Mirror/zeek
1
0
Fork 0
mirror of https://github.com/zeek/zeek.git synced 2025-10-02 22:58:20 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 2

Merge remote-tracking branch 'origin/fastpath'

Browse source 
* origin/fastpath:
  Update usage output and list of cmd-line options
  A small fix to ssh/geo-data.bro. ssh can now be unset for local-local or remote-remote, so make the script deal with this.
This commit is contained in:
Robin Sommer 2015-05-04 09:58:09 -07:00
commit 190df47c4b
5 changed files with 24 additions and 11 deletions
Download patch file Download diff file Expand all files Collapse all files

7
CHANGES
View file

@ -1,4 +1,11 @@
2.3-911 | 2015-05-04 09:58:09 -0700
* Update usage output and list of command line options. (Daniel
Thayer)
* Improve SIP logging and remove reporter messages. (Seth Hall)
2.3-905 | 2015-04-29 17:01:30 -0700
* Improve SIP logging and remove reporter messages. (Seth Hall)

2
VERSION
View file

@ -1 +1 @@
2.3-905
2.3-911

4
scripts/base/protocols/ssh/main.bro
View file

@ -118,7 +118,7 @@ event ssh_client_version(c: connection, version: string)
c$ssh$version = 2;
}
event ssh_auth_successful(c: connection, auth_method_none: bool)
event ssh_auth_successful(c: connection, auth_method_none: bool) &priority=5
{
# TODO - what to do here?
if ( !c?$ssh || ( c$ssh?$auth_success && c$ssh$auth_success ) )
@ -146,7 +146,7 @@ event ssh_auth_successful(c: connection, auth_method_none: bool) &priority=-5
}
}
event ssh_auth_failed(c: connection)
event ssh_auth_failed(c: connection) &priority=5
{
if ( !c?$ssh || ( c$ssh?$auth_success && !c$ssh$auth_success ) )
return;

6
scripts/policy/protocols/ssh/geo-data.bro
View file

@ -32,6 +32,9 @@ function get_location(c: connection): geo_location
event ssh_auth_successful(c: connection, auth_method_none: bool) &priority=3
{
if ( ! c$ssh?$direction )
return;
# Add the location data to the SSH record.
c$ssh$remote_location = get_location(c);
@ -47,6 +50,9 @@ event ssh_auth_successful(c: connection, auth_method_none: bool) &priority=3
event ssh_auth_failed(c: connection) &priority=3
{
if ( ! c$ssh?$direction )
return;
# Add the location data to the SSH record.
c$ssh$remote_location = get_location(c);
}

4
src/main.cc
View file

@ -199,7 +199,7 @@ void usage()
fprintf(stderr, " -T|--re-level <level> | set 'RE_level' for rules\n");
fprintf(stderr, " -U|--status-file <file> | Record process status in file\n");
fprintf(stderr, " -W|--watchdog | activate watchdog timer\n");
fprintf(stderr, " -X|--broxygen | generate documentation based on config file\n");
fprintf(stderr, " -X|--broxygen <cfgfile> | generate documentation based on config file\n");
#ifdef USE_PERFTOOLS_DEBUG
fprintf(stderr, " -m|--mem-leaks | show leaks [perftools]\n");
@ -547,7 +547,7 @@ int main(int argc, char** argv)
opterr = 0;
char opts[256];
safe_strncpy(opts, "B:e:f:I:i:J:K:n:p:R:r:s:T:t:U:w:x:X:z:CFGNPSWabdghvQ",
safe_strncpy(opts, "B:e:f:I:i:J:K:n:p:R:r:s:T:t:U:w:x:X:z:CFNPSWabdghvQ",
sizeof(opts));
#ifdef USE_PERFTOOLS_DEBUG