq_var:' ==> 'variables'
change -> detection: 'ac' ==> 'ac_full'
change -> detection: 'ac-banded' ==> 'ac_banded'
change -> detection: 'ac-bnfa' ==> 'ac_bnfa'
change -> detection: 'ac-bnfa-nq' ==> 'ac_bnfa'
change -> detection: 'ac-bnfa-q' ==> 'ac_bnfa'
change -> detection: 'ac-nq' ==> 'ac_full'
change -> detection: 'ac-q' ==> 'ac_full'
change -> detection: 'ac-sparsebands' ==> 'ac_sparse_bands'
change -> detection: 'ac-split' ==> 'ac_full'
change -> detection: 'ac-split' ==> 'split_any_any'
change -> detection: 'ac-std' ==> 'ac_std'
change -> detection: 'acs' ==> 'ac_sparse'
change -> detection: 'bleedover-port-limit' ==> 'bleedover_port_limit'
change -> detection: 'debug-print-fast-pattern' ==> 'show_fast_patterns'
change -> detection: 'intel-cpm' ==> 'hyperscan'
change -> detection: 'lowmem-nq' ==> 'lowmem'
change -> detection: 'lowmem-q' ==> 'lowmem'
change -> detection: 'max-pattern-len' ==> 'max_pattern_len'
change -> detection: 'no_stream_inserts' ==> 'detect_raw_tcp'
change -> detection: 'search-method' ==> 'search_method'
change -> detection: 'search-optimize' ==> 'search_optimize'
change -> detection: 'split-any-any' ==> 'split_any_any = true by default'
change -> detection: 'split-any-any' ==> 'split_any_any'
change -> dnp3: 'ports' ==> 'bindings'
change -> dns: 'ports' ==> 'bindings'
change -> dynamicdetection ==> 'snort.--plugin_path=<path>'
change -> dynamicengine ==> 'snort.--plugin_path=<path>'
change -> dynamicpreprocessor ==> 'snort.--plugin_path=<path>'
change -> dynamicsidechannel ==> 'snort.--plugin_path=<path>'
change -> event_filter: 'gen_id' ==> 'gid'
change -> event_filter: 'sig_id' ==> 'sid'
change -> event_filter: 'threshold' ==> 'event_filter'
change -> file: 'config file: file_block_timeout' ==> 'block_timeout'
change -> file: 'config file: file_capture_block_size' ==> 'capture_block_size'
change -> file: 'config file: file_capture_max' ==> 'capture_max_size'
change -> file: 'config file: file_capture_memcap' ==> 'capture_memcap'
change -> file: 'config file: file_capture_min' ==> 'capture_min_size'
change -> file: 'config file: file_type_depth' ==> 'type_depth'
change -> file: 'config file: signature' ==> 'enable_signature'
change -> file: 'config file: type_id' ==> 'enable_type'
change -> file: 'ver' ==> 'version'
change -> frag3_engine: 'min_fragment_length' ==> 'min_frag_length'
change -> frag3_engine: 'overlap_limit' ==> 'max_overlaps'
change -> frag3_engine: 'policy bsd-right' ==> 'policy = bsd_right'
change -> frag3_engine: 'timeout' ==> 'session_timeout'
change -> ftp_telnet_protocol: 'alt_max_param_len' ==> 'cmd_validity'
change -> ftp_telnet_protocol: 'data_chan' ==> 'ignore_data_chan'
change -> ftp_telnet_protocol: 'ports' ==> 'bindings'
change -> gtp: 'ports' ==> 'bindings'
change -> http_inspect_server: 'bare_byte' ==> 'utf8_bare_byte'
change -> http_inspect_server: 'client_flow_depth' ==> 'request_depth'
change -> http_inspect_server: 'double_decode' ==> 'iis_double_decode'
change -> http_inspect_server: 'http_inspect_server' ==> 'http_inspect'
change -> http_inspect_server: 'iis_backslash' ==> 'backslash_to_slash'
change -> http_inspect_server: 'inspect_gzip' ==> 'unzip'
change -> http_inspect_server: 'non_rfc_char' ==> 'bad_characters'
change -> http_inspect_server: 'ports' ==> 'bindings'
change -> http_inspect_server: 'u_encode' ==> 'percent_u'
change -> http_inspect_server: 'utf_8' ==> 'utf8'
change -> imap: 'ports' ==> 'bindings'
change -> modbus: 'ports' ==> 'bindings'
change -> na_policy_mode: 'na_policy_mode' ==> 'mode'
change -> paf_max: 'paf_max [0:63780]' ==> 'max_pdu [1460:32768]'
