Bug #14858
closed
Possible SNORT Regression with Remove Blocked Hosts interval / Alert length of time / duration timer being auto changed timer changed by itself and is deleting blocked hosts at 5 mins when set to never
0%
Description
Hello fellow Redmine community members,
I am having an issue with my Snort �Remove blocked host interval changing automatically. I had it set to never to check all my AppID text files and help create suppress lists with the blocked part off for a while. I changed it to block however it only blocks for 5 mins.
Example from researching:<minute>/20</minute>
<hour></hour>
<mday></mday>
<month></month>
<wday>*</wday>
<who>root</who>
<command></command>/usr/bin/nice -n20 /usr/local/sbin/expiretable -t 1200 snort2c
I can not find anymore in the config file for snort
all I see that is close is . . .<minute>*/60</minute>
<hour>*</hour>
<day>*</mday>
<month>*</month>
<wday>*</way>
<who>root</who>
<command>/us/bin/nice -n20 /us/local/sbin/expiretable -v -+ 3600 virusprot
Shouldn't this be snort2c?? It seems like something called virusport took over again this could be clamAV
However no matter something has disabled my block interval from never and set it to 5 mins.
I use to have it set to an hour, however today it seems like its only 3-5 mins and clears and I can't change it.
inside of the compilied expiretable program I found something werid it says Entry deleted in clear text.
: Entry deleted.������%QQQ*QQQQ/QQQQQ�QQQQQQQQQQQQQQQQ%QQQ*QQQQ/QQQQQ�ÚÚÚÚÚÚÚÚÚ�ÚÚÚÚÚ�����b �����b �����b �����2 �����b �����b �����Û �����b �����¥ �����;¥������$�–���p�Ë���|����à���ƒ�8��|�h��†�Ä��Ã�†��\ �¿��$�¯��‡� ��§�H��L�h��‡�à��†�∞��`�ÿ��
It should not auto change to 5 mins
Files
Updated by 
Updated by 
Updated by 
Updated by 
