############################################################################### # # The following parameters are used by compose_IR.cgi to build incident # reports. Modify them to customize compose_IR.cgi for your site. # # Modify this to reflect the location of the sendmail binary on your system. # our $SENDMAIL_CMD = "/usr/sbin/sendmail"; our @IR_HEADING = ( "Righteous Dudes Industries - Network Security Division", "Network Intrusion Incident Report", "Phone: 000-555-1212" ); our $IR_LABEL = "RDI Intrusion Detection Incident Report No.: "; our $IR_TGT_LABEL = "Righteous Dudes Industries Incorporated - Podunk HQ"; # This gets prepended to the incident report sequence number our $IR_SEQNO_PREFIX = "RDI-IDR"; our $MAIL_SUB_PREFIX = ""; our $MAIL_SUB_SUFFIX = "\@ righteousdudes.com"; our $MAIL_SENDER = "From: The Righteous Dudes Team "; our @INCIDENT_TYPES = ( 'Denial of Service Attempt', 'IMAP Connection Attempt', 'Remote Login Attempt', 'RESET Scan', 'SYN/RST Scan', 'FTP Scan', 'Port Scan', 'POP3 Scan', 'SNMP Probe/Scan', 'RPC/Portmap Connection Attempt', 'DNS Zone Transfer Attempt', 'Single System Connection Attempt', 'SOCKS Exploit', 'Informational Report', 'Multiple Target/Port Scan or Connection Attempts', 'Network Mapping Attempt', 'Unknown Probe type', 'ICMP Scan', 'DNS Scan', 'NETBIOS Scan', 'Unknown UDP Event', 'Unknown ICMP Event', 'Unknown TCP Event', 'Possible IP Spoofing Event', ); # our $DEFAULT_INCI_TYPE = 'Informational Report'; # # Define the list of email Incident Report recipients for the raw data: # our $RAW_RECIPIENTS = "nobody\@ists.dartmouth.edu"; # # Define the list of email Incident Report recipients for the obfuscated data: # our $OBF_RECIPIENTS = "nobodyelse\@stsi.dartmouth.edu";