diff --git a/doc/scripts/CMakeLists.txt b/doc/scripts/CMakeLists.txt index cb7a42929c..b82605d533 100644 --- a/doc/scripts/CMakeLists.txt +++ b/doc/scripts/CMakeLists.txt @@ -119,7 +119,7 @@ macro(REST_TARGET srcDir broInput) ARGS -E remove_directory .state # generate the reST documentation using bro COMMAND BROPATH=${BROPATH}:${srcDir} ${CMAKE_BINARY_DIR}/src/bro - ARGS --doc-scripts ${broInput} || (rm -rf .state *.log *.rst && exit 1) + ARGS -b -Z ${broInput} || (rm -rf .state *.log *.rst && exit 1) # move generated doc into a new directory tree that # defines the final structure of documents COMMAND "${CMAKE_COMMAND}" diff --git a/doc/scripts/DocSourcesList.cmake b/doc/scripts/DocSourcesList.cmake index 8290d3d102..e071de47e5 100644 --- a/doc/scripts/DocSourcesList.cmake +++ b/doc/scripts/DocSourcesList.cmake @@ -16,13 +16,13 @@ rest_target(${CMAKE_CURRENT_SOURCE_DIR} example.bro internal) rest_target(${psd} base/init-default.bro internal) rest_target(${psd} base/init-bare.bro internal) -rest_target(${CMAKE_BINARY_DIR}/src bro.bif.bro) -rest_target(${CMAKE_BINARY_DIR}/src const.bif.bro) -rest_target(${CMAKE_BINARY_DIR}/src event.bif.bro) -rest_target(${CMAKE_BINARY_DIR}/src logging.bif.bro) -rest_target(${CMAKE_BINARY_DIR}/src reporter.bif.bro) -rest_target(${CMAKE_BINARY_DIR}/src strings.bif.bro) -rest_target(${CMAKE_BINARY_DIR}/src types.bif.bro) +rest_target(${CMAKE_BINARY_DIR}/src/base bro.bif.bro) +rest_target(${CMAKE_BINARY_DIR}/src/base const.bif.bro) +rest_target(${CMAKE_BINARY_DIR}/src/base event.bif.bro) +rest_target(${CMAKE_BINARY_DIR}/src/base logging.bif.bro) +rest_target(${CMAKE_BINARY_DIR}/src/base reporter.bif.bro) +rest_target(${CMAKE_BINARY_DIR}/src/base strings.bif.bro) +rest_target(${CMAKE_BINARY_DIR}/src/base types.bif.bro) rest_target(${psd} base/frameworks/cluster/main.bro) rest_target(${psd} base/frameworks/cluster/nodes/manager.bro) rest_target(${psd} base/frameworks/cluster/nodes/proxy.bro) @@ -34,7 +34,9 @@ rest_target(${psd} base/frameworks/dpd/main.bro) rest_target(${psd} base/frameworks/intel/main.bro) rest_target(${psd} base/frameworks/logging/main.bro) rest_target(${psd} base/frameworks/logging/writers/ascii.bro) +rest_target(${psd} base/frameworks/metrics/cluster.bro) rest_target(${psd} base/frameworks/metrics/main.bro) +rest_target(${psd} base/frameworks/metrics/non-cluster.bro) rest_target(${psd} base/frameworks/notice/actions/add-geodata.bro) rest_target(${psd} base/frameworks/notice/actions/drop.bro) rest_target(${psd} base/frameworks/notice/actions/email_admin.bro) @@ -64,11 +66,11 @@ rest_target(${psd} base/protocols/http/partial-content.bro) rest_target(${psd} base/protocols/http/utils.bro) rest_target(${psd} base/protocols/irc/dcc-send.bro) rest_target(${psd} base/protocols/irc/main.bro) -rest_target(${psd} base/protocols/mime/base.bro) rest_target(${psd} base/protocols/mime/file-extract.bro) rest_target(${psd} base/protocols/mime/file-hash.bro) rest_target(${psd} base/protocols/mime/file-ident.bro) -rest_target(${psd} base/protocols/rpc/base.bro) +rest_target(${psd} base/protocols/mime/main.bro) +rest_target(${psd} base/protocols/rpc/main.bro) rest_target(${psd} base/protocols/smtp/entities-excerpt.bro) rest_target(${psd} base/protocols/smtp/entities.bro) rest_target(${psd} base/protocols/smtp/main.bro) @@ -99,8 +101,7 @@ rest_target(${psd} policy/frameworks/metrics/http-example.bro) rest_target(${psd} policy/frameworks/metrics/ssl-example.bro) rest_target(${psd} policy/frameworks/software/version-changes.bro) rest_target(${psd} policy/frameworks/software/vulnerable.bro) -rest_target(${psd} policy/integration/barnyard2/base.bro) -rest_target(${psd} policy/integration/barnyard2/event.bro) +rest_target(${psd} policy/integration/barnyard2/main.bro) rest_target(${psd} policy/integration/barnyard2/types.bro) rest_target(${psd} policy/misc/analysis-groups.bro) rest_target(${psd} policy/misc/loaded-scripts.bro) diff --git a/doc/scripts/genDocSourcesList.sh b/doc/scripts/genDocSourcesList.sh index 8ef4ff9c14..1f56843f5f 100755 --- a/doc/scripts/genDocSourcesList.sh +++ b/doc/scripts/genDocSourcesList.sh @@ -68,12 +68,12 @@ sourcedir=${thisdir}/../.. echo "$statictext" > $outfile -bifs=`( cd ${sourcedir}/build/src && find . -name \*\.bro | sort )` +bifs=`( cd ${sourcedir}/src && find . -name \*\.bif | sort )` for file in $bifs do - f=${file:2} - echo "rest_target(\${CMAKE_BINARY_DIR}/src $f)" >> $outfile + f=${file:2}.bro + echo "rest_target(\${CMAKE_BINARY_DIR}/src/base $f)" >> $outfile done scriptfiles=`( cd ${sourcedir}/scripts && find . -name \*\.bro | sort )` diff --git a/scripts/base/frameworks/cluster/__load__.bro b/scripts/base/frameworks/cluster/__load__.bro index 03262d3d75..d0b72dad4f 100644 --- a/scripts/base/frameworks/cluster/__load__.bro +++ b/scripts/base/frameworks/cluster/__load__.bro @@ -1,7 +1,7 @@ # Load the core cluster support. @load ./main -@if ( Cluster::node != "" ) +@if ( Cluster::is_enabled() ) # Give the node being started up it's peer name. redef peer_description = Cluster::node; @@ -26,17 +26,17 @@ redef peer_description = Cluster::node; ## Set the port that this node is supposed to listen on. redef Communication::listen_port_clear = Cluster::nodes[Cluster::node]$p; -@if ( Cluster::nodes[Cluster::node]$node_type == Cluster::MANAGER ) +@if ( Cluster::local_node_type() == Cluster::MANAGER ) @load ./nodes/manager @endif -@if ( Cluster::nodes[Cluster::node]$node_type == Cluster::PROXY ) +@if ( Cluster::local_node_type() == Cluster::PROXY ) @load ./nodes/proxy @endif -@if ( Cluster::nodes[Cluster::node]$node_type == Cluster::WORKER ) +@if ( Cluster::local_node_type() == Cluster::WORKER ) @load ./nodes/worker @endif @endif -@endif \ No newline at end of file +@endif diff --git a/scripts/base/frameworks/cluster/main.bro b/scripts/base/frameworks/cluster/main.bro index f6066e5800..0b117d2603 100644 --- a/scripts/base/frameworks/cluster/main.bro +++ b/scripts/base/frameworks/cluster/main.bro @@ -1,3 +1,4 @@ +@load base/frameworks/control module Cluster; @@ -9,6 +10,7 @@ export { } &log; type NodeType: enum { + NONE, CONTROL, MANAGER, PROXY, @@ -53,8 +55,8 @@ export { ## This function can be called at any time to determine what type of ## cluster node the current Bro instance is going to be acting as. - ## :bro:id:`is_enabled` should be called first to find out if this is - ## actually going to be a cluster node. + ## If :bro:id:`Cluster::is_enabled` returns false, then + ## :bro:enum:`Cluster::NONE` is returned. global local_node_type: function(): NodeType; ## This gives the value for the number of workers currently connected to, @@ -80,15 +82,15 @@ function is_enabled(): bool function local_node_type(): NodeType { - return nodes[node]$node_type; + return is_enabled() ? nodes[node]$node_type : NONE; } - event remote_connection_handshake_done(p: event_peer) { if ( nodes[p$descr]$node_type == WORKER ) ++worker_count; } + event remote_connection_closed(p: event_peer) { if ( nodes[p$descr]$node_type == WORKER ) @@ -100,10 +102,9 @@ event bro_init() &priority=5 # If a node is given, but it's an unknown name we need to fail. if ( node != "" && node !in nodes ) { - local msg = "You didn't supply a valid node in the Cluster::nodes configuration."; - event reporter_error(current_time(), msg, ""); + Reporter::error(fmt("'%s' is not a valid node in the Cluster::nodes configuration", node)); terminate(); } Log::create_stream(CLUSTER, [$columns=Info]); - } \ No newline at end of file + } diff --git a/scripts/base/frameworks/cluster/nodes/manager.bro b/scripts/base/frameworks/cluster/nodes/manager.bro index 78b9fb7788..d0c30406bc 100644 --- a/scripts/base/frameworks/cluster/nodes/manager.bro +++ b/scripts/base/frameworks/cluster/nodes/manager.bro @@ -8,6 +8,8 @@ ##! This is where the cluster manager sets it's specific settings for other ##! frameworks and in the core. +@load base/frameworks/notice + @prefixes += cluster-manager # Load the script for local site configuration for the manager node. diff --git a/scripts/base/frameworks/cluster/nodes/worker.bro b/scripts/base/frameworks/cluster/nodes/worker.bro index f534e0aecc..a19fa67485 100644 --- a/scripts/base/frameworks/cluster/nodes/worker.bro +++ b/scripts/base/frameworks/cluster/nodes/worker.bro @@ -1,3 +1,4 @@ +@load base/frameworks/notice @prefixes += cluster-worker diff --git a/scripts/base/frameworks/cluster/setup-connections.bro b/scripts/base/frameworks/cluster/setup-connections.bro index 7928d0c6ec..5937271793 100644 --- a/scripts/base/frameworks/cluster/setup-connections.bro +++ b/scripts/base/frameworks/cluster/setup-connections.bro @@ -1,5 +1,7 @@ @load ./main -@load base/frameworks/communication/main +@load base/frameworks/communication + +@if ( Cluster::node in Cluster::nodes ) module Cluster; @@ -79,3 +81,5 @@ event bro_init() &priority=9 } } } + +@endif diff --git a/scripts/base/frameworks/communication/main.bro b/scripts/base/frameworks/communication/main.bro index 73e6086f97..f6e58be1fc 100644 --- a/scripts/base/frameworks/communication/main.bro +++ b/scripts/base/frameworks/communication/main.bro @@ -1,6 +1,8 @@ ##! Connect to remote Bro or Broccoli instances to share state and/or transfer ##! events. +@load base/frameworks/packet-filter + module Communication; export { diff --git a/scripts/base/frameworks/intel/main.bro b/scripts/base/frameworks/intel/main.bro index 9849d4df42..f9ba388734 100644 --- a/scripts/base/frameworks/intel/main.bro +++ b/scripts/base/frameworks/intel/main.bro @@ -20,6 +20,8 @@ # canary # friend +@load base/frameworks/notice + module Intel; export { diff --git a/scripts/base/frameworks/logging/main.bro b/scripts/base/frameworks/logging/main.bro index a90dd21984..153663607d 100644 --- a/scripts/base/frameworks/logging/main.bro +++ b/scripts/base/frameworks/logging/main.bro @@ -159,7 +159,7 @@ export { # We keep a script-level copy of all filters so that we can manipulate them. global filters: table[ID, string] of Filter; -@load logging.bif.bro # Needs Filter and Stream defined. +@load base/logging.bif # Needs Filter and Stream defined. module Log; diff --git a/scripts/base/frameworks/metrics/cluster.bro b/scripts/base/frameworks/metrics/cluster.bro index 91efa98996..aaf1d43c56 100644 --- a/scripts/base/frameworks/metrics/cluster.bro +++ b/scripts/base/frameworks/metrics/cluster.bro @@ -8,6 +8,7 @@ ##! to be an internal implementation detail. @load base/frameworks/cluster +@load ./main module Metrics; @@ -258,4 +259,4 @@ event Metrics::cluster_filter_response(uid: string, id: ID, filter_name: string, } } -@endif \ No newline at end of file +@endif diff --git a/scripts/base/frameworks/metrics/non-cluster.bro b/scripts/base/frameworks/metrics/non-cluster.bro index a467ebf714..85c050fb25 100644 --- a/scripts/base/frameworks/metrics/non-cluster.bro +++ b/scripts/base/frameworks/metrics/non-cluster.bro @@ -1,3 +1,4 @@ +@load ./main module Metrics; @@ -17,4 +18,4 @@ function data_added(filter: Filter, index: Index, val: count) { if ( check_notice(filter, index, val) ) do_notice(filter, index, val); - } \ No newline at end of file + } diff --git a/scripts/base/frameworks/notice/actions/add-geodata.bro b/scripts/base/frameworks/notice/actions/add-geodata.bro index 71e9c6b490..bc4021abea 100644 --- a/scripts/base/frameworks/notice/actions/add-geodata.bro +++ b/scripts/base/frameworks/notice/actions/add-geodata.bro @@ -4,6 +4,10 @@ ##! probably a safe assumption to make in most cases. If both addresses ##! are remote, it will use the $src address. +@load ../main +@load base/frameworks/notice +@load base/utils/site + module Notice; export { @@ -44,4 +48,4 @@ event notice(n: Notice::Info) &priority=10 else if ( n?