Mirror/zeek
1
0
Fork 0
mirror of https://github.com/zeek/zeek.git synced 2025-10-02 14:48:21 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 2

Merge remote-tracking branch 'origin/topic/vladg/ssh'

Browse source 
* origin/topic/vladg/ssh:
  Fix tiny typo in NEWS.
  Fix SSH direction field being unset (addresses BIT-1365)

BIT-1365 #merged
This commit is contained in:
Robin Sommer 2015-04-21 13:37:31 -07:00
commit a7782b90b2
4 changed files with 11 additions and 2 deletions
Download patch file Download diff file Expand all files Collapse all files

5
CHANGES
View file

@ -1,4 +1,9 @@
2.3-836 | 2015-04-21 13:37:31 -0700
* Fix SSH direction field being unset. Addresses BIT-1365. (Vlad
Grigorescu)
2.3-833 | 2015-04-21 12:38:32 -0700 2.3-833 | 2015-04-21 12:38:32 -0700
* A Kerberos protocol analyzer. (Vlad Grigorescu) * A Kerberos protocol analyzer. (Vlad Grigorescu)

2
NEWS
View file

@ -36,7 +36,7 @@ New Functionality
logged into pe.log. logged into pe.log.
- Bro now features a completely rewritten, enhanced SSH analyzer, with - Bro now features a completely rewritten, enhanced SSH analyzer, with
a set of addedd events being generated. A lot more information about a set of added events being generated. A lot more information about
SSH sessions is logged. The analyzer is able to determine if logins SSH sessions is logged. The analyzer is able to determine if logins
failed or succeeded in most circumstances. failed or succeeded in most circumstances.

2
VERSION
View file

@ -1 +1 @@
2.3-833 2.3-836

4
scripts/base/protocols/ssh/main.bro
View file

@ -93,6 +93,10 @@ function set_session(c: connection)
info$ts = network_time(); info$ts = network_time();
info$uid = c$uid; info$uid = c$uid;
info$id = c$id; info$id = c$id;
# If both hosts are local or non-local, we can't reliably set a direction.
if ( Site::is_local_addr(c$id$orig_h) != Site::is_local_addr(c$id$resp_h) )
info$direction = Site::is_local_addr(c$id$orig_h) ? OUTBOUND: INBOUND;
c$ssh = info; c$ssh = info;
} }
} }