Added a policy/site directory with a local.bro start up script.

2025-10-02 06:38:20 +00:00 · 2011-07-18 14:30:38 -04:00 · 2011-07-18 14:30:38 -04:00 · 7bf3e94628
commit 7bf3e94628
parent 2ee000d93e
8 changed files with 81 additions and 12 deletions
--- a/bro-path-dev.in
+++ b/bro-path-dev.in
@ -10,7 +10,7 @@
 #     BROPATH=`./bro-path-dev` ./src/bro
 #
-broPolicies=${PROJECT_SOURCE_DIR}/policy
+broPolicies=${PROJECT_SOURCE_DIR}/policy:${PROJECT_SOURCE_DIR}/policy/site
 broGenPolicies=${CMAKE_BINARY_DIR}/src
--- a/policy/bro.init
+++ b/policy/bro.init
@ -1270,7 +1270,7 @@ type bt_tracker_headers: table[string] of string;
 # empty if none.
 const cmd_line_bpf_filter = "" &redef;
-# Rotate logs every x seconds.
+# Rotate logs every x interval.
 const log_rotate_interval = 0 sec &redef;
 # If set, rotate logs at given time + i * log_rotate_interval.
@ -1483,11 +1483,11 @@ const skip_http_data = F &redef;
 # UDP tunnels. See also: udp_tunnel_port, policy/udp-tunnel.bro.
 const parse_udp_tunnels = F &redef;
-@load site
+# Load the site utilities.
@load utils/site
 # Load the logging framework.
@load frameworks/logging
 # Load the packet filtering framework.
@load frameworks/packet-filter
 #@load dpd
--- a/policy/functions.bro
+++ b/policy/functions.bro
@ -1,3 +0,0 @@
@load site
@load frameworks/dpd
--- a/policy/protocols/conn/base/main.bro
+++ b/policy/protocols/conn/base/main.bro
@ -1,4 +1,3 @@
@load site
 module Conn;
--- a/policy/site/local.bro
+++ b/policy/site/local.bro
@ -0,0 +1,76 @@
 # Template for local site policy. Customize as appropriate. 
 #
 # (Note that enabling a particular kind of analysis via the cluster's 
 # "analysis command" only has an effect if the corresponding scripts are
 # loaded by this site policy.)
 # DPD should typically be loaded for detecting protocols on any port.
@load frameworks/dpd
@load protocols/conn
@load protocols/dns
@load protocols/ftp
@load protocols/http
@load protocols/irc
@load protocols/mime 
@load protocols/smtp
@load protocols/ssh
@load protocols/ssl
@load protocols/syslog
@load frameworks/metrics
@load frameworks/intel
@load frameworks/notice
@load frameworks/signatures
@load frameworks/software
@load frameworks/reporter
@load misc/loaded-scripts
@load tuning/defaults
 # Uncomment for profiling resource usage.
 # @load profiling 
 # redef expensive_profiling_multiple = 20;
 # Sample notice policy which you will almost certainly want 
 # to adapt to your environment. 
 #redef notice_action_filters +=
 #    {
 #	# These are all very common.
 #	#[Weird::ContentGap] = tally_notice_type_and_ignore,
 #	#[Weird::AckAboveHole] = tally_notice_type_and_ignore,
 #	#[Weird::RetransmissionInconsistency] = tally_notice_type_and_ignore,
 #	#[Drop::AddressDropIgnored] = ignore_notice,
 #	#[Drop::AddressDropped] = ignore_notice,
 #	#[Weird::WeirdActivity] = file_local_bro_notices,
 #	#[PacketFilter::DroppedPackets] = file_notice,
 #	#[TerminateConnection::TerminatingConnectionIgnored] = notice_alarm_per_orig,
 #	#[ProtocolDetector::ProtocolFound] = file_notice,
 #	#[ProtocolDetector::ServerFound] = file_if_remote,
 #	#[DynDisable::ProtocolViolation] = file_notice,
 #	};
 redef Weird::weird_action += {
 	["window_recision"] = Weird::WEIRD_FILE,
 	["RST_with_data"] = Weird::WEIRD_FILE,
 	["line_terminated_with_single_CR"] = Weird::WEIRD_FILE,
 	["line_terminated_with_single_LF"] = Weird::WEIRD_FILE,
 	["spontaneous_RST"] = Weird::WEIRD_FILE,
 	["spontaneous_FIN"] = Weird::WEIRD_FILE,
 	["data_before_established"] = Weird::WEIRD_FILE,
 	["unsolicited_SYN_response"] = Weird::WEIRD_FILE,
 	["inappropriate_FIN"] = Weird::WEIRD_FILE,
 	["possible_split_routing"] = Weird::WEIRD_FILE,
 	["connection_originator_SYN_ack"] = Weird::WEIRD_FILE,
 	["fragment_inconsistency"] = Weird::WEIRD_NOTICE_PER_ORIG,
 	["fragment_size_inconsistency"] = Weird::WEIRD_NOTICE_PER_ORIG,
 	["fragment_overlap"] = Weird::WEIRD_NOTICE_PER_ORIG,
 	["ICMP-unreachable for wrong state"] = Weird::WEIRD_NOTICE_PER_ORIG,
 	["corrupt_tcp_options"] = Weird::WEIRD_NOTICE_PER_ORIG,
 };
--- a/policy/test-all.bro
+++ b/policy/test-all.bro
@ -8,8 +8,6 @@
@load all.bro
 # @load test-all.bro
@load site.bro
@load detectors/http-MHR.bro
@load tuning/__load__.bro
@load tuning/defaults/__load__.bro
@load tuning/defaults/packet-fragments.bro
--- a/policy/utils/directions-and-hosts.bro
+++ b/policy/utils/directions-and-hosts.bro
@ -1,4 +1,3 @@
@load site
 type Direction: enum { INBOUND, OUTBOUND, BIDIRECTIONAL, NO_DIRECTION };
 function id_matches_direction(id: conn_id, d: Direction): bool
--- a/policy/utils/site.bro
+++ b/policy/utils/site.bro