Mirror/zeek
1
0
Fork 0
mirror of https://github.com/zeek/zeek.git synced 2025-10-02 14:48:21 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 2

Change version to 3.1.0-dev

Browse source
This commit is contained in:
Jon Siwek 2019-08-08 15:52:39 -07:00
parent d236f377e7
commit ba56cf62a7
10 changed files with 24 additions and 298 deletions
Download patch file Download diff file Expand all files Collapse all files

2
VERSION
View file

@ -1 +1 @@
2.6-767 3.1.0-dev

2
aux/bifcl

@ -1 +1 @@
Subproject commit 699ffb13c986aca599b70735b368a515c2149982 Subproject commit 5fc5eda51144ebfbf7ff1f9f52b3b079218ad748

2
aux/binpac

@ -1 +1 @@
Subproject commit 1045ab75217ed37f0ef734bfe6c59f4adc92bf0f Subproject commit 6af0d1270897699d908d548d1dbe8f82f8f32b9b

2
aux/broker

@ -1 +1 @@
Subproject commit 90a7ab3ebcc041ff89b378ffdb42f69117707d86 Subproject commit 6c1f404a84967136b3fec5c21f778e3ea570052c

2
aux/btest

@ -1 +1 @@
Subproject commit 8765e2805a5eb7c87403f566fb06897337270644 Subproject commit ec8483fd09fc8557197ab8850bd68a9c05e6321f

2
aux/netcontrol-connectors

@ -1 +1 @@
Subproject commit 8a6f3f7c506ac483265afc77d3c1b0861db79601 Subproject commit 6bb6709e755ecd2b930ff4a3ddd68f16d2b52cba

2
aux/paraglob

@ -1 +1 @@
Subproject commit 4b0c213ad64737fd1694216fe136b5665f932e22 Subproject commit b9b834c8d1ec3f2621ca504eaf60e0361fd607a2

2
aux/zeek-aux

@ -1 +1 @@
Subproject commit 9a7d124c718f45155ea5fa0d2e4ddc3239624171 Subproject commit e1e67d863a91e4fb1e6ea5b67fe3e6a2468b1024

2
aux/zeekctl

@ -1 +1 @@
Subproject commit 82d6956c30da6384146821d6ea3b72457c6b0df5 Subproject commit 0c0589c694555342463c879f18a26a810f563f76

304
testing/btest/scripts/site/local-compat.test
View file

@ -1,16 +1,21 @@
# @TEST-EXEC: zeek local-`cat $DIST/VERSION | sed 's/\([0-9].[0-9]\).*/\1/g'`.bro # @TEST-EXEC: zeek local-`cat $DIST/VERSION | sed 's/\([0-9].[0-9]\).*/\1/g'`.zeek
# This tests the compatibility of the past release's site/local.bro # This tests the compatibility of the past release's site/local.zeek
# script with the current version of Zeek. If the test fails because # script with the current version of Zeek.
# it doesn't find the right file, that means everything stayed #
# compatibile between releases, so just add a TEST-START-FILE with # If the test fails because it doesn't find the right file (e.g. you just
# the contents the latest Zeek version's site/local.zeek script. # made a release), that just means you should replace the contents of this
# If the test fails while loading the old local.bro, it usually # test with the contents of site/local.zeek from the last release. Use
# a new local-X.Y.zeek name just so this test is forced to be periodically
# refreshed with the new contents of local.zeek after every release.
#
# If the test fails while loading the old local-X.Y.zeek, it usually
# indicates a note will need to be made in NEWS explaining to users # indicates a note will need to be made in NEWS explaining to users
# how to migrate to the new version and this test's TEST-START-FILE # how to migrate to the new version. After adding that note to NEWS,
# should be updated with the latest contents of site/local.zeek. # # simply update this test's TEST-START-FILE with the latest contents
# site/local.zeek.
@TEST-START-FILE local-2.6.bro @TEST-START-FILE local-3.1.zeek
##! Local site policy. Customize as appropriate. ##! Local site policy. Customize as appropriate.
##! ##!
##! This file will not be overwritten when upgrading or reinstalling! ##! This file will not be overwritten when upgrading or reinstalling!
@ -113,282 +118,3 @@
# this adds the link-layer address for each connection endpoint to the conn.log file. # this adds the link-layer address for each connection endpoint to the conn.log file.
# @load policy/protocols/conn/mac-logging # @load policy/protocols/conn/mac-logging
@TEST-END-FILE @TEST-END-FILE
@TEST-START-FILE local-2.5.bro
##! Local site policy. Customize as appropriate.
##!
##! This file will not be overwritten when upgrading or reinstalling!
# This script logs which scripts were loaded during each run.
@load misc/loaded-scripts
# Apply the default tuning scripts for common tuning settings.
@load tuning/defaults
# Estimate and log capture loss.
@load misc/capture-loss
# Enable logging of memory, packet and lag statistics.
@load misc/stats
# Load the scan detection script.
@load misc/scan
# Detect traceroute being run on the network. This could possibly cause
# performance trouble when there are a lot of traceroutes on your network.
# Enable cautiously.
#@load misc/detect-traceroute
# Generate notices when vulnerable versions of software are discovered.
# The default is to only monitor software found in the address space defined
# as "local". Refer to the software framework's documentation for more
# information.
@load frameworks/software/vulnerable
# Detect software changing (e.g. attacker installing hacked SSHD).
@load frameworks/software/version-changes
# This adds signatures to detect cleartext forward and reverse windows shells.
@load-sigs frameworks/signatures/detect-windows-shells
# Load all of the scripts that detect software in various protocols.
@load protocols/ftp/software
@load protocols/smtp/software
@load protocols/ssh/software
@load protocols/http/software
# The detect-webapps script could possibly cause performance trouble when
# running on live traffic. Enable it cautiously.
#@load protocols/http/detect-webapps
# This script detects DNS results pointing toward your Site::local_nets
# where the name is not part of your local DNS zone and is being hosted
# externally. Requires that the Site::local_zones variable is defined.
@load protocols/dns/detect-external-names
# Script to detect various activity in FTP sessions.
@load protocols/ftp/detect
# Scripts that do asset tracking.
@load protocols/conn/known-hosts
@load protocols/conn/known-services
@load protocols/ssl/known-certs
# This script enables SSL/TLS certificate validation.
@load protocols/ssl/validate-certs
# This script prevents the logging of SSL CA certificates in x509.log
@load protocols/ssl/log-hostcerts-only
# Uncomment the following line to check each SSL certificate hash against the ICSI
# certificate notary service; see http://notary.icsi.berkeley.edu .
# @load protocols/ssl/notary
# If you have libGeoIP support built in, do some geographic detections and
# logging for SSH traffic.
@load protocols/ssh/geo-data
# Detect hosts doing SSH bruteforce attacks.
@load protocols/ssh/detect-bruteforcing
# Detect logins using "interesting" hostnames.
@load protocols/ssh/interesting-hostnames
# Detect SQL injection attacks.
@load protocols/http/detect-sqli
#### Network File Handling ####
# Enable MD5 and SHA1 hashing for all files.
@load frameworks/files/hash-all-files
# Detect SHA1 sums in Team Cymru's Malware Hash Registry.
@load frameworks/files/detect-MHR
# Uncomment the following line to enable detection of the heartbleed attack. Enabling
# this might impact performance a bit.
# @load policy/protocols/ssl/heartbleed
# Uncomment the following line to enable logging of connection VLANs. Enabling
# this adds two VLAN fields to the conn.log file.
# @load policy/protocols/conn/vlan-logging
# Uncomment the following line to enable logging of link-layer addresses. Enabling
# this adds the link-layer address for each connection endpoint to the conn.log file.
# @load policy/protocols/conn/mac-logging
# Uncomment the following line to enable the SMB analyzer. The analyzer
# is currently considered a preview and therefore not loaded by default.
# @load policy/protocols/smb
@TEST-END-FILE
