Merge branch 'master' into topic/jsiwek/reorg-followup

Conflicts:
	scripts/base/frameworks/cluster/setup-connections.bro
	scripts/base/protocols/ssh/main.bro

scripts/site/local-manager.bro

@@ -0,0 +1,7 @@
+##! Local site policy loaded only by the manager in a cluster.
+
+# If you are running a cluster you should define your Notice::policy here 
+# so that notice processing occurs on the manager.
+redef Notice::policy += {
+
+};

scripts/site/local-proxy.bro

@@ -0,0 +1,2 @@
+##! Local site policy loaded only by the proxies if Bro is running as a cluster.
+

scripts/site/local-worker.bro

@@ -0,0 +1 @@
+##! Local site policy loaded only by the workers if Bro is running as a cluster.

scripts/site/local.bro

@@ -22,6 +22,7 @@ redef signature_files += "frameworks/signatures/detect-windows-shells.sig";
 
 # Load all of the scripts that detect software in various protocols.
 @load protocols/http/software
+#@load protocols/http/detect-webapps
 @load protocols/ftp/software
 @load protocols/smtp/software
 @load protocols/ssh/software
@@ -45,6 +46,19 @@ redef signature_files += "frameworks/signatures/detect-windows-shells.sig";
 # Load the script to enable SSL/TLS certificate validation.
 @load protocols/ssl/validate-certs
 
+# If you have libGeoIP support built in, do some geographic detections and 
+# logging for SSH traffic.
+@load protocols/ssh/geo-data
+# Detect hosts doing SSH bruteforce attacks.
+@load protocols/ssh/detect-bruteforcing
+# Detect logins using "interesting" hostnames.
+@load protocols/ssh/interesting-hostnames
+
+# Detect MD5 sums in Team Cymru's Malware Hash Registry.
+@load protocols/http/detect-MHR
+# Detect SQL injection attacks
+@load protocols/http/detect-sqli
+
 # Uncomment this redef if you want to extract SMTP MIME entities for 
 # some file types.  The numbers given indicate how many bytes to extract for
 # the various mime types.