5. Snort Blocking Hosts 5 minutes

Snort Blocking Hosts 5 minutes

  • R

    Hello we are using Snort to block offending hosts.
    However the shortest time I could set to Remove the blocked hosts from the snort2c table is 1 hour.
    I would like to set this to 5 minutes.
    I have tried to edit the /conf/config.xml to set <command></command>/usr/bin/nice -n20 /usr/local/sbin/expiretable -t 300 snort2c.
    But this get's overwritten after a reboot.

    I tried to edit /etc/crontab
    */5 * * * * root /usr/bin/nice -n20 /usr/local/sbin/expiretable -t 300 snort2c
    This also get's overwritten by a reboot and also after a reload of Snort.

    I tried to set this line in the root crontab with crontab -e.
    The task get's executed but the command doesn't work.

    Can anyone please tell me how to do this?
    Thank you

    0
  • P

    If you want to add a cron job that survives a reboot, then install the cron package - that lets you add and edit crontab jobs from the GUI, and saves them in the config, and they are regenerated at boot time.

    0
  • R

    Thank you very much, this indeed works very well.

    0
Log in to reply
 

Products

Services

Support

News

Resources

Company

Our Mission

We provide leading-edge network security at a fair price - regardless of organizational size or network sophistication. We believe that an open-source security model offers disruptive pricing along with the agility required to quickly address emerging threats.

Subscribe to our Newsletter

Product information, software announcements, and special offers. See our newsletter archive for past announcements.

© Copyright 2019 Rubicon Communications, LLC | Privacy Policy