Mirror/zeek
1
0
Fork 0
mirror of https://github.com/zeek/zeek.git synced 2025-10-08 01:28:20 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 3

Fixed a couple of bugs in the IRC analysis script.

Browse source 
* Also removed a debug print from the software/vulnerable script.
This commit is contained in:
Seth Hall 2011-04-26 11:24:38 -04:00
parent 6621a3001a
commit cc1501d6e3
2 changed files with 13 additions and 17 deletions
Download patch file Download diff file Expand all files Collapse all files

20
policy/irc/base.bro
View file

@ -20,7 +20,7 @@ export {
command: string &log &optional;
value: string &log &optional;
addl: string &log &optional;
tags: set[Tags] &log &default=set();
tags: set[Tags] &log;
};
const logged_commands = set("JOIN", "DCC SEND");
@ -55,18 +55,16 @@ function new_session(c: connection): Info
function set_session(c: connection)
{
c$irc$ts=network_time();
}
event protocol_confirmation(c: connection, atype: count, aid: count)
{
if ( atype == ANALYZER_IRC )
if ( ! c?$irc )
c$irc = new_session(c);
c$irc$ts=network_time();
}
event irc_client(c: connection, prefix: string, data: string)
{
set_session(c);
local parts = split1(data, / /);
local command = parts[1];
@ -79,6 +77,8 @@ event irc_client(c: connection, prefix: string, data: string)
event irc_server(c: connection, prefix: string, data: string)
{
set_session(c);
local parts = split1(data, / /);
local command = parts[1];
@ -105,7 +105,6 @@ event irc_server(c: connection, prefix: string, data: string)
event irc_nick_message(c: connection, who: string, newnick: string) &priority=5
{
set_session(c);
c$irc$command="NICK";
c$irc$value = newnick;
@ -122,7 +121,6 @@ event irc_nick_message(c: connection, who: string, newnick: string) &priority=-5
event irc_user_message(c: connection, user: string, host: string, server: string, real_name: string)
{
set_session(c);
c$irc$command = "USER";
c$irc$value = user;
c$irc$addl=fmt("%s %s %s", host, server, real_name);
@ -137,8 +135,6 @@ event irc_user_message(c: connection, user: string, host: string,
event irc_join_message(c: connection, info_list: irc_join_list) &priority=5
{
set_session(c);
c$irc$command = "JOIN";
}

2
policy/software/vulnerable.bro
View file

@ -23,7 +23,7 @@ event log_software(rec: Info)
if ( rec$name in vulnerable_versions &&
cmp_versions(rec$version, vulnerable_versions[rec$name]) < 1 )
{
print fmt("Vulnerable version of ", software_fmt(rec));
#print fmt("Vulnerable version of ", software_fmt(rec));
NOTICE([$note=Vulnerable_Version, $src=rec$host, $msg=software_fmt(rec)]);
}
}