[Snort-users] Guardian ENHANCED

fm at ...2050... fm at ...2050...
Thu May 17 20:40:17 EDT 2001

Hi folks,

I've been using the fine Guardian script by Anthony Stevens for a while
now. The only shortcoming that I found was the unmanagable number of hosts
that get put into denial in such a short period. To keep this number
managable, I have added these features to the Guardian script:

-Timer logic added to hosts in denial. Hosts will be removed
from denial when timer expires. Set timeLimit in config file.

-Gracefull shutdown (kill <pid>) will cause script to remove
the hosts from denial on shutdown. This can be turned off.
Set cleanRules in config file.

-Sending the script a USR1 signal will cause it to flush all
 IP's from the denial list. This is useful when you want to
flush the rules while the script is running.

I have attempted to contact Anthony Stevens via email regarding these
changes and have had no response. Thus, I offer it here. Full credit
belongs to him. My changes are merely trivial hacks.

Script can be found here:

Please direct all comments to fm at ...2050...

More information about the Snort-users mailing list