Snort Blocking Hosts 5 minutes
-
Hello we are using Snort to block offending hosts.
However the shortest time I could set to Remove the blocked hosts from the snort2c table is 1 hour.
I would like to set this to 5 minutes.
I have tried to edit the /conf/config.xml to set <command></command>/usr/bin/nice -n20 /usr/local/sbin/expiretable -t 300 snort2c.
But this get's overwritten after a reboot.I tried to edit /etc/crontab
*/5 * * * * root /usr/bin/nice -n20 /usr/local/sbin/expiretable -t 300 snort2c
This also get's overwritten by a reboot and also after a reload of Snort.I tried to set this line in the root crontab with crontab -e.
The task get's executed but the command doesn't work.Can anyone please tell me how to do this?
Thank you -
If you want to add a cron job that survives a reboot, then install the cron package - that lets you add and edit crontab jobs from the GUI, and saves them in the config, and they are regenerated at boot time.
-
Thank you very much, this indeed works very well.