Mirror/zeek
1
0
Fork 0
mirror of https://github.com/zeek/zeek.git synced 2025-10-11 02:58:20 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 2

Merge branch 'smb2-updates' of https://github.com/dtrejod/bro

Browse source
This commit is contained in:
Johanna Amann 2018-05-31 21:12:51 -07:00
commit b2dc7ffb26
6 changed files with 77 additions and 2 deletions
Download patch file Download diff file Expand all files Collapse all files

1
scripts/policy/protocols/smb/main.bro
View file

@ -18,6 +18,7 @@ export {
FILE_CLOSE,
FILE_DELETE,
FILE_RENAME,
FILE_SET_ATTRIBUTE,
PIPE_READ,
PIPE_WRITE,

20
scripts/policy/protocols/smb/smb2-main.bro
View file

@ -239,6 +239,26 @@ event smb2_write_request(c: connection, hdr: SMB2::Header, file_id: SMB2::GUID,
SMB::write_file_log(c$smb_state);
}
event smb2_file_sattr(c: connection, hdr: SMB2::Header, file_id: SMB2::GUID, times: SMB::MACTimes, attrs: SMB2::FileAttrs) &priority=-5
{
SMB::write_file_log(c$smb_state);
}
event smb2_file_sattr(c: connection, hdr: SMB2::Header, file_id: SMB2::GUID, times: SMB::MACTimes, attrs: SMB2::FileAttrs) &priority=5
{
SMB::set_current_file(c$smb_state, file_id$persistent+file_id$volatile);
switch ( c$smb_state$current_tree$share_type )
{
case "DISK":
c$smb_state$current_file$action = SMB::FILE_SET_ATTRIBUTE;
break;
default:
c$smb_state$current_file$action = SMB::FILE_SET_ATTRIBUTE;
break;
}
}
event smb2_file_rename(c: connection, hdr: SMB2::Header, file_id: SMB2::GUID, dst_filename: string) &priority=5
{
SMB::set_current_file(c$smb_state, file_id$persistent+file_id$volatile);