mirror of
https://github.com/zeek/zeek.git
synced 2025-10-02 06:38:20 +00:00
Move the options from policy/tuning/defaults to actual Zeek defaults, deprecate that package
This commit is contained in:
Tim Wojtulewicz
parent
966d411ed5
commit
6821a41c4e
11 changed files with 45 additions and 38 deletions
7
NEWS
7
NEWS
|
|
@ -64,6 +64,13 @@ Changed Functionality
|
|||
but mainly for providing comparisons, which is why this is not a breaking
|
||||
change.
|
||||
|
||||
- The tuning/defaults policy has been deprecated and will be removed in
|
||||
v7.1. This policy was already being loaded by default via local.zeek. The
|
||||
settings contained within have become the overall defaults for Zeek now,
|
||||
instead of having to load the policy. The two changes here are that fragments
|
||||
now timeout after 5 minutes by default instead of no timeout, and extracted
|
||||
files now have a default size limit of 100MB instead of unlimited.
|
||||
|
||||
Removed Functionality
|
||||
---------------------
|
||||
|
||||
|
|
|
|||
|
|
@ -8,8 +8,8 @@ export {
|
|||
const prefix = "./extract_files/" &redef;
|
||||
|
||||
## The default max size for extracted files (they won't exceed this
|
||||
## number of bytes). A value of zero means unlimited.
|
||||
option default_limit = 0;
|
||||
## number of bytes). A value of zero means unlimited. Defaults to 100MB.
|
||||
option default_limit = 104857600;
|
||||
|
||||
## This setting configures if the file extract limit is inclusive
|
||||
## of missing bytes. By default, missing bytes do count towards the
|
||||
|
|
|
|||
|
|
@ -1491,7 +1491,7 @@ const rpc_timeout = 24 sec &redef;
|
|||
|
||||
## How long to hold onto fragments for possible reassembly. A value of 0.0
|
||||
## means "forever", which resists evasion, but can lead to state accrual.
|
||||
const frag_timeout = 0.0 sec &redef;
|
||||
const frag_timeout = 5 min &redef;
|
||||
|
||||
## Whether to use the ``ConnSize`` analyzer to count the number of packets and
|
||||
## IP-level bytes transferred by each endpoint. If true, these values are
|
||||
|
|
|
|||
|
|
@ -1,3 +1 @@
|
|||
@load ./packet-fragments
|
||||
@load ./warnings
|
||||
@load ./extracted_file_limits
|
||||
@deprecated "Remove in v7.1 The policy/tuning/defaults package is deprecated. The options set here are now the defaults for Zeek in general.";
|
||||
|
|
|
|||
|
|
@ -1,4 +1 @@
|
|||
@load base/files/extract
|
||||
|
||||
# 100 MB.
|
||||
redef FileExtract::default_limit = 104857600;
|
||||
@deprecated "Remove in v7.1 The policy/tuning/defaults package is deprecated. The options set here are now the defaults for Zeek in general.";
|
||||
|
|
|
|||
|
|
@ -1,12 +1 @@
|
|||
# Capture TCP fragments, but not UDP (or ICMP), since those are a lot more
|
||||
# common due to high-volume, fragmenting protocols such as NFS :-(.
|
||||
|
||||
# This normally isn't used because of the default open packet filter
|
||||
# but we set it anyway in case the user is using a packet filter.
|
||||
# Note: This was removed because the default model now is to have a wide
|
||||
# open packet filter.
|
||||
#redef capture_filters += { ["frag"] = "(ip[6:2] & 0x3fff != 0) and tcp" };
|
||||
|
||||
## Shorten the fragment timeout from never expiring to expiring fragments after
|
||||
## five minutes.
|
||||
redef frag_timeout = 5 min;
|
||||
@deprecated "Remove in v7.1 The policy/tuning/defaults package is deprecated. The options set here are now the defaults for Zeek in general.";
|
||||
|
|
|
|||
|
|
@ -1,11 +1 @@
|
|||
##! This file is meant to print messages on stdout for settings that would be
|
||||
##! good to set in most cases or other things that could be done to achieve
|
||||
##! better detection.
