Mirror/zeek
1
0
Fork 0
mirror of https://github.com/zeek/zeek.git synced 2025-10-02 14:48:21 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 2

Merge branch 'BIT-1927' of https://github.com/hosom/bro

Browse source 
* 'BIT-1927' of https://github.com/hosom/bro:
  Fix for BIT-1927: notice/extend-email relocation

And updated coverage unit tests.

BIT-1927 #close
This commit is contained in:
Jon Siwek 2018-05-10 11:23:00 -05:00
commit 057c982b9d
9 changed files with 19 additions and 11 deletions
Download patch file Download diff file Expand all files Collapse all files

8
CHANGES
View file

@ -1,4 +1,12 @@
2.5-569 | 2018-05-10 11:24:07 -0500
* BIT-1927: relocate notice/extend-email/ scripts to policy/ dir and
load it from local.bro to allow users to control whether it is used.
(Stephen Hosom)
* Sort output of the missing-file-initially.bro test (Daniel Thayer)
2.5-565 | 2018-05-08 15:29:53 -0500 2.5-565 | 2018-05-08 15:29:53 -0500
* BIT-1926: add unit tests for misc. HTTP patches (Corelight) * BIT-1926: add unit tests for misc. HTTP patches (Corelight)

2
VERSION
View file

@ -1 +1 @@
2.5-565 2.5-569

6
scripts/base/frameworks/notice/__load__.bro
View file

@ -8,10 +8,6 @@
@load ./actions/page @load ./actions/page
@load ./actions/add-geodata @load ./actions/add-geodata
# There shouldn't be any default overhead from loading these since they
# *should* only do anything when notices have the ACTION_EMAIL action applied.
@load ./extend-email/hostnames
# The cluster framework must be loaded first. # The cluster framework must be loaded first.
@load base/frameworks/cluster @load base/frameworks/cluster
@ -22,4 +18,4 @@
@endif @endif
# Load here so that it can check whether clustering is enabled. # Load here so that it can check whether clustering is enabled.
@load ./actions/pp-alarms @load ./actions/pp-alarms

3
scripts/policy/frameworks/notice/__load__.bro Normal file
View file

@ -0,0 +1,3 @@
# There shouldn't be any default overhead from loading these since they
# *should* only do anything when notices have the ACTION_EMAIL action applied.
@load ./extend-email/hostnames

2
scripts/base/frameworks/notice/extend-email/hostnames.bro → scripts/policy/frameworks/notice/extend-email/hostnames.bro
View file

@ -3,7 +3,7 @@
##! :bro:type:`Notice::Info`'s *src* and *dst* fields as determined by a ##! :bro:type:`Notice::Info`'s *src* and *dst* fields as determined by a
##! DNS lookup. ##! DNS lookup.
@load ../main @load base/frameworks/notice/main
module Notice; module Notice;

3
scripts/site/local.bro
View file

@ -85,6 +85,9 @@
# Detect SHA1 sums in Team Cymru's Malware Hash Registry. # Detect SHA1 sums in Team Cymru's Malware Hash Registry.
@load frameworks/files/detect-MHR @load frameworks/files/detect-MHR
# Extend email alerting to include hostnames
@load policy/frameworks/notice/extend-email/hostnames
# Uncomment the following line to enable detection of the heartbleed attack. Enabling # Uncomment the following line to enable detection of the heartbleed attack. Enabling
# this might impact performance a bit. # this might impact performance a bit.
# @load policy/protocols/ssl/heartbleed # @load policy/protocols/ssl/heartbleed

2
scripts/test-all-policy.bro
View file

@ -34,6 +34,8 @@
@load frameworks/files/entropy-test-all-files.bro @load frameworks/files/entropy-test-all-files.bro
#@load frameworks/files/extract-all-files.bro #@load frameworks/files/extract-all-files.bro
@load frameworks/files/hash-all-files.bro @load frameworks/files/hash-all-files.bro
@load frameworks/notice/__load__.bro
@load frameworks/notice/extend-email/hostnames.bro
@load files/x509/log-ocsp.bro @load files/x509/log-ocsp.bro
@load frameworks/packet-filter/shunt.bro @load frameworks/packet-filter/shunt.bro
@load frameworks/software/version-changes.bro @load frameworks/software/version-changes.bro

