Fixing documentation piece.

The interesting-hostname script has changed.
2025-10-16 13:38:19 +00:00 · 2016-10-06 14:23:35 -07:00 · 2016-10-06 14:23:35 -07:00 · d9ba7ea0dd
commit d9ba7ea0dd
parent 84bfd53e52
5 changed files with 61 additions and 26 deletions
--- a/testing/btest/Baseline/doc.sphinx.include-scripts_policy_protocols_ssh_interesting-hostnames_bro/output
+++ b/testing/btest/Baseline/doc.sphinx.include-scripts_policy_protocols_ssh_interesting-hostnames_bro/output
@ -31,20 +31,26 @@ export {
 			/^ftp[0-9]*\./  &redef;
 }

+function check_ssh_hostname(id: conn_id, uid: string, host: addr)
+	{
+	when ( local hostname = lookup_addr(host) )
+		{
+		if ( interesting_hostnames in hostname )
+			{
+			NOTICE([$note=Interesting_Hostname_Login,
+					$msg=fmt("Possible SSH login involving a %s %s with an interesting hostname.",
+							 Site::is_local_addr(host) ? "local" : "remote",
+							 host == id$orig_h ? "client" : "server"),
+					$sub=hostname, $id=id, $uid=uid]);
+			}
+		}
+	}
+
 event ssh_auth_successful(c: connection, auth_method_none: bool)
 	{
 	for ( host in set(c$id$orig_h, c$id$resp_h) )
 		{
-		when ( local hostname = lookup_addr(host) )
-			{
-			if ( interesting_hostnames in hostname )
-				{
-				NOTICE([$note=Interesting_Hostname_Login,
-				        $msg=fmt("Possible SSH login involving a %s %s with an interesting hostname.",
-				                 Site::is_local_addr(host) ? "local" : "remote",
-				                 host == c$id$orig_h ? "client" : "server"),
-				        $sub=hostname, $conn=c]);
-				}
-			}
+		check_ssh_hostname(c$id, c$uid, host);
 		}
 	}
+
--- a/testing/btest/doc/sphinx/include-scripts_policy_protocols_ssh_interesting-hostnames_bro.btest
+++ b/testing/btest/doc/sphinx/include-scripts_policy_protocols_ssh_interesting-hostnames_bro.btest
@ -31,20 +31,26 @@ export {
 			/^ftp[0-9]*\./  &redef;
 }

+function check_ssh_hostname(id: conn_id, uid: string, host: addr)
+	{
+	when ( local hostname = lookup_addr(host) )
+		{
+		if ( interesting_hostnames in hostname )
+			{
+			NOTICE([$note=Interesting_Hostname_Login,
+					$msg=fmt("Possible SSH login involving a %s %s with an interesting hostname.",
+							 Site::is_local_addr(host) ? "local" : "remote",
+							 host == id$orig_h ? "client" : "server"),
+					$sub=hostname, $id=id, $uid=uid]);
+			}
+		}
+	}
+
 event ssh_auth_successful(c: connection, auth_method_none: bool)
 	{
 	for ( host in set(c$id$orig_h, c$id$resp_h) )
 		{
-		when ( local hostname = lookup_addr(host) )
-			{
-			if ( interesting_hostnames in hostname )
-				{
-				NOTICE([$note=Interesting_Hostname_Login,
-				        $msg=fmt("Possible SSH login involving a %s %s with an interesting hostname.",
-				                 Site::is_local_addr(host) ? "local" : "remote",
-				                 host == c$id$orig_h ? "client" : "server"),
-				        $sub=hostname, $conn=c]);
-				}
-			}
+		check_ssh_hostname(c$id, c$uid, host);
 		}
 	}
+