24.0 normal pfsense Lab4PurpleSec all system 1998 admins system 1999 0 page-all admin system admins 0 user-shell-access 2 pfSense.css $2y$10$y5p2VjbUMLmNN8TC1hXbpOayKXBA1W9cZGcQ.KO0yiBaAIO9LUqNa 2000 2000 2.pfsense.pool.ntp.org http 68a6f06f6d985 2 pfSense.css 1e3f75; yes 400000 hadp hadp hadp monthly enabled Etc/UTC en_US /usr/local/etc/pfSense/pkg/repos/pfSense-repo-2.7.2.conf 8.8.8.8 1.1.1.1 8.8.4.4 em0 32 dhcp SavedCfg em1 192.168.10.1 24 em2 32 192.168.20.1 24 192.168.10.100 192.168.10.200 hmac-md5 allow 192.168.20.100 192.168.20.200 hmac-md5 allow ::1000 ::2000 disabled medium public 1 500 none rfc5424 192.168.10.110:514 ipv4 enabled automatic wanip 80 inet tcp 192.168.20.105 80 wan 1756053585 1761499766 1756799588 pass wan inet tcp wan opt1 80 1756799588 1761322135 1761322152 pass wan inet tcp wan opt1 443 1761322152 1761322152 1755861407 block wan inet wan lan 1755861407 1761288280 0100000101 pass lan inet lan opt1 1756799738 1756801419 pass lan inet lan wan 1756801419 1756801419 1756799659 pass lan inet lan 1756799659 1756799705 1756801551 pass opt1 inet tcp opt1

192.168.10.104

1514-1515 1756801551 1761288470 1756801576 block opt1 inet opt1 lan 1756801576 1761321141 1756799947 pass opt1 inet46 opt1 1756799947 1761323855 DMZ_WEB01_LIN host