$dst && ! Site::is_local_addr(n$dst) ) n$remote_location = lookup_location(n$dst); } - } \ No newline at end of file + } diff --git a/scripts/base/frameworks/notice/actions/drop.bro b/scripts/base/frameworks/notice/actions/drop.bro index fc1f608f9f..0116dd4ed4 100644 --- a/scripts/base/frameworks/notice/actions/drop.bro +++ b/scripts/base/frameworks/notice/actions/drop.bro @@ -1,6 +1,8 @@ ##! This script extends the built in notice code to implement the IP address ##! dropping functionality. +@load ../main + module Notice; export { @@ -31,4 +33,4 @@ event bro_init() }; add Notice::sync_functions[drop_func]; - } \ No newline at end of file + } diff --git a/scripts/base/frameworks/notice/actions/email_admin.bro b/scripts/base/frameworks/notice/actions/email_admin.bro index c03629d885..56c0d5853d 100644 --- a/scripts/base/frameworks/notice/actions/email_admin.bro +++ b/scripts/base/frameworks/notice/actions/email_admin.bro @@ -1,3 +1,6 @@ +@load ../main +@load base/utils/site + module Notice; export { diff --git a/scripts/base/frameworks/notice/actions/page.bro b/scripts/base/frameworks/notice/actions/page.bro index 059a92c0c9..f88064ac47 100644 --- a/scripts/base/frameworks/notice/actions/page.bro +++ b/scripts/base/frameworks/notice/actions/page.bro @@ -1,3 +1,4 @@ +@load ../main module Notice; @@ -16,4 +17,4 @@ event notice(n: Notice::Info) &priority=-5 { if ( ACTION_PAGE in n$actions ) email_notice_to(n, mail_page_dest, F); - } \ No newline at end of file + } diff --git a/scripts/base/frameworks/notice/extend-email/hostnames.bro b/scripts/base/frameworks/notice/extend-email/hostnames.bro index da2d0d5d0f..b7be601db0 100644 --- a/scripts/base/frameworks/notice/extend-email/hostnames.bro +++ b/scripts/base/frameworks/notice/extend-email/hostnames.bro @@ -1,3 +1,4 @@ +@load ../main module Notice; diff --git a/scripts/base/frameworks/notice/weird.bro b/scripts/base/frameworks/notice/weird.bro index 31ecd484e9..556b34432a 100644 --- a/scripts/base/frameworks/notice/weird.bro +++ b/scripts/base/frameworks/notice/weird.bro @@ -1,3 +1,7 @@ +@load base/utils/conn-ids +@load base/utils/site +@load ./main + module Weird; export { diff --git a/scripts/base/frameworks/packet-filter/main.bro b/scripts/base/frameworks/packet-filter/main.bro index b030e763f0..5d5bd61106 100644 --- a/scripts/base/frameworks/packet-filter/main.bro +++ b/scripts/base/frameworks/packet-filter/main.bro @@ -4,6 +4,8 @@ ##! open filter and all filters defined in Bro scripts with the ##! :bro:id:`capture_filters` and :bro:id:`restrict_filters` variables. +@load base/frameworks/notice + module PacketFilter; export { diff --git a/scripts/base/frameworks/packet-filter/netstats.bro b/scripts/base/frameworks/packet-filter/netstats.bro index 887c7222e0..69b5026515 100644 --- a/scripts/base/frameworks/packet-filter/netstats.bro +++ b/scripts/base/frameworks/packet-filter/netstats.bro @@ -1,5 +1,7 @@ ##! This script reports on packet loss from the various packet sources. +@load base/frameworks/notice + module PacketFilter; export { diff --git a/scripts/base/frameworks/signatures/main.bro b/scripts/base/frameworks/signatures/main.bro index 9f218ab144..14aa3240c6 100644 --- a/scripts/base/frameworks/signatures/main.bro +++ b/scripts/base/frameworks/signatures/main.bro @@ -1,5 +1,7 @@ ##! Script level signature support. +@load base/frameworks/notice + module Signatures; export { diff --git a/scripts/base/frameworks/software/main.bro b/scripts/base/frameworks/software/main.bro index e35902aff1..7f9a55673b 100644 --- a/scripts/base/frameworks/software/main.bro +++ b/scripts/base/frameworks/software/main.bro @@ -4,6 +4,9 @@ ##! that they analyze. The entry point for providing new software detections ##! to this framework is through the :bro:id:`Software::found` function. +@load base/utils/directions-and-hosts +@load base/utils/numbers + module Software; export { diff --git a/scripts/base/init-bare.bro b/scripts/base/init-bare.bro index 6e71f2ba88..2a9f093385 100644 --- a/scripts/base/init-bare.bro +++ b/scripts/base/init-bare.bro @@ -1,5 +1,5 @@ -@load const.bif.bro -@load types.bif.bro +@load base/const.bif +@load base/types.bif # Type declarations type string_array: table[count] of string; @@ -301,9 +301,9 @@ type entropy_test_result: record { }; # Prototypes of Bro built-in functions. -@load strings.bif.bro -@load bro.bif.bro -@load reporter.bif.bro +@load base/strings.bif +@load base/bro.bif +@load base/reporter.bif global log_file_name: function(tag: string): string &redef; global open_log_file: function(tag: string): file &redef; @@ -1290,7 +1290,7 @@ type bittorrent_benc_dir: table[string] of bittorrent_benc_value; ## The header table type used by the bittorrenttracker analyzer. type bt_tracker_headers: table[string] of string; -@load event.bif.bro +@load base/event.bif # The filter the user has set via the -f command line options, or # empty if none. diff --git a/scripts/base/protocols/conn/contents.bro b/scripts/base/protocols/conn/contents.bro index 21945beed5..feabb1303c 100644 --- a/scripts/base/protocols/conn/contents.bro +++ b/scripts/base/protocols/conn/contents.bro @@ -8,6 +8,8 @@ ##! This script does not work well in a cluster context unless it has a ##! remotely mounted disk to write the content files to. +@load base/utils/files + module Conn; export { diff --git a/scripts/base/protocols/conn/main.bro b/scripts/base/protocols/conn/main.bro index 4184e12c5b..82d5511436 100644 --- a/scripts/base/protocols/conn/main.bro +++ b/scripts/base/protocols/conn/main.bro @@ -1,3 +1,4 @@ +@load base/utils/site module Conn; diff --git a/scripts/base/protocols/dns/main.bro b/scripts/base/protocols/dns/main.bro index 59ade654d4..eff1b4c4f0 100644 --- a/scripts/base/protocols/dns/main.bro +++ b/scripts/base/protocols/dns/main.bro @@ -1,3 +1,4 @@ +@load ./consts module DNS; diff --git a/scripts/base/protocols/ftp/file-extract.bro b/scripts/base/protocols/ftp/file-extract.bro index 5ebe0ec63c..c638e90a65 100644 --- a/scripts/base/protocols/ftp/file-extract.bro +++ b/scripts/base/protocols/ftp/file-extract.bro @@ -1,5 +1,8 @@ ##! File extraction for FTP. +@load ./main +@load base/utils/files + module FTP; export { @@ -62,4 +65,4 @@ event log_ftp(rec: Info) &priority=-10 { delete rec$extraction_file; delete rec$extract_file; - } \ No newline at end of file + } diff --git a/scripts/base/protocols/ftp/main.bro b/scripts/base/protocols/ftp/main.bro index bf32ba3114..9dd6a4b6d2 100644 --- a/scripts/base/protocols/ftp/main.bro +++ b/scripts/base/protocols/ftp/main.bro @@ -7,6 +7,10 @@ ##! ##! * Handle encrypted sessions correctly (get an example?) +@load ./utils-commands +@load base/utils/paths +@load base/utils/numbers + module FTP; export { diff --git a/scripts/base/protocols/http/file-extract.bro b/scripts/base/protocols/http/file-extract.bro index 24ee1d8b93..d36d95e475 100644 --- a/scripts/base/protocols/http/file-extract.bro +++ b/scripts/base/protocols/http/file-extract.bro @@ -1,6 +1,10 @@ ##! Extracts the items from HTTP traffic, one per file. At this time only ##! the message body from the server can be extracted with this script. +@load ./main +@load ./file-ident +@load base/utils/files + module HTTP; export { diff --git a/scripts/base/protocols/http/file-hash.bro b/scripts/base/protocols/http/file-hash.bro index 26f8abf51a..6da624728d 100644 --- a/scripts/base/protocols/http/file-hash.bro +++ b/scripts/base/protocols/http/file-hash.bro @@ -1,5 +1,7 @@ ##! Calculate hashes for HTTP body transfers. +@load ./file-ident + module HTTP; export { diff --git a/scripts/base/protocols/http/file-ident.bro b/scripts/base/protocols/http/file-ident.bro index 082adf75d3..c2d858852b 100644 --- a/scripts/base/protocols/http/file-ident.bro +++ b/scripts/base/protocols/http/file-ident.bro @@ -1,6 +1,11 @@ ##! This script is involved in the identification of file types in HTTP ##! response bodies. +@load base/frameworks/signatures +@load base/frameworks/notice +@load ./main +@load ./utils + # Add the magic number signatures to the core signature set. redef signature_files += "base/protocols/http/file-ident.sig"; # Ignore the signatures used to match files diff --git a/scripts/base/protocols/http/main.bro b/scripts/base/protocols/http/main.bro index 8cd80bde5f..ec54b1f428 100644 --- a/scripts/base/protocols/http/main.bro +++ b/scripts/base/protocols/http/main.bro @@ -1,3 +1,5 @@ +@load base/utils/numbers +@load base/utils/files module HTTP; diff --git a/scripts/base/protocols/http/partial-content.bro b/scripts/base/protocols/http/partial-content.bro index 130cc0db28..92bda1b345 100644 --- a/scripts/base/protocols/http/partial-content.bro +++ b/scripts/base/protocols/http/partial-content.bro @@ -3,6 +3,10 @@ ##! ##! This script doesn't work yet and isn't loaded by default. +@load base/frameworks/notice +@load ./main +@load ./utils + module HTTP; export { diff --git a/scripts/base/protocols/http/utils.bro b/scripts/base/protocols/http/utils.bro index 716b1c608b..6e2583bc75 100644 --- a/scripts/base/protocols/http/utils.bro +++ b/scripts/base/protocols/http/utils.bro @@ -1,5 +1,7 @@ ##! Utilities specific for HTTP processing. +@load ./main + module HTTP; export { diff --git a/scripts/base/protocols/irc/dcc-send.bro b/scripts/base/protocols/irc/dcc-send.bro index 1b8dc67c25..92d73e70bf 100644 --- a/scripts/base/protocols/irc/dcc-send.bro +++ b/scripts/base/protocols/irc/dcc-send.bro @@ -8,6 +8,9 @@ ##! Example line from IRC server indicating that the DCC SEND is about to start: ##! PRIVMSG my_nick :^ADCC SEND whateverfile.zip 3640061780 1026 41709^A +@load ./main +@load base/utils/files + module IRC; export { diff --git a/scripts/base/protocols/mime/__load__.bro b/scripts/base/protocols/mime/__load__.bro index 36e9f16426..6c3f1804ec 100644 --- a/scripts/base/protocols/mime/__load__.bro +++ b/scripts/base/protocols/mime/__load__.bro @@ -1,4 +1,4 @@ -@load protocols/mime/base -@load protocols/mime/file-ident -@load protocols/mime/file-extract -@load protocols/mime/file-hash +@load ./main +@load ./file-ident +@load ./file-extract +@load ./file-hash diff --git a/scripts/base/protocols/mime/file-hash.bro b/scripts/base/protocols/mime/file-hash.bro index 5139810b8e..e50f16fed4 100644 --- a/scripts/base/protocols/mime/file-hash.bro +++ b/scripts/base/protocols/mime/file-hash.bro @@ -1,4 +1,5 @@ @load ./file-ident +@load base/frameworks/notice module MIME; diff --git a/scripts/base/protocols/mime/file-ident.bro b/scripts/base/protocols/mime/file-ident.bro index 346fde1bba..932085cd1a 100644 --- a/scripts/base/protocols/mime/file-ident.bro +++ b/scripts/base/protocols/mime/file-ident.bro @@ -1,4 +1,4 @@ -@load ./base +@load ./main module MIME; diff --git a/scripts/base/protocols/mime/base.bro b/scripts/base/protocols/mime/main.bro similarity index 100% rename from scripts/base/protocols/mime/base.bro rename to scripts/base/protocols/mime/main.bro diff --git a/scripts/base/protocols/rpc/base.bro b/scripts/base/protocols/rpc/main.bro similarity index 99% rename from scripts/base/protocols/rpc/base.bro rename to scripts/base/protocols/rpc/main.bro index 936684a728..36a524c880 100644 --- a/scripts/base/protocols/rpc/base.bro +++ b/scripts/base/protocols/rpc/main.bro @@ -8,6 +8,8 @@ # programs for which we don't have an analyzer. # +@load base/utils/conn-ids + module RPC; export { diff --git a/scripts/base/protocols/smtp/main.bro b/scripts/base/protocols/smtp/main.bro index 02b282894c..20b9f63a94 100644 --- a/scripts/base/protocols/smtp/main.bro +++ b/scripts/base/protocols/smtp/main.bro @@ -1,3 +1,6 @@ +@load base/frameworks/notice +@load base/utils/addrs +@load base/utils/directions-and-hosts module SMTP; diff --git a/scripts/base/protocols/ssh/main.bro b/scripts/base/protocols/ssh/main.bro index cedb9ffefd..cfed7451ff 100644 --- a/scripts/base/protocols/ssh/main.bro +++ b/scripts/base/protocols/ssh/main.bro @@ -5,6 +5,12 @@ ##! Requires that :bro:id:`use_conn_size_analyzer` is set to T! The heuristic ##! is not attempted if the connection size analyzer isn't enabled. +@load base/frameworks/notice +@load base/utils/site +@load base/utils/thresholds +@load base/utils/conn-ids +@load base/utils/directions-and-hosts + module SSH; export { diff --git a/scripts/base/protocols/ssl/main.bro b/scripts/base/protocols/ssl/main.bro index 775b59a6e5..156d4dc62b 100644 --- a/scripts/base/protocols/ssl/main.bro +++ b/scripts/base/protocols/ssl/main.bro @@ -1,3 +1,5 @@ +@load ./consts +@load base/frameworks/notice module SSL; diff --git a/scripts/base/protocols/ssl/mozilla-ca-list.bro b/scripts/base/protocols/ssl/mozilla-ca-list.bro index 0df3e0b9f2..dab8461806 100644 --- a/scripts/base/protocols/ssl/mozilla-ca-list.bro +++ b/scripts/base/protocols/ssl/mozilla-ca-list.bro @@ -1,6 +1,6 @@ # Don't edit! This file is automatically generated. # Generated at: Wed Jun 29 07:52:38 -0400 2011 - +@load base/protocols/ssl module SSL; redef root_certs += { ["GTE CyberTrust Global