Snort and Suricata are not installed but they show in the logs every few mins.
-
Hello,
Is it normal to see the logs below every few mins. I only have pfBlockerNG-devel and tailscale installed. No Snort or Suricata is installed
Thanks
/usr/sbin/cron (root) CMD (/usr/bin/nice -n20 /sbin/pfctl -q -t snort2c -T expire 3600)
/usr/sbin/cron (root) CMD (/usr/sbin/newsyslog)
/usr/sbin/cron (root) CMD (/usr/bin/nice -n20 /usr/local/bin/php-cgi -f /usr/local/pkg/suricata/suricata_check_cron_misc.inc)
/usr/sbin/cron (root) CMD (/usr/libexec/atrun) -
I assume you did have them installed at one time?
If you install the cron package you can disable or remove those crontab entries.
Steve
-
Yes, I did have them installed a long time ago. I followed your advice and have removed the crontab entries.
Strange that the crontab entries remain after the package has been removed.Thanks very much for the help.
-
@jacko said in Snort and Suricata are not installed but they show in the logs every few mins.:
Yes, I did have them installed a long time ago. I followed your advice and have removed the crontab entries.
Strange that the crontab entries remain after the package has been removed.Thanks very much for the help.
Both of those packages clean up behind themselves when uninstalled. My suspicion is the uninstall did not fully complete in your case for some reason (meaning it was either interrupted or something interfered with some of the steps). The packages even delete all the directories they create except for logs (unless you select the option to remove logs when uninstalling the package, then the log directories are removed as well).
-
Yes, I would expect them to have been removed when the packages were uninstalled.
If you restored a config later it might have had those crontab entries but been unable to install the package for some reason. That would result in what you saw.
Steve
