Description: Disables rules files not available in Debian package
Author: Javier Fernandez-Sanguino Pen~a <jfs@debian.org>
Origin: vendor
Last-Update: 2012-05-05


--- a/etc/snort.conf
+++ b/etc/snort.conf
@@ -561,115 +561,125 @@
 # can be *very* out of date. For more information please read
 # the /usr/share/doc/snort-rules-default/README.Debian file
 
+#
+# If you install the official VRT Sourcefire rules please review this
+# configuration file and re-enable (remove the comment in the first line) those
+# rules files that are available in your system (in the /etc/snort/rules
+# directory)
+
 # site specific rules
 include $RULE_PATH/local.rules
 
-include $RULE_PATH/app-detect.rules
+#include $RULE_PATH/app-detect.rules
 include $RULE_PATH/attack-responses.rules
 include $RULE_PATH/backdoor.rules
 include $RULE_PATH/bad-traffic.rules
-include $RULE_PATH/blacklist.rules
-include $RULE_PATH/botnet-cnc.rules
-include $RULE_PATH/browser-chrome.rules
-include $RULE_PATH/browser-firefox.rules
-include $RULE_PATH/browser-ie.rules
-include $RULE_PATH/browser-other.rules
-include $RULE_PATH/browser-plugins.rules
-include $RULE_PATH/browser-webkit.rules
+#include $RULE_PATH/blacklist.rules
+#include $RULE_PATH/botnet-cnc.rules
+#include $RULE_PATH/browser-chrome.rules
+#include $RULE_PATH/browser-firefox.rules
+#include $RULE_PATH/browser-ie.rules
+#include $RULE_PATH/browser-other.rules
+#include $RULE_PATH/browser-plugins.rules
+#include $RULE_PATH/browser-webkit.rules
 include $RULE_PATH/chat.rules
-include $RULE_PATH/content-replace.rules
+#include $RULE_PATH/content-replace.rules
 include $RULE_PATH/ddos.rules
 include $RULE_PATH/dns.rules
 include $RULE_PATH/dos.rules
 include $RULE_PATH/experimental.rules
-include $RULE_PATH/exploit-kit.rules
+#include $RULE_PATH/exploit-kit.rules
 include $RULE_PATH/exploit.rules
-include $RULE_PATH/file-executable.rules
-include $RULE_PATH/file-flash.rules
-include $RULE_PATH/file-identify.rules
-include $RULE_PATH/file-image.rules
-include $RULE_PATH/file-java.rules
-include $RULE_PATH/file-multimedia.rules
-include $RULE_PATH/file-office.rules
-include $RULE_PATH/file-other.rules
-include $RULE_PATH/file-pdf.rules
+#include $RULE_PATH/file-executable.rules
+#include $RULE_PATH/file-flash.rules
+#include $RULE_PATH/file-identify.rules
+#include $RULE_PATH/file-image.rules
+#include $RULE_PATH/file-java.rules
+#include $RULE_PATH/file-multimedia.rules
+#include $RULE_PATH/file-office.rules
+#include $RULE_PATH/file-other.rules
+#include $RULE_PATH/file-pdf.rules
 include $RULE_PATH/finger.rules
 include $RULE_PATH/ftp.rules
 include $RULE_PATH/icmp-info.rules
 include $RULE_PATH/icmp.rules
 include $RULE_PATH/imap.rules
-include $RULE_PATH/indicator-compromise.rules
-include $RULE_PATH/indicator-obfuscation.rules
-include $RULE_PATH/indicator-scan.rules
-include $RULE_PATH/indicator-shellcode.rules
+#include $RULE_PATH/indicator-compromise.rules
+#include $RULE_PATH/indicator-obfuscation.rules
+#include $RULE_PATH/indicator-scan.rules
+#include $RULE_PATH/indicator-shellcode.rules
 include $RULE_PATH/info.rules
-include $RULE_PATH/malware-backdoor.rules
-include $RULE_PATH/malware-cnc.rules
-include $RULE_PATH/malware-other.rules
-include $RULE_PATH/malware-tools.rules
+#include $RULE_PATH/malware-backdoor.rules
+#include $RULE_PATH/malware-cnc.rules
+#include $RULE_PATH/malware-other.rules
+#include $RULE_PATH/malware-tools.rules
 include $RULE_PATH/misc.rules
 include $RULE_PATH/multimedia.rules
 include $RULE_PATH/mysql.rules
 include $RULE_PATH/netbios.rules
 include $RULE_PATH/nntp.rules
 include $RULE_PATH/oracle.rules
-include $RULE_PATH/os-linux.rules
-include $RULE_PATH/os-mobile.rules
-include $RULE_PATH/os-other.rules
-include $RULE_PATH/os-solaris.rules
-include $RULE_PATH/os-windows.rules
+#include $RULE_PATH/os-linux.rules