192.168.20.105

DMZ_MS2_LIN host

192.168.20.104

DMZ_MS3_LIN host

192.168.20.106

DMZ_MS3_WIN host

192.168.20.107

LAN_SIEM_LIN host

192.168.10.104

LAN_ATTACK_LIN host

192.168.10.109

LAN_DC01_WIN host

192.168.10.30

LAN_WS01_WIN host

192.168.10.31

*/1 * * * * root /usr/sbin/newsyslog 1 3 * * * root /etc/rc.periodic daily 15 4 * * 6 root /etc/rc.periodic weekly 30 5 1 * * root /etc/rc.periodic monthly 1,31 0-5 * * * root /usr/bin/nice -n20 adjkerntz -a 1 3 1 * * root /usr/bin/nice -n20 /etc/rc.update_bogons.sh 1 1 * * * root /usr/bin/nice -n20 /etc/rc.dyndns.update */60 * * * * root /usr/bin/nice -n20 /usr/local/sbin/expiretable -v -t 3600 virusprot 30 12 * * * root /usr/bin/nice -n20 /etc/rc.update_urltables 1 0 * * * root /usr/bin/nice -n20 /etc/rc.update_pkg_metadata */5 * * * * root /usr/bin/nice -n20 /usr/local/bin/php-cgi -f /usr/local/pkg/suricata/suricata_check_cron_misc.inc */5 * * * * root /usr/bin/nice -n20 /sbin/pfctl -q -t snort2c -T expire 3600 6 0,12 * * * root /usr/bin/nice -n20 /usr/local/bin/php-cgi -f /usr/local/pkg/suricata/suricata_check_for_rule_updates.php left=system-processor&right=&resolution=300&timePeriod=-1d&startDate=&endDate=&startTime=0&endTime=0&graphtype=line&invert=true&refresh-interval=0 system_information:col1:open:0,disks:col1:open:0,interfaces:col2:open:0 10 all all 68a6f06f6d985 transparent 1761760261 wan dynamic WAN_DHCP 1 inet DMZ-WEB01-LIN home.lab 192.168.20.105 68a6f06f6d985 server Cron 0.3.8_3 cron.xml /usr/local/pkg/cron.inc suricata http://suricata-ids.org/ 7.0.8_1 suricata.xml /usr/local/pkg/suricata/suricata.inc on 1 7.0.8_1 off on on off off off off off off off off off off 1h_b 12h_up on off off local1 notice off on 00:06 on off off 10000 336 10000 336 10000 168 10000 168 10000 336 168 1812 168 10000 168 250 336 168 off off disablesid-sample.conf 1755022426 IyBleGFtcGxlIGRpc2FibGVzaWQuY29uZgoKIyBFeGFtcGxlIG9mIG1vZGlmeWluZyBzdGF0ZSBmb3IgaW5kaXZpZHVhbCBydWxlcwojIDE6MTAzNCwxOjk4MzcsMToxMjcwLDE6MzM5MCwxOjcxMCwxOjEyNDksMzoxMzAxMAoKIyBFeGFtcGxlIG9mIG1vZGlmeWluZyBzdGF0ZSBmb3IgcnVsZSByYW5nZXMKIyAxOjIyMC0xOjMyNjQsMzoxMzAxMC0zOjEzMDEzCgojIENvbW1lbnRzIGFyZSBhbGxvd2VkIGluIHRoaXMgZmlsZSwgYW5kIGNhbiBhbHNvIGJlIG9uIHRoZSBzYW1lIGxpbmUKIyBBcyB0aGUgbW9kaWZ5IHN0YXRlIHN5bnRheCwgYXMgbG9uZyBhcyBpdCBpcyBhIHRyYWlsaW5nIGNvbW1lbnQKIyAxOjEwMTEgIyBJIERpc2FibGVkIHRoaXMgcnVsZSBiZWNhdXNlIEkgY291bGQhCgojIEV4YW1wbGUgb2YgbW9kaWZ5aW5nIHN0YXRlIGZvciBNUyBhbmQgY3ZlIHJ1bGVzLCBub3RlIHRoZSB1c2Ugb2YgdGhlIDogCiMgaW4gY3ZlLiBUaGlzIHdpbGwgbW9kaWZ5IE1TMDktMDA4LCBjdmUgMjAwOS0wMjMzLCBidWd0cmFxIDIxMzAxLAojIGFuZCBhbGwgTVMwMCBhbmQgYWxsIGN2ZSAyMDAwIHJlbGF0ZWQgc2lkcyEgIFRoZXNlIHN1cHBvcnQgcmVndWxhciBleHByZXNzaW9uCiMgbWF0Y2hpbmcgb25seSBhZnRlciB5b3UgaGF2ZSBzcGVjaWZpZWQgd2hhdCB5b3UgYXJlIGxvb2tpbmcgZm9yLCBpLmUuIAojIE1TMDAtPHJlZ2V4PiBvciBjdmU6PHJlZ2V4PiwgdGhlIGZpcnN0IHNlY3Rpb24gQ0FOTk9UIGNvbnRhaW4gYSByZWd1bGFyCiMgZXhwcmVzc2lvbiAoTVNcZHsyfS1cZCspIHdpbGwgTk9UIHdvcmssIHVzZSB0aGUgcGNyZToga2V5d29yZCAoYmVsb3cpCiMgZm9yIHRoaXMuCiMgTVMwOS0wMDgsY3ZlOjIwMDktMDIzMyxidWd0cmFxOjIxMzAxLE1TMDAtXGQrLGN2ZToyMDAwLVxkKwoKIyBFeGFtcGxlIG9mIHVzaW5nIHRoZSBwY3JlOiBrZXl3b3JkIHRvIG1vZGlmeSBydWxlc3RhdGUuICB0aGUgcGNyZSBrZXl3b3JkIAojIGFsbG93cyBmb3IgZnVsbCB1c2Ugb2YgcmVndWxhciBleHByZXNzaW9uIHN5bnRheCwgeW91IGRvIG5vdCBuZWVkIHRvIGRlc2lnbmF0ZQojIHdpdGggLyBhbmQgYWxsIHBjcmUgc2VhcmNoZXMgYXJlIHRyZWF0ZWQgYXMgY2FzZSBpbnNlbnNpdGl2ZS4gRm9yIG1vcmUgaW5mb3JtYXRpb24gCiMgYWJvdXQgcmVndWxhciBleHByZXNzaW9uIHN5bnRheDogaHR0cDovL3d3dy5yZWd1bGFyLWV4cHJlc3Npb25zLmluZm8vCiMgVGhlIGZvbGxvd2luZyBleGFtcGxlIG1vZGlmaWVzIHN0YXRlIGZvciBhbGwgTVMwNyB0aHJvdWdoIE1TMTAgCiMgcGNyZTpNUygwWzctOV18MTApLVxkKwojIHBjcmU6Ikpvb21sYSIKCiMgRXhhbXBsZSBvZiBtb2RpZnlpbmcgc3RhdGUgZm9yIHNwZWNpZmljIGNhdGVnb3JpZXMgZW50aXJlbHkuCiMgInNub3J0XyIgbGltaXRzIHRvIFNub3J0IFZSVCBydWxlcywgImVtZXJnaW5nLSIgbGltaXRzIHRvIAojIEVtZXJnaW5nIFRocmVhdHMgT3BlbiBydWxlcywgImV0cHJvLSIgbGltaXRzIHRvIEVULVBSTyBydWxlcy4KIyAic2hlbGxjb2RlIiB3aXRoIG5vIHByZWZpeCB3b3VsZCBtYXRjaCBpbiBhbnkgdmVuZG9yIHNldC4KIyBzbm9ydF93ZWItaWlzLGVtZXJnaW5nLXNoZWxsY29kZSxldHByby1pbWFwLHNoZWxsY29kZQoKIyBBbnkgb2YgdGhlIGFib3ZlIHZhbHVlcyBjYW4gYmUgb24gYSBzaW5nbGUgbGluZSBvciBtdWx0aXBsZSBsaW5lcywgd2hlbiAKIyBvbiBhIHNpbmdsZSBsaW5lIHRoZXkgc2ltcGx5IG5lZWQgdG8gYmUgc2VwYXJhdGVkIGJ5IGEgLAojIDE6OTgzNywxOjIyMC0xOjMyNjQsMzoxMzAxMC0zOjEzMDEzLHBjcmU6TVMoMFswLTddKS1cZCssTVMwOS0wMDgsY3ZlOjIwMDktMDIzMwoKIyBUaGUgbW9kaWZpY2F0aW9ucyBpbiB0aGlzIGZpbGUgYXJlIGZvciBzYW1wbGUvZXhhbXBsZSBwdXJwb3NlcyBvbmx5IGFuZAojIHNob3VsZCBub3QgYWN0aXZlbHkgYmUgdXNlZCwgeW91IG5lZWQgdG8gbW9kaWZ5IHRoaXMgZmlsZSB0byBmaXQgeW91ciAKIyBlbnZpcm9ubWVudC4KCg== dropsid-sample.conf 1755022426 IyBOb3RlOiBUaGlzIGZpbGUgaXMgdXNlZCB0byBzcGVjaWZ5IHdoYXQgcnVsZXMgeW91IHdpc2ggdG8gYmUgc2V0IHRvIGhhdmUKIyBhbiBhY3Rpb24gb2YgZHJvcCByYXRoZXIgdGhhbiBhbGVydC4KCiMgRXhhbXBsZSBvZiBtb2RpZnlpbmcgc3RhdGUgZm9yIGluZGl2aWR1YWwgcnVsZXMKIyAxOjEwMzQsMTo5ODM3LDE6MTI3MCwxOjMzOTAsMTo3MTAsMToxMjQ5LDM6MTMwMTAKCiMgRXhhbXBsZSBvZiBtb2RpZnlpbmcgc3RhdGUgZm9yIHJ1bGUgcmFuZ2VzCiMgMToyMjAtMTozMjY0LDM6MTMwMTAtMzoxMzAxMwoKIyBDb21tZW50cyBhcmUgYWxsb3dlZCBpbiB0aGlzIGZpbGUsIGFuZCBjYW4gYWxzbyBiZSBvbiB0aGUgc2FtZSBsaW5lCiMgQXMgdGhlIG1vZGlmeSBzdGF0ZSBzeW50YXgsIGFzIGxvbmcgYXMgaXQgaXMgYSB0cmFpbGluZyBjb21tZW50CiMgMToxMDExICMgSSBEaXNhYmxlZCB0aGlzIHJ1bGUgYmVjYXVzZSBJIGNvdWxkIQoKIyBFeGFtcGxlIG9mIG1vZGlmeWluZyBzdGF0ZSBmb3IgTVMgYW5kIGN2ZSBydWxlcywgbm90ZSB0aGUgdXNlIG9mIHRoZSA6IAojIGluIGN2ZS4gVGhpcyB3aWxsIG1vZGlmeSBNUzA5LTAwOCwgY3ZlIDIwMDktMDIzMywgYnVndHJhcSAyMTMwMSwKIyBhbmQgYWxsIE1TMDAgYW5kIGFsbCBjdmUgMjAwMCByZWxhdGVkIHNpZHMhICBUaGVzZSBzdXBwb3J0IHJlZ3VsYXIgZXhwcmVzc2lvbgojIG1hdGNoaW5nIG9ubHkgYWZ0ZXIgeW91IGhhdmUgc3BlY2lmaWVkIHdoYXQgeW91IGFyZSBsb29raW5nIGZvciwgaS5lLiAKIyBNUzAwLTxyZWdleD4gb3IgY3ZlOjxyZWdleD4sIHRoZSBmaXJzdCBzZWN0aW9uIENBTk5PVCBjb250YWluIGEgcmVndWxhcgojIGV4cHJlc3Npb24gKE1TXGR7Mn0tXGQrKSB3aWxsIE5PVCB3b3JrLCB1c2UgdGhlIHBjcmU6IGtleXdvcmQgKGJlbG93KQojIGZvciB0aGlzLgojIE1TMDktMDA4LGN2ZToyMDA5LTAyMzMsYnVndHJhcToyMTMwMSxNUzAwLVxkKyxjdmU6MjAwMC1cZCsKCiMgRXhhbXBsZSBvZiB1c2luZyB0aGUgcGNyZToga2V5d29yZCB0byBtb2RpZnkgcnVsZXN0YXRlLiAgdGhlIHBjcmUga2V5d29yZCAKIyBhbGxvd3MgZm9yIGZ1bGwgdXNlIG9mIHJlZ3VsYXIgZXhwcmVzc2lvbiBzeW50YXgsIHlvdSBkbyBub3QgbmVlZCB0byBkZXNpZ25hdGUKIyB3aXRoIC8gYW5kIGFsbCBwY3JlIHNlYXJjaGVzIGFyZSB0cmVhdGVkIGFzIGNhc2UgaW5zZW5zaXRpdmUuIEZvciBtb3JlIGluZm9ybWF0aW9uIAojIGFib3V0IHJlZ3VsYXIgZXhwcmVzc2lvbiBzeW50YXg6IGh0dHA6Ly93d3cucmVndWxhci1leHByZXNzaW9ucy5pbmZvLwojIFRoZSBmb2xsb3dpbmcgZXhhbXBsZSBtb2RpZmllcyBzdGF0ZSBmb3IgYWxsIE1TMDcgdGhyb3VnaCBNUzEwIAojIHBjcmU6TVMoMFs3LTldfDEwKS1cZCsKCiMgVGhlIGZvbGxvd2luZyBleGFtcGxlIG1vZGlmaWVzIHN0YXRlIGZvciBTbm9ydCBWUlQgcnVsZXMgdGFnZ2VkIHdpdGggSVBTIAojIFBvbGljeSBTZWN1cml0eSBhbmQgaXBzIGRyb3AKIyAtLS0tLS0tLS0tLS0tLS0tLQojIHBjcmU6InBjcmU6c2VjdXJpdHktaXBzXHMqZHJvcCIKCiMgRXhhbXBsZSBvZiBtb2RpZnlpbmcgc3RhdGUgZm9yIHNwZWNpZmljIGNhdGVnb3JpZXMgZW50aXJlbHkKIyBWUlQtd2ViLWlpcyxFVC1zaGVsbGNvZGUsRVQtZW1lcmdpbmd0aHJlYXRzLXNtdHAsQ3VzdG9tLXNoZWxsY29kZSxDdXN0b20tZW1lcmdpbmd0aHJlYXRzLXNtdHAKCiMgQW55IG9mIHRoZSBhYm92ZSB2YWx1ZXMgY2FuIGJlIG9uIGEgc2luZ2xlIGxpbmUgb3IgbXVsdGlwbGUgbGluZXMsIHdoZW4gCiMgb24gYSBzaW5nbGUgbGluZSB0aGV5IHNpbXBseSBuZWVkIHRvIGJlIHNlcGFyYXRlZCBieSBhICwKIyAxOjk4MzcsMToyMjAtMTozMjY0LDM6MTMwMTAtMzoxMzAxMyxwY3JlOk1TKDBbMC03XSktXGQrLE1TMDktMDA4LGN2ZToyMDA5LTAyMzMKCiMgVGhlIG1vZGlmaWNhdGlvbnMgaW4gdGhpcyBmaWxlIGFyZSBmb3Igc2FtcGxlL2V4YW1wbGUgcHVycG9zZXMgb25seSBhbmQKIyBzaG91bGQgbm90IGFjdGl2ZWx5IGJlIHVzZWQsIHlvdSBuZWVkIHRvIG1vZGlmeSB0aGlzIGZpbGUgdG8gZml0IHlvdXIgCiMgZW52aXJvbm1lbnQuCg== enablesid-sample.conf 1755022426 IyBleGFtcGxlIGVuYWJsZXNpZC5jb25mCgojIEV4YW1wbGUgb2YgbW9kaWZ5aW5nIHN0YXRlIGZvciBpbmRpdmlkdWFsIHJ1bGVzCiMgMToxMDM0LDE6OTgzNywxOjEyNzAsMTozMzkwLDE6NzEwLDE6MTI0OSwzOjEzMDEwCgojIEV4YW1wbGUgb2YgbW9kaWZ5aW5nIHN0YXRlIGZvciBydWxlIHJhbmdlcwojIDE6MjIwLTE6MzI2NCwzOjEzMDEwLTM6MTMwMTMKCiMgQ29tbWVudHMgYXJlIGFsbG93ZWQgaW4gdGhpcyBmaWxlLCBhbmQgY2FuIGFsc28gYmUgb24gdGhlIHNhbWUgbGluZQojIEFzIHRoZSBtb2RpZnkgc3RhdGUgc3ludGF4LCBhcyBsb25nIGFzIGl0IGlzIGEgdHJhaWxpbmcgY29tbWVudAojIDE6MTAxMSAjIEkgRGlzYWJsZWQgdGhpcyBydWxlIGJlY2F1c2UgSSBjb3VsZCEKCiMgRXhhbXBsZSBvZiBtb2RpZnlpbmcgc3RhdGUgZm9yIE1TIGFuZCBjdmUgcnVsZXMsIG5vdGUgdGhlIHVzZSBvZiB0aGUgOiAKIyBpbiBjdmUuIFRoaXMgd2lsbCBtb2RpZnkgTVMwOS0wMDgsIGN2ZSAyMDA5LTAyMzMsIGJ1Z3RyYXEgMjEzMDEsCiMgYW5kIGFsbCBNUzAwIGFuZCBhbGwgY3ZlIDIwMDAgcmVsYXRlZCBzaWRzISAgVGhlc2Ugc3VwcG9ydCByZWd1bGFyIGV4cHJlc3Npb24KIyBtYXRjaGluZyBvbmx5IGFmdGVyIHlvdSBoYXZlIHNwZWNpZmllZCB3aGF0IHlvdSBhcmUgbG9va2luZyBmb3IsIGkuZS4gCiMgTVMwMC08cmVnZXg+IG9yIGN2ZTo8cmVnZXg+LCB0aGUgZmlyc3Qgc2VjdGlvbiBDQU5OT1QgY29udGFpbiBhIHJlZ3VsYXIKIyBleHByZXNzaW9uIChNU1xkezJ9LVxkKykgd2lsbCBOT1Qgd29yaywgdXNlIHRoZSBwY3JlOiBrZXl3b3JkIChiZWxvdykKIyBmb3IgdGhpcy4KIyBNUzA5LTAwOCxjdmU6MjAwOS0wMjMzLGJ1Z3RyYXE6MjEzMDEsTVMwMC1cZCssY3ZlOjIwMDAtXGQrCgojIEV4YW1wbGUgb2YgdXNpbmcgdGhlIHBjcmU6IGtleXdvcmQgdG8gbW9kaWZ5IHJ1bGVzdGF0ZS4gIHRoZSBwY3JlIGtleXdvcmQgCiMgYWxsb3dzIGZvciBmdWxsIHVzZSBvZiByZWd1bGFyIGV4cHJlc3Npb24gc3ludGF4LCB5b3UgZG8gbm90IG5lZWQgdG8gZGVzaWduYXRlCiMgd2l0aCAvIGFuZCBhbGwgcGNyZSBzZWFyY2hlcyBhcmUgdHJlYXRlZCBhcyBjYXNlIGluc2Vuc2l0aXZlLiBGb3IgbW9yZSBpbmZvcm1hdGlvbiAKIyBhYm91dCByZWd1bGFyIGV4cHJlc3Npb24gc3ludGF4OiBodHRwOi8vd3d3LnJlZ3VsYXItZXhwcmVzc2lvbnMuaW5mby8KIyBUaGUgZm9sbG93aW5nIGV4YW1wbGUgbW9kaWZpZXMgc3RhdGUgZm9yIGFsbCBNUzA3IHRocm91Z2ggTVMxMCAKIyBwY3JlOk1TKDBbNy05XXwxMCktXGQrCiMgcGNyZToiSm9vbWxhIgoKIyBFeGFtcGxlIG9mIG1vZGlmeWluZyBzdGF0ZSBmb3Igc3BlY2lmaWMgY2F0ZWdvcmllcyBlbnRpcmVseS4KIyAic25vcnRfIiBsaW1pdHMgdG8gU25vcnQgVlJUIHJ1bGVzLCAiZW1lcmdpbmctIiBsaW1pdHMgdG8gCiMgRW1lcmdpbmcgVGhyZWF0cyBPcGVuIHJ1bGVzLCAiZXRwcm8tIiBsaW1pdHMgdG8gRVQtUFJPIHJ1bGVzLgojICJzaGVsbGNvZGUiIHdpdGggbm8gcHJlZml4IHdvdWxkIG1hdGNoIGluIGFueSB2ZW5kb3Igc2V0LgojIHNub3J0X3dlYi1paXMsZW1lcmdpbmctc2hlbGxjb2RlLGV0cHJvLWltYXAsc2hlbGxjb2RlCgojIEFueSBvZiB0aGUgYWJvdmUgdmFsdWVzIGNhbiBiZSBvbiBhIHNpbmdsZSBsaW5lIG9yIG11bHRpcGxlIGxpbmVzLCB3aGVuIAojIG9uIGEgc2luZ2xlIGxpbmUgdGhleSBzaW1wbHkgbmVlZCB0byBiZSBzZXBhcmF0ZWQgYnkgYSAsCiMgMTo5ODM3LDE6MjIwLTE6MzI2NCwzOjEzMDEwLTM6MTMwMTMscGNyZTpNUygwWzAtN10pLVxkKyxNUzA5LTAwOCxjdmU6MjAwOS0wMjMzCgo= modifysid-sample.conf 