Mirror/zeek
1
0
Fork 0
mirror of https://github.com/zeek/zeek.git synced 2025-10-02 14:48:21 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 2

Updating NEWS for SSH.

Browse source
This commit is contained in:
Robin Sommer 2015-04-27 08:02:42 -07:00
parent da24fa40a5
commit a6aa70d51f
2 changed files with 24 additions and 5 deletions
Download patch file Download diff file Expand all files Collapse all files

27
NEWS
View file

@ -38,10 +38,17 @@ New Functionality
- Bro now has support for the SIP protocol over UDP. Activity gets - Bro now has support for the SIP protocol over UDP. Activity gets
logged into sip.log. logged into sip.log.
- Bro now features a completely rewritten, enhanced SSH analyzer, with - Bro now features a completely rewritten, enhanced SSH analyzer. The
a set of added events being generated. A lot more information about new analyzer is able to determine if logins failed or succeeded in
SSH sessions is logged. The analyzer is able to determine if logins most circumstances, logs a lot more more information about SSH
failed or succeeded in most circumstances. sessions, supports v1, and introduces the intelligence type
``Intel::PUBKEY_HASH`` and location ``SSH::IN_SERVER_HOST_KEY``. The
analayzer also generates a set of additional events
(``ssh_auth_successful``, ``ssh_auth_failed``, ``ssh_capabilities``,
``ssh2_server_host_key``, ``ssh1_server_host_key``,
``ssh_encrypted_packet``, ``ssh2_dh_server_params``,
``ssh2_gss_error``, ``ssh2_ecc_key``). See next section for
incompatible SSH changes.
- Bro's file analysis now supports reassembly of files that are not - Bro's file analysis now supports reassembly of files that are not
transferred/seen sequentially. The default file reassembly buffer transferred/seen sequentially. The default file reassembly buffer
@ -148,6 +155,18 @@ Changed Functionality
record gives the how many bytes have been written so far (i.e. record gives the how many bytes have been written so far (i.e.
the "offset"). the "offset").
- The SSH changes come with a few incompatibilities. The following
events have been renamed:
* ``SSH::heuristic_failed_login`` to ``SSH::ssh_auth_failed``
* ``SSH::heuristic_successful_login`` to ``SSH::ssh_auth_successful``
The ``SSH::Info`` status field has been removed and replaced with
the ``auth_success`` field. This field has been changed from a
string that was previously ``success``, ``failure`` or
``undetermined`` to a boolean. a boolean that is ``T``, ``F``, or
unset.
- has_valid_octets: now uses a string_vec parameter instead of - has_valid_octets: now uses a string_vec parameter instead of
string_array. string_array.

2
aux/broker

@ -1 +1 @@
Subproject commit 523b0cd66de7253641cb9e099ba788a1ce728f8d Subproject commit 29b3db0816bf03d608405675760207a06414c232