|
||||
|
||||
@load base/utils/site
|
||||
|
||||
event zeek_init() &priority=-10
|
||||
{
|
||||
if ( |Site::local_nets| == 0 )
|
||||
print "WARNING: No Site::local_nets have been defined. It's usually a good idea to define your local networks.";
|
||||
}
|
||||
@deprecated "Remove in v7.1 The policy/tuning/defaults package is deprecated. The options set here are now the defaults for Zeek in general.";
|
||||
|
|
|
|||
|
|
@ -9,9 +9,6 @@ redef digest_salt = "Please change this value.";
|
|||
# This script logs which scripts were loaded during each run.
|
||||
@load misc/loaded-scripts
|
||||
|
||||
# Apply the default tuning scripts for common tuning settings.
|
||||
@load tuning/defaults
|
||||
|
||||
# Estimate and log capture loss.
|
||||
@load misc/capture-loss
|
||||
|
||||
|
|
|
|||
|
|
@ -1,2 +1,15 @@
|
|||
### BTest baseline data generated by btest-diff. Do not edit. Use "btest -U/-u" to update. Requires BTest >= 0.63.
|
||||
### NOTE: This file has been sorted with diff-sort.
|
||||
warning in <...>/__load__.zeek, line 1: deprecated script loaded from <...>/__load__.zeek:2 "Remove in v7.1 The policy<...>/defaults package is deprecated. The options set here are now the defaults for Zeek in general.";
|
||||
warning in <...>/__load__.zeek, line 1: deprecated script loaded from <...>/__load__.zeek:2 "Remove in v7.1 The policy<...>/defaults package is deprecated. The options set here are now the defaults for Zeek in general.";
|
||||
warning in <...>/__load__.zeek, line 1: deprecated script loaded from <...>/__load__.zeek:2 "Remove in v7.1 The policy<...>/defaults package is deprecated. The options set here are now the defaults for Zeek in general.";
|
||||
warning in <...>/__load__.zeek, line 1: deprecated script loaded from command line arguments "Remove in v7.1 The policy<...>/defaults package is deprecated. The options set here are now the defaults for Zeek in general.";
|
||||
warning in <...>/extracted_file_limits.zeek, line 1: deprecated script loaded from <...>/test-all-policy.zeek:147 "Remove in v7.1 The policy<...>/defaults package is deprecated. The options set here are now the defaults for Zeek in general.";
|
||||
warning in <...>/extracted_file_limits.zeek, line 1: deprecated script loaded from <...>/test-all-policy.zeek:147 "Remove in v7.1 The policy<...>/defaults package is deprecated. The options set here are now the defaults for Zeek in general.";
|
||||
warning in <...>/extracted_file_limits.zeek, line 1: deprecated script loaded from command line arguments "Remove in v7.1 The policy<...>/defaults package is deprecated. The options set here are now the defaults for Zeek in general.";
|
||||
warning in <...>/packet-fragments.zeek, line 1: deprecated script loaded from <...>/test-all-policy.zeek:148 "Remove in v7.1 The policy<...>/defaults package is deprecated. The options set here are now the defaults for Zeek in general.";
|
||||
warning in <...>/packet-fragments.zeek, line 1: deprecated script loaded from <...>/test-all-policy.zeek:148 "Remove in v7.1 The policy<...>/defaults package is deprecated. The options set here are now the defaults for Zeek in general.";
|
||||
warning in <...>/packet-fragments.zeek, line 1: deprecated script loaded from command line arguments "Remove in v7.1 The policy<...>/defaults package is deprecated. The options set here are now the defaults for Zeek in general.";
|
||||
warning in <...>/warnings.zeek, line 1: deprecated script loaded from <...>/test-all-policy.zeek:149 "Remove in v7.1 The policy<...>/defaults package is deprecated. The options set here are now the defaults for Zeek in general.";
|
||||
warning in <...>/warnings.zeek, line 1: deprecated script loaded from <...>/test-all-policy.zeek:149 "Remove in v7.1 The policy<...>/defaults package is deprecated. The options set here are now the defaults for Zeek in general.";
|
||||
warning in <...>/warnings.zeek, line 1: deprecated script loaded from command line arguments "Remove in v7.1 The policy<...>/defaults package is deprecated. The options set here are now the defaults for Zeek in general.";
