Mirror/zeek
1
0
Fork 0
mirror of https://github.com/zeek/zeek.git synced 2025-10-09 18:18:19 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 2

Update SSH policy scripts with new events.

Browse source
This commit is contained in:
Vlad Grigorescu 2015-03-16 13:50:43 -04:00
parent 370f4f2179
commit 8218461d35
4 changed files with 9 additions and 9 deletions
Download patch file Download diff file Expand all files Collapse all files

8
scripts/base/protocols/ssh/main.bro
View file

@ -58,12 +58,12 @@ export {
} }
redef record Info += { redef record Info += {
## This connection has been logged (internal use) # This connection has been logged (internal use)
logged: bool &default=F; logged: bool &default=F;
## Number of failures seen (internal use) # Number of failures seen (internal use)
num_failures: count &default=0; num_failures: count &default=0;
## Store capabilities from the first host for # Store capabilities from the first host for
## comparison with the second (internal use) # comparison with the second (internal use)
capabilities: Capabilities &optional; capabilities: Capabilities &optional;
}; };

4
scripts/policy/protocols/ssh/detect-bruteforcing.bro
View file

@ -70,7 +70,7 @@ event bro_init()
}]); }]);
} }
event SSH::heuristic_successful_login(c: connection) event SSH::ssh_auth_successful(c: connection, auth_method_none: bool)
{ {
local id = c$id; local id = c$id;
@ -79,7 +79,7 @@ event SSH::heuristic_successful_login(c: connection)
$where=SSH::SUCCESSFUL_LOGIN]); $where=SSH::SUCCESSFUL_LOGIN]);
} }
event SSH::heuristic_failed_login(c: connection) event SSH::ssh_auth_failed(c: connection)
{ {
local id = c$id; local id = c$id;

4
scripts/policy/protocols/ssh/geo-data.bro
View file

@ -30,7 +30,7 @@ function get_location(c: connection): geo_location
return lookup_location(lookup_ip); return lookup_location(lookup_ip);
} }
event SSH::heuristic_successful_login(c: connection) &priority=5 event SSH::ssh_auth_successful(c: connection, auth_method_none: bool) &priority=3
{ {
# Add the location data to the SSH record. # Add the location data to the SSH record.
c$ssh$remote_location = get_location(c); c$ssh$remote_location = get_location(c);
@ -45,7 +45,7 @@ event SSH::heuristic_successful_login(c: connection) &priority=5
} }
} }
event SSH::heuristic_failed_login(c: connection) &priority=5 event SSH::ssh_auth_failed(c: connection) &priority=3
{ {
# Add the location data to the SSH record. # Add the location data to the SSH record.
c$ssh$remote_location = get_location(c); c$ssh$remote_location = get_location(c);

2
scripts/policy/protocols/ssh/interesting-hostnames.bro
View file

@ -27,7 +27,7 @@ export {
/^ftp[0-9]*\./ &redef; /^ftp[0-9]*\./ &redef;
} }
event SSH::heuristic_successful_login(c: connection) event SSH::ssh_auth_successful(c: connection, auth_method_none: bool)
{ {
for ( host in set(c$id$orig_h, c$id$resp_h) ) for ( host in set(c$id$orig_h, c$id$resp_h) )
{ {