Snort Blocking Hosts 5 minutes



  • Hello we are using Snort to block offending hosts.
    However the shortest time I could set to Remove the blocked hosts from the snort2c table is 1 hour.
    I would like to set this to 5 minutes.
    I have tried to edit the /conf/config.xml to set <command></command>/usr/bin/nice -n20 /usr/local/sbin/expiretable -t 300 snort2c.
    But this get's overwritten after a reboot.

    I tried to edit /etc/crontab
    */5 * * * * root /usr/bin/nice -n20 /usr/local/sbin/expiretable -t 300 snort2c
    This also get's overwritten by a reboot and also after a reload of Snort.

    I tried to set this line in the root crontab with crontab -e.
    The task get's executed but the command doesn't work.

    Can anyone please tell me how to do this?
    Thank you



  • If you want to add a cron job that survives a reboot, then install the cron package - that lets you add and edit crontab jobs from the GUI, and saves them in the config, and they are regenerated at boot time.



  • Thank you very much, this indeed works very well.


Locked