1755022426 IyBleGFtcGxlIG1vZGlmeXNpZC5jb25mCiMKIyBmb3JtYXR0aW5nIGlzIHNpbXBsZQojIDxzaWQsIGNhdGVnb3J5LCBsaXN0IG9mIHNpZHMmY2F0ZWdvcmllcz4gIndoYXQgSSdtIHJlcGxhY2luZyIgIndoYXQgSSdtIHJlcGxhY2luZyBpdCB3aXRoIgojCiMgTm90ZSB0aGF0IHRoaXMgd2lsbCBvbmx5IHdvcmsgd2l0aCBHSUQ6MSBydWxlcywgc2ltcGx5IGJlY2F1c2UgbW9kaWZ5aW5nCiMgR0lEOjMgU08gc3R1YiBydWxlcyB3b3VsZCBub3QgYWN0dWFsbHkgYWZmZWN0IHRoZSBydWxlLgojCiMgSWYgeW91IGFyZSBhdHRlbXB0aW5nIHRvIGNoYW5nZSBydWxlc3RhdGUgKGVuYWJsZSxkaXNhYmxlKSBmcm9tIGhlcmUKIyB0aGVuIHlvdSBhcmUgZG9pbmcgaXQgd3JvbmcuIERvIHRoaXMgZnJvbSB3aXRoaW4gdGhlIHJlc3BlY3RpdmUgCiMgcnVsZXN0YXRlIG1vZGlmaWNhdGlvbiBjb25maWd1cmF0aW9uIGZpbGVzLgoKIyB0aGUgZm9sbG93aW5nIGFwcGxpZXMgdG8gc2lkIDEwMDEwIG9ubHkgYW5kIHJlcHJlc2VudHMgd2hhdCB3b3VsZCBub3JtYWxseQojIGJlIHMvdG9fY2xpZW50L2Zyb21fc2VydmVyLwojIDEwMDEwICJ0b19jbGllbnQiICJmcm9tX3NlcnZlciIKCiMgdGhlIGZvbGxvd2luZyB3b3VsZCByZXBsYWNlIEhUVFBfUE9SVFMgd2l0aCBIVFRQU19QT1JUUyBmb3IgQUxMIEdJRDoxCiMgcnVsZXMKIyAiSFRUUF9QT1JUUyIgIkhUVFBTX1BPUlRTIgoKIyBtdWx0aXBsZSBzaWRzIGNhbiBiZSBzcGVjaWZpZWQgYXMgbm90ZWQgYmVsb3c6CiMgMzAyLDQyOSwxODIxICIkRVhURVJOQUxfTkVUIiAiJEhPTUVfTkVUIgoKIyBtb2RpZnkgYWxsIHNpZ25hdHVyZXMgaW4gYSBjYXRlZ29yeS4gRXhhbXBsZTogcmVwbGFjZSAiJEVYVEVSTkFMX05FVFMiIHdpdGggImFueSIgdG8gYmUgYWxlcnRzIG9uIGluc2lkZXIgdGhyZWF0cyBhcyB3ZWxsCiMgZW1lcmdpbmctc2NhbiAiJEVYVEVSTkFMX05FVCIgImFueSIKCiMgbW9kaWZ5IGFsbCBzaWduYXR1cmVzIGluIG11bHRpcGxlIGNhdGVnb3JpZXMKIyBlbWVyZ2luZy1zY2FuLGVtZXJnaW5nLXNxbCAiJEVYVEVSTkFMX05FVCIgImFueSIKCiMgbW9kaWZ5IGFsbCBzaWduYXR1cmVzIGZvciBhIGNhdGVnb3J5IGFuZCBzcGVjaWZpYyBTSURzIGZyb20gb3RoZXIgY2F0ZWdvcmllcwojIGVtZXJnaW5nLXNxbCwyMTAwNjkxLDIwMDk4MTcgIiRFWFRFUk5BTF9ORVQiICJhbnkiCg== wan on 62796 off 32 100 alerts off off off 10 off on on off on off on on off off off off off regular regular autofp hash 1024 3000 1518 medium auto auto auto off ips_mode_legacy auto on off off both default default default default off local0 notice on regular syslog notice no on on on on on off extra-data reverse X-Forwarded-For off off on on off all off off off on off on off off off on on on on on off on on off off off off on off off off off on on on on on off off off off off off accept, accept-charset, accept-datetime, accept-encoding, accept-language, accept-range, age, allow, authorization, cache-control, connection, content-encoding, content-language, content-length, content-location, content-md5, content-range, content-type, cookie, date, dnt, etags, from, last-modified, link, location, max-forwards, origin, pragma, proxy-authenticate, proxy-authorization, range, referrer, refresh, retry-after, server, set-cookie, te, trailer, transfer-encoding, upgrade, vary, via, warning, www-authenticate, x-authenticated-user, x-flash-version, x-forwarded-proto, x-requested-with bcc, received, reply-to, x-mailer, x-originating-ip off none on off on 127.0.0.1 6379 list suricata 65535 60 33554432 ignore 65535 65536 134217728 ignore 10000 65536 30 5 60 3600 120 10 300 20 30 300 10 100 30 300 10 100 268435456 32768 131217728 1048576 2560 2560 5 off ignore ignore ignore off off off off ignore 256 yes yes yes 16777216 524288 500 yes yes 53 53 yes yes on yes 67108864 yes yes detection-only yes yes detection-only yes yes no yes yes yes yes yes yes off on on on off yes yes yes yes