Mirror/zeek
1
0
Fork 0
mirror of https://github.com/zeek/zeek.git synced 2025-10-02 14:48:21 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 2

Merge branch 'action-drop' of https://github.com/LBL-gov/zeek

Browse source 
* 'action-drop' of https://github.com/LBL-gov/zeek:
  Moved verb ACTION_DROP from policy/frameworks/netcontrol/catch-and-release.zeek to base/frameworks/notice/main.zeek.
This commit is contained in:
Johanna Amann 2020-08-12 19:44:18 +00:00
commit db3d8faf6e
3 changed files with 5 additions and 6 deletions
Download patch file Download diff file Expand all files Collapse all files

2
doc

@ -1 +1 @@
Subproject commit 990bf9fab1456e555d9945a76c03c22d400ae4e0 Subproject commit c303feaa43d8b645e44a54a87e559747024eb148

4
scripts/base/frameworks/notice/main.zeek
View file

@ -44,6 +44,10 @@ export {
## ASCII version of the alarm log is emailed in bulk to the ## ASCII version of the alarm log is emailed in bulk to the
## address(es) configured in :zeek:id:`Notice::mail_dest`. ## address(es) configured in :zeek:id:`Notice::mail_dest`.
ACTION_ALARM, ACTION_ALARM,
## Indicates that the notice should result in a drop action.
## The exact action taken depends on loaded policy scripts;
## see e.g. :zeek:see:`NetControl::acld_rule_policy`.
ACTION_DROP,
}; };
## Type that represents a set of actions. ## Type that represents a set of actions.

5
scripts/policy/frameworks/notice/actions/drop.zeek
View file

@ -8,11 +8,6 @@
module Notice; module Notice;
export { export {
redef enum Action += {
## Drops the address via :zeek:see:`NetControl::drop_address_catch_release`.
ACTION_DROP
};
redef record Info += { redef record Info += {
## Indicate if the $src IP address was dropped and denied ## Indicate if the $src IP address was dropped and denied
## network access. ## network access.