1
testing/btest/Baseline/coverage.default-load-baseline/canonified_loaded_scripts.log
View file

@ -226,7 +226,6 @@ scripts/base/init-default.bro
scripts/base/frameworks/notice/actions/email_admin.bro scripts/base/frameworks/notice/actions/email_admin.bro
scripts/base/frameworks/notice/actions/page.bro scripts/base/frameworks/notice/actions/page.bro
scripts/base/frameworks/notice/actions/add-geodata.bro scripts/base/frameworks/notice/actions/add-geodata.bro
scripts/base/frameworks/notice/extend-email/hostnames.bro
scripts/base/frameworks/notice/non-cluster.bro scripts/base/frameworks/notice/non-cluster.bro
scripts/base/frameworks/notice/actions/pp-alarms.bro scripts/base/frameworks/notice/actions/pp-alarms.bro
scripts/base/frameworks/dpd/__load__.bro scripts/base/frameworks/dpd/__load__.bro

3
testing/btest/Baseline/plugins.hooks/output
View file

@ -626,7 +626,6 @@
0.000000 MetaHookPost LoadFile(0, .<...>/gridftp.bro) -> -1 0.000000 MetaHookPost LoadFile(0, .<...>/gridftp.bro) -> -1
0.000000 MetaHookPost LoadFile(0, .<...>/hll_unique.bro) -> -1 0.000000 MetaHookPost LoadFile(0, .<...>/hll_unique.bro) -> -1
0.000000 MetaHookPost LoadFile(0, .<...>/hooks.bif.bro) -> -1 0.000000 MetaHookPost LoadFile(0, .<...>/hooks.bif.bro) -> -1
0.000000 MetaHookPost LoadFile(0, .<...>/hostnames.bro) -> -1
0.000000 MetaHookPost LoadFile(0, .<...>/inactivity.bro) -> -1 0.000000 MetaHookPost LoadFile(0, .<...>/inactivity.bro) -> -1
0.000000 MetaHookPost LoadFile(0, .<...>/info.bro) -> -1 0.000000 MetaHookPost LoadFile(0, .<...>/info.bro) -> -1
0.000000 MetaHookPost LoadFile(0, .<...>/init.bro) -> -1 0.000000 MetaHookPost LoadFile(0, .<...>/init.bro) -> -1
@ -1420,7 +1419,6 @@
0.000000 MetaHookPre LoadFile(0, .<...>/gridftp.bro) 0.000000 MetaHookPre LoadFile(0, .<...>/gridftp.bro)
0.000000 MetaHookPre LoadFile(0, .<...>/hll_unique.bro) 0.000000 MetaHookPre LoadFile(0, .<...>/hll_unique.bro)
0.000000 MetaHookPre LoadFile(0, .<...>/hooks.bif.bro) 0.000000 MetaHookPre LoadFile(0, .<...>/hooks.bif.bro)
0.000000 MetaHookPre LoadFile(0, .<...>/hostnames.bro)
0.000000 MetaHookPre LoadFile(0, .<...>/inactivity.bro) 0.000000 MetaHookPre LoadFile(0, .<...>/inactivity.bro)
0.000000 MetaHookPre LoadFile(0, .<...>/info.bro) 0.000000 MetaHookPre LoadFile(0, .<...>/info.bro)
0.000000 MetaHookPre LoadFile(0, .<...>/init.bro) 0.000000 MetaHookPre LoadFile(0, .<...>/init.bro)
@ -2218,7 +2216,6 @@
0.000000 | HookLoadFile .<...>/gridftp.bro 0.000000 | HookLoadFile .<...>/gridftp.bro
0.000000 | HookLoadFile .<...>/hll_unique.bro 0.000000 | HookLoadFile .<...>/hll_unique.bro
0.000000 | HookLoadFile .<...>/hooks.bif.bro 0.000000 | HookLoadFile .<...>/hooks.bif.bro
0.000000 | HookLoadFile .<...>/hostnames.bro
0.000000 | HookLoadFile .<...>/image.sig 0.000000 | HookLoadFile .<...>/image.sig
0.000000 | HookLoadFile .<...>/inactivity.bro 0.000000 | HookLoadFile .<...>/inactivity.bro
0.000000 | HookLoadFile .<...>/info.bro 0.000000 | HookLoadFile .<...>/info.bro