Small updates to the default local.bro.

- Removed the note from local-manager.bro about setting the
  notice policy there.  The notice framework changed and this
  isn't necessary anymore.

scripts/site/local-manager.bro

@@ -1,9 +1 @@
-##! Local site policy loaded only by the manager in a cluster.
+##! Local site policy loaded only by the manager if Bro is running as a cluster.
-
-@load base/frameworks/notice
-
-# If you are running a cluster you should define your Notice::policy here 
-# so that notice processing occurs on the manager.
-redef Notice::policy += {
-
-};

scripts/site/local-proxy.bro

@@ -1,2 +1 @@
 ##! Local site policy loaded only by the proxies if Bro is running as a cluster.
-

scripts/site/local.bro

@@ -1,22 +1,29 @@
-##! Local site policy. Customize as appropriate. This file will not be 
+##! Local site policy. Customize as appropriate. 
-##! overwritten when upgrading or reinstalling.
+##!
+##! This file will not be overwritten when upgrading or reinstalling!
 
-# Load the script to log which script were loaded during each run
+# This script logs which scripts were loaded during each run.
 @load misc/loaded-scripts
 
 # Apply the default tuning scripts for common tuning settings.
 @load tuning/defaults
 
-# Vulnerable versions of software to generate notices for when discovered.
+# Generate notices when vulnerable versions of software are discovered.
 # The default is to only monitor software found in the address space defined
 # as "local".  Refer to the software framework's documentation for more 
 # information.
 @load frameworks/software/vulnerable
+
+# Example vulnerable software.  This needs to be updated and maintained over
+# time as new vulnerabilities are discovered.
 redef Software::vulnerable_versions += {
 	["Flash"] = [$major=10,$minor=2,$minor2=153,$addl="1"],
 	["Java"] = [$major=1,$minor=6,$minor2=0,$addl="22"],
 };
 
+# Detect software changing (e.g. attacker installing hacked SSHD).
+@load frameworks/software/version-changes
+
 # This adds signatures to detect cleartext forward and reverse windows shells.
 redef signature_files += "frameworks/signatures/detect-windows-shells.sig";
 
@@ -25,13 +32,15 @@ redef signature_files += "frameworks/signatures/detect-windows-shells.sig";
 # redef Notice::policy += { [$action = Notice::ACTION_ALARM, $priority = 0] };
 
 # Load all of the scripts that detect software in various protocols.
-@load protocols/http/software
-#@load protocols/http/detect-webapps
 @load protocols/ftp/software
 @load protocols/smtp/software
 @load protocols/ssh/software
+@load protocols/http/software
+# The detect-webapps script could possibly cause performance trouble when 
+# running on live traffic.  Enable it cautiously.
+#@load protocols/http/detect-webapps
 
-# Load the script to detect DNS results pointing toward your Site::local_nets 
+# This script detects DNS results pointing toward your Site::local_nets 
 # where the name is not part of your local DNS zone and is being hosted 
 # externally.  Requires that the Site::local_zones variable is defined.
 @load protocols/dns/detect-external-names
@@ -39,15 +48,12 @@ redef signature_files += "frameworks/signatures/detect-windows-shells.sig";
 # Script to detect various activity in FTP sessions.
 @load protocols/ftp/detect
 
-# Detect software changing (e.g. attacker installing hacked SSHD).
-@load frameworks/software/version-changes
-
 # Scripts that do asset tracking.
 @load protocols/conn/known-hosts
 @load protocols/conn/known-services
 @load protocols/ssl/known-certs
 
-# Load the script to enable SSL/TLS certificate validation.
+# This script enables SSL/TLS certificate validation.
 @load protocols/ssl/validate-certs
 
 # If you have libGeoIP support built in, do some geographic detections and 
@@ -60,5 +66,5 @@ redef signature_files += "frameworks/signatures/detect-windows-shells.sig";
 
 # Detect MD5 sums in Team Cymru's Malware Hash Registry.
 @load protocols/http/detect-MHR
-# Detect SQL injection attacks
+# Detect SQL injection attacks.
 @load protocols/http/detect-sqli