|
||||
|
|
|
|||
|
|
@ -1,5 +1,21 @@
|
|||
### BTest baseline data generated by btest-diff. Do not edit. Use "btest -U/-u" to update. Requires BTest >= 0.63.
|
||||
warning in <...>/__load__.zeek, line 1: deprecated script loaded from <...>/__load__.zeek:2 "Remove in v7.1 The policy<...>/defaults package is deprecated. The options set here are now the defaults for Zeek in general.";
|
||||
warning in <...>/extracted_file_limits.zeek, line 1: deprecated script loaded from <...>/test-all-policy.zeek:147 "Remove in v7.1 The policy<...>/defaults package is deprecated. The options set here are now the defaults for Zeek in general.";
|
||||
warning in <...>/packet-fragments.zeek, line 1: deprecated script loaded from <...>/test-all-policy.zeek:148 "Remove in v7.1 The policy<...>/defaults package is deprecated. The options set here are now the defaults for Zeek in general.";
|
||||
warning in <...>/warnings.zeek, line 1: deprecated script loaded from <...>/test-all-policy.zeek:149 "Remove in v7.1 The policy<...>/defaults package is deprecated. The options set here are now the defaults for Zeek in general.";
|
||||
received termination signal
|
||||
warning in <...>/__load__.zeek, line 1: deprecated script loaded from <...>/__load__.zeek:2 "Remove in v7.1 The policy<...>/defaults package is deprecated. The options set here are now the defaults for Zeek in general.";
|
||||
warning in <...>/extracted_file_limits.zeek, line 1: deprecated script loaded from <...>/test-all-policy.zeek:147 "Remove in v7.1 The policy<...>/defaults package is deprecated. The options set here are now the defaults for Zeek in general.";
|
||||
warning in <...>/packet-fragments.zeek, line 1: deprecated script loaded from <...>/test-all-policy.zeek:148 "Remove in v7.1 The policy<...>/defaults package is deprecated. The options set here are now the defaults for Zeek in general.";
|
||||
warning in <...>/warnings.zeek, line 1: deprecated script loaded from <...>/test-all-policy.zeek:149 "Remove in v7.1 The policy<...>/defaults package is deprecated. The options set here are now the defaults for Zeek in general.";
|
||||
received termination signal
|
||||
warning in <...>/__load__.zeek, line 1: deprecated script loaded from <...>/__load__.zeek:2 "Remove in v7.1 The policy<...>/defaults package is deprecated. The options set here are now the defaults for Zeek in general.";
|
||||
warning in <...>/extracted_file_limits.zeek, line 1: deprecated script loaded from <...>/test-all-policy.zeek:147 "Remove in v7.1 The policy<...>/defaults package is deprecated. The options set here are now the defaults for Zeek in general.";
|
||||
warning in <...>/packet-fragments.zeek, line 1: deprecated script loaded from <...>/test-all-policy.zeek:148 "Remove in v7.1 The policy<...>/defaults package is deprecated. The options set here are now the defaults for Zeek in general.";
|
||||
warning in <...>/warnings.zeek, line 1: deprecated script loaded from <...>/test-all-policy.zeek:149 "Remove in v7.1 The policy<...>/defaults package is deprecated. The options set here are now the defaults for Zeek in general.";
|
||||
received termination signal
|
||||
warning in <...>/__load__.zeek, line 1: deprecated script loaded from <...>/__load__.zeek:2 "Remove in v7.1 The policy<...>/defaults package is deprecated. The options set here are now the defaults for Zeek in general.";
|
||||
warning in <...>/extracted_file_limits.zeek, line 1: deprecated script loaded from <...>/test-all-policy.zeek:147 "Remove in v7.1 The policy<...>/defaults package is deprecated. The options set here are now the defaults for Zeek in general.";
|
||||
warning in <...>/packet-fragments.zeek, line 1: deprecated script loaded from <...>/test-all-policy.zeek:148 "Remove in v7.1 The policy<...>/defaults package is deprecated. The options set here are now the defaults for Zeek in general.";
|
||||
warning in <...>/warnings.zeek, line 1: deprecated script loaded from <...>/test-all-policy.zeek:149 "Remove in v7.1 The policy<...>/defaults package is deprecated. The options set here are now the defaults for Zeek in general.";
|
||||
received termination signal
|
||||
|
|
|
|||
|
|
@ -1,7 +1,7 @@
|
|||
### BTest baseline data generated by btest-diff. Do not edit. Use "btest -U/-u" to update. Requires BTest >= 0.63.
|
||||
data3, FyjjRu4ARLzpsPLhNh,
|
||||
data3, Fz3QLf4Bn4qaQwyUdk,
|
||||
depth warning, FyjjRu4ARLzpsPLhNh, [chunk_event=<uninitialized>, stream_event=<uninitialized>, extract_filename=<uninitialized>, extract_limit=0, extract_limit_includes_missing=T], 2
|
||||
depth warning, Fz3QLf4Bn4qaQwyUdk, [chunk_event=<uninitialized>, stream_event=<uninitialized>, extract_filename=<uninitialized>, extract_limit=0, extract_limit_includes_missing=T], 2
|
||||
depth warning, FyjjRu4ARLzpsPLhNh, [chunk_event=<uninitialized>, stream_event=<uninitialized>, extract_filename=<uninitialized>, extract_limit=104857600, extract_limit_includes_missing=T], 2
|
||||
depth warning, Fz3QLf4Bn4qaQwyUdk, [chunk_event=<uninitialized>, stream_event=<uninitialized>, extract_filename=<uninitialized>, extract_limit=104857600, extract_limit_includes_missing=T], 2
|
||||
data2, F2Qpmk14ATv4vFSEsi, from 1:hello world
|
||||
data1, FcRmxz1fPbKQEgGGUi, hello world
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue