Mirror/zeek
1
0
Fork 0
mirror of https://github.com/zeek/zeek.git synced 2025-10-16 13:38:19 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 2

Merge remote-tracking branch 'origin/topic/jsiwek/load-sigs'

Browse source 
* origin/topic/jsiwek/load-sigs:
  Add @load-sigs directive for loading signature files (addresses #551).

Closes #551.
This commit is contained in:
Robin Sommer 2012-06-06 11:47:00 -07:00
commit 45f5900547
15 changed files with 80 additions and 14 deletions
Download patch file Download diff file Expand all files Collapse all files

3
scripts/base/frameworks/dpd/main.bro
View file

@ -3,8 +3,7 @@
module DPD;
## Add the DPD signatures to the signature framework.
redef signature_files += "base/frameworks/dpd/dpd.sig";
@load-sigs ./dpd.sig
export {
## Add the DPD logging stream identifier.

4
scripts/base/init-bare.bro
View file

@ -615,7 +615,9 @@ function add_signature_file(sold: string, snew: string): string
}
## Signature files to read. Use ``redef signature_files += "foo.sig"`` to
## extend. Signature files will be searched relative to ``BROPATH``.
## extend. Signature files added this way will be searched relative to
## ``BROPATH``. Using the ``@load-sigs`` directive instead is preferred
## since that can search paths relative to the current script.
global signature_files = "" &add_func = add_signature_file;
## ``p0f`` fingerprint file to use. Will be searched relative to ``BROPATH``.

3
scripts/base/protocols/http/file-ident.bro
View file

@ -6,7 +6,8 @@
@load ./utils
# Add the magic number signatures to the core signature set.
redef signature_files += "base/protocols/http/file-ident.sig";
@load-sigs ./file-ident.sig
# Ignore the signatures used to match files
redef Signatures::ignored_ids += /^matchfile-/;

3
scripts/policy/protocols/http/detect-webapps.bro
View file

@ -4,9 +4,10 @@
@load base/frameworks/software
@load base/protocols/http
@load-sigs ./detect-webapps.sig
module HTTP;
redef signature_files += "protocols/http/detect-webapps.sig";
# Ignore the signatures used to match webapps
redef Signatures::ignored_ids += /^webapp-/;

2
scripts/site/local.bro
View file

@ -25,7 +25,7 @@ redef Software::vulnerable_versions += {
@load frameworks/software/version-changes
# This adds signatures to detect cleartext forward and reverse windows shells.
redef signature_files += "frameworks/signatures/detect-windows-shells.sig";
@load-sigs frameworks/signatures/detect-windows-shells
# Uncomment the following line to begin receiving (by default hourly) emails
# containing all of your notices.