Root"] = "\x30\x82\x02\x5A\x30\x82\x01\xC3\x02\x02\x01\xA5\x30\x0D\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x01\x04\x05\x00\x30\x75\x31\x0B\x30\x09\x06\x03\x55\x04\x06\x13\x02\x55\x53\x31\x18\x30\x16\x06\x03\x55\x04\x0A\x13\x0F\x47\x54\x45\x20\x43\x6F\x72\x70\x6F\x72\x61\x74\x69\x6F\x6E\x31\x27\x30\x25\x06\x03\x55\x04\x0B\x13\x1E\x47\x54\x45\x20\x43\x79\x62\x65\x72\x54\x72\x75\x73\x74\x20\x53\x6F\x6C\x75\x74\x69\x6F\x6E\x73\x2C\x20\x49\x6E\x63\x2E\x31\x23\x30\x21\x06\x03\x55\x04\x03\x13\x1A\x47\x54\x45\x20\x43\x79\x62\x65\x72\x54\x72\x75\x73\x74\x20\x47\x6C\x6F\x62\x61\x6C\x20\x52\x6F\x6F\x74\x30\x1E\x17\x0D\x39\x38\x30\x38\x31\x33\x30\x30\x32\x39\x30\x30\x5A\x17\x0D\x31\x38\x30\x38\x31\x33\x32\x33\x35\x39\x30\x30\x5A\x30\x75\x31\x0B\x30\x09\x06\x03\x55\x04\x06\x13\x02\x55\x53\x31\x18\x30\x16\x06\x03\x55\x04\x0A\x13\x0F\x47\x54\x45\x20\x43\x6F\x72\x70\x6F\x72\x61\x74\x69\x6F\x6E\x31\x27\x30\x25\x06\x03\x55\x04\x0B\x13\x1E\x47\x54\x45\x20\x43\x79\x62\x65\x72\x54\x72\x75\x73\x74\x20\x53\x6F\x6C\x75\x74\x69\x6F\x6E\x73\x2C\x20\x49\x6E\x63\x2E\x31\x23\x30\x21\x06\x03\x55\x04\x03\x13\x1A\x47\x54\x45\x20\x43\x79\x62\x65\x72\x54\x72\x75\x73\x74\x20\x47\x6C\x6F\x62\x61\x6C\x20\x52\x6F\x6F\x74\x30\x81\x9F\x30\x0D\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x01\x01\x05\x00\x03\x81\x8D\x00\x30\x81\x89\x02\x81\x81\x00\x95\x0F\xA0\xB6\xF0\x50\x9C\xE8\x7A\xC7\x88\xCD\xDD\x17\x0E\x2E\xB0\x94\xD0\x1B\x3D\x0E\xF6\x94\xC0\x8A\x94\xC7\x06\xC8\x90\x97\xC8\xB8\x64\x1A\x7A\x7E\x6C\x3C\x53\xE1\x37\x28\x73\x60\x7F\xB2\x97\x53\x07\x9F\x53\xF9\x6D\x58\x94\xD2\xAF\x8D\x6D\x88\x67\x80\xE6\xED\xB2\x95\xCF\x72\x31\xCA\xA5\x1C\x72\xBA\x5C\x02\xE7\x64\x42\xE7\xF9\xA9\x2C\xD6\x3A\x0D\xAC\x8D\x42\xAA\x24\x01\x39\xE6\x9C\x3F\x01\x85\x57\x0D\x58\x87\x45\xF8\xD3\x85\xAA\x93\x69\x26\x85\x70\x48\x80\x3F\x12\x15\xC7\x79\xB4\x1F\x05\x2F\x3B\x62\x99\x02\x03\x01\x00\x01\x30\x0D\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x01\x04\x05\x00\x03\x81\x81\x00\x6D\xEB\x1B\x09\xE9\x5E\xD9\x51\xDB\x67\x22\x61\xA4\x2A\x3C\x48\x77\xE3\xA0\x7C\xA6\xDE\x73\xA2\x14\x03\x85\x3D\xFB\xAB\x0E\x30\xC5\x83\x16\x33\x81\x13\x08\x9E\x7B\x34\x4E\xDF\x40\xC8\x74\xD7\xB9\x7D\xDC\xF4\x76\x55\x7D\x9B\x63\x54\x18\xE9\xF0\xEA\xF3\x5C\xB1\xD9\x8B\x42\x1E\xB9\xC0\x95\x4E\xBA\xFA\xD5\xE2\x7C\xF5\x68\x61\xBF\x8E\xEC\x05\x97\x5F\x5B\xB0\xD7\xA3\x85\x34\xC4\x24\xA7\x0D\x0F\x95\x93\xEF\xCB\x94\xD8\x9E\x1F\x9D\x5C\x85\x6D\xC7\xAA\xAE\x4F\x1F\x22\xB5\xCD\x95\xAD\xBA\xA7\xCC\xF9\xAB\x0B\x7A\x7F", diff --git a/scripts/base/utils/directions-and-hosts.bro b/scripts/base/utils/directions-and-hosts.bro index 6b387ef980..a88c4827a6 100644 --- a/scripts/base/utils/directions-and-hosts.bro +++ b/scripts/base/utils/directions-and-hosts.bro @@ -1,3 +1,4 @@ +@load ./site type Direction: enum { ## The connection originator is not within the locally-monitored network, diff --git a/scripts/policy/frameworks/control/controllee.bro b/scripts/policy/frameworks/control/controllee.bro index 518336abd8..e055b8c8e4 100644 --- a/scripts/policy/frameworks/control/controllee.bro +++ b/scripts/policy/frameworks/control/controllee.bro @@ -1,4 +1,4 @@ - +@load base/frameworks/control # If an instance is a controllee, it implicitly needs to listen for remote # connections. @load frameworks/communication/listen-clear diff --git a/scripts/policy/frameworks/control/controller.bro b/scripts/policy/frameworks/control/controller.bro index 83fd5e5451..6673fa2332 100644 --- a/scripts/policy/frameworks/control/controller.bro +++ b/scripts/policy/frameworks/control/controller.bro @@ -1,3 +1,4 @@ +@load base/frameworks/control @load base/frameworks/communication module Control; diff --git a/scripts/policy/frameworks/dpd/detect-protocols.bro b/scripts/policy/frameworks/dpd/detect-protocols.bro index cbe81df889..8e1ea1267f 100644 --- a/scripts/policy/frameworks/dpd/detect-protocols.bro +++ b/scripts/policy/frameworks/dpd/detect-protocols.bro @@ -1,5 +1,9 @@ ##! Finds connections with protocols on non-standard ports with DPD. +@load base/frameworks/notice +@load base/utils/site +@load base/utils/conn-ids + module ProtocolDetector; export { diff --git a/scripts/policy/frameworks/dpd/packet-segment-logging.bro b/scripts/policy/frameworks/dpd/packet-segment-logging.bro index 2276b49e64..3883cd1207 100644 --- a/scripts/policy/frameworks/dpd/packet-segment-logging.bro +++ b/scripts/policy/frameworks/dpd/packet-segment-logging.bro @@ -4,6 +4,8 @@ ##! A caveat to logging packet data is that in some cases, the packet may ##! not be the packet that actually caused the protocol violation. +@load base/frameworks/dpd + module DPD; export { diff --git a/scripts/policy/frameworks/metrics/conn-example.bro b/scripts/policy/frameworks/metrics/conn-example.bro index 61360496cf..b3800c3ed3 100644 --- a/scripts/policy/frameworks/metrics/conn-example.bro +++ b/scripts/policy/frameworks/metrics/conn-example.bro @@ -1,3 +1,5 @@ +@load base/frameworks/metrics +@load base/utils/site redef enum Metrics::ID += { CONNS_ORIGINATED, @@ -17,4 +19,4 @@ event connection_established(c: connection) Metrics::add_data(CONNS_ORIGINATED, [$host=c$id$orig_h], 1); Metrics::add_data(CONNS_RESPONDED, [$host=c$id$resp_h], 1); } - \ No newline at end of file + diff --git a/scripts/policy/frameworks/metrics/http-example.bro b/scripts/policy/frameworks/metrics/http-example.bro index 94592a852f..50b18b2a27 100644 --- a/scripts/policy/frameworks/metrics/http-example.bro +++ b/scripts/policy/frameworks/metrics/http-example.bro @@ -1,3 +1,6 @@ +@load base/frameworks/metrics +@load base/protocols/http +@load base/utils/site redef enum Metrics::ID += { HTTP_REQUESTS_BY_STATUS_CODE, @@ -20,7 +23,7 @@ event bro_init() event HTTP::log_http(rec: HTTP::Info) { if ( rec?$host ) - Metrics::add_data(HTTP_REQUESTS_BY_HOST_HEADER, [$str=rec$host]); + Metrics::add_data(HTTP_REQUESTS_BY_HOST_HEADER, [$str=rec$host], 1); if ( rec?$status_code ) - Metrics::add_data(HTTP_REQUESTS_BY_STATUS_CODE, [$host=rec$id$orig_h, $str=fmt("%d", rec$status_code)]); - } \ No newline at end of file + Metrics::add_data(HTTP_REQUESTS_BY_STATUS_CODE, [$host=rec$id$orig_h, $str=fmt("%d", rec$status_code)], 1); + } diff --git a/scripts/policy/frameworks/metrics/ssl-example.bro b/scripts/policy/frameworks/metrics/ssl-example.bro index f3c5b8b902..46dd0e4741 100644 --- a/scripts/policy/frameworks/metrics/ssl-example.bro +++ b/scripts/policy/frameworks/metrics/ssl-example.bro @@ -1,4 +1,5 @@ - +@load base/frameworks/metrics +@load base/protocols/ssl redef enum Metrics::ID += { SSL_SERVERNAME, @@ -19,4 +20,4 @@ event SSL::log_ssl(rec: SSL::Info) { if ( rec?$server_name ) Metrics::add_data(SSL_SERVERNAME, [$str=rec$server_name], 1); - } \ No newline at end of file + } diff --git a/scripts/policy/frameworks/software/version-changes.bro b/scripts/policy/frameworks/software/version-changes.bro index 3b562b5334..6d46151f0f 100644 --- a/scripts/policy/frameworks/software/version-changes.bro +++ b/scripts/policy/frameworks/software/version-changes.bro @@ -1,3 +1,5 @@ +@load base/frameworks/notice +@load base/frameworks/software module Software; diff --git a/scripts/policy/frameworks/software/vulnerable.bro b/scripts/policy/frameworks/software/vulnerable.bro index ec0348d563..0ce949b83d 100644 --- a/scripts/policy/frameworks/software/vulnerable.bro +++ b/scripts/policy/frameworks/software/vulnerable.bro @@ -1,3 +1,5 @@ +@load base/frameworks/notice +@load base/frameworks/software module Software; @@ -18,4 +20,4 @@ event log_software(rec: Info) { NOTICE([$note=Vulnerable_Version, $src=rec$host, $msg=software_fmt(rec)]); } - } \ No newline at end of file + } diff --git a/scripts/policy/integration/barnyard2/__load__.bro b/scripts/policy/integration/barnyard2/__load__.bro index 9e870eb7aa..c4790c6b32 100644 --- a/scripts/policy/integration/barnyard2/__load__.bro +++ b/scripts/policy/integration/barnyard2/__load__.bro @@ -1,3 +1,2 @@ -@load integration/barnyard2/types -@load integration/barnyard2/event -@load integration/barnyard2/base +@load ./types +@load ./main diff --git a/scripts/policy/integration/barnyard2/event.bro b/scripts/policy/integration/barnyard2/event.bro deleted file mode 100644 index 5fa2747a28..0000000000 --- a/scripts/policy/integration/barnyard2/event.bro +++ /dev/null @@ -1,3 +0,0 @@ -## This is the event that Barnyard2 instances will send if they're -## configured with the bro_alert output plugin. -global barnyard_alert: event(id: Barnyard2::PacketID, alert: Barnyard2::AlertData, msg: string, data: string); diff --git a/scripts/policy/integration/barnyard2/base.bro b/scripts/policy/integration/barnyard2/main.bro similarity index 98% rename from scripts/policy/integration/barnyard2/base.bro rename to scripts/policy/integration/barnyard2/main.bro index f05ad0e9bf..f8ba48dd99 100644 --- a/scripts/policy/integration/barnyard2/base.bro +++ b/scripts/policy/integration/barnyard2/main.bro @@ -2,7 +2,7 @@ ##! Barnyard2 and logs them. In the future it will do more correlation ##! and derive new notices from the alerts. -@load integration/barnyard2/types +@load ./types module Barnyard2; diff --git a/scripts/policy/integration/barnyard2/types.bro b/scripts/policy/integration/barnyard2/types.bro index 9bc56773ef..6cfcbb9535 100644 --- a/scripts/policy/integration/barnyard2/types.bro +++ b/scripts/policy/integration/barnyard2/types.bro @@ -22,4 +22,11 @@ export { dst_ip: addr; dst_p: port; } &log; -} \ No newline at end of file + + ## This is the event that Barnyard2 instances will send if they're + ## configured with the bro_alert output plugin. + global barnyard_alert: event(id: Barnyard2::PacketID, + alert: Barnyard2::AlertData, + msg: string, + data: string); +} diff --git a/scripts/policy/protocols/conn/known-hosts.bro b/scripts/policy/protocols/conn/known-hosts.bro index 72bdaf01a4..6fc59d4d15 100644 --- a/scripts/policy/protocols/conn/known-hosts.bro +++ b/scripts/policy/protocols/conn/known-hosts.bro @@ -3,6 +3,8 @@ ##! output provides an easy way to determine a count of the IP addresses in ##! use on a network per day. +@load base/utils/directions-and-hosts + module KnownHosts; export { diff --git a/scripts/policy/protocols/conn/known-services.bro b/scripts/policy/protocols/conn/known-services.bro index 35a19a14f0..3676cbb05b 100644 --- a/scripts/policy/protocols/conn/known-services.bro +++ b/scripts/policy/protocols/conn/known-services.bro @@ -3,6 +3,8 @@ ##! completed a TCP handshake with another host. If a protocol is detected ##! during the session, the protocol will also be logged. +@load base/utils/directions-and-hosts + module KnownServices; redef enum Log::ID += { KNOWN_SERVICES }; diff --git a/scripts/policy/protocols/conn/scan.bro b/scripts/policy/protocols/conn/scan.bro index ab715cccb3..a0e2408679 100644 --- a/scripts/policy/protocols/conn/scan.bro +++ b/scripts/policy/protocols/conn/scan.bro @@ -1,4 +1,4 @@ -@load base/frameworks/notice +@load base/frameworks/notice/main @load port-name module Scan; diff --git a/scripts/policy/protocols/dns/auth-addl.bro b/scripts/policy/protocols/dns/auth-addl.bro index ba21131f7c..dd00e59c2e 100644 --- a/scripts/policy/protocols/dns/auth-addl.bro +++ b/scripts/policy/protocols/dns/auth-addl.bro @@ -1,3 +1,4 @@ +@load base/protocols/dns/main redef dns_skip_all_auth = F; redef dns_skip_all_addl = F; diff --git a/scripts/policy/protocols/dns/detect-external-names.bro b/scripts/policy/protocols/dns/detect-external-names.bro index fd49fee183..f6f0e596cc 100644 --- a/scripts/policy/protocols/dns/detect-external-names.bro +++ b/scripts/policy/protocols/dns/detect-external-names.bro @@ -8,6 +8,9 @@ ##! to be within a local zone. :bro:id:`local_zones` variable **must** ##! be set appropriately for this detection. +@load base/frameworks/notice/main +@load base/utils/site + module DNS; export { diff --git a/scripts/policy/protocols/ftp/detect.bro b/scripts/policy/protocols/ftp/detect.bro index 4e69dec655..cb89599a93 100644 --- a/scripts/policy/protocols/ftp/detect.bro +++ b/scripts/policy/protocols/ftp/detect.bro @@ -1,3 +1,5 @@ +@load base/frameworks/notice/main +@load base/protocols/ftp/main module FTP; @@ -21,4 +23,4 @@ event ftp_reply(c: connection, code: count, msg: string, cont_resp: bool) &prior NOTICE([$note=Site_Exec_Success, $conn=c, $msg=fmt("%s %s", c$ftp$cmdarg$cmd, c$ftp$cmdarg$arg)]); } - } \ No newline at end of file + } diff --git a/scripts/policy/protocols/ftp/software.bro b/scripts/policy/protocols/ftp/software.bro index 918123bb4c..7dfd54ddca 100644 --- a/scripts/policy/protocols/ftp/software.bro +++ b/scripts/policy/protocols/ftp/software.bro @@ -6,6 +6,8 @@ ##! * Detect client software with password given for anonymous users ##! (e.g. cyberduck@example.net) +@load base/frameworks/software/main + module FTP; export { diff --git a/scripts/policy/protocols/http/detect-MHR.bro b/scripts/policy/protocols/http/detect-MHR.bro index 2f7a01f208..7b99184a9b 100644 --- a/scripts/policy/protocols/http/detect-MHR.bro +++ b/scripts/policy/protocols/http/detect-MHR.bro @@ -4,6 +4,11 @@ ##! documentation for the :doc:base/protocols/http/file-hash.bro script to see how to ##! configure which transfers will have hashes calculated. +@load base/frameworks/notice/main +@load base/protocols/http/main +@load base/protocols/http/utils +@load base/protocols/http/file-hash + export { redef enum Notice::Type += { ## If the MD5 sum of a file transferred over HTTP diff --git a/scripts/policy/protocols/http/detect-intel.bro b/scripts/policy/protocols/http/detect-intel.bro index ebe6713c03..6da4d8d1e1 100644 --- a/scripts/policy/protocols/http/detect-intel.bro +++ b/scripts/policy/protocols/http/detect-intel.bro @@ -1,5 +1,9 @@ ##! Intelligence based HTTP detections. +@load base/protocols/http/main +@load base/protocols/http/utils +@load base/frameworks/intel/main + module HTTP; event log_http(rec: Info) @@ -14,4 +18,4 @@ event log_http(rec: Info) $sub=HTTP::build_url_http(rec), $id=rec$id]); } - } \ No newline at end of file + } diff --git a/scripts/policy/protocols/http/detect-sqli.bro b/scripts/policy/protocols/http/detect-sqli.bro index e2933626f7..470615458e 100644 --- a/scripts/policy/protocols/http/detect-sqli.bro +++ b/scripts/policy/protocols/http/detect-sqli.bro @@ -1,5 +1,9 @@ ##! SQL injection detection in HTTP. +@load base/frameworks/notice/main +@load base/frameworks/metrics/main +@load base/protocols/http/main + module HTTP; export { @@ -54,4 +58,4 @@ event http_request(c: connection, method: string, original_URI: string, Metrics::add_data(SQL_ATTACKS, [$host=c$id$orig_h], 1); Metrics::add_data(SQL_ATTACKS_AGAINST, [$host=c$id$resp_h], 1); } - } \ No newline at end of file + } diff --git a/scripts/policy/protocols/http/detect-webapps.bro b/scripts/policy/protocols/http/detect-webapps.bro index 350f0def98..493ea9b44b 100644 --- a/scripts/policy/protocols/http/detect-webapps.bro +++ b/scripts/policy/protocols/http/detect-webapps.bro @@ -1,3 +1,7 @@ +@load base/frameworks/signatures/main +@load base/frameworks/software/main +@load base/protocols/http/main +@load base/protocols/http/utils module HTTP; diff --git a/scripts/policy/protocols/http/headers.bro b/scripts/policy/protocols/http/headers.bro index 4451e876ec..dc3eddcbc0 100644 --- a/scripts/policy/protocols/http/headers.bro +++ b/scripts/policy/protocols/http/headers.bro @@ -1,5 +1,7 @@ ##! Extract and include the header keys used for each request in the log. +@load base/protocols/http/main + module HTTP; export { diff --git a/scripts/policy/protocols/http/software.bro b/scripts/policy/protocols/http/software.bro index 5a16b862a6..a7948d6a5b 100644 --- a/scripts/policy/protocols/http/software.bro +++ b/scripts/policy/protocols/http/software.bro @@ -1,5 +1,7 @@ ##! Software identification and extraction for HTTP traffic. +@load base/frameworks/software/main + module HTTP; export { @@ -52,4 +54,4 @@ event http_header(c: connection, is_orig: bool, name: string, value: string) &pr Software::found(c$id, Software::parse(value, c$id$resp_h, WEB_APPSERVER)); } } - } \ No newline at end of file + } diff --git a/scripts/policy/protocols/http/var-extraction-cookies.bro b/scripts/policy/protocols/http/var-extraction-cookies.bro index b30be9d2c1..2b3f282b03 100644 --- a/scripts/policy/protocols/http/var-extraction-cookies.bro +++ b/scripts/policy/protocols/http/var-extraction-cookies.bro @@ -1,5 +1,8 @@ ##! This script extracts and logs variables from cookies sent by clients +@load base/protocols/http/main +@load base/protocols/http/utils + module HTTP; redef record Info += { diff --git a/scripts/policy/protocols/http/var-extraction-uri.bro b/scripts/policy/protocols/http/var-extraction-uri.bro index a6e6b1d971..32ea147961 100644 --- a/scripts/policy/protocols/http/var-extraction-uri.bro +++ b/scripts/policy/protocols/http/var-extraction-uri.bro @@ -1,5 +1,8 @@ ##! This script extracts and logs variables from the requested URI +@load base/protocols/http/main +@load base/protocols/http/utils + module HTTP; redef record Info += { diff --git a/scripts/policy/protocols/smtp/detect-suspicious-orig.bro b/scripts/policy/protocols/smtp/detect-suspicious-orig.bro index 26f667cfd6..8e85b8db97 100644 --- a/scripts/policy/protocols/smtp/detect-suspicious-orig.bro +++ b/scripts/policy/protocols/smtp/detect-suspicious-orig.bro @@ -1,3 +1,5 @@ +@load base/frameworks/notice/main +@load base/protocols/smtp/main module SMTP; diff --git a/scripts/policy/protocols/smtp/software.bro b/scripts/policy/protocols/smtp/software.bro index ccb7366a2a..3c4c870885 100644 --- a/scripts/policy/protocols/smtp/software.bro +++ b/scripts/policy/protocols/smtp/software.bro @@ -7,6 +7,9 @@ ##! * Find some heuristic to determine if email was sent through ##! a MS Exhange webmail interface as opposed to a desktop client. +@load base/frameworks/software/main +@load base/protocols/smtp/main + module SMTP; export { diff --git a/scripts/policy/protocols/ssh/detect-bruteforcing.bro b/scripts/policy/protocols/ssh/detect-bruteforcing.bro index fb1c075d86..ba38f342d4 100644 --- a/scripts/policy/protocols/ssh/detect-bruteforcing.bro +++ b/scripts/policy/protocols/ssh/detect-bruteforcing.bro @@ -1,4 +1,8 @@ +@load base/frameworks/metrics +@load base/frameworks/notice +@load base/frameworks/intel + module SSH; export { diff --git a/scripts/policy/protocols/ssh/geo-data.bro b/scripts/policy/protocols/ssh/geo-data.bro index 97bd0a5803..4dfd8bbae4 100644 --- a/scripts/policy/protocols/ssh/geo-data.bro +++ b/scripts/policy/protocols/ssh/geo-data.bro @@ -1,6 +1,9 @@ ##! This implements all of the additional information and geodata detections ##! for SSH analysis. +@load base/frameworks/notice/main +@load base/protocols/ssh/main + module SSH; export { diff --git a/scripts/policy/protocols/ssh/interesting-hostnames.bro b/scripts/policy/protocols/ssh/interesting-hostnames.bro index 93767e5f54..0e48fb36d9 100644 --- a/scripts/policy/protocols/ssh/interesting-hostnames.bro +++ b/scripts/policy/protocols/ssh/interesting-hostnames.bro @@ -1,3 +1,4 @@ +@load base/frameworks/notice/main module SSH; diff --git a/scripts/policy/protocols/ssh/software.bro b/scripts/policy/protocols/ssh/software.bro index 1aa3bce1a2..d9bfdffb3c 100644 --- a/scripts/policy/protocols/ssh/software.bro +++ b/scripts/policy/protocols/ssh/software.bro @@ -1,3 +1,4 @@ +@load base/frameworks/software/main module SSH; diff --git a/scripts/policy/protocols/ssl/known-certs.bro b/scripts/policy/protocols/ssl/known-certs.bro index a8815dca07..7bff4bbf38 100644 --- a/scripts/policy/protocols/ssl/known-certs.bro +++ b/scripts/policy/protocols/ssl/known-certs.bro @@ -1,3 +1,4 @@ +@load base/utils/directions-and-hosts module KnownCerts; diff --git a/scripts/policy/protocols/ssl/validate-certs.bro b/scripts/policy/protocols/ssl/validate-certs.bro index 43920557f4..3e457c72ea 100644 --- a/scripts/policy/protocols/ssl/validate-certs.bro +++ b/scripts/policy/protocols/ssl/validate-certs.bro @@ -1,3 +1,5 @@ +@load base/frameworks/notice/main +@load base/protocols/ssl/main module SSL; diff --git a/scripts/policy/tuning/defaults/remove-high-volume-notices.bro b/scripts/policy/tuning/defaults/remove-high-volume-notices.bro index 1133bf952b..bf3f73c741 100644 --- a/scripts/policy/tuning/defaults/remove-high-volume-notices.bro +++ b/scripts/policy/tuning/defaults/remove-high-volume-notices.bro @@ -1,6 +1,9 @@ ##! This strives to tune out high volume and less useful data ##! from the notice log. +@load base/frameworks/notice +@load base/frameworks/notice/weird + # Remove these notices from logging since they can be too noisy. redef Notice::ignored_types += { Weird::Content_Gap, diff --git a/scripts/policy/tuning/defaults/warnings.bro b/scripts/policy/tuning/defaults/warnings.bro index ea8f18c3bc..cedc3d62ad 100644 --- a/scripts/policy/tuning/defaults/warnings.bro +++ b/scripts/policy/tuning/defaults/warnings.bro @@ -2,8 +2,10 @@ ##! good to set in most cases or other things that could be done to achieve ##! better detection. +@load base/utils/site + event bro_init() &priority=-10 { if ( |Site::local_nets| == 0 ) print "WARNING: No Site::local_nets have been defined. It's usually a good idea to define your local networks."; - } \ No newline at end of file + } diff --git a/scripts/policy/tuning/track-all-assets.bro b/scripts/policy/tuning/track-all-assets.bro index fe61ff93b6..082f40d4d8 100644 --- a/scripts/policy/tuning/track-all-assets.bro +++ b/scripts/policy/tuning/track-all-assets.bro @@ -1,4 +1,4 @@ - +@load base/frameworks/software @load protocols/conn/known-hosts @load protocols/conn/known-services @load protocols/ssl/known-certs diff --git a/scripts/site/local-manager.bro b/scripts/site/local-manager.bro index aa28bd79da..c933207603 100644 --- a/scripts/site/local-manager.bro +++ b/scripts/site/local-manager.bro @@ -1,5 +1,7 @@ ##! Local site policy loaded only by the manager in a cluster. +@load base/frameworks/notice + # If you are running a cluster you should define your Notice::policy here # so that notice processing occurs on the manager. redef Notice::policy += { diff --git a/scripts/site/local.bro b/scripts/site/local.bro index f894a30432..224ef278a0 100644 --- a/scripts/site/local.bro +++ b/scripts/site/local.bro @@ -62,6 +62,7 @@ redef signature_files += "frameworks/signatures/detect-windows-shells.sig"; # Uncomment this redef if you want to extract SMTP MIME entities for # some file types. The numbers given indicate how many bytes to extract for # the various mime types. +@load base/protocols/smtp/entities-excerpt redef SMTP::entity_excerpt_len += { # ["text/plain"] = 1024, # ["text/html"] = 1024, diff --git a/scripts/test-all-policy.bro b/scripts/test-all-policy.bro index a42ef893fc..0e47543404 100644 --- a/scripts/test-all-policy.bro +++ b/scripts/test-all-policy.bro @@ -15,11 +15,13 @@ # @load frameworks/control/controller.bro @load frameworks/dpd/detect-protocols.bro @load frameworks/dpd/packet-segment-logging.bro +@load frameworks/metrics/conn-example.bro +@load frameworks/metrics/http-example.bro +@load frameworks/metrics/ssl-example.bro @load frameworks/software/version-changes.bro @load frameworks/software/vulnerable.bro @load integration/barnyard2/__load__.bro -@load integration/barnyard2/base.bro -@load integration/barnyard2/event.bro +@load integration/barnyard2/main.bro @load integration/barnyard2/types.bro @load misc/analysis-groups.bro @load misc/loaded-scripts.bro diff --git a/src/BroDoc.cc b/src/BroDoc.cc index 302bd04c88..d3406ad113 100644 --- a/src/BroDoc.cc +++ b/src/BroDoc.cc @@ -60,7 +60,7 @@ BroDoc::BroDoc(const std::string& rel, const std::string& abs) if ( ! reST_file ) fprintf(stderr, "Failed to open %s\n", reST_filename.c_str()); -#ifdef DEBUG +#ifdef DOCDEBUG fprintf(stdout, "Documenting absolute source: %s\n", abs.c_str()); fprintf(stdout, "\trelative dir: %s\n", rel.c_str()); fprintf(stdout, "\tdoc title: %s\n", doc_title.c_str()); diff --git a/src/CMakeLists.txt b/src/CMakeLists.txt index 6bc82ebb91..0bbced32db 100644 --- a/src/CMakeLists.txt +++ b/src/CMakeLists.txt @@ -107,20 +107,28 @@ macro(BIF_TARGET bifInput) add_custom_command(OUTPUT ${bifOutputs} COMMAND bifcl ARGS ${CMAKE_CURRENT_SOURCE_DIR}/${bifInput} || (rm -f ${bifOutputs} && exit 1) + # in order be able to run bro from the build directory, + # the generated bro script needs to be inside a + # a directory tree named the same way it will be + # referenced from an @load + COMMAND "${CMAKE_COMMAND}" + ARGS -E copy ${bifInput}.bro base/${bifInput}.bro + COMMAND "${CMAKE_COMMAND}" + ARGS -E remove -f ${bifInput}.bro DEPENDS ${bifInput} DEPENDS bifcl COMMENT "[BIFCL] Processing ${bifInput}" ) list(APPEND ALL_BIF_OUTPUTS ${bifOutputs}) list(APPEND INSTALL_BIF_OUTPUTS - ${CMAKE_CURRENT_BINARY_DIR}/${bifInput}.bro) + ${CMAKE_CURRENT_BINARY_DIR}/base/${bifInput}.bro) endmacro(BIF_TARGET) # returns a list of output files that bifcl will produce # for given input file in ${outputFileVar} macro(GET_BIF_OUTPUT_FILES inputFile outputFileVar) set(${outputFileVar} - ${inputFile}.bro + base/${inputFile}.bro ${inputFile}.func_def ${inputFile}.func_h ${inputFile}.func_init @@ -424,7 +432,7 @@ set(brolibs target_link_libraries(bro ${brolibs}) install(TARGETS bro DESTINATION bin) -install(FILES ${INSTALL_BIF_OUTPUTS} DESTINATION ${BRO_SCRIPT_INSTALL_PATH}) +install(FILES ${INSTALL_BIF_OUTPUTS} DESTINATION ${BRO_SCRIPT_INSTALL_PATH}/base) set(BRO_EXE bro CACHE STRING "Bro executable binary" FORCE) diff --git a/src/main.cc b/src/main.cc index 100305d811..a6e493f0c8 100644 --- a/src/main.cc +++ b/src/main.cc @@ -932,9 +932,8 @@ int main(int argc, char** argv) if ( dead_handlers->length() > 0 && check_for_unused_event_handlers ) { - reporter->Warning("event handlers never invoked:"); for ( int i = 0; i < dead_handlers->length(); ++i ) - reporter->Warning("\t", (*dead_handlers)[i]); + reporter->Warning("event handler never invoked: %s", (*dead_handlers)[i]); } delete dead_handlers; diff --git a/testing/btest/Baseline/core.check-unused-event-handlers/.stderr b/testing/btest/Baseline/core.check-unused-event-handlers/.stderr new file mode 100644 index 0000000000..8d8bf1a85b --- /dev/null +++ b/testing/btest/Baseline/core.check-unused-event-handlers/.stderr @@ -0,0 +1 @@ +warning in , line 1: event handler never invoked: this_is_never_used diff --git a/testing/btest/Baseline/scripts.bare-mode-coverage/unique_errors b/testing/btest/Baseline/scripts.bare-mode-coverage/unique_errors new file mode 100644 index 0000000000..e69de29bb2 diff --git a/testing/btest/Baseline/policy.frameworks.cluster.start-it-up/manager-1..stdout b/testing/btest/Baseline/scripts.base.frameworks.cluster.start-it-up/manager-1..stdout similarity index 100% rename from testing/btest/Baseline/policy.frameworks.cluster.start-it-up/manager-1..stdout rename to testing/btest/Baseline/scripts.base.frameworks.cluster.start-it-up/manager-1..stdout diff --git a/testing/btest/Baseline/policy.frameworks.cluster.start-it-up/proxy-1..stdout b/testing/btest/Baseline/scripts.base.frameworks.cluster.start-it-up/proxy-1..stdout similarity index 100% rename from testing/btest/Baseline/policy.frameworks.cluster.start-it-up/proxy-1..stdout rename to testing/btest/Baseline/scripts.base.frameworks.cluster.start-it-up/proxy-1..stdout diff --git a/testing/btest/Baseline/policy.frameworks.cluster.start-it-up/proxy-2..stdout b/testing/btest/Baseline/scripts.base.frameworks.cluster.start-it-up/proxy-2..stdout similarity index 100% rename from testing/btest/Baseline/policy.frameworks.cluster.start-it-up/proxy-2..stdout rename to testing/btest/Baseline/scripts.base.frameworks.cluster.start-it-up/proxy-2..stdout diff --git a/testing/btest/Baseline/policy.frameworks.cluster.start-it-up/worker-1..stdout b/testing/btest/Baseline/scripts.base.frameworks.cluster.start-it-up/worker-1..stdout similarity index 100% rename from testing/btest/Baseline/policy.frameworks.cluster.start-it-up/worker-1..stdout rename to testing/btest/Baseline/scripts.base.frameworks.cluster.start-it-up/worker-1..stdout diff --git a/testing/btest/Baseline/policy.frameworks.cluster.start-it-up/worker-2..stdout b/testing/btest/Baseline/scripts.base.frameworks.cluster.start-it-up/worker-2..stdout similarity index 100% rename from testing/btest/Baseline/policy.frameworks.cluster.start-it-up/worker-2..stdout rename to testing/btest/Baseline/scripts.base.frameworks.cluster.start-it-up/worker-2..stdout diff --git a/testing/btest/Baseline/policy.frameworks.control.configuration_update/controllee..stdout b/testing/btest/Baseline/scripts.base.frameworks.control.configuration_update/controllee..stdout similarity index 100% rename from testing/btest/Baseline/policy.frameworks.control.configuration_update/controllee..stdout rename to testing/btest/Baseline/scripts.base.frameworks.control.configuration_update/controllee..stdout diff --git a/testing/btest/Baseline/policy.frameworks.control.id_value/controller..stdout b/testing/btest/Baseline/scripts.base.frameworks.control.id_value/controller..stdout similarity index 100% rename from testing/btest/Baseline/policy.frameworks.control.id_value/controller..stdout rename to testing/btest/Baseline/scripts.base.frameworks.control.id_value/controller..stdout diff --git a/testing/btest/Baseline/policy.frameworks.intel.insert-and-matcher/out b/testing/btest/Baseline/scripts.base.frameworks.intel.insert-and-matcher/out similarity index 100% rename from testing/btest/Baseline/policy.frameworks.intel.insert-and-matcher/out rename to testing/btest/Baseline/scripts.base.frameworks.intel.insert-and-matcher/out diff --git a/testing/btest/Baseline/policy.frameworks.logging.adapt-filter/ssh-new-default.log b/testing/btest/Baseline/scripts.base.frameworks.logging.adapt-filter/ssh-new-default.log similarity index 100% rename from testing/btest/Baseline/policy.frameworks.logging.adapt-filter/ssh-new-default.log rename to testing/btest/Baseline/scripts.base.frameworks.logging.adapt-filter/ssh-new-default.log diff --git a/testing/btest/Baseline/policy.frameworks.logging.ascii-binary/ssh.log b/testing/btest/Baseline/scripts.base.frameworks.logging.ascii-binary/ssh.log similarity index 100% rename from testing/btest/Baseline/policy.frameworks.logging.ascii-binary/ssh.log rename to testing/btest/Baseline/scripts.base.frameworks.logging.ascii-binary/ssh.log diff --git a/testing/btest/Baseline/policy.frameworks.logging.ascii-empty/ssh.log b/testing/btest/Baseline/scripts.base.frameworks.logging.ascii-empty/ssh.log similarity index 100% rename from testing/btest/Baseline/policy.frameworks.logging.ascii-empty/ssh.log rename to testing/btest/Baseline/scripts.base.frameworks.logging.ascii-empty/ssh.log diff --git a/testing/btest/Baseline/policy.frameworks.logging.ascii-escape/ssh.log b/testing/btest/Baseline/scripts.base.frameworks.logging.ascii-escape/ssh.log similarity index 100% rename from testing/btest/Baseline/policy.frameworks.logging.ascii-escape/ssh.log rename to testing/btest/Baseline/scripts.base.frameworks.logging.ascii-escape/ssh.log diff --git a/testing/btest/Baseline/policy.frameworks.logging.ascii-options/ssh.log b/testing/btest/Baseline/scripts.base.frameworks.logging.ascii-options/ssh.log similarity index 100% rename from testing/btest/Baseline/policy.frameworks.logging.ascii-options/ssh.log rename to testing/btest/Baseline/scripts.base.frameworks.logging.ascii-options/ssh.log diff --git a/testing/btest/Baseline/policy.frameworks.logging.ascii-timestamps/test.log b/testing/btest/Baseline/scripts.base.frameworks.logging.ascii-timestamps/test.log similarity index 100% rename from testing/btest/Baseline/policy.frameworks.logging.ascii-timestamps/test.log rename to testing/btest/Baseline/scripts.base.frameworks.logging.ascii-timestamps/test.log diff --git a/testing/btest/Baseline/policy.frameworks.logging.attr-extend/ssh.log b/testing/btest/Baseline/scripts.base.frameworks.logging.attr-extend/ssh.log similarity index 100% rename from testing/btest/Baseline/policy.frameworks.logging.attr-extend/ssh.log rename to testing/btest/Baseline/scripts.base.frameworks.logging.attr-extend/ssh.log diff --git a/testing/btest/Baseline/policy.frameworks.logging.attr/ssh.log b/testing/btest/Baseline/scripts.base.frameworks.logging.attr/ssh.log similarity index 100% rename from testing/btest/Baseline/policy.frameworks.logging.attr/ssh.log rename to testing/btest/Baseline/scripts.base.frameworks.logging.attr/ssh.log diff --git a/testing/btest/Baseline/policy.frameworks.logging.empty-event/ssh.log b/testing/btest/Baseline/scripts.base.frameworks.logging.empty-event/ssh.log similarity index 100% rename from testing/btest/Baseline/policy.frameworks.logging.empty-event/ssh.log rename to testing/btest/Baseline/scripts.base.frameworks.logging.empty-event/ssh.log diff --git a/testing/btest/Baseline/policy.frameworks.logging.events/output b/testing/btest/Baseline/scripts.base.frameworks.logging.events/output similarity index 100% rename from testing/btest/Baseline/policy.frameworks.logging.events/output rename to testing/btest/Baseline/scripts.base.frameworks.logging.events/output diff --git a/testing/btest/Baseline/policy.frameworks.logging.exclude/ssh.log b/testing/btest/Baseline/scripts.base.frameworks.logging.exclude/ssh.log similarity index 100% rename from testing/btest/Baseline/policy.frameworks.logging.exclude/ssh.log rename to testing/btest/Baseline/scripts.base.frameworks.logging.exclude/ssh.log diff --git a/testing/btest/Baseline/policy.frameworks.logging.file/ssh.log b/testing/btest/Baseline/scripts.base.frameworks.logging.file/ssh.log similarity index 100% rename from testing/btest/Baseline/policy.frameworks.logging.file/ssh.log rename to testing/btest/Baseline/scripts.base.frameworks.logging.file/ssh.log diff --git a/testing/btest/Baseline/policy.frameworks.logging.include/ssh.log b/testing/btest/Baseline/scripts.base.frameworks.logging.include/ssh.log similarity index 100% rename from testing/btest/Baseline/policy.frameworks.logging.include/ssh.log rename to testing/btest/Baseline/scripts.base.frameworks.logging.include/ssh.log diff --git a/testing/btest/Baseline/policy.frameworks.logging.path-func/output b/testing/btest/Baseline/scripts.base.frameworks.logging.path-func/output similarity index 100% rename from testing/btest/Baseline/policy.frameworks.logging.path-func/output rename to testing/btest/Baseline/scripts.base.frameworks.logging.path-func/output diff --git a/testing/btest/Baseline/policy.frameworks.logging.pred/ssh.failure.log b/testing/btest/Baseline/scripts.base.frameworks.logging.pred/ssh.failure.log similarity index 100% rename from testing/btest/Baseline/policy.frameworks.logging.pred/ssh.failure.log rename to testing/btest/Baseline/scripts.base.frameworks.logging.pred/ssh.failure.log diff --git a/testing/btest/Baseline/policy.frameworks.logging.pred/ssh.success.log b/testing/btest/Baseline/scripts.base.frameworks.logging.pred/ssh.success.log similarity index 100% rename from testing/btest/Baseline/policy.frameworks.logging.pred/ssh.success.log rename to testing/btest/Baseline/scripts.base.frameworks.logging.pred/ssh.success.log diff --git a/testing/btest/Baseline/policy.frameworks.logging.remote-types/receiver.test.log b/testing/btest/Baseline/scripts.base.frameworks.logging.remote-types/receiver.test.log similarity index 100% rename from testing/btest/Baseline/policy.frameworks.logging.remote-types/receiver.test.log rename to testing/btest/Baseline/scripts.base.frameworks.logging.remote-types/receiver.test.log diff --git a/testing/btest/Baseline/policy.frameworks.logging.remote/sender.test.failure.log b/testing/btest/Baseline/scripts.base.frameworks.logging.remote/sender.test.failure.log similarity index 100% rename from testing/btest/Baseline/policy.frameworks.logging.remote/sender.test.failure.log rename to testing/btest/Baseline/scripts.base.frameworks.logging.remote/sender.test.failure.log diff --git a/testing/btest/Baseline/policy.frameworks.logging.remote/sender.test.log b/testing/btest/Baseline/scripts.base.frameworks.logging.remote/sender.test.log similarity index 100% rename from testing/btest/Baseline/policy.frameworks.logging.remote/sender.test.log rename to testing/btest/Baseline/scripts.base.frameworks.logging.remote/sender.test.log diff --git a/testing/btest/Baseline/policy.frameworks.logging.remote/sender.test.success.log b/testing/btest/Baseline/scripts.base.frameworks.logging.remote/sender.test.success.log similarity index 100% rename from testing/btest/Baseline/policy.frameworks.logging.remote/sender.test.success.log rename to testing/btest/Baseline/scripts.base.frameworks.logging.remote/sender.test.success.log diff --git a/testing/btest/Baseline/policy.frameworks.logging.remove/ssh.failure.log b/testing/btest/Baseline/scripts.base.frameworks.logging.remove/ssh.failure.log similarity index 100% rename from testing/btest/Baseline/policy.frameworks.logging.remove/ssh.failure.log rename to testing/btest/Baseline/scripts.base.frameworks.logging.remove/ssh.failure.log diff --git a/testing/btest/Baseline/policy.frameworks.logging.remove/ssh.log b/testing/btest/Baseline/scripts.base.frameworks.logging.remove/ssh.log similarity index 100% rename from testing/btest/Baseline/policy.frameworks.logging.remove/ssh.log rename to testing/btest/Baseline/scripts.base.frameworks.logging.remove/ssh.log diff --git a/testing/btest/Baseline/policy.frameworks.logging.rotate-custom/out b/testing/btest/Baseline/scripts.base.frameworks.logging.rotate-custom/out similarity index 100% rename from testing/btest/Baseline/policy.frameworks.logging.rotate-custom/out rename to testing/btest/Baseline/scripts.base.frameworks.logging.rotate-custom/out diff --git a/testing/btest/Baseline/policy.frameworks.logging.rotate/out b/testing/btest/Baseline/scripts.base.frameworks.logging.rotate/out similarity index 100% rename from testing/btest/Baseline/policy.frameworks.logging.rotate/out rename to testing/btest/Baseline/scripts.base.frameworks.logging.rotate/out diff --git a/testing/btest/Baseline/policy.frameworks.logging.stdout/output b/testing/btest/Baseline/scripts.base.frameworks.logging.stdout/output similarity index 100% rename from testing/btest/Baseline/policy.frameworks.logging.stdout/output rename to testing/btest/Baseline/scripts.base.frameworks.logging.stdout/output diff --git a/testing/btest/Baseline/policy.frameworks.logging.test-logging/ssh.log b/testing/btest/Baseline/scripts.base.frameworks.logging.test-logging/ssh.log similarity index 100% rename from testing/btest/Baseline/policy.frameworks.logging.test-logging/ssh.log rename to testing/btest/Baseline/scripts.base.frameworks.logging.test-logging/ssh.log diff --git a/testing/btest/Baseline/policy.frameworks.logging.types/ssh.log b/testing/btest/Baseline/scripts.base.frameworks.logging.types/ssh.log similarity index 100% rename from testing/btest/Baseline/policy.frameworks.logging.types/ssh.log rename to testing/btest/Baseline/scripts.base.frameworks.logging.types/ssh.log diff --git a/testing/btest/Baseline/policy.frameworks.logging.unset-record/testing.log b/testing/btest/Baseline/scripts.base.frameworks.logging.unset-record/testing.log similarity index 100% rename from testing/btest/Baseline/policy.frameworks.logging.unset-record/testing.log rename to testing/btest/Baseline/scripts.base.frameworks.logging.unset-record/testing.log diff --git a/testing/btest/Baseline/policy.frameworks.logging.vec/ssh.log b/testing/btest/Baseline/scripts.base.frameworks.logging.vec/ssh.log similarity index 100% rename from testing/btest/Baseline/policy.frameworks.logging.vec/ssh.log rename to testing/btest/Baseline/scripts.base.frameworks.logging.vec/ssh.log diff --git a/testing/btest/Baseline/policy.frameworks.metrics.basic-cluster/manager-1.metrics.log b/testing/btest/Baseline/scripts.base.frameworks.metrics.basic-cluster/manager-1.metrics.log similarity index 100% rename from testing/btest/Baseline/policy.frameworks.metrics.basic-cluster/manager-1.metrics.log rename to testing/btest/Baseline/scripts.base.frameworks.metrics.basic-cluster/manager-1.metrics.log diff --git a/testing/btest/Baseline/policy.frameworks.metrics.basic/metrics.log b/testing/btest/Baseline/scripts.base.frameworks.metrics.basic/metrics.log similarity index 100% rename from testing/btest/Baseline/policy.frameworks.metrics.basic/metrics.log rename to testing/btest/Baseline/scripts.base.frameworks.metrics.basic/metrics.log diff --git a/testing/btest/Baseline/policy.frameworks.metrics.notice/notice.log b/testing/btest/Baseline/scripts.base.frameworks.metrics.notice/notice.log similarity index 100% rename from testing/btest/Baseline/policy.frameworks.metrics.notice/notice.log rename to testing/btest/Baseline/scripts.base.frameworks.metrics.notice/notice.log diff --git a/testing/btest/Baseline/policy.frameworks.software.version-parsing/output b/testing/btest/Baseline/scripts.base.frameworks.software.version-parsing/output similarity index 100% rename from testing/btest/Baseline/policy.frameworks.software.version-parsing/output rename to testing/btest/Baseline/scripts.base.frameworks.software.version-parsing/output diff --git a/testing/btest/Baseline/policy.protocols.http.http-mime-and-md5/http.log b/testing/btest/Baseline/scripts.base.protocols.http.http-mime-and-md5/http.log similarity index 100% rename from testing/btest/Baseline/policy.protocols.http.http-mime-and-md5/http.log rename to testing/btest/Baseline/scripts.base.protocols.http.http-mime-and-md5/http.log diff --git a/testing/btest/Baseline/policy.protocols.http.http-pipelining/http.log b/testing/btest/Baseline/scripts.base.protocols.http.http-pipelining/http.log similarity index 100% rename from testing/btest/Baseline/policy.protocols.http.http-pipelining/http.log rename to testing/btest/Baseline/scripts.base.protocols.http.http-pipelining/http.log diff --git a/testing/btest/Baseline/policy.protocols.irc.basic/irc.log b/testing/btest/Baseline/scripts.base.protocols.irc.basic/irc.log similarity index 100% rename from testing/btest/Baseline/policy.protocols.irc.basic/irc.log rename to testing/btest/Baseline/scripts.base.protocols.irc.basic/irc.log diff --git a/testing/btest/Baseline/policy.protocols.irc.dcc-extract/irc-dcc-item_192.168.1.77:57655-209.197.168.151:1024_1.dat b/testing/btest/Baseline/scripts.base.protocols.irc.dcc-extract/irc-dcc-item_192.168.1.77:57655-209.197.168.151:1024_1.dat similarity index 100% rename from testing/btest/Baseline/policy.protocols.irc.dcc-extract/irc-dcc-item_192.168.1.77:57655-209.197.168.151:1024_1.dat rename to testing/btest/Baseline/scripts.base.protocols.irc.dcc-extract/irc-dcc-item_192.168.1.77:57655-209.197.168.151:1024_1.dat diff --git a/testing/btest/Baseline/policy.protocols.irc.dcc-extract/irc.log b/testing/btest/Baseline/scripts.base.protocols.irc.dcc-extract/irc.log similarity index 100% rename from testing/btest/Baseline/policy.protocols.irc.dcc-extract/irc.log rename to testing/btest/Baseline/scripts.base.protocols.irc.dcc-extract/irc.log diff --git a/testing/btest/Baseline/policy.protocols.smtp.basic/smtp.log b/testing/btest/Baseline/scripts.base.protocols.smtp.basic/smtp.log similarity index 100% rename from testing/btest/Baseline/policy.protocols.smtp.basic/smtp.log rename to testing/btest/Baseline/scripts.base.protocols.smtp.basic/smtp.log diff --git a/testing/btest/Baseline/policy.protocols.smtp.mime-extract/smtp-entity_10.10.1.4:1470-74.53.140.153:25_1.dat b/testing/btest/Baseline/scripts.base.protocols.smtp.mime-extract/smtp-entity_10.10.1.4:1470-74.53.140.153:25_1.dat similarity index 100% rename from testing/btest/Baseline/policy.protocols.smtp.mime-extract/smtp-entity_10.10.1.4:1470-74.53.140.153:25_1.dat rename to testing/btest/Baseline/scripts.base.protocols.smtp.mime-extract/smtp-entity_10.10.1.4:1470-74.53.140.153:25_1.dat diff --git a/testing/btest/Baseline/policy.protocols.smtp.mime-extract/smtp-entity_10.10.1.4:1470-74.53.140.153:25_2.dat b/testing/btest/Baseline/scripts.base.protocols.smtp.mime-extract/smtp-entity_10.10.1.4:1470-74.53.140.153:25_2.dat similarity index 100% rename from testing/btest/Baseline/policy.protocols.smtp.mime-extract/smtp-entity_10.10.1.4:1470-74.53.140.153:25_2.dat rename to testing/btest/Baseline/scripts.base.protocols.smtp.mime-extract/smtp-entity_10.10.1.4:1470-74.53.140.153:25_2.dat diff --git a/testing/btest/Baseline/policy.protocols.smtp.mime-extract/smtp_entities.log b/testing/btest/Baseline/scripts.base.protocols.smtp.mime-extract/smtp_entities.log similarity index 100% rename from testing/btest/Baseline/policy.protocols.smtp.mime-extract/smtp_entities.log rename to testing/btest/Baseline/scripts.base.protocols.smtp.mime-extract/smtp_entities.log diff --git a/testing/btest/Baseline/policy.protocols.smtp.mime/smtp_entities.log b/testing/btest/Baseline/scripts.base.protocols.smtp.mime/smtp_entities.log similarity index 100% rename from testing/btest/Baseline/policy.protocols.smtp.mime/smtp_entities.log rename to testing/btest/Baseline/scripts.base.protocols.smtp.mime/smtp_entities.log diff --git a/testing/btest/Baseline/policy.utils.addrs/output b/testing/btest/Baseline/scripts.base.utils.addrs/output similarity index 100% rename from testing/btest/Baseline/policy.utils.addrs/output rename to testing/btest/Baseline/scripts.base.utils.addrs/output diff --git a/testing/btest/Baseline/policy.utils.conn-ids/output b/testing/btest/Baseline/scripts.base.utils.conn-ids/output similarity index 100% rename from testing/btest/Baseline/policy.utils.conn-ids/output rename to testing/btest/Baseline/scripts.base.utils.conn-ids/output diff --git a/testing/btest/Baseline/policy.utils.directions-and-hosts/output b/testing/btest/Baseline/scripts.base.utils.directions-and-hosts/output similarity index 100% rename from testing/btest/Baseline/policy.utils.directions-and-hosts/output rename to testing/btest/Baseline/scripts.base.utils.directions-and-hosts/output diff --git a/testing/btest/Baseline/policy.utils.files/output b/testing/btest/Baseline/scripts.base.utils.files/output similarity index 100% rename from testing/btest/Baseline/policy.utils.files/output rename to testing/btest/Baseline/scripts.base.utils.files/output diff --git a/testing/btest/Baseline/policy.utils.numbers/output b/testing/btest/Baseline/scripts.base.utils.numbers/output similarity index 100% rename from testing/btest/Baseline/policy.utils.numbers/output rename to testing/btest/Baseline/scripts.base.utils.numbers/output diff --git a/testing/btest/Baseline/policy.utils.paths/output b/testing/btest/Baseline/scripts.base.utils.paths/output similarity index 100% rename from testing/btest/Baseline/policy.utils.paths/output rename to testing/btest/Baseline/scripts.base.utils.paths/output diff --git a/testing/btest/Baseline/policy.utils.pattern/output b/testing/btest/Baseline/scripts.base.utils.pattern/output similarity index 100% rename from testing/btest/Baseline/policy.utils.pattern/output rename to testing/btest/Baseline/scripts.base.utils.pattern/output diff --git a/testing/btest/Baseline/policy.utils.site/output b/testing/btest/Baseline/scripts.base.utils.site/output similarity index 100% rename from testing/btest/Baseline/policy.utils.site/output rename to testing/btest/Baseline/scripts.base.utils.site/output diff --git a/testing/btest/Baseline/policy.utils.strings/output b/testing/btest/Baseline/scripts.base.utils.strings/output similarity index 100% rename from testing/btest/Baseline/policy.utils.strings/output rename to testing/btest/Baseline/scripts.base.utils.strings/output diff --git a/testing/btest/Baseline/policy.utils.thresholds/output b/testing/btest/Baseline/scripts.base.utils.thresholds/output similarity index 100% rename from testing/btest/Baseline/policy.utils.thresholds/output rename to testing/btest/Baseline/scripts.base.utils.thresholds/output diff --git a/testing/btest/Baseline/policy.misc.check-test-all-policy/output b/testing/btest/Baseline/scripts.check-test-all-policy/output similarity index 100% rename from testing/btest/Baseline/policy.misc.check-test-all-policy/output rename to testing/btest/Baseline/scripts.check-test-all-policy/output diff --git a/testing/btest/Baseline/policy.misc.bare-loaded-scripts/canonified_loaded_scripts.log b/testing/btest/Baseline/scripts.policy.misc.bare-loaded-scripts/canonified_loaded_scripts.log similarity index 50% rename from testing/btest/Baseline/policy.misc.bare-loaded-scripts/canonified_loaded_scripts.log rename to testing/btest/Baseline/scripts.policy.misc.bare-loaded-scripts/canonified_loaded_scripts.log index 7d40d728da..8386089200 100644 --- a/testing/btest/Baseline/policy.misc.bare-loaded-scripts/canonified_loaded_scripts.log +++ b/testing/btest/Baseline/scripts.policy.misc.bare-loaded-scripts/canonified_loaded_scripts.log @@ -1,13 +1,13 @@ # depth name 0 scripts/base/init-bare.bro -1 build/src/const.bif.bro -1 build/src/types.bif.bro -1 build/src/strings.bif.bro -1 build/src/bro.bif.bro -1 build/src/reporter.bif.bro -1 build/src/event.bif.bro +1 build/src/base/const.bif.bro +1 build/src/base/types.bif.bro +1 build/src/base/strings.bif.bro +1 build/src/base/bro.bif.bro +1 build/src/base/reporter.bif.bro +1 build/src/base/event.bif.bro 1 scripts/base/frameworks/logging/__load__.bro 2 scripts/base/frameworks/logging/./main.bro -3 build/src/logging.bif.bro +3 build/src/base/logging.bif.bro 2 scripts/base/frameworks/logging/./writers/ascii.bro 0 scripts/policy/misc/loaded-scripts.bro diff --git a/testing/btest/Baseline/policy.misc.default-loaded-scripts/canonified_loaded_scripts.log b/testing/btest/Baseline/scripts.policy.misc.default-loaded-scripts/canonified_loaded_scripts.log similarity index 92% rename from testing/btest/Baseline/policy.misc.default-loaded-scripts/canonified_loaded_scripts.log rename to testing/btest/Baseline/scripts.policy.misc.default-loaded-scripts/canonified_loaded_scripts.log index 825be4fbb5..be836e1fee 100644 --- a/testing/btest/Baseline/policy.misc.default-loaded-scripts/canonified_loaded_scripts.log +++ b/testing/btest/Baseline/scripts.policy.misc.default-loaded-scripts/canonified_loaded_scripts.log @@ -1,14 +1,14 @@ # depth name 0 scripts/base/init-bare.bro -1 build/src/const.bif.bro -1 build/src/types.bif.bro -1 build/src/strings.bif.bro -1 build/src/bro.bif.bro -1 build/src/reporter.bif.bro -1 build/src/event.bif.bro +1 build/src/base/const.bif.bro +1 