Mirror/zeek
1
0
Fork 0
mirror of https://github.com/zeek/zeek.git synced 2025-10-02 14:48:21 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 2

The SSH::Login notice type has returned.

Browse source
This commit is contained in:
Seth Hall 2011-08-24 12:55:28 -04:00
parent c750f0c327
commit 9160898d03
1 changed files with 10 additions and 0 deletions
Download patch file Download diff file Expand all files Collapse all files

10
scripts/base/protocols/ssh/main.bro
View file

@ -10,6 +10,12 @@ module SSH;
export { export {
redef enum Log::ID += { SSH }; redef enum Log::ID += { SSH };
redef enum Notice::Type += {
## This indicates that a heuristically detected "successful" SSH
## authentication occurred.
Login
};
type Info: record { type Info: record {
ts: time &log; ts: time &log;
uid: string &log; uid: string &log;
@ -128,6 +134,10 @@ function check_ssh_connection(c: connection, done: bool)
event SSH::heuristic_successful_login(c: connection) &priority=-5 event SSH::heuristic_successful_login(c: connection) &priority=-5
{ {
NOTICE([$note=Login,
$msg="Heuristically detected successful SSH login.",
$conn=c]);
Log::write(SSH, c$ssh); Log::write(SSH, c$ssh);
} }
event SSH::heuristic_failed_login(c: connection) &priority=-5 event SSH::heuristic_failed_login(c: connection) &priority=-5