Merge remote-tracking branch 'origin/topic/vladg/bit-1641'

* origin/topic/vladg/bit-1641: Logic fix for ssh/main.bro when the auth status is indeterminate, and fix a test. Addresses BIT-1641. Clean up the logic for ssh_auth_failed. Addresses BIT-1641 Update baselines for adding a field to ssh.log as part of BIT-1641 Script-land changes for BIT-1641. Change SSH.cc to use ssh_auth_attempted instead of ssh_auth_failed. Addresses BIT-1641. Revert "Fixing duplicate SSH authentication failure events." Create new SSH events ssh_auth_attempt and ssh_auth_result. Add auth_attempts to SSH::Info. Address BIT-1641. I extended the tests a bit and did some small cleanups. I also moved the SSH events back to the global namespace for backwards compatibility and for consistency (the way it was at the moment, some of them were global some SSH::). Furthermore, I fixed the ssh_auth_result result event, it was only raised in the success case. ssh_auth_result is now also checked in the testcases. I also have a suspicion that the intel integration never really worked before. BIT-1641 #merged
2025-10-02 06:38:20 +00:00 · 2016-10-18 14:36:50 -04:00 · 2016-10-18 14:36:50 -04:00 · 8ce746cc25
commit 8ce746cc25
parent c5696821c8 70aaffbaac
14 changed files with 312 additions and 126 deletions
--- a/testing/btest/Baseline/scripts.base.protocols.ssh.one-auth-fail-only/output
+++ b/testing/btest/Baseline/scripts.base.protocols.ssh.one-auth-fail-only/output
@ -1,11 +1,50 @@
-C0LAHyvtKSQHyJxIl
-C37jN32gN3y3AZzyf6
-C3eiCBGOLw3VtHfOj
-C4J4Th3PJpwUYZZ6gc
-CHhAvVGS1DHFjwGM9
-CP5puj4I8PtEU4qzYg
-CUM0KZ3MLUfNB0cl11
-ClEkJM2Vm5giqnMf4h
-CmES5u32sYpV7JYN
-CtPZjS20MLrsMUOJi2
-CwjjYJ2WqgTbAqiHl6
+auth_attempted, C0LAHyvtKSQHyJxIl, F
+auth_attempted, C0LAHyvtKSQHyJxIl, F
+auth_attempted, C37jN32gN3y3AZzyf6, F
+auth_attempted, C37jN32gN3y3AZzyf6, F
+auth_attempted, C3eiCBGOLw3VtHfOj, F
+auth_attempted, C3eiCBGOLw3VtHfOj, F
+auth_attempted, C3eiCBGOLw3VtHfOj, F
+auth_attempted, C4J4Th3PJpwUYZZ6gc, F
+auth_attempted, C4J4Th3PJpwUYZZ6gc, F
+auth_attempted, CHhAvVGS1DHFjwGM9, F
+auth_attempted, CHhAvVGS1DHFjwGM9, F
+auth_attempted, CHhAvVGS1DHFjwGM9, F
+auth_attempted, CHhAvVGS1DHFjwGM9, F
+auth_attempted, CP5puj4I8PtEU4qzYg, F
+auth_attempted, CP5puj4I8PtEU4qzYg, F
+auth_attempted, CUM0KZ3MLUfNB0cl11, F
+auth_attempted, CUM0KZ3MLUfNB0cl11, F
+auth_attempted, CUM0KZ3MLUfNB0cl11, F
+auth_attempted, ClEkJM2Vm5giqnMf4h, F
+auth_attempted, ClEkJM2Vm5giqnMf4h, F
+auth_attempted, CmES5u32sYpV7JYN, F
+auth_attempted, CmES5u32sYpV7JYN, F
+auth_attempted, CmES5u32sYpV7JYN, F
+auth_attempted, CmES5u32sYpV7JYN, F
+auth_attempted, CtPZjS20MLrsMUOJi2, F
+auth_attempted, CtPZjS20MLrsMUOJi2, F
+auth_attempted, CwjjYJ2WqgTbAqiHl6, F
+auth_attempted, CwjjYJ2WqgTbAqiHl6, F
+auth_failed, C0LAHyvtKSQHyJxIl
+auth_failed, C37jN32gN3y3AZzyf6
+auth_failed, C3eiCBGOLw3VtHfOj
+auth_failed, C4J4Th3PJpwUYZZ6gc
+auth_failed, CHhAvVGS1DHFjwGM9
+auth_failed, CP5puj4I8PtEU4qzYg
+auth_failed, CUM0KZ3MLUfNB0cl11
+auth_failed, ClEkJM2Vm5giqnMf4h
+auth_failed, CmES5u32sYpV7JYN
+auth_failed, CtPZjS20MLrsMUOJi2
+auth_failed, CwjjYJ2WqgTbAqiHl6
+auth_result, C0LAHyvtKSQHyJxIl, F, 2
+auth_result, C37jN32gN3y3AZzyf6, F, 2
+auth_result, C3eiCBGOLw3VtHfOj, F, 3
+auth_result, C4J4Th3PJpwUYZZ6gc, F, 2
+auth_result, CHhAvVGS1DHFjwGM9, F, 4
+auth_result, CP5puj4I8PtEU4qzYg, F, 2
+auth_result, CUM0KZ3MLUfNB0cl11, F, 3
+auth_result, ClEkJM2Vm5giqnMf4h, F, 2
+auth_result, CmES5u32sYpV7JYN, F, 4
+auth_result, CtPZjS20MLrsMUOJi2, F, 2
+auth_result, CwjjYJ2WqgTbAqiHl6, F, 2