Snort: drop, not block
-
Hi!
How can i setup only to drop packet or. block ip for 0.1s or. max 5s?
-
Install cron package and reduce the time of snort expitetable and cron execute frequency
-
Any options to change this in snort config file?
-
minute hour mday month wday who command
0 * * * * root /usr/bin/nice -n20 newsyslog
1,31 0-5 * * * root /usr/bin/nice -n20 adjkerntz -a
1 3 1 * * root /usr/bin/nice -n20 /etc/rc.update_bogons.sh
*/1 * * * * root /usr/bin/nice -n20 /usr/local/sbin/expiretable -v -t 60 sshlockout
1 1 * * * root /usr/bin/nice -n20 /etc/rc.dyndns.update
*/1 * * * * root /usr/bin/nice -n20 /usr/local/sbin/expiretable -v -t 60 virusprot
30 12 * * * root /usr/bin/nice -n20 /etc/rc.update_urltables
*/5 * * * * root /usr/bin/nice -n20 /usr/local/sbin/expiretable -t 3600 snort2c
What line?
-
Is this OK?
Can yuu please explain lines? :)
minute hour mday month wday who command
0 * * * * root /usr/bin/nice -n20 newsyslog
1,31 0-5 * * * root /usr/bin/nice -n20 adjkerntz -a
1 3 1 * * root /usr/bin/nice -n20 /etc/rc.update_bogons.sh
*/1 * * * * root /usr/bin/nice -n20 /usr/local/sbin/expiretable -v -t 1 sshlockout
1 1 * * * root /usr/bin/nice -n20 /etc/rc.dyndns.update
*/1 * * * * root /usr/bin/nice -n20 /usr/local/sbin/expiretable -v -t 1 virusprot
30 12 * * * root /usr/bin/nice -n20 /etc/rc.update_urltables
*/1 * * * * root /usr/bin/nice -n20 /usr/local/sbin/expiretable -t 1 snort2c
-
*/5 means run each 5 minutes.
The -t 3600 command arg means remove ip only when it reaches 3600 seconds.
So you may need to change */1 to * and -t 3600 to -t 50
-
Thanks!! :)
Can you please help me explain what is line function:
/usr/bin/nice -n20 newsyslog
/usr/bin/nice -n20 /etc/rc.update_bogons.sh
/usr/bin/nice -n20 /etc/rc.update_bogons.sh
/usr/bin/nice -n20 /usr/local/sbin/expiretable -v -t 1 sshlockout
/usr/bin/nice -n20 /etc/rc.dyndns.update
/usr/bin/nice -n20 /usr/local/sbin/expiretable -v -t 1 virusprot
/usr/bin/nice -n20 /etc/rc.update_urltables
/usr/bin/nice -n20 /usr/local/sbin/expiretable -t 1 snort2c -
The only one with snort argsĀ ;)
Snort2c
