Re: [psad-discuss] Question about IMPORT_OLD_SCANS
Brought to you by:
mbr
Menu
▾
▴
Re: [psad-discuss] Question about IMPORT_OLD_SCANS
|
From: Michael R. <mb...@ci...> - 2006-01-07 22:56:13
|
On Jan 07, 2006, Child from KoRn wrote: > Hi, > > I have a simple question/problem: > > When you want to import any old scan data in /var/log/psad from a > previously running psad process (IMPORT_OLD_SCANS=y), is there a way > that upon system reboot that PSAD wont re-email you every BLOCKED IPs ? Not currently. Psad generates the "renewed iptables auto-block" message whenever IPs are renewed. I suppose I could add a new config variable that controls this behavior though... > Exemple: > > Currently have about 20 bad IPs blocked due to Port Scans. > My IMPORT_OLD_SCANS is set to YES. So between restart those Blocked IP are > still there (great!) > The problem is that at every reboot, I get 20 e-mails from PSAD reminding > me he blocked 20 IPs. > And in the future this list will probably get longuer. Understood. A new config variable should fix this. > Patch: > > For the moment I had to set IMPORT_OLD_SCANS to NO cause my e-mail got full > at every system restart. The FLUSH_IPT_AT_INIT controls whether IPs are re-blocked across psad restarts. Can you post one of the emails you are seeing? Also, what version of psad are you running? --Mike > Solution: > > Does anyone have any suggestions to solve this problem? > > Thx alot ! > > GJ with PSAD, great stuff! |