change -> perfmonitor: 'console' ==> 'format = 'text''
change -> perfmonitor: 'console' ==> 'output = 'console''
change -> perfmonitor: 'file' ==> 'format = 'csv''
change -> perfmonitor: 'file' ==> 'output = 'file''
change -> perfmonitor: 'flow-file' ==> 'format = 'csv''
change -> perfmonitor: 'flow-file' ==> 'output = 'file''
change -> perfmonitor: 'flow-ip' ==> 'flow_ip'
change -> perfmonitor: 'flow-ip-file' ==> 'format = 'csv''
change -> perfmonitor: 'flow-ip-file' ==> 'output = 'file''
change -> perfmonitor: 'flow-ip-memcap' ==> 'flow_ip_memcap'
change -> perfmonitor: 'flow-ports' ==> 'flow_ports'
change -> perfmonitor: 'pktcnt' ==> 'packets'
change -> perfmonitor: 'snortfile' ==> 'format = 'csv''
change -> perfmonitor: 'snortfile' ==> 'output = 'file''
change -> perfmonitor: 'time' ==> 'seconds'
change -> policy_mode: 'inline_test' ==> 'inline-test'
change -> pop: 'ports' ==> 'bindings'
change -> ppm: 'fastpath-expensive-packets' ==> 'packet.fastpath'
change -> ppm: 'max-pkt-time' ==> 'packet.max_time'
change -> ppm: 'max-rule-time' ==> 'rule.max_time'
change -> ppm: 'ppm' ==> 'latency'
change -> ppm: 'suspend-expensive-rules' ==> 'rule.suspend'
change -> ppm: 'suspend-timeout' ==> 'max_suspend_time'
change -> ppm: 'threshold' ==> 'rule.suspend_threshold'
change -> preprocessor 'normalize_icmp4' ==> 'normalize.icmp4'
change -> preprocessor 'normalize_icmp6' ==> 'normalize.icmp6'
change -> preprocessor 'normalize_ip6' ==> 'normalize.ip6'
change -> profile: 'print' ==> 'count'
change -> profile: 'sort avg_ticks' ==> 'sort = avg_check'
change -> profile: 'sort total_ticks' ==> 'sort = total_time'
change -> rate_filter: 'gen_id' ==> 'gid'
change -> rate_filter: 'sig_id' ==> 'sid'
change -> reputation: 'shared_mem' ==> 'list_dir'
change -> sfportscan: 'proto' ==> 'protos'
change -> sfportscan: 'scan_type' ==> 'scan_types'
change -> sip: 'ports' ==> 'bindings'
change -> smtp: 'ports' ==> 'bindings'
change -> ssh: 'server_ports' ==> 'bindings'
change -> ssl: 'ports' ==> 'bindings'
change -> stream5_global: 'max_active_responses' ==> 'max_responses'
change -> stream5_global: 'min_response_seconds' ==> 'min_interval'
change -> stream5_global: 'tcp_cache_nominal_timeout' ==> 'idle_timeout'
change -> stream5_global: 'udp_cache_nominal_timeout' ==> 'idle_timeout'
change -> stream5_ha: 'min_session_lifetime' ==> 'min_age'
change -> stream5_ha: 'min_sync_interval' ==> 'min_sync'
change -> stream5_ha: 'stream5_ha' ==> 'high_availability'
change -> stream5_ha: 'use_daq' ==> 'daq_channel'
change -> stream5_ip: 'timeout' ==> 'session_timeout'
change -> stream5_tcp: 'bind_to' ==> 'bindings'
change -> stream5_tcp: 'dont_reassemble_async' ==> 'reassemble_async'
change -> stream5_tcp: 'max_queued_bytes' ==> 'queue_limit.max_bytes'
change -> stream5_tcp: 'max_queued_segs' ==> 'queue_limit.max_segments'
change -> stream5_tcp: 'policy hpux' ==> 'stream_tcp.policy = hpux11'
change -> stream5_tcp: 'timeout' ==> 'session_timeout'
change -> stream5_udp: 'timeout' ==> 'session_timeout'
change -> suppress: 'gen_id' ==> 'gid'
change -> suppress: 'sig_id' ==> 'sid'
change -> syslog: 'log_alert' ==> 'level = alert'
change -> syslog: 'log_auth' ==> 'facility = auth'
change -> syslog: 'log_authpriv' ==> 'facility = authpriv'
change -> syslog: 'log_cons' ==> 'options = cons'
change -> syslog: 'log_crit' ==> 'level = crit'
change -> syslog: 'log_daemon' ==> 'facility = daemon'
change -> syslog: 'log_debug' ==> 'level = debug'
change -> syslog: 'log_emerg' ==> 'level = emerg'
change -> syslog: 'log_err' ==> 'level = err'
change -> syslog: 'log_info' ==> 'level = info'
change -> syslog: 'log_local0' ==> 'facility = local0'
