Mirror/zeek
1
0
Fork 0
mirror of https://github.com/zeek/zeek.git synced 2025-10-08 01:28:20 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 3

Fixed a couple of bugs in the IRC analysis script.

Browse source 
* Also removed a debug print from the software/vulnerable script.
This commit is contained in:
Seth Hall 2011-04-26 11:24:38 -04:00
parent 6621a3001a
commit cc1501d6e3
2 changed files with 13 additions and 17 deletions
Download patch file Download diff file Expand all files Collapse all files

26
policy/irc/base.bro
View file

@ -17,10 +17,10 @@ export {
user: string &log &optional; user: string &log &optional;
channels: set[string] &log &optional; channels: set[string] &log &optional;
command: string &log &optional; command: string &log &optional;
value: string &log &optional; value: string &log &optional;
addl: string &log &optional; addl: string &log &optional;
tags: set[Tags] &log &default=set(); tags: set[Tags] &log;
}; };
const logged_commands = set("JOIN", "DCC SEND"); const logged_commands = set("JOIN", "DCC SEND");
@ -55,18 +55,16 @@ function new_session(c: connection): Info
function set_session(c: connection) function set_session(c: connection)
{ {
c$irc$ts=network_time(); if ( ! c?$irc )
}
event protocol_confirmation(c: connection, atype: count, aid: count)
{
if ( atype == ANALYZER_IRC )
c$irc = new_session(c); c$irc = new_session(c);
c$irc$ts=network_time();
} }
event irc_client(c: connection, prefix: string, data: string) event irc_client(c: connection, prefix: string, data: string)
{ {
set_session(c);
local parts = split1(data, / /); local parts = split1(data, / /);
local command = parts[1]; local command = parts[1];
@ -79,6 +77,8 @@ event irc_client(c: connection, prefix: string, data: string)
event irc_server(c: connection, prefix: string, data: string) event irc_server(c: connection, prefix: string, data: string)
{ {
set_session(c);
local parts = split1(data, / /); local parts = split1(data, / /);
local command = parts[1]; local command = parts[1];
@ -105,7 +105,6 @@ event irc_server(c: connection, prefix: string, data: string)
event irc_nick_message(c: connection, who: string, newnick: string) &priority=5 event irc_nick_message(c: connection, who: string, newnick: string) &priority=5
{ {
set_session(c);
c$irc$command="NICK"; c$irc$command="NICK";
c$irc$value = newnick; c$irc$value = newnick;
@ -122,7 +121,6 @@ event irc_nick_message(c: connection, who: string, newnick: string) &priority=-5
event irc_user_message(c: connection, user: string, host: string, server: string, real_name: string) event irc_user_message(c: connection, user: string, host: string, server: string, real_name: string)
{ {
set_session(c);
c$irc$command = "USER"; c$irc$command = "USER";
c$irc$value = user; c$irc$value = user;
c$irc$addl=fmt("%s %s %s", host, server, real_name); c$irc$addl=fmt("%s %s %s", host, server, real_name);
@ -137,8 +135,6 @@ event irc_user_message(c: connection, user: string, host: string,
event irc_join_message(c: connection, info_list: irc_join_list) &priority=5 event irc_join_message(c: connection, info_list: irc_join_list) &priority=5
{ {
set_session(c);
c$irc$command = "JOIN"; c$irc$command = "JOIN";
} }

2
policy/software/vulnerable.bro
View file

@ -23,7 +23,7 @@ event log_software(rec: Info)
if ( rec$name in vulnerable_versions && if ( rec$name in vulnerable_versions &&
cmp_versions(rec$version, vulnerable_versions[rec$name]) < 1 ) cmp_versions(rec$version, vulnerable_versions[rec$name]) < 1 )
{ {
print fmt("Vulnerable version of ", software_fmt(rec)); #print fmt("Vulnerable version of ", software_fmt(rec));
NOTICE([$note=Vulnerable_Version, $src=rec$host, $msg=software_fmt(rec)]); NOTICE([$note=Vulnerable_Version, $src=rec$host, $msg=software_fmt(rec)]);
} }
} }