Правило для Snort в режиме IPS для блокировки Command Injection: preprocesso

1. Правило для Snort в режиме IPS для блокировки Command Injection:
2.  
3. preprocessor normalize_ip4
4. preprocessor normalize_tcp: ips ecn stream
5. preprocessor normalize_icmp4
6. preprocessor normalize_ip6
7. preprocessor normalize_icmp6
8.  
9. config policy_mode:inline
10.  
11. config daq: afpacket
12. config daq_mode: inline
13. config daq_var: buffer_size_mb=1024
14.  
15. var HOME_NET 192.168.10.0/24
16. var EXTERNAL_NET !$HOME_NET
17.  
18. drop tcp $EXTERNAL_NET any -> $HOME_NET 80 (msg: "command injection"; sid: 100; pcre: "/[&|;]+/")
19. drop tcp $EXTERNAL_NET any -> $HOME_NET 80 (msg: "command injection"; sid: 101; pcre: "/%26|%7C|%3B/i")