blob: a889246771e0ace9aef89bd4df49cfb5e9f1c2be (
plain)
1 --- src/config.h 2012-09-01 07:53:25.000000000 +0200
2 +++ src/config.h.new 2012-09-05 09:08:37.099387176 +0200
3 @@ -35,10 +35,10 @@
4
5 /* Default paths to runtime files: */
6
7 -#define ASSETS_DIR "assets"
8 +#define ASSETS_DIR "/usr/share/skipfish/assets"
9
10 /* Default signature file */
11 -#define SIG_FILE "signatures/signatures.conf"
12 +#define SIG_FILE "/usr/share/skipfish/signatures/signatures.conf"
13
14 /* Various default settings for HTTP client (cmdline override): */
15
16
17 --- signatures/signatures.conf 2012-09-01 07:53:25.000000000 +0200
18 +++ signatures/signatures.conf.new 2012-09-05 09:09:10.027968510 +0200
19 @@ -6,23 +6,23 @@
20 # The mime signatures warn about server responses that have an interesting
21 # mime. For example anything that is presented as php-source will likely
22 # be interesting
23 -include signatures/mime.sigs
24 +include /usr/share/skipfish/signatures/mime.sigs
25
26 # The files signature will use the content to determine if a response
27 # is an interesting file. For example, a SVN file.
28 -include signatures/files.sigs
29 +include /usr/share/skipfish/signatures/files.sigs
30
31 # The messages signatures look for interesting server messages. Most
32 # are based on errors, such as caused by incorrect SQL queries or PHP
33 # execution failures.
34 -include signatures/messages.sigs
35 +include /usr/share/skipfish/signatures/messages.sigs
36
37 # The apps signatures will help to find pages and applications who's
38 # functionality is a security risk by default. For example, phpinfo()
39 # pages that leak information or CMS admin interfaces.
40 -include signatures/apps.sigs
41 +include /usr/share/skipfish/signatures/apps.sigs
42
43 # Context signatures are linked to injection tests. They look for strings
44 # that are relevant to the current injection test and help to highlight
45 # potential vulnerabilities.
46 -include signatures/context.sigs
47 +include /usr/share/skipfish/signatures/context.sigs
48
49
|