build/src/base/types.bif.bro +1 build/src/base/strings.bif.bro +1 build/src/base/bro.bif.bro +1 build/src/base/reporter.bif.bro +1 build/src/base/event.bif.bro 1 scripts/base/frameworks/logging/__load__.bro 2 scripts/base/frameworks/logging/./main.bro -3 build/src/logging.bif.bro +3 build/src/base/logging.bif.bro 2 scripts/base/frameworks/logging/./writers/ascii.bro 0 scripts/base/init-default.bro 1 scripts/base/utils/site.bro @@ -38,16 +38,17 @@ 2 scripts/base/frameworks/packet-filter/./netstats.bro 1 scripts/base/frameworks/software/__load__.bro 2 scripts/base/frameworks/software/./main.bro -1 scripts/base/frameworks/intel/__load__.bro -2 scripts/base/frameworks/intel/./main.bro -1 scripts/base/frameworks/metrics/__load__.bro -2 scripts/base/frameworks/metrics/./main.bro 1 scripts/base/frameworks/communication/__load__.bro 2 scripts/base/frameworks/communication/./main.bro 1 scripts/base/frameworks/control/__load__.bro 2 scripts/base/frameworks/control/./main.bro 1 scripts/base/frameworks/cluster/__load__.bro 2 scripts/base/frameworks/cluster/./main.bro +1 scripts/base/frameworks/metrics/__load__.bro +2 scripts/base/frameworks/metrics/./main.bro +2 scripts/base/frameworks/metrics/./non-cluster.bro +1 scripts/base/frameworks/intel/__load__.bro +2 scripts/base/frameworks/intel/./main.bro 1 scripts/base/frameworks/reporter/__load__.bro 2 scripts/base/frameworks/reporter/./main.bro 1 scripts/base/protocols/conn/__load__.bro diff --git a/testing/btest/Baseline/policy.protocols.conn.known-hosts/knownhosts-all.log b/testing/btest/Baseline/scripts.policy.protocols.conn.known-hosts/knownhosts-all.log similarity index 100% rename from testing/btest/Baseline/policy.protocols.conn.known-hosts/knownhosts-all.log rename to testing/btest/Baseline/scripts.policy.protocols.conn.known-hosts/knownhosts-all.log diff --git a/testing/btest/Baseline/policy.protocols.conn.known-hosts/knownhosts-local.log b/testing/btest/Baseline/scripts.policy.protocols.conn.known-hosts/knownhosts-local.log similarity index 100% rename from testing/btest/Baseline/policy.protocols.conn.known-hosts/knownhosts-local.log rename to testing/btest/Baseline/scripts.policy.protocols.conn.known-hosts/knownhosts-local.log diff --git a/testing/btest/Baseline/policy.protocols.conn.known-hosts/knownhosts-remote.log b/testing/btest/Baseline/scripts.policy.protocols.conn.known-hosts/knownhosts-remote.log similarity index 100% rename from testing/btest/Baseline/policy.protocols.conn.known-hosts/knownhosts-remote.log rename to testing/btest/Baseline/scripts.policy.protocols.conn.known-hosts/knownhosts-remote.log diff --git a/testing/btest/Baseline/policy.protocols.conn.known-services/knownservices-all.log b/testing/btest/Baseline/scripts.policy.protocols.conn.known-services/knownservices-all.log similarity index 100% rename from testing/btest/Baseline/policy.protocols.conn.known-services/knownservices-all.log rename to testing/btest/Baseline/scripts.policy.protocols.conn.known-services/knownservices-all.log diff --git a/testing/btest/Baseline/policy.protocols.conn.known-services/knownservices-local.log b/testing/btest/Baseline/scripts.policy.protocols.conn.known-services/knownservices-local.log similarity index 100% rename from testing/btest/Baseline/policy.protocols.conn.known-services/knownservices-local.log rename to testing/btest/Baseline/scripts.policy.protocols.conn.known-services/knownservices-local.log diff --git a/testing/btest/Baseline/policy.protocols.conn.known-services/knownservices-remote.log b/testing/btest/Baseline/scripts.policy.protocols.conn.known-services/knownservices-remote.log similarity index 100% rename from testing/btest/Baseline/policy.protocols.conn.known-services/knownservices-remote.log rename to testing/btest/Baseline/scripts.policy.protocols.conn.known-services/knownservices-remote.log diff --git a/testing/btest/Baseline/policy.protocols.dns.event-priority/dns.log b/testing/btest/Baseline/scripts.policy.protocols.dns.event-priority/dns.log similarity index 100% rename from testing/btest/Baseline/policy.protocols.dns.event-priority/dns.log rename to testing/btest/Baseline/scripts.policy.protocols.dns.event-priority/dns.log diff --git a/testing/btest/Baseline/policy.protocols.http.test-sql-injection-regex/output b/testing/btest/Baseline/scripts.policy.protocols.http.test-sql-injection-regex/output similarity index 100% rename from testing/btest/Baseline/policy.protocols.http.test-sql-injection-regex/output rename to testing/btest/Baseline/scripts.policy.protocols.http.test-sql-injection-regex/output diff --git a/testing/btest/btest.cfg b/testing/btest/btest.cfg index 1aa7b28f25..f674ae68c8 100644 --- a/testing/btest/btest.cfg +++ b/testing/btest/btest.cfg @@ -1,5 +1,5 @@ [btest] -TestDirs = doc bifs language core policy istate +TestDirs = doc bifs language core scripts istate TmpDir = %(testbase)s/.tmp BaselineDir = %(testbase)s/Baseline IgnoreDirs = .svn CVS .tmp diff --git a/testing/btest/core/check-unused-event-handlers.test b/testing/btest/core/check-unused-event-handlers.test new file mode 100644 index 0000000000..f9ad105ff6 --- /dev/null +++ b/testing/btest/core/check-unused-event-handlers.test @@ -0,0 +1,8 @@ +# This test should print a warning that the event handler is never invoked. +# @TEST-EXEC: bro -b %INPUT check_for_unused_event_handlers=T +# @TEST-EXEC: btest-diff .stderr + +event this_is_never_used() + { + print "not even once"; + } diff --git a/testing/btest/policy/misc/check-bare-test-all-policy.bro b/testing/btest/policy/misc/check-bare-test-all-policy.bro deleted file mode 100644 index a3474942e3..0000000000 --- a/testing/btest/policy/misc/check-bare-test-all-policy.bro +++ /dev/null @@ -1,7 +0,0 @@ -# Makes sures test-all-policy.bro (which loads *all* other policy scripts) -# compiles correctly even in bare mode. -# -# @TEST-EXEC: bro -b %INPUT >output -# @TEST-EXEC: btest-diff output - -@load test-all-policy diff --git a/testing/btest/scripts/bare-mode-coverage.test b/testing/btest/scripts/bare-mode-coverage.test new file mode 100644 index 0000000000..12744023dc --- /dev/null +++ b/testing/btest/scripts/bare-mode-coverage.test @@ -0,0 +1,8 @@ +# Makes sure any given policy script in the scripts/ tree can be loaded in +# bare mode. btest-bg-run/btest-bg-wait are used to kill off scripts that +# block after loading, e.g. start listening on a socket. +# +# @TEST-EXEC: test -d $DIST/scripts +# @TEST-EXEC: for script in `find $DIST/scripts -name \*\.bro`; do echo $script;if [[ "$script" =~ listen-clear|listen-ssl|controllee ]]; then rm -rf load_attempt .bgprocs; btest-bg-run load_attempt bro -b $script; btest-bg-wait -k 2; cat load_attempt/.stderr >>allerrors; else bro -b $script 2>>allerrors; fi done || exit 0 +# @TEST-EXEC: cat allerrors | grep -v "received termination signal" | sort | uniq > unique_errors +# @TEST-EXEC: btest-diff unique_errors diff --git a/testing/btest/policy/frameworks/cluster/start-it-up.bro b/testing/btest/scripts/base/frameworks/cluster/start-it-up.bro similarity index 100% rename from testing/btest/policy/frameworks/cluster/start-it-up.bro rename to testing/btest/scripts/base/frameworks/cluster/start-it-up.bro diff --git a/testing/btest/policy/frameworks/control/configuration_update.bro b/testing/btest/scripts/base/frameworks/control/configuration_update.bro similarity index 100% rename from testing/btest/policy/frameworks/control/configuration_update.bro rename to testing/btest/scripts/base/frameworks/control/configuration_update.bro diff --git a/testing/btest/policy/frameworks/control/id_value.bro b/testing/btest/scripts/base/frameworks/control/id_value.bro similarity index 100% rename from testing/btest/policy/frameworks/control/id_value.bro rename to testing/btest/scripts/base/frameworks/control/id_value.bro diff --git a/testing/btest/policy/frameworks/control/shutdown.bro b/testing/btest/scripts/base/frameworks/control/shutdown.bro similarity index 100% rename from testing/btest/policy/frameworks/control/shutdown.bro rename to testing/btest/scripts/base/frameworks/control/shutdown.bro diff --git a/testing/btest/policy/frameworks/intel/insert-and-matcher.bro b/testing/btest/scripts/base/frameworks/intel/insert-and-matcher.bro similarity index 100% rename from testing/btest/policy/frameworks/intel/insert-and-matcher.bro rename to testing/btest/scripts/base/frameworks/intel/insert-and-matcher.bro diff --git a/testing/btest/policy/frameworks/logging/adapt-filter.bro b/testing/btest/scripts/base/frameworks/logging/adapt-filter.bro similarity index 100% rename from testing/btest/policy/frameworks/logging/adapt-filter.bro rename to testing/btest/scripts/base/frameworks/logging/adapt-filter.bro diff --git a/testing/btest/policy/frameworks/logging/ascii-binary.bro b/testing/btest/scripts/base/frameworks/logging/ascii-binary.bro similarity index 100% rename from testing/btest/policy/frameworks/logging/ascii-binary.bro rename to testing/btest/scripts/base/frameworks/logging/ascii-binary.bro diff --git a/testing/btest/policy/frameworks/logging/ascii-empty.bro b/testing/btest/scripts/base/frameworks/logging/ascii-empty.bro similarity index 100% rename from testing/btest/policy/frameworks/logging/ascii-empty.bro rename to testing/btest/scripts/base/frameworks/logging/ascii-empty.bro diff --git a/testing/btest/policy/frameworks/logging/ascii-escape.bro b/testing/btest/scripts/base/frameworks/logging/ascii-escape.bro similarity index 100% rename from testing/btest/policy/frameworks/logging/ascii-escape.bro rename to testing/btest/scripts/base/frameworks/logging/ascii-escape.bro diff --git a/testing/btest/policy/frameworks/logging/ascii-options.bro b/testing/btest/scripts/base/frameworks/logging/ascii-options.bro similarity index 100% rename from testing/btest/policy/frameworks/logging/ascii-options.bro rename to testing/btest/scripts/base/frameworks/logging/ascii-options.bro diff --git a/testing/btest/policy/frameworks/logging/ascii-timestamps.bro b/testing/btest/scripts/base/frameworks/logging/ascii-timestamps.bro similarity index 100% rename from testing/btest/policy/frameworks/logging/ascii-timestamps.bro rename to testing/btest/scripts/base/frameworks/logging/ascii-timestamps.bro diff --git a/testing/btest/policy/frameworks/logging/attr-extend.bro b/testing/btest/scripts/base/frameworks/logging/attr-extend.bro similarity index 100% rename from testing/btest/policy/frameworks/logging/attr-extend.bro rename to testing/btest/scripts/base/frameworks/logging/attr-extend.bro diff --git a/testing/btest/policy/frameworks/logging/attr.bro b/testing/btest/scripts/base/frameworks/logging/attr.bro similarity index 100% rename from testing/btest/policy/frameworks/logging/attr.bro rename to testing/btest/scripts/base/frameworks/logging/attr.bro diff --git a/testing/btest/policy/frameworks/logging/disable-stream.bro b/testing/btest/scripts/base/frameworks/logging/disable-stream.bro similarity index 100% rename from testing/btest/policy/frameworks/logging/disable-stream.bro rename to testing/btest/scripts/base/frameworks/logging/disable-stream.bro diff --git a/testing/btest/policy/frameworks/logging/empty-event.bro b/testing/btest/scripts/base/frameworks/logging/empty-event.bro similarity index 100% rename from testing/btest/policy/frameworks/logging/empty-event.bro rename to testing/btest/scripts/base/frameworks/logging/empty-event.bro diff --git a/testing/btest/policy/frameworks/logging/events.bro b/testing/btest/scripts/base/frameworks/logging/events.bro similarity index 100% rename from testing/btest/policy/frameworks/logging/events.bro rename to testing/btest/scripts/base/frameworks/logging/events.bro diff --git a/testing/btest/policy/frameworks/logging/exclude.bro b/testing/btest/scripts/base/frameworks/logging/exclude.bro similarity index 100% rename from testing/btest/policy/frameworks/logging/exclude.bro rename to testing/btest/scripts/base/frameworks/logging/exclude.bro diff --git a/testing/btest/policy/frameworks/logging/file.bro b/testing/btest/scripts/base/frameworks/logging/file.bro similarity index 100% rename from testing/btest/policy/frameworks/logging/file.bro rename to testing/btest/scripts/base/frameworks/logging/file.bro diff --git a/testing/btest/policy/frameworks/logging/include.bro b/testing/btest/scripts/base/frameworks/logging/include.bro similarity index 100% rename from testing/btest/policy/frameworks/logging/include.bro rename to testing/btest/scripts/base/frameworks/logging/include.bro diff --git