change -> syslog: 'log_local1' ==> 'facility = local1'
change -> syslog: 'log_local2' ==> 'facility = local2'
change -> syslog: 'log_local3' ==> 'facility = local3'
change -> syslog: 'log_local4' ==> 'facility = local4'
change -> syslog: 'log_local5' ==> 'facility = local5'
change -> syslog: 'log_local6' ==> 'facility = local6'
change -> syslog: 'log_local7' ==> 'facility = local7'
change -> syslog: 'log_ndelay' ==> 'options = ndelay'
change -> syslog: 'log_notice' ==> 'level = notice'
change -> syslog: 'log_perror' ==> 'options = perror'
change -> syslog: 'log_pid' ==> 'options = pid'
change -> syslog: 'log_user' ==> 'facility = user'
change -> syslog: 'log_warning' ==> 'level = warning'
change -> threshold: 'ips_option: threshold' ==> 'event_filter'
change -> unified2: 'alert_unified2' ==> 'unified2'
change -> unified2: 'log_unified2' ==> 'unified2'
change -> unified2: 'unified2' ==> 'unified2'
deleted -> arpspoof: 'unicast'
deleted -> attribute_table: '<FRAG_POLICY>hpux</FRAG_POLICY>'
deleted -> attribute_table: '<FRAG_POLICY>irix</FRAG_POLICY>'
deleted -> attribute_table: '<FRAG_POLICY>old-linux</FRAG_POLICY>'
deleted -> attribute_table: '<FRAG_POLICY>unknown</FRAG_POLICY>'
deleted -> attribute_table: '<STREAM_POLICY>noack</STREAM_POLICY>'
deleted -> attribute_table: '<STREAM_POLICY>unknown</STREAM_POLICY>'
deleted -> config 'cs_dir'
deleted -> config 'decode_data_link'
deleted -> config 'disable_attribute_reload_thread'
deleted -> config 'disable_decode_alerts'
deleted -> config 'disable_decode_drops'
deleted -> config 'disable_inline_init_failopen'
deleted -> config 'disable_ipopt_alerts'
deleted -> config 'disable_ipopt_drops'
deleted -> config 'disable_tcpopt_alerts'
deleted -> config 'disable_tcpopt_drops'
deleted -> config 'disable_tcpopt_experimental_alerts'
deleted -> config 'disable_tcpopt_experimental_drops'
deleted -> config 'disable_tcpopt_obsolete_alerts'
deleted -> config 'disable_tcpopt_obsolete_drops'
deleted -> config 'disable_tcpopt_ttcp_alerts'
deleted -> config 'disable_ttcp_alerts'
deleted -> config 'disable_ttcp_drops'
deleted -> config 'dump_dynamic_rules_path'
deleted -> config 'dynamicoutput'
deleted -> config 'enable_decode_drops'
deleted -> config 'enable_decode_oversized_alerts'
deleted -> config 'enable_decode_oversized_drops'
deleted -> config 'enable_gtp'
deleted -> config 'enable_ipopt_drops'
deleted -> config 'enable_tcpopt_drops'
deleted -> config 'enable_tcpopt_experimental_drops'
deleted -> config 'enable_tcpopt_obsolete_drops'
deleted -> config 'enable_tcpopt_ttcp_drops'
deleted -> config 'enable_ttcp_drops'
deleted -> config 'flexresp2_attempts'
deleted -> config 'flexresp2_interface'
deleted -> config 'flexresp2_memcap'
deleted -> config 'flexresp2_rows'
deleted -> config 'flowbits_size'
deleted -> config 'include_vlan_in_alerts'
deleted -> config 'interface'
deleted -> config 'layer2resets'
deleted -> config 'log_ipv6_extra_data'
deleted -> config 'no_promisc'
deleted -> config 'nolog'
deleted -> config 'protected_content'
deleted -> config 'sfalert_unified2'
deleted -> config 'sflog_unified2'
deleted -> config 'sidechannel'
deleted -> config 'so_rule_memcap'
deleted -> csv: '<filename> can no longer be specific'
deleted -> csv: 'default'
deleted -> csv: 'trheader'
deleted -> detection: 'mwm'
deleted -> dnp3: 'disabled'
deleted -> dnp3: 'memcap'
deleted -> dns: 'enable_experimental_types'
deleted -> dns: 'enable_obsolete_types'
deleted -> dns: 'enable_rdata_overflow'
deleted -> event_trace: 'file'
deleted -> fast: '<filename> can no longer be specific'
deleted -> frag3_engine: 'detect_anomalies'
