On Nov 09, 2009, Sim?n wrote: > Hi,
Hello, > The man page of psad says: > > "/Occasionally certain IP addresses are repeat offenders and should > automatically be given a higher danger level than would normally be > assigned. Additionally, some IP addresses can always be ignored > depending on your network configuration (the loopback interface > 127.0.0.1 might be a good candidate for example). /etc/psad/auto_dl > provides an interface for psad to automatically increase/decrease/ignore > scanning IP danger levels. Modifications can be made to auto_dl > (installed by default in /etc/psad) and psad will import them *without > having to restart the psad process.*/" > > But if I change the auto_dl file and I don't restart the psad > process (with "/etc/init.d/psad restart"), it doesn't import the new rules. Ah, that is an old portion of the man page - thanks for catching that. I've fixed the wording for the next release. In the meantime, you can use 'psad -H' to have psad re-import the file, or restart the psad process. Note that psad will import previous scan information if you have the IMPORT_OLD_SCANS variable set to 'Y' in the psad.conf file. Thanks, --Mike ------------------------------------------------------------------------------ Let Crystal Reports handle the reporting - Free Crystal Reports 2008 30-Day trial. Simplify your report design, integration and deployment - and focus on what you do best, core application coding. Discover what's new with Crystal Reports now. http://p.sf.net/sfu/bobj-july _______________________________________________ psad-discuss mailing list psad-discuss@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/psad-discuss