@TEST-START-FILE local-2.4.bro
##! Local site policy. Customize as appropriate.
##!
##! This file will not be overwritten when upgrading or reinstalling!
# This script logs which scripts were loaded during each run.
@load misc/loaded-scripts
# Apply the default tuning scripts for common tuning settings.
@load tuning/defaults
# Load the scan detection script.
@load misc/scan
# Detect traceroute being run on the network.
@load misc/detect-traceroute
# Generate notices when vulnerable versions of software are discovered.
# The default is to only monitor software found in the address space defined
# as "local". Refer to the software framework's documentation for more
# information.
@load frameworks/software/vulnerable
# Detect software changing (e.g. attacker installing hacked SSHD).
@load frameworks/software/version-changes
# This adds signatures to detect cleartext forward and reverse windows shells.
@load-sigs frameworks/signatures/detect-windows-shells
# Load all of the scripts that detect software in various protocols.
@load protocols/ftp/software
@load protocols/smtp/software
@load protocols/ssh/software
@load protocols/http/software
# The detect-webapps script could possibly cause performance trouble when
# running on live traffic. Enable it cautiously.
#@load protocols/http/detect-webapps
# This script detects DNS results pointing toward your Site::local_nets
# where the name is not part of your local DNS zone and is being hosted
# externally. Requires that the Site::local_zones variable is defined.
@load protocols/dns/detect-external-names
# Script to detect various activity in FTP sessions.
@load protocols/ftp/detect
# Scripts that do asset tracking.
@load protocols/conn/known-hosts
@load protocols/conn/known-services
@load protocols/ssl/known-certs
# This script enables SSL/TLS certificate validation.
@load protocols/ssl/validate-certs
# This script prevents the logging of SSL CA certificates in x509.log
@load protocols/ssl/log-hostcerts-only
# Uncomment the following line to check each SSL certificate hash against the ICSI
# certificate notary service; see http://notary.icsi.berkeley.edu .
# @load protocols/ssl/notary
# If you have libGeoIP support built in, do some geographic detections and
# logging for SSH traffic.
@load protocols/ssh/geo-data
# Detect hosts doing SSH bruteforce attacks.
@load protocols/ssh/detect-bruteforcing
# Detect logins using "interesting" hostnames.
@load protocols/ssh/interesting-hostnames
# Detect SQL injection attacks.
@load protocols/http/detect-sqli
#### Network File Handling ####
# Enable MD5 and SHA1 hashing for all files.
@load frameworks/files/hash-all-files
# Detect SHA1 sums in Team Cymru's Malware Hash Registry.
@load frameworks/files/detect-MHR
# Uncomment the following line to enable detection of the heartbleed attack. Enabling
# this might impact performance a bit.
# @load policy/protocols/ssl/heartbleed
@TEST-END-FILE
@TEST-START-FILE local-2.3.bro
##! Local site policy. Customize as appropriate.
##!
##! This file will not be overwritten when upgrading or reinstalling!
# This script logs which scripts were loaded during each run.
@load misc/loaded-scripts
# Apply the default tuning scripts for common tuning settings.
@load tuning/defaults
# Load the scan detection script.
@load misc/scan
# Log some information about web applications being used by users
# on your network.
@load misc/app-stats
# Detect traceroute being run on the network.
@load misc/detect-traceroute
# Generate notices when vulnerable versions of software are discovered.
# The default is to only monitor software found in the address space defined
# as "local". Refer to the software framework's documentation for more
# information.
@load frameworks/software/vulnerable
# Detect software changing (e.g. attacker installing hacked SSHD).
@load frameworks/software/version-changes
# This adds signatures to detect cleartext forward and reverse windows shells.
@load-sigs frameworks/signatures/detect-windows-shells
# Load all of the scripts that detect software in various protocols.
@load protocols/ftp/software
@load protocols/smtp/software
@load protocols/ssh/software
@load protocols/http/software
# The detect-webapps script could possibly cause performance trouble when
# running on live traffic. Enable it cautiously.
#@load protocols/http/detect-webapps
# This script detects DNS results pointing toward your Site::local_nets
# where the name is not part of your local DNS zone and is being hosted
# externally. Requires that the Site::local_zones variable is defined.
@load protocols/dns/detect-external-names
# Script to detect various activity in FTP sessions.
@load protocols/ftp/detect
# Scripts that do asset tracking.
@load protocols/conn/known-hosts
@load protocols/conn/known-services
@load protocols/ssl/known-certs
# This script enables SSL/TLS certificate validation.
@load protocols/ssl/validate-certs
# This script prevents the logging of SSL CA certificates in x509.log
@load protocols/ssl/log-hostcerts-only
# Uncomment the following line to check each SSL certificate hash against the ICSI
# certificate notary service; see http://notary.icsi.berkeley.edu .
# @load protocols/ssl/notary
# If you have libGeoIP support built in, do some geographic detections and
# logging for SSH traffic.
@load protocols/ssh/geo-data
# Detect hosts doing SSH bruteforce attacks.
@load protocols/ssh/detect-bruteforcing
# Detect logins using "interesting" hostnames.
@load protocols/ssh/interesting-hostnames
# Detect SQL injection attacks.
@load protocols/http/detect-sqli
#### Network File Handling ####
# Enable MD5 and SHA1 hashing for all files.
@load frameworks/files/hash-all-files
# Detect SHA1 sums in Team Cymru's Malware Hash Registry.
@load frameworks/files/detect-MHR
# Uncomment the following line to enable detection of the heartbleed attack. Enabling
# this might impact performance a bit.
# @load policy/protocols/ssl/heartbleed
@TEST-END-FILE