Guardian ENHANCED

[<fm () ern-e org>]

Hi folks,

I've been using the fine Guardian script by Anthony Stevens for a while
now. The only shortcoming that I found was the unmanagable number of hosts
that get put into denial in such a short period. To keep this number
managable, I have added these features to the Guardian script:

-Timer logic added to hosts in denial. Hosts will be removed
from denial when timer expires. Set timeLimit in config file.

-Gracefull shutdown (kill <pid>) will cause script to remove
the hosts from denial on shutdown. This can be turned off.
Set cleanRules in config file.

-Sending the script a USR1 signal will cause it to flush all
 IP's from the denial list. This is useful when you want to
flush the rules while the script is running.

I have attempted to contact Anthony Stevens via email regarding these
changes and have had no response. Thus, I offer it here. Full credit
belongs to him. My changes are merely trivial hacks.

Script can be found here:
http://home.golden.net/~elim/guardian-1.1.0.tar.gz

Please direct all comments to fm () ern-e org




_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
http://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users