diff options
Diffstat (limited to 'config/snort-dev')
-rw-r--r-- | config/snort-dev/snort.inc | 40 | ||||
-rw-r--r-- | config/snort-dev/snort.xml | 2 |
2 files changed, 25 insertions, 17 deletions
diff --git a/config/snort-dev/snort.inc b/config/snort-dev/snort.inc index 58aa3bf6..db7921b1 100644 --- a/config/snort-dev/snort.inc +++ b/config/snort-dev/snort.inc @@ -668,60 +668,68 @@ function snort_rm_blocked_install_cron($should_install) { } $snort_rm_blocked_info_ck = $config['installedpackages']['snort']['config'][0]['rm_blocked']; if ($snort_rm_blocked_info_ck == "1h_b") { - $snort_rm_blocked_min = "*"; - $snort_rm_blocked_hr = "*/1"; + $snort_rm_blocked_min = "*/5"; + $snort_rm_blocked_hr = "*"; $snort_rm_blocked_mday = "*"; $snort_rm_blocked_month = "*"; $snort_rm_blocked_wday = "*"; + $snort_rm_blocked_expire = "1h"; } if ($snort_rm_blocked_info_ck == "3h_b") { - $snort_rm_blocked_min = "*"; - $snort_rm_blocked_hr = "*/3"; + $snort_rm_blocked_min = "*/15"; + $snort_rm_blocked_hr = "*"; $snort_rm_blocked_mday = "*"; $snort_rm_blocked_month = "*"; $snort_rm_blocked_wday = "*"; + $snort_rm_blocked_expire = "3h"; } if ($snort_rm_blocked_info_ck == "6h_b") { - $snort_rm_blocked_min = "*"; - $snort_rm_blocked_hr = "*/6"; + $snort_rm_blocked_min = "*/30"; + $snort_rm_blocked_hr = "*"; $snort_rm_blocked_mday = "*"; $snort_rm_blocked_month = "*"; $snort_rm_blocked_wday = "*"; + $snort_rm_blocked_expire = "6h"; } if ($snort_rm_blocked_info_ck == "12h_b") { $snort_rm_blocked_min = "*"; - $snort_rm_blocked_hr = "*/12"; + $snort_rm_blocked_hr = "*/1"; $snort_rm_blocked_mday = "*"; $snort_rm_blocked_month = "*"; $snort_rm_blocked_wday = "*"; + $snort_rm_blocked_expire = "12h"; } if ($snort_rm_blocked_info_ck == "1d_b") { $snort_rm_blocked_min = "*"; - $snort_rm_blocked_hr = "*"; - $snort_rm_blocked_mday = "*/1"; + $snort_rm_blocked_hr = "*/2"; + $snort_rm_blocked_mday = "*"; $snort_rm_blocked_month = "*"; $snort_rm_blocked_wday = "*"; + $snort_rm_blocked_expire = "1d"; } if ($snort_rm_blocked_info_ck == "4d_b") { $snort_rm_blocked_min = "*"; - $snort_rm_blocked_hr = "*"; - $snort_rm_blocked_mday = "*/4"; + $snort_rm_blocked_hr = "*/8"; + $snort_rm_blocked_mday = "*"; $snort_rm_blocked_month = "*"; $snort_rm_blocked_wday = "*"; + $snort_rm_blocked_expire = "4d"; } if ($snort_rm_blocked_info_ck == "7d_b") { $snort_rm_blocked_min = "*"; - $snort_rm_blocked_hr = "*"; - $snort_rm_blocked_mday = "*/7"; + $snort_rm_blocked_hr = "*/14"; + $snort_rm_blocked_mday = "*"; $snort_rm_blocked_month = "*"; $snort_rm_blocked_wday = "*"; + $snort_rm_blocked_expire = "7d"; } if ($snort_rm_blocked_info_ck == "28d_b") { $snort_rm_blocked_min = "*"; $snort_rm_blocked_hr = "*"; - $snort_rm_blocked_mday = "*/28"; + $snort_rm_blocked_mday = "*/2"; $snort_rm_blocked_month = "*"; $snort_rm_blocked_wday = "*"; + $snort_rm_blocked_expire = "28d"; } switch($should_install) { case true: @@ -733,7 +741,7 @@ function snort_rm_blocked_install_cron($should_install) { $cron_item['month'] = "$snort_rm_blocked_month"; $cron_item['wday'] = "$snort_rm_blocked_wday"; $cron_item['who'] = "root"; - $cron_item['command'] = "/usr/bin/nice -n20 /usr/local/sbin/expiretable -t 3600 snort2c"; + $cron_item['command'] = "/usr/bin/nice -n20 /usr/local/sbin/expiretable -t $snort_rm_blocked_expire snort2c"; $config['cron']['item'][] = $cron_item; write_config("Installed 15 minute filter reload for Time Based Rules"); configure_cron(); @@ -852,7 +860,7 @@ function snort_rules_up_install_cron($should_install) { } } snort_rules_up_install_cron(""); - snort_rules_up_install_cron($snort_rm_blocked_false); + snort_rules_up_install_cron($snort_rules_up_false); } /* open snort2c's whitelist for writing */ diff --git a/config/snort-dev/snort.xml b/config/snort-dev/snort.xml index b6bbdfc9..013e30ca 100644 --- a/config/snort-dev/snort.xml +++ b/config/snort-dev/snort.xml @@ -47,7 +47,7 @@ <faq>Currently there are no FAQ items provided.</faq> <name>Snort</name> <version>2.8.4.1_1</version> - <title>Services: Snort 2.8.4.1_1 pkg v. 1.6 RC2</title> + <title>Services: Snort 2.8.4.1_1 pkg v. 1.6 RC3</title> <include_file>/usr/local/pkg/snort.inc</include_file> <menu> <name>Snort</name> |