From 134d0922d5b2118e477a27a4ddd45f83af992e90 Mon Sep 17 00:00:00 2001
From: Seth Hall <seth@icir.org>
Date: Tue, 14 Jun 2016 15:34:00 -0400
Subject: [PATCH] Move the SMB analyzer out of the default load.

This also adds a note in the local.bro script about enabling
the SMB analyzer.
---
 scripts/base/init-default.bro                              | 1 -
 scripts/{base => policy}/protocols/smb/__load__.bro        | 0
 scripts/{base => policy}/protocols/smb/const-dos-error.bro | 0
 scripts/{base => policy}/protocols/smb/const-nt-status.bro | 0
 scripts/{base => policy}/protocols/smb/consts.bro          | 0
 scripts/{base => policy}/protocols/smb/dpd.sig             | 0
 scripts/{base => policy}/protocols/smb/files.bro           | 0
 scripts/{base => policy}/protocols/smb/main.bro            | 0
 scripts/{base => policy}/protocols/smb/smb1-main.bro       | 0
 scripts/{base => policy}/protocols/smb/smb2-main.bro       | 0
 scripts/site/local.bro                                     | 4 ++++
 11 files changed, 4 insertions(+), 1 deletion(-)
 rename scripts/{base => policy}/protocols/smb/__load__.bro (100%)
 rename scripts/{base => policy}/protocols/smb/const-dos-error.bro (100%)
 rename scripts/{base => policy}/protocols/smb/const-nt-status.bro (100%)
 rename scripts/{base => policy}/protocols/smb/consts.bro (100%)
 rename scripts/{base => policy}/protocols/smb/dpd.sig (100%)
 rename scripts/{base => policy}/protocols/smb/files.bro (100%)
 rename scripts/{base => policy}/protocols/smb/main.bro (100%)
 rename scripts/{base => policy}/protocols/smb/smb1-main.bro (100%)
 rename scripts/{base => policy}/protocols/smb/smb2-main.bro (100%)

diff --git a/scripts/base/init-default.bro b/scripts/base/init-default.bro
index d0ee2238fa..727d426c68 100644
--- a/scripts/base/init-default.bro
+++ b/scripts/base/init-default.bro
@@ -58,7 +58,6 @@
 @load base/protocols/rdp
 @load base/protocols/rfb
 @load base/protocols/sip
-@load base/protocols/smb
 @load base/protocols/snmp
 @load base/protocols/smtp
 @load base/protocols/socks
diff --git a/scripts/base/protocols/smb/__load__.bro b/scripts/policy/protocols/smb/__load__.bro
similarity index 100%
rename from scripts/base/protocols/smb/__load__.bro
rename to scripts/policy/protocols/smb/__load__.bro
diff --git a/scripts/base/protocols/smb/const-dos-error.bro b/scripts/policy/protocols/smb/const-dos-error.bro
similarity index 100%
rename from scripts/base/protocols/smb/const-dos-error.bro
rename to scripts/policy/protocols/smb/const-dos-error.bro
diff --git a/scripts/base/protocols/smb/const-nt-status.bro b/scripts/policy/protocols/smb/const-nt-status.bro
similarity index 100%
rename from scripts/base/protocols/smb/const-nt-status.bro
rename to scripts/policy/protocols/smb/const-nt-status.bro
diff --git a/scripts/base/protocols/smb/consts.bro b/scripts/policy/protocols/smb/consts.bro
similarity index 100%
rename from scripts/base/protocols/smb/consts.bro
rename to scripts/policy/protocols/smb/consts.bro
diff --git a/scripts/base/protocols/smb/dpd.sig b/scripts/policy/protocols/smb/dpd.sig
similarity index 100%
rename from scripts/base/protocols/smb/dpd.sig
rename to scripts/policy/protocols/smb/dpd.sig
diff --git a/scripts/base/protocols/smb/files.bro b/scripts/policy/protocols/smb/files.bro
similarity index 100%
rename from scripts/base/protocols/smb/files.bro
rename to scripts/policy/protocols/smb/files.bro
diff --git a/scripts/base/protocols/smb/main.bro b/scripts/policy/protocols/smb/main.bro
similarity index 100%
rename from scripts/base/protocols/smb/main.bro
rename to scripts/policy/protocols/smb/main.bro
diff --git a/scripts/base/protocols/smb/smb1-main.bro b/scripts/policy/protocols/smb/smb1-main.bro
similarity index 100%
rename from scripts/base/protocols/smb/smb1-main.bro
rename to scripts/policy/protocols/smb/smb1-main.bro
diff --git a/scripts/base/protocols/smb/smb2-main.bro b/scripts/policy/protocols/smb/smb2-main.bro
similarity index 100%
rename from scripts/base/protocols/smb/smb2-main.bro
rename to scripts/policy/protocols/smb/smb2-main.bro
diff --git a/scripts/site/local.bro b/scripts/site/local.bro
index 8c6e495a07..da0f2d8654 100644
--- a/scripts/site/local.bro
+++ b/scripts/site/local.bro
@@ -88,3 +88,7 @@
 # Uncomment the following line to enable logging of connection VLANs. Enabling
 # this adds two VLAN fields to the conn.log file.
 # @load policy/protocols/conn/vlan-logging
+
+# Uncomment the following line to enable the SMB analyzer.  The analyzer
+# is currently considered a preview and therefore not loaded by default.
+# @load policy/protocols/smb