Mirror/zeek
1
0
Fork 0
mirror of https://github.com/zeek/zeek.git synced 2025-10-02 06:38:20 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 1

Merge remote-tracking branch 'origin/topic/awelzel/simple-scan-over-scan-zeek'

Browse source 
* origin/topic/awelzel/simple-scan-over-scan-zeek:
  Deprecate misc/scan.zeek
This commit is contained in:
Christian Kreibich 2022-08-23 10:19:23 -07:00
commit c887bcb517
6 changed files with 15 additions and 5 deletions
Download patch file Download diff file Expand all files Collapse all files

4
CHANGES
View file

@ -1,3 +1,7 @@
5.1.0-dev.436 | 2022-08-23 10:19:23 -0700
* Deprecate misc/scan.zeek (Arne Welzel, Corelight)
5.1.0-dev.434 | 2022-08-23 09:33:42 -0700 5.1.0-dev.434 | 2022-08-23 09:33:42 -0700
* stmt: Support iterating over vector values (Arne Welzel, Corelight) * stmt: Support iterating over vector values (Arne Welzel, Corelight)

3
NEWS
View file

@ -150,6 +150,9 @@ Deprecated Functionality
- The HOOK_BRO_OBJ_DTOR hook and associated methods have been deprecated. They - The HOOK_BRO_OBJ_DTOR hook and associated methods have been deprecated. They
are replaced by the HOOK_OBJ_DTOR hook and methods. are replaced by the HOOK_OBJ_DTOR hook and methods.
- The ``misc/scan.zeek`` script has been marked for removal in Zeek 6.1.
Use github.com/ncsa/bro-simple-scan instead.
Zeek 5.0.0 Zeek 5.0.0
========== ==========

2
VERSION
View file

@ -1 +1 @@
5.1.0-dev.434 5.1.0-dev.436

2
scripts/policy/misc/scan.zeek
View file

@ -4,6 +4,8 @@
# Seth Hall # Seth Hall
# All the authors of the old scan.bro # All the authors of the old scan.bro
@deprecated "Remove in v6.1. Use the external github.com/ncsa/bro-simple-scan package instead (e.g., by installing it via `zkg install ncsa/bro-simple-scan`). The misc/scan.zeek script hasn't been maintained since 2013. Further, the external bro-simple-scan package from NCSA (Justin Azoff) has become the recommended alternative for TCP scan detection."
@load base/frameworks/notice @load base/frameworks/notice
@load base/frameworks/sumstats @load base/frameworks/sumstats

7
scripts/site/local.zeek
View file

@ -18,9 +18,10 @@ redef digest_salt = "Please change this value.";
# Enable logging of memory, packet and lag statistics. # Enable logging of memory, packet and lag statistics.
@load misc/stats @load misc/stats
# Load the scan detection script. It's disabled by default because # For TCP scan detection, we recommend installing the package from
# it often causes performance issues. # 'https://github.com/ncsa/bro-simple-scan'. E.g., by installing it via
#@load misc/scan #
# zkg install ncsa/bro-simple-scan
# Detect traceroute being run on the network. This could possibly cause # Detect traceroute being run on the network. This could possibly cause
# performance trouble when there are a lot of traceroutes on your network. # performance trouble when there are a lot of traceroutes on your network.

2
testing/btest/coverage/bare-mode-errors.test
View file

@ -6,4 +6,4 @@
# #
# @TEST-EXEC: test -d $DIST/scripts # @TEST-EXEC: test -d $DIST/scripts
# @TEST-EXEC: for script in `find $DIST/scripts/ -name \*\.zeek`; do zeek -b --parse-only $script >>errors 2>&1; done # @TEST-EXEC: for script in `find $DIST/scripts/ -name \*\.zeek`; do zeek -b --parse-only $script >>errors 2>&1; done
# @TEST-EXEC: TEST_DIFF_CANONIFIER="$SCRIPTS/diff-remove-abspath | $SCRIPTS/diff-sort" btest-diff errors # @TEST-EXEC: TEST_DIFF_CANONIFIER="grep -v 'Use the external.*bro-simple-scan package' | $SCRIPTS/diff-remove-abspath | $SCRIPTS/diff-sort" btest-diff errors