+#include $RULE_PATH/os-mobile.rules
+#include $RULE_PATH/os-other.rules
+#include $RULE_PATH/os-solaris.rules
+#include $RULE_PATH/os-windows.rules
 include $RULE_PATH/other-ids.rules
 include $RULE_PATH/p2p.rules
-include $RULE_PATH/phishing-spam.rules
-include $RULE_PATH/policy-multimedia.rules
-include $RULE_PATH/policy-other.rules
+#include $RULE_PATH/phishing-spam.rules
+#include $RULE_PATH/policy-multimedia.rules
+#include $RULE_PATH/policy-other.rules
 include $RULE_PATH/policy.rules
-include $RULE_PATH/policy-social.rules
-include $RULE_PATH/policy-spam.rules
+#include $RULE_PATH/policy-social.rules
+#include $RULE_PATH/policy-spam.rules
 include $RULE_PATH/pop2.rules
 include $RULE_PATH/pop3.rules
-include $RULE_PATH/protocol-dns.rules
-include $RULE_PATH/protocol-finger.rules
-include $RULE_PATH/protocol-ftp.rules
-include $RULE_PATH/protocol-icmp.rules
-include $RULE_PATH/protocol-imap.rules
-include $RULE_PATH/protocol-nntp.rules
-include $RULE_PATH/protocol-pop.rules
-include $RULE_PATH/protocol-rpc.rules
-include $RULE_PATH/protocol-scada.rules
-include $RULE_PATH/protocol-services.rules
-include $RULE_PATH/protocol-snmp.rules
-include $RULE_PATH/protocol-telnet.rules
-include $RULE_PATH/protocol-tftp.rules
-include $RULE_PATH/protocol-voip.rules
-include $RULE_PATH/pua-adware.rules
-include $RULE_PATH/pua-other.rules
-include $RULE_PATH/pua-p2p.rules
-include $RULE_PATH/pua-toolbars.rules
+#include $RULE_PATH/protocol-dns.rules
+#include $RULE_PATH/protocol-finger.rules
+#include $RULE_PATH/protocol-ftp.rules
+#include $RULE_PATH/protocol-icmp.rules
+#include $RULE_PATH/protocol-imap.rules
+#include $RULE_PATH/protocol-nntp.rules
+#include $RULE_PATH/protocol-pop.rules
+#include $RULE_PATH/protocol-rpc.rules
+#include $RULE_PATH/protocol-scada.rules
+#include $RULE_PATH/protocol-services.rules
+#include $RULE_PATH/protocol-snmp.rules
+#include $RULE_PATH/protocol-telnet.rules
+#include $RULE_PATH/protocol-tftp.rules
+#include $RULE_PATH/protocol-voip.rules
+#include $RULE_PATH/pua-adware.rules
+#include $RULE_PATH/pua-other.rules
+#include $RULE_PATH/pua-p2p.rules
+#include $RULE_PATH/pua-toolbars.rules
 include $RULE_PATH/rpc.rules
 include $RULE_PATH/rservices.rules
-include $RULE_PATH/scada.rules
+#include $RULE_PATH/scada.rules
 include $RULE_PATH/scan.rules
-include $RULE_PATH/server-apache.rules
-include $RULE_PATH/server-iis.rules
-include $RULE_PATH/server-mail.rules
-include $RULE_PATH/server-mssql.rules
-include $RULE_PATH/server-mysql.rules
-include $RULE_PATH/server-oracle.rules
-include $RULE_PATH/server-other.rules
-include $RULE_PATH/server-samba.rules
-include $RULE_PATH/server-webapp.rules
-include $RULE_PATH/shellcode.rules
+#include $RULE_PATH/server-apache.rules
+#include $RULE_PATH/server-iis.rules
+#include $RULE_PATH/server-mail.rules
+#include $RULE_PATH/server-mssql.rules
+#include $RULE_PATH/server-mysql.rules
+#include $RULE_PATH/server-oracle.rules
+#include $RULE_PATH/server-other.rules
+#include $RULE_PATH/server-samba.rules
+#include $RULE_PATH/server-webapp.rules
+#
+# Note: These rules are disable by default as they are
+# too coarse grained. Enabling them causes a large
+# performance impact
+#include $RULE_PATH/shellcode.rules
 include $RULE_PATH/smtp.rules
 include $RULE_PATH/snmp.rules
-include $RULE_PATH/specific-threats.rules
-include $RULE_PATH/spyware-put.rules
+#include $RULE_PATH/specific-threats.rules
+#include $RULE_PATH/spyware-put.rules
 include $RULE_PATH/sql.rules
 include $RULE_PATH/telnet.rules
 include $RULE_PATH/tftp.rules
 include $RULE_PATH/virus.rules
-include $RULE_PATH/voip.rules
-include $RULE_PATH/web-activex.rules
+#include $RULE_PATH/voip.rules
+#include $RULE_PATH/web-activex.rules
 include $RULE_PATH/web-attacks.rules
 include $RULE_PATH/web-cgi.rules
 include $RULE_PATH/web-client.rules
