Hello Stefan and Michael,
Per the fcron man page:
"The time remaining before next execution is saved every 1800 seconds (to limit damages caused by a crash) and when *fcron* exits after having received a SIGTERM signal, i.e. when systems go down ..." It looks like this is getting written to /var/spool/cron/root on my ipfire box. I assume this takes care of the issue ... but I can't say for sure.
On 5/8/2022 11:12 AM, development-request@lists.ipfire.org wrote:
6. Re: [PATCH] suricata: Perform ruleset update every 12 hours. (Michael Tremer)
Message: 6 Date: Sun, 8 May 2022 17:12:33 +0100 From: Michael Tremermichael.tremer@ipfire.org To: Stefan Schantlstefan.schantl@ipfire.org Cc:development@lists.ipfire.org Subject: Re: [PATCH] suricata: Perform ruleset update every 12 hours. Message-ID:1A6869C7-B4B3-4AF7-846E-FFA67AF78C95@ipfire.org Content-Type: text/plain; charset=utf-8
Hello Stefan,
What happens to firewalls that do not run 24/7?
Will this job be performed after 12 hours have passed no matter how long? So let?s say I shut down a system for a day, would the job run immediately?
-Michael
On 8 May 2022, at 14:23, Stefan Schantlstefan.schantl@ipfire.org wrote:
Signed-off-by: Stefan Schantlstefan.schantl@ipfire.org
config/cron/crontab | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/config/cron/crontab b/config/cron/crontab index d61d26619..c42104626 100644 --- a/config/cron/crontab +++ b/config/cron/crontab @@ -62,8 +62,8 @@ HOME=/ # Update location database %hourly,random * [ -f "/var/ipfire/red/active" ] && /usr/local/bin/update-location-database >/dev/null 2>&1
-# Update surciata rules. -%daily,random * [ -f "/var/ipfire/red/active" ] && /usr/local/bin/update-ids-ruleset >/dev/null 2>&1 +# Perform a surciata rules update every 12 hours. +@ 12h [ -f "/var/ipfire/red/active" ] && /usr/local/bin/update-ids-ruleset >/dev/null 2>&1
# Retry sending spooled mails regularly %hourly * /usr/sbin/dma -q -- 2.30.2
Hello,
I think that rather proves my theory. There will be a check whether to run this command or not, and if it is being run, the timestamp will be recorded. The question is now what the check looks like.
Stefan: Could you please check in the source of fcron or just simply test how it behaves?
-Michael
On 9 May 2022, at 02:24, Charles Brown cab_77573@yahoo.com wrote:
Hello Stefan and Michael,
Per the fcron man page:
"The time remaining before next execution is saved every 1800 seconds (to limit damages caused by a crash) and when fcron exits after having received a SIGTERM signal, i.e. when systems go down ..." It looks like this is getting written to /var/spool/cron/root on my ipfire box. I assume this takes care of the issue ... but I can't say for sure.
On 5/8/2022 11:12 AM, development-request@lists.ipfire.org wrote:
- Re: [PATCH] suricata: Perform ruleset update every 12 hours. (Michael Tremer)
Message: 6 Date: Sun, 8 May 2022 17:12:33 +0100 From: Michael Tremer michael.tremer@ipfire.org
To: Stefan Schantl stefan.schantl@ipfire.org
Cc: development@lists.ipfire.org
Subject: Re: [PATCH] suricata: Perform ruleset update every 12 hours. Message-ID: 1A6869C7-B4B3-4AF7-846E-FFA67AF78C95@ipfire.org
Content-Type: text/plain; charset=utf-8
Hello Stefan,
What happens to firewalls that do not run 24/7?
Will this job be performed after 12 hours have passed no matter how long? So let?s say I shut down a system for a day, would the job run immediately?
-Michael
On 8 May 2022, at 14:23, Stefan Schantl stefan.schantl@ipfire.org wrote:
Signed-off-by: Stefan Schantl stefan.schantl@ipfire.org
config/cron/crontab | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/config/cron/crontab b/config/cron/crontab index d61d26619..c42104626 100644 --- a/config/cron/crontab +++ b/config/cron/crontab @@ -62,8 +62,8 @@ HOME=/ # Update location database %hourly,random * [ -f "/var/ipfire/red/active" ] && /usr/local/bin/update-location-database >/dev/null 2>&1
-# Update surciata rules. -%daily,random * [ -f "/var/ipfire/red/active" ] && /usr/local/bin/update-ids-ruleset >/dev/null 2>&1 +# Perform a surciata rules update every 12 hours. +@ 12h [ -f "/var/ipfire/red/active" ] && /usr/local/bin/update-ids-ruleset >/dev/null 2>&1
# Retry sending spooled mails regularly %hourly * /usr/sbin/dma -q -- 2.30.2
-
Charles Brown -
Michael Tremer