Merge remote-tracking branch 'origin/fastpath'

* origin/fastpath: Update usage output and list of cmd-line options A small fix to ssh/geo-data.bro. ssh can now be unset for local-local or remote-remote, so make the script deal with this.
2025-10-02 14:48:21 +00:00 · 2015-05-04 09:58:09 -07:00 · 2015-05-04 09:58:09 -07:00 · 190df47c4b
commit 190df47c4b
parent 31e75c8eac 26007f419e
5 changed files with 24 additions and 11 deletions
--- a/scripts/policy/protocols/ssh/geo-data.bro
+++ b/scripts/policy/protocols/ssh/geo-data.bro
@ -12,14 +12,14 @@ export {
 		## notice will be generated.
 		Watched_Country_Login,
 	};
-	
+
 	redef record Info += {
 		## Add geographic data related to the "remote" host of the
 		## connection.
 		remote_location: geo_location &log &optional;
 	};
-	
-	## The set of countries for which you'd like to generate notices upon 
+
+	## The set of countries for which you'd like to generate notices upon
 	## successful login.
 	const watched_countries: set[string] = {"RO"} &redef;
 }
@ -32,21 +32,27 @@ function get_location(c: connection): geo_location

 event ssh_auth_successful(c: connection, auth_method_none: bool) &priority=3
 	{
+	if ( ! c$ssh?$direction )
+		return;
+
 	# Add the location data to the SSH record.
 	c$ssh$remote_location = get_location(c);
-	
+
 	if ( c$ssh$remote_location?$country_code && c$ssh$remote_location$country_code in watched_countries )
 		{
 		NOTICE([$note=Watched_Country_Login,
 		        $conn=c,
-		        $msg=fmt("SSH login %s watched country: %s", 
-		                 (c$ssh$direction == OUTBOUND) ? "to" : "from", 
+		        $msg=fmt("SSH login %s watched country: %s",
+		                 (c$ssh$direction == OUTBOUND) ? "to" : "from",
 		                 c$ssh$remote_location$country_code)]);
 		}
 	}

 event ssh_auth_failed(c: connection) &priority=3
 	{
+	if ( ! c$ssh?$direction )
+		return;
+
 	# Add the location data to the SSH record.
 	c$ssh$remote_location = get_location(c);
 	}