Configure the tracking of UID blocks logged by iptables to syslog.
juggernaut --task=lfd:tracking:useridOption |
Value | Default | Description |
|---|---|---|---|
--UID_INTERVAL |
<0|60-86400> | 0 | Enable user ID tracking. Track UID blocks logged by iptables to syslog. If a UID generates a port block that is logged more than UID_LIMIT times within UID_INTERVAL seconds, an alert will be sent. |
--UID_LIMIT |
<1-100> | 10 | The number of times within UID_INTERVAL before an alert will be sent. |
--UID_PORTS |
<string> | 0:65535,ICMP | The port or port ranges that should be tracked by the User ID tracking feature. The default setting of 0:65535,ICMP covers all ports. |
--default |
<yes> | Reset all settings to their default values. | |
--default_option |
<option> | Reset a specific setting to its default value. | |
--restart |
<yes> | Restart the service after saving settings. |
// set the UID_INTERVAL
juggernaut --task=lfd:tracking:userid --UID_INTERVAL=3600 --restart=yes
// reset UID_INTERVAL to default
juggernaut --task=lfd:tracking:userid --default_option=UID_INTERVAL --restart=yes
// reset all settings back to default
juggernaut --task=lfd:tracking:userid --default=yes --restart=yes