deleted -> frag3_global: 'disabled'
deleted -> ftp_telnet_protocol: 'detect_anomalies'
deleted -> full: '<filename> can no longer be specific'
deleted -> http_inspect: 'detect_anomalous_servers'
deleted -> http_inspect: 'disabled'
deleted -> http_inspect: 'proxy_alert'
deleted -> http_inspect_server: 'allow_proxy_use'
deleted -> http_inspect_server: 'enable_cookie'
deleted -> http_inspect_server: 'enable_xff'
deleted -> http_inspect_server: 'extended_ascii_uri'
deleted -> http_inspect_server: 'extended_response_inspection'
deleted -> http_inspect_server: 'iis_unicode_map not allowed in sever'
deleted -> http_inspect_server: 'inspect_uri_only'
deleted -> http_inspect_server: 'log_hostname'
deleted -> http_inspect_server: 'log_uri'
deleted -> http_inspect_server: 'no_alerts'
deleted -> http_inspect_server: 'no_pipeline_req'
deleted -> http_inspect_server: 'non_strict'
deleted -> http_inspect_server: 'normalize_cookies'
deleted -> http_inspect_server: 'normalize_headers'
deleted -> http_inspect_server: 'small_chunk_length'
deleted -> http_inspect_server: 'tab_uri_delimiter'
deleted -> http_inspect_server: 'unlimited_decompress'
deleted -> imap: 'disabled'
deleted -> imap: 'max_mime_mem'
deleted -> imap: 'memcap'
deleted -> perfmonitor: 'accumulate'
deleted -> perfmonitor: 'atexitonly'
deleted -> perfmonitor: 'atexitonly: base-stats'
deleted -> perfmonitor: 'atexitonly: events-stats'
deleted -> perfmonitor: 'atexitonly: flow-ip-stats'
deleted -> perfmonitor: 'atexitonly: flow-stats'
deleted -> perfmonitor: 'atexitonly: reset'
deleted -> perfmonitor: 'events'
deleted -> perfmonitor: 'max'
deleted -> pop: 'disabled'
deleted -> pop: 'max_mime_mem'
deleted -> pop: 'memcap'
deleted -> ppm: 'debug-pkts'
deleted -> reputation: 'shared_max_instances'
deleted -> reputation: 'shared_refresh'
deleted -> rpc_decode: 'alert_fragments'
deleted -> rpc_decode: 'no_alert_incomplete'
deleted -> rpc_decode: 'no_alert_large_fragments'
deleted -> rpc_decode: 'no_alert_multiple_requests'
deleted -> rule_state: 'action'
deleted -> rule_state: 'enable'
deleted -> sfportscan: 'detect_ack_scans'
deleted -> sfportscan: 'disabled'
deleted -> sfportscan: 'logfile'
deleted -> sfportscan: 'sense_level'
deleted -> sip: 'disabled'
deleted -> sip: 'max_sessions'
deleted -> smtp: 'alert_unknown_cmds'
deleted -> smtp: 'disabled'
deleted -> smtp: 'enable_mime_decoding'
deleted -> smtp: 'inspection_type'
deleted -> smtp: 'max_mime_depth'
deleted -> smtp: 'max_mime_mem'
deleted -> smtp: 'memcap'
deleted -> smtp: 'no_alerts'
deleted -> smtp: 'print_cmds'
deleted -> ssh: 'autodetect'
deleted -> ssh: 'enable_badmsgdir'
deleted -> ssh: 'enable_paysize'
deleted -> ssh: 'enable_protomismatch'
deleted -> ssh: 'enable_recognition'
deleted -> ssh: 'enable_respoverflow'
deleted -> ssh: 'enable_srvoverflow'
deleted -> ssh: 'enable_ssh1crc32'
deleted -> ssl: 'noinspect_encrypted'
deleted -> stream5_global: 'disabled'
deleted -> stream5_global: 'flush_on_alert'
deleted -> stream5_global: 'memcap'
deleted -> stream5_global: 'no_midstream_drop_alerts'
deleted -> stream5_tcp: 'check_session_hijacking'
deleted -> stream5_tcp: 'detect_anomalies'
deleted -> stream5_tcp: 'dont_store_large_packets'
deleted -> stream5_tcp: 'ignore_any_rules'
deleted -> stream5_tcp: 'log_asymmetric_traffic'
deleted -> stream5_tcp: 'policy noack'
deleted -> stream5_tcp: 'policy unknown'
deleted -> stream5_udp: 'ignore_any_rules'
deleted -> tcpdump: '<filename> can no longer be specific'
deleted -> test: 'file'
deleted -> test: 'stdout'
deleted -> unified2: 'filename'
deleted -> unified2: 'mpls_event_types'
deleted -> unified2: 'vlan_event_types'