yes 443 default off off 33554432 4096 1000 default all bsd default all IDS 4096 4096 no no no 18432 emerging-attack_response.rules||emerging-botcc.portgrouped.rules||emerging-botcc.rules||ftp-events.rules||http-events.rules||emerging-coinminer.rules||http2-events.rules||emerging-compromised.rules||kerberos-events.rules||emerging-exploit.rules||smb-events.rules||smtp-events.rules||ssh-events.rules||emerging-ftp.rules||emerging-hunting.rules||emerging-icmp.rules||emerging-malware.rules||emerging-p2p.rules||emerging-phishing.rules||emerging-remote_access.rules||emerging-scan.rules||emerging-shellcode.rules||emerging-sql.rules||emerging-telnet.rules||emerging-tftp.rules||emerging-tor.rules||emerging-user_agents.rules||emerging-web_client.rules||emerging-web_server.rules||app-layer-events.rules||decoder-events.rules||dhcp-events.rules||dnp3-events.rules||dns-events.rules||files.rules||ipsec-events.rules||modbus-events.rules||mqtt-events.rules||nfs-events.rules||ntp-events.rules||quic-events.rules||rfb-events.rules||stream-events.rules||tls-events.rules off on lan on 3885 off 32 100 alerts off off off 10 off on on off on off on on off off off off off regular regular autofp hash 1024 3000 1518 medium auto auto auto off ips_mode_legacy auto on off off both default default default default off local0 notice on regular syslog notice no on on on off off off extra-data reverse X-Forwarded-For off off on on off all off off off on off on off off off on on on on on off off on off off off off on off off off on off on on on on off off off off off off accept, accept-charset, accept-datetime, accept-encoding, accept-language, accept-range, age, allow, authorization, cache-control, connection, content-encoding, content-language, content-length, content-location, content-md5, content-range, content-type, cookie, date, dnt, etags, from, last-modified, link, location, max-forwards, origin, pragma, proxy-authenticate, proxy-authorization, range, referrer, refresh, retry-after, server, set-cookie, te, trailer, transfer-encoding, upgrade, vary, via, warning, www-authenticate, x-authenticated-user, x-flash-version, x-forwarded-proto, x-requested-with bcc, received, reply-to, x-mailer, x-originating-ip off none on off on 127.0.0.1 6379 list suricata 65535 60 33554432 ignore 65535 65536 134217728 ignore 10000 65536 30 5 60 3600 120 10 300 20 30 300 10 100 30 300 10 100 268435456 32768 131217728 1048576 2560 2560 5 off ignore ignore ignore off off off off ignore 256 yes yes yes 16777216 524288 500 yes yes 53 53 yes yes on yes 67108864 yes yes detection-only yes yes detection-only yes yes no yes yes yes yes yes yes off on on on off yes yes yes yes yes 443 default off off 33554432 4096 1000 default all bsd default all IDS 4096 4096 no no no 18432 emerging-attack_response.rules||emerging-botcc.portgrouped.rules||emerging-botcc.rules||ftp-events.rules||http-events.rules||emerging-coinminer.rules||http2-events.rules||emerging-compromised.rules||kerberos-events.rules||emerging-exploit.rules||smb-events.rules||smtp-events.rules||ssh-events.rules||emerging-ftp.rules||emerging-hunting.rules||emerging-icmp.rules||emerging-malware.rules||emerging-p2p.rules||emerging-phishing.rules||emerging-remote_access.rules||emerging-scan.rules||emerging-shellcode.rules||emerging-sql.rules||emerging-telnet.rules||emerging-tftp.rules||emerging-tor.rules||emerging-user_agents.rules||emerging-web_client.rules||emerging-web_server.rules||app-layer-events.rules||decoder-events.rules||dhcp-events.rules||dnp3-events.rules||dns-events.rules||files.rules||ipsec-events.rules||modbus-events.rules||mqtt-events.rules||nfs-events.rules||ntp-events.rules||quic-events.rules||rfb-events.rules||stream-events.rules||tls-events.rules off on opt1 on 63833 off 32 100 alerts off off off 10 off on on off on off on on off off off off off regular regular autofp hash 1024 3000 1518 medium auto auto auto off ips_mode_legacy auto on off off both default default default default off local0 notice on regular syslog notice no on on on off off off extra-data reverse X-Forwarded-For off off on off off all off off off on off on off off off on on on on on off off on off off off off on off off off on off on on on on off off on off off off accept, accept-charset, accept-datetime, accept-encoding, accept-language, accept-range, age, allow, authorization, cache-control, connection, content-encoding, content-language, content-length, content-location, content-md5, content-range, content-type, cookie, date, dnt, etags, from, last-modified, link, location, max-forwards, origin, pragma, proxy-authenticate, proxy-authorization, range, referrer, refresh, retry-after, server, set-cookie, te, trailer, transfer-encoding, upgrade, vary, via, warning, www-authenticate, x-authenticated-user, x-flash-version, x-forwarded-proto, x-requested-with bcc, received, reply-to, x-mailer, x-originating-ip off none on off on 127.0.0.1 6379 list suricata 65535 60 33554432 ignore 65535 65536 134217728 ignore 10000 65536 30 5 60 3600 120 10 300 20 30 300 10 100 30 300 10 100 268435456 32768 131217728 1048576 2560 2560 5 off ignore ignore ignore off off off off ignore 256 yes yes yes 16777216 524288 500 yes yes 53 53 yes yes on yes 67108864 yes yes detection-only yes yes detection-only yes yes no yes yes yes yes yes yes off on on on off yes yes yes yes yes 443 default off off 33554432 4096 1000 default all bsd default all IDS 4096 4096 no no no 18432 app-layer-events.rules||decoder-events.rules||dhcp-events.rules||emerging-attack_response.rules||dnp3-events.rules||emerging-botcc.portgrouped.rules||dns-events.rules||emerging-botcc.rules||files.rules||ftp-events.rules||http-events.rules||emerging-coinminer.rules||http2-events.rules||emerging-compromised.rules||ipsec-events.rules||kerberos-events.rules||modbus-events.rules||mqtt-events.rules||nfs-events.rules||ntp-events.rules||quic-events.rules||rfb-events.rules||emerging-exploit.rules||smb-events.rules||smtp-events.rules||emerging-file_sharing.rules||ssh-events.rules||emerging-ftp.rules||stream-events.rules||tls-events.rules||emerging-hunting.rules||emerging-icmp.rules||emerging-info.rules||emerging-malware.rules||emerging-netbios.rules||emerging-p2p.rules||emerging-phishing.rules||emerging-remote_access.rules||emerging-scan.rules||emerging-shellcode.rules||emerging-smtp.rules||emerging-snmp.rules||emerging-sql.rules||emerging-telnet.rules||emerging-tftp.rules||emerging-tor.rules||emerging-user_agents.rules||emerging-web_client.rules||emerging-web_server.rules off on Suricata Configure Suricata settings

