Mirror/zeek
1
0
Fork 0
mirror of https://github.com/zeek/zeek.git synced 2025-10-02 06:38:20 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 1

Merge branch 'topic/dopheide/fix-ssh-geo-data' of https://github.com/dopheide-esnet/bro

Browse source 
* 'topic/dopheide/fix-ssh-geo-data' of https://github.com/dopheide-esnet/bro:
  Fix geo-data to log remote_location data when auth is successful.
This commit is contained in:
Jon Siwek 2019-03-15 12:59:31 -07:00
commit 03ac32adec
3 changed files with 8 additions and 4 deletions
Download patch file Download diff file Expand all files Collapse all files

4
CHANGES
View file

@ -1,4 +1,8 @@
2.6-161 | 2019-03-15 12:59:31 -0700
* Fix SSH remote_location geo-data not being logged for successful authNs. (Michael Dopheide)
2.6-159 | 2019-03-14 16:39:52 -0700
* Move NEWS file back into main repo from zeek-docs (Jon Siwek, Corelight)

2
VERSION
View file

@ -1 +1 @@
2.6-159
2.6-161

6
scripts/policy/protocols/ssh/geo-data.bro
View file

@ -35,8 +35,8 @@ event ssh_auth_successful(c: connection, auth_method_none: bool) &priority=3
if ( ! c$ssh?$direction )
return;
# Add the location data to the SSH record.
c$ssh$remote_location = get_location(c);
if ( ! c$ssh?$remote_location )
return;
if ( c$ssh$remote_location?$country_code && c$ssh$remote_location$country_code in watched_countries )
{
@ -48,7 +48,7 @@ event ssh_auth_successful(c: connection, auth_method_none: bool) &priority=3
}
}
event ssh_auth_failed(c: connection) &priority=3
event ssh_auth_attempted(c: connection, authenticated: bool) &priority=3
{
if ( ! c$ssh?$direction )
return;