Being that each attack source is written to an individual file in DOSLogDir, this leaves the machine open to inode abuse due to the sheer volume of files that can/will be created and apparently never cleaned up.
DOSLogdir
Directory where lock files will be created to prevent continuous emails from being sent or system commands from getting executed
However, even if DOSEmailNotify or DOSSystemCommand are commented out, these files are still created.
It would be great to simply let the module use syslog in this case.
Edit: Perhaps adding a cleanup routine to the module to remove the related DOSLogDir files when the associated hash table entry expires would be prudent here as well.
Being that each attack source is written to an individual file in
DOSLogDir, this leaves the machine open to inode abuse due to the sheer volume of files that can/will be created and apparently never cleaned up.However, even if
DOSEmailNotifyorDOSSystemCommandare commented out, these files are still created.It would be great to simply let the module use syslog in this case.
Edit: Perhaps adding a cleanup routine to the module to remove the related
DOSLogDirfiles when the associated hash table entry expires would be prudent here as well.