Services

/suricata/suricata_interfaces.php Cron

Services

cron.xml /packages/cron/cron.php suricata suricata.sh suricata isc ssh_host_rsa_key ssh_host_rsa_key.pub FZG3kptQAAB7f8X1jE0UoOJm/Mgi59Q9kkCIHAR8vc/b7Gy9y1L/nhf4BX7gSPOCPH7mhPg/BeAA7sc8cIRIMFu0qmFpuzdeJ84mGp97cGqlohXHYQKZMLeyiotBtggP4ipnGQImIdfemT6VoamUNumbP63a0Vm+I05pejvMreFfqOgy9fbpAl+Nt5Ilq87XUHmSsDcTXSQJ2nuwahO5OCMfZXfauRVY7TpEgMdh9doxyYBkMPpZ1DR+2Iaa3p9j4TKjMaHHh1PWYqgwVjMxtJdkeWwIhBkONndoCXvZO5/qm6lxhyc24J0b+G4SN3QFzHogo2w6NZoLZXQm6gR9ka+4frJjGUwKdQzLqy+RZwnyDMXfkUQ1utZF2hPCadeLJqTw1RPgpydANq4Anvj2mdksfLx64irn6yJ2kZcY+qSAiIcPx6yFNMHsc35R6IXom+4uwlUxQSuSXEUbxEN0MfqqxHnO60TxwbwciCJEYXzt7WAlyJY9TGXrcDYZArV2+ipvZhLJtU09sEnEUvQeoxkJGIGCRk62ZCt7U9HuyJNmifdnMRdmo8S5EJKKmVVpiGRr5814zeiaQyx2Oz6sRdANK5bKXDsNfX9wbr9N+8WgoxeqqD8oNMWE2vvAXqOAeVVyZ1wDO2n5dlN+psKNrmJ0sgssNVzOqtOysul2TCuSSicl4egyJVkfnl6f56qrTrptcY9AHOkSUHVw6s6goOBEztW3fSdFNOZ66s3deF1sAeZelrurvbwNLloOqW78fH9/zcOw/h2rpeyX8g2zP/XQlX/gPMJf/wA= ssh_host_ed25519_key ssh_host_ed25519_key.pub Ky7O0E1NMTI1NbRUcAQCZ2O/qkRnw5woF09DvxBXU5CYp3NBboG7p3GxmWOal5FlgG9STpFxQYi7Y7p2mXaOr79nqpNZfrh3YlB6YZVCUX5+iUNBWnFqXnFqTmKSXkZ+bqpeYlFBIhcA