a/testing/btest/policy/frameworks/logging/no-local.bro b/testing/btest/scripts/base/frameworks/logging/no-local.bro similarity index 100% rename from testing/btest/policy/frameworks/logging/no-local.bro rename to testing/btest/scripts/base/frameworks/logging/no-local.bro diff --git a/testing/btest/policy/frameworks/logging/path-func.bro b/testing/btest/scripts/base/frameworks/logging/path-func.bro similarity index 100% rename from testing/btest/policy/frameworks/logging/path-func.bro rename to testing/btest/scripts/base/frameworks/logging/path-func.bro diff --git a/testing/btest/policy/frameworks/logging/pred.bro b/testing/btest/scripts/base/frameworks/logging/pred.bro similarity index 100% rename from testing/btest/policy/frameworks/logging/pred.bro rename to testing/btest/scripts/base/frameworks/logging/pred.bro diff --git a/testing/btest/policy/frameworks/logging/remote-types.bro b/testing/btest/scripts/base/frameworks/logging/remote-types.bro similarity index 100% rename from testing/btest/policy/frameworks/logging/remote-types.bro rename to testing/btest/scripts/base/frameworks/logging/remote-types.bro diff --git a/testing/btest/policy/frameworks/logging/remote.bro b/testing/btest/scripts/base/frameworks/logging/remote.bro similarity index 100% rename from testing/btest/policy/frameworks/logging/remote.bro rename to testing/btest/scripts/base/frameworks/logging/remote.bro diff --git a/testing/btest/policy/frameworks/logging/remove.bro b/testing/btest/scripts/base/frameworks/logging/remove.bro similarity index 100% rename from testing/btest/policy/frameworks/logging/remove.bro rename to testing/btest/scripts/base/frameworks/logging/remove.bro diff --git a/testing/btest/policy/frameworks/logging/rotate-custom.bro b/testing/btest/scripts/base/frameworks/logging/rotate-custom.bro similarity index 100% rename from testing/btest/policy/frameworks/logging/rotate-custom.bro rename to testing/btest/scripts/base/frameworks/logging/rotate-custom.bro diff --git a/testing/btest/policy/frameworks/logging/rotate.bro b/testing/btest/scripts/base/frameworks/logging/rotate.bro similarity index 100% rename from testing/btest/policy/frameworks/logging/rotate.bro rename to testing/btest/scripts/base/frameworks/logging/rotate.bro diff --git a/testing/btest/policy/frameworks/logging/rotation.trace b/testing/btest/scripts/base/frameworks/logging/rotation.trace similarity index 100% rename from testing/btest/policy/frameworks/logging/rotation.trace rename to testing/btest/scripts/base/frameworks/logging/rotation.trace diff --git a/testing/btest/policy/frameworks/logging/stdout.bro b/testing/btest/scripts/base/frameworks/logging/stdout.bro similarity index 100% rename from testing/btest/policy/frameworks/logging/stdout.bro rename to testing/btest/scripts/base/frameworks/logging/stdout.bro diff --git a/testing/btest/policy/frameworks/logging/test-logging.bro b/testing/btest/scripts/base/frameworks/logging/test-logging.bro similarity index 100% rename from testing/btest/policy/frameworks/logging/test-logging.bro rename to testing/btest/scripts/base/frameworks/logging/test-logging.bro diff --git a/testing/btest/policy/frameworks/logging/types.bro b/testing/btest/scripts/base/frameworks/logging/types.bro similarity index 100% rename from testing/btest/policy/frameworks/logging/types.bro rename to testing/btest/scripts/base/frameworks/logging/types.bro diff --git a/testing/btest/policy/frameworks/logging/unset-record.bro b/testing/btest/scripts/base/frameworks/logging/unset-record.bro similarity index 100% rename from testing/btest/policy/frameworks/logging/unset-record.bro rename to testing/btest/scripts/base/frameworks/logging/unset-record.bro diff --git a/testing/btest/policy/frameworks/logging/vec.bro b/testing/btest/scripts/base/frameworks/logging/vec.bro similarity index 100% rename from testing/btest/policy/frameworks/logging/vec.bro rename to testing/btest/scripts/base/frameworks/logging/vec.bro diff --git a/testing/btest/policy/frameworks/metrics/basic-cluster.bro b/testing/btest/scripts/base/frameworks/metrics/basic-cluster.bro similarity index 100% rename from testing/btest/policy/frameworks/metrics/basic-cluster.bro rename to testing/btest/scripts/base/frameworks/metrics/basic-cluster.bro diff --git a/testing/btest/policy/frameworks/metrics/basic.bro b/testing/btest/scripts/base/frameworks/metrics/basic.bro similarity index 100% rename from testing/btest/policy/frameworks/metrics/basic.bro rename to testing/btest/scripts/base/frameworks/metrics/basic.bro diff --git a/testing/btest/policy/frameworks/metrics/notice.bro b/testing/btest/scripts/base/frameworks/metrics/notice.bro similarity index 100% rename from testing/btest/policy/frameworks/metrics/notice.bro rename to testing/btest/scripts/base/frameworks/metrics/notice.bro diff --git a/testing/btest/policy/frameworks/software/version-parsing.bro b/testing/btest/scripts/base/frameworks/software/version-parsing.bro similarity index 100% rename from testing/btest/policy/frameworks/software/version-parsing.bro rename to testing/btest/scripts/base/frameworks/software/version-parsing.bro diff --git a/testing/btest/policy/misc/init-default-coverage.bro b/testing/btest/scripts/base/init-default-coverage.bro similarity index 100% rename from testing/btest/policy/misc/init-default-coverage.bro rename to testing/btest/scripts/base/init-default-coverage.bro diff --git a/testing/btest/policy/protocols/http/http-header-crlf.bro b/testing/btest/scripts/base/protocols/http/http-header-crlf.bro similarity index 100% rename from testing/btest/policy/protocols/http/http-header-crlf.bro rename to testing/btest/scripts/base/protocols/http/http-header-crlf.bro diff --git a/testing/btest/policy/protocols/http/http-mime-and-md5.bro b/testing/btest/scripts/base/protocols/http/http-mime-and-md5.bro similarity index 100% rename from testing/btest/policy/protocols/http/http-mime-and-md5.bro rename to testing/btest/scripts/base/protocols/http/http-mime-and-md5.bro diff --git a/testing/btest/policy/protocols/http/http-pipelining.bro b/testing/btest/scripts/base/protocols/http/http-pipelining.bro similarity index 100% rename from testing/btest/policy/protocols/http/http-pipelining.bro rename to testing/btest/scripts/base/protocols/http/http-pipelining.bro diff --git a/testing/btest/policy/protocols/irc/basic.test b/testing/btest/scripts/base/protocols/irc/basic.test similarity index 100% rename from testing/btest/policy/protocols/irc/basic.test rename to testing/btest/scripts/base/protocols/irc/basic.test diff --git a/testing/btest/policy/protocols/irc/dcc-extract.test b/testing/btest/scripts/base/protocols/irc/dcc-extract.test similarity index 100% rename from testing/btest/policy/protocols/irc/dcc-extract.test rename to testing/btest/scripts/base/protocols/irc/dcc-extract.test diff --git a/testing/btest/policy/protocols/smtp/basic.test b/testing/btest/scripts/base/protocols/smtp/basic.test similarity index 100% rename from testing/btest/policy/protocols/smtp/basic.test rename to testing/btest/scripts/base/protocols/smtp/basic.test diff --git a/testing/btest/policy/protocols/smtp/mime-extract.test b/testing/btest/scripts/base/protocols/smtp/mime-extract.test similarity index 100% rename from testing/btest/policy/protocols/smtp/mime-extract.test rename to testing/btest/scripts/base/protocols/smtp/mime-extract.test diff --git a/testing/btest/policy/protocols/smtp/mime.test b/testing/btest/scripts/base/protocols/smtp/mime.test similarity index 100% rename from testing/btest/policy/protocols/smtp/mime.test rename to testing/btest/scripts/base/protocols/smtp/mime.test diff --git a/testing/btest/policy/utils/addrs.test b/testing/btest/scripts/base/utils/addrs.test similarity index 100% rename from testing/btest/policy/utils/addrs.test rename to testing/btest/scripts/base/utils/addrs.test diff --git a/testing/btest/policy/utils/conn-ids.test b/testing/btest/scripts/base/utils/conn-ids.test similarity index 100% rename from testing/btest/policy/utils/conn-ids.test rename to testing/btest/scripts/base/utils/conn-ids.test diff --git a/testing/btest/policy/utils/directions-and-hosts.test b/testing/btest/scripts/base/utils/directions-and-hosts.test similarity index 100% rename from testing/btest/policy/utils/directions-and-hosts.test rename to testing/btest/scripts/base/utils/directions-and-hosts.test diff --git a/testing/btest/policy/utils/files.test b/testing/btest/scripts/base/utils/files.test similarity index 100% rename from testing/btest/policy/utils/files.test rename to testing/btest/scripts/base/utils/files.test diff --git a/testing/btest/policy/utils/numbers.test b/testing/btest/scripts/base/utils/numbers.test similarity index 100% rename from testing/btest/policy/utils/numbers.test rename to testing/btest/scripts/base/utils/numbers.test diff --git a/testing/btest/policy/utils/paths.test b/testing/btest/scripts/base/utils/paths.test similarity index 100% rename from testing/btest/policy/utils/paths.test rename to testing/btest/scripts/base/utils/paths.test diff --git a/testing/btest/policy/utils/pattern.test b/testing/btest/scripts/base/utils/pattern.test similarity index 100% rename from testing/btest/policy/utils/pattern.test rename to testing/btest/scripts/base/utils/pattern.test diff --git a/testing/btest/policy/utils/site.test b/testing/btest/scripts/base/utils/site.test similarity index 100% rename from testing/btest/policy/utils/site.test rename to testing/btest/scripts/base/utils/site.test diff --git a/testing/btest/policy/utils/strings.test b/testing/btest/scripts/base/utils/strings.test similarity index 100% rename from testing/btest/policy/utils/strings.test rename to testing/btest/scripts/base/utils/strings.test diff --git a/testing/btest/policy/utils/thresholds.test b/testing/btest/scripts/base/utils/thresholds.test similarity index 100% rename from testing/btest/policy/utils/thresholds.test rename to testing/btest/scripts/base/utils/thresholds.test diff --git a/testing/btest/policy/misc/check-test-all-policy.bro b/testing/btest/scripts/check-test-all-policy.bro similarity index 100% rename from testing/btest/policy/misc/check-test-all-policy.bro rename to testing/btest/scripts/check-test-all-policy.bro diff --git a/testing/btest/policy/misc/bare-loaded-scripts.test b/testing/btest/scripts/policy/misc/bare-loaded-scripts.test similarity index 100% rename from testing/btest/policy/misc/bare-loaded-scripts.test rename to testing/btest/scripts/policy/misc/bare-loaded-scripts.test diff --git a/testing/btest/policy/misc/default-loaded-scripts.test b/testing/btest/scripts/policy/misc/default-loaded-scripts.test similarity index 100% rename from testing/btest/policy/misc/default-loaded-scripts.test rename to testing/btest/scripts/policy/misc/default-loaded-scripts.test diff --git a/testing/btest/policy/protocols/conn/known-hosts.bro b/testing/btest/scripts/policy/protocols/conn/known-hosts.bro similarity index 100% rename from testing/btest/policy/protocols/conn/known-hosts.bro rename to testing/btest/scripts/policy/protocols/conn/known-hosts.bro diff --git a/testing/btest/policy/protocols/conn/known-services.bro b/testing/btest/scripts/policy/protocols/conn/known-services.bro similarity index 100% rename from testing/btest/policy/protocols/conn/known-services.bro rename to testing/btest/scripts/policy/protocols/conn/known-services.bro diff --git a/testing/btest/policy/protocols/dns/event-priority.bro b/testing/btest/scripts/policy/protocols/dns/event-priority.bro similarity index 100% rename from testing/btest/policy/protocols/dns/event-priority.bro rename to testing/btest/scripts/policy/protocols/dns/event-priority.bro diff --git a/testing/btest/policy/protocols/http/test-sql-injection-regex.bro b/testing/btest/scripts/policy/protocols/http/test-sql-injection-regex.bro similarity index 100% rename from testing/btest/policy/protocols/http/test-sql-injection-regex.bro rename to testing/btest/scripts/policy/protocols/http/test-sql-injection-regex.bro diff --git a/testing/btest/policy/site/testing-local.bro b/testing/btest/scripts/site/local.test similarity index 100% rename from testing/btest/policy/site/testing-local.bro rename to testing/btest/scripts/site/local.test diff --git a/testing/btest/policy/misc/test-all-default-coverage.bro b/testing/btest/scripts/test-all-policy-coverage.bro similarity index 100% rename from testing/btest/policy/misc/test-all-default-coverage.bro rename to testing/btest/scripts/test-all-policy-coverage.bro