From mboxrd@z Thu Jan 1 00:00:00 1970 From: Michael Tremer To: development@lists.ipfire.org Subject: Re: : [PATCH] suricata: Perform ruleset update every 12 hours Date: Thu, 12 May 2022 10:23:19 +0100 Message-ID: <5C2BD09B-5DCF-4F8F-9B0A-4FE13692DAFD@ipfire.org> In-Reply-To: MIME-Version: 1.0 Content-Type: multipart/mixed; boundary="===============6353439461579792903==" List-Id: --===============6353439461579792903== Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable Hello, I think that rather proves my theory. There will be a check whether to run th= is command or not, and if it is being run, the timestamp will be recorded. Th= e question is now what the check looks like. Stefan: Could you please check in the source of fcron or just simply test how= it behaves? -Michael > On 9 May 2022, at 02:24, Charles Brown wrote: >=20 > Hello Stefan and Michael, >=20 > Per the fcron man page:=20 >=20 > "The time remaining before next execution is saved every 1800 seconds (to l= imit damages caused by a crash) and when fcron exits after having received a = SIGTERM signal, i.e. when systems go down ..." > It looks like this is getting written to /var/spool/cron/root on my ipfire = box. I assume this takes care of the issue ... but I can't say for sure. >=20 > On 5/8/2022 11:12 AM, development-request(a)lists.ipfire.org wrote: >> 6. Re: [PATCH] suricata: Perform ruleset update every 12 hours. >> (Michael Tremer) >>=20 >>=20 >> ---------------------------------------------------------------------- >> Message: 6 >> Date: Sun, 8 May 2022 17:12:33 +0100 >> From: Michael Tremer=20 >> >>=20 >> To: Stefan Schantl=20 >> >>=20 >> Cc:=20 >> development(a)lists.ipfire.org >>=20 >> Subject: Re: [PATCH] suricata: Perform ruleset update every 12 hours. >> Message-ID:=20 >> <1A6869C7-B4B3-4AF7-846E-FFA67AF78C95(a)ipfire.org> >>=20 >> Content-Type: text/plain; charset=3Dutf-8 >>=20 >> Hello Stefan, >>=20 >> What happens to firewalls that do not run 24/7? >>=20 >> Will this job be performed after 12 hours have passed no matter how long? = So let?s say I shut down a system for a day, would the job run immediately? >>=20 >> -Michael >>=20 >>=20 >>> On 8 May 2022, at 14:23, Stefan Schantl >>> wrote: >>>=20 >>> Signed-off-by: Stefan Schantl=20 >>> >>>=20 >>> --- >>> config/cron/crontab | 4 ++-- >>> 1 file changed, 2 insertions(+), 2 deletions(-) >>>=20 >>> diff --git a/config/cron/crontab b/config/cron/crontab >>> index d61d26619..c42104626 100644 >>> --- a/config/cron/crontab >>> +++ b/config/cron/crontab >>> @@ -62,8 +62,8 @@ HOME=3D/ >>> # Update location database >>> %hourly,random * [ -f "/var/ipfire/red/active" ] && /usr/local/bin/update= -location-database >/dev/null 2>&1 >>>=20 >>> -# Update surciata rules. >>> -%daily,random * [ -f "/var/ipfire/red/active" ] && /usr/local/bin/update= -ids-ruleset >/dev/null 2>&1 >>> +# Perform a surciata rules update every 12 hours. >>> +@ 12h [ -f "/var/ipfire/red/active" ] && /usr/local/bin/update-ids-rules= et >/dev/null 2>&1 >>>=20 >>> # Retry sending spooled mails regularly >>> %hourly * /usr/sbin/dma -q >>> --=20 >>> 2.30.2 >>>=20 >>>=20 --===============6353439461579792903==--