From 47500ceef4b913ef3f923c6dd98291ea01fec5f2 Mon Sep 17 00:00:00 2001 From: Jon Siwek Date: Wed, 10 Aug 2011 15:03:14 -0500 Subject: [PATCH 01/11] Add a test that checks each individual script can be loaded in bare-mode. Fixed most @load dependency issues in the process. The test is still failing in a "known" way due to hot.conn.bro and scan.bro. Adressess #545 --- scripts/base/frameworks/cluster/main.bro | 3 ++- scripts/base/frameworks/cluster/nodes/manager.bro | 2 ++ scripts/base/frameworks/cluster/nodes/worker.bro | 1 + scripts/base/frameworks/cluster/setup-connections.bro | 3 +++ scripts/base/frameworks/communication/main.bro | 2 ++ scripts/base/frameworks/intel/main.bro | 2 ++ scripts/base/frameworks/metrics/main.bro | 2 ++ scripts/base/frameworks/notice/actions/drop.bro | 4 +++- scripts/base/frameworks/notice/actions/email_admin.bro | 4 +++- scripts/base/frameworks/notice/actions/page.bro | 3 ++- .../base/frameworks/notice/extend-email/hostnames.bro | 5 +++-- scripts/base/frameworks/notice/weird.bro | 3 +++ scripts/base/frameworks/packet-filter/main.bro | 2 ++ scripts/base/frameworks/packet-filter/netstats.bro | 2 ++ scripts/base/frameworks/signatures/main.bro | 2 ++ scripts/base/frameworks/software/main.bro | 3 +++ scripts/base/protocols/conn/contents.bro | 2 ++ scripts/base/protocols/conn/main.bro | 1 + scripts/base/protocols/dns/main.bro | 1 + scripts/base/protocols/ftp/file-extract.bro | 5 ++++- scripts/base/protocols/ftp/main.bro | 4 ++++ scripts/base/protocols/http/file-extract.bro | 4 ++++ scripts/base/protocols/http/file-hash.bro | 2 ++ scripts/base/protocols/http/file-ident.bro | 5 +++++ scripts/base/protocols/http/main.bro | 1 + scripts/base/protocols/http/partial-content.bro | 4 ++++ scripts/base/protocols/http/utils.bro | 2 ++ scripts/base/protocols/irc/dcc-send.bro | 3 +++ scripts/base/protocols/mime/__load__.bro | 8 ++++---- scripts/base/protocols/mime/base.bro | 2 +- scripts/base/protocols/mime/file-extract.bro | 6 +++--- scripts/base/protocols/mime/file-hash.bro | 5 +++-- scripts/base/protocols/mime/file-ident.bro | 2 +- scripts/base/protocols/rpc/base.bro | 2 ++ scripts/base/protocols/smtp/main.bro | 3 +++ scripts/base/protocols/ssh/main.bro | 4 ++++ scripts/base/protocols/ssl/main.bro | 2 ++ scripts/base/protocols/ssl/mozilla-ca-list.bro | 2 +- scripts/base/utils/directions-and-hosts.bro | 1 + scripts/policy/frameworks/communication/listen-clear.bro | 2 ++ scripts/policy/frameworks/communication/listen-ssl.bro | 2 ++ scripts/policy/frameworks/control/controllee.bro | 2 +- scripts/policy/frameworks/control/controller.bro | 4 +++- scripts/policy/frameworks/dpd/detect-protocols.bro | 4 ++++ scripts/policy/frameworks/dpd/packet-segment-logging.bro | 2 ++ scripts/policy/frameworks/metrics/conn-example.bro | 4 +++- scripts/policy/frameworks/metrics/http-example.bro | 6 ++++-- scripts/policy/frameworks/metrics/ssl-example.bro | 5 +++-- scripts/policy/frameworks/software/version-changes.bro | 2 ++ scripts/policy/frameworks/software/vulnerable.bro | 4 +++- scripts/policy/integration/barnyard2/__load__.bro | 5 ++--- scripts/policy/integration/barnyard2/base.bro | 2 +- scripts/policy/integration/barnyard2/event.bro | 3 --- scripts/policy/integration/barnyard2/types.bro | 9 ++++++++- scripts/policy/protocols/conn/known-hosts.bro | 2 ++ scripts/policy/protocols/conn/known-services.bro | 2 ++ scripts/policy/protocols/conn/scan.bro | 2 +- scripts/policy/protocols/dns/auth-addl.bro | 1 + scripts/policy/protocols/dns/detect-external-names.bro | 3 +++ scripts/policy/protocols/ftp/detect.bro | 4 +++- scripts/policy/protocols/ftp/software.bro | 2 ++ scripts/policy/protocols/http/detect-MHR.bro | 5 +++++ scripts/policy/protocols/http/detect-intel.bro | 6 +++++- scripts/policy/protocols/http/detect-sqli.bro | 6 +++++- scripts/policy/protocols/http/detect-webapps.bro | 4 ++++ scripts/policy/protocols/http/headers.bro | 2 ++ scripts/policy/protocols/http/software.bro | 4 +++- scripts/policy/protocols/http/var-extraction-cookies.bro | 3 +++ scripts/policy/protocols/http/var-extraction-uri.bro | 3 +++ scripts/policy/protocols/smtp/detect-suspicious-orig.bro | 2 ++ scripts/policy/protocols/smtp/software.bro | 3 +++ scripts/policy/protocols/ssh/software.bro | 1 + scripts/policy/protocols/ssl/known-certs.bro | 1 + scripts/policy/protocols/ssl/validate-certs.bro | 2 ++ .../tuning/defaults/remove-high-volume-notices.bro | 3 +++ scripts/policy/tuning/defaults/warnings.bro | 4 +++- scripts/policy/tuning/track-all-assets.bro | 2 +- scripts/test-all-policy.bro | 1 - .../policy.misc.bare-mode-coverage/unique_errors | 0 testing/btest/policy/misc/bare-mode-coverage.test | 8 ++++++++ testing/btest/policy/misc/check-bare-test-all-policy.bro | 7 ------- 81 files changed, 203 insertions(+), 50 deletions(-) delete mode 100644 scripts/policy/integration/barnyard2/event.bro create mode 100644 testing/btest/Baseline/policy.misc.bare-mode-coverage/unique_errors create mode 100644 testing/btest/policy/misc/bare-mode-coverage.test delete mode 100644 testing/btest/policy/misc/check-bare-test-all-policy.bro diff --git a/scripts/base/frameworks/cluster/main.bro b/scripts/base/frameworks/cluster/main.bro index 0fc793e7f5..7b277769fb 100644 --- a/scripts/base/frameworks/cluster/main.bro +++ b/scripts/base/frameworks/cluster/main.bro @@ -1,3 +1,4 @@ +@load base/frameworks/control/main module Cluster; @@ -65,4 +66,4 @@ event bro_init() } Log::create_stream(CLUSTER, [$columns=Info]); - } \ No newline at end of file + } diff --git a/scripts/base/frameworks/cluster/nodes/manager.bro b/scripts/base/frameworks/cluster/nodes/manager.bro index c9ce8c2d1a..d52078cc7c 100644 --- a/scripts/base/frameworks/cluster/nodes/manager.bro +++ b/scripts/base/frameworks/cluster/nodes/manager.bro @@ -8,6 +8,8 @@ ##! This is where the cluster manager sets it's specific settings for other ##! frameworks and in the core. +@load base/frameworks/notice/main + @prefixes += cluster-manager ## Turn off remote logging since this is the manager and should only log here. diff --git a/scripts/base/frameworks/cluster/nodes/worker.bro b/scripts/base/frameworks/cluster/nodes/worker.bro index cf8620c5d7..eb0c271a17 100644 --- a/scripts/base/frameworks/cluster/nodes/worker.bro +++ b/scripts/base/frameworks/cluster/nodes/worker.bro @@ -1,3 +1,4 @@ +@load base/frameworks/notice/main @prefixes += cluster-worker diff --git a/scripts/base/frameworks/cluster/setup-connections.bro b/scripts/base/frameworks/cluster/setup-connections.bro index 04d474e604..956a6194f4 100644 --- a/scripts/base/frameworks/cluster/setup-connections.bro +++ b/scripts/base/frameworks/cluster/setup-connections.bro @@ -1,3 +1,6 @@ +@load ./main +@load base/frameworks/communication/main + module Cluster; event bro_init() &priority=9 diff --git a/scripts/base/frameworks/communication/main.bro b/scripts/base/frameworks/communication/main.bro index 73e6086f97..270c3102e2 100644 --- a/scripts/base/frameworks/communication/main.bro +++ b/scripts/base/frameworks/communication/main.bro @@ -1,6 +1,8 @@ ##! Connect to remote Bro or Broccoli instances to share state and/or transfer ##! events. +@load base/frameworks/packet-filter/main + module Communication; export { diff --git a/scripts/base/frameworks/intel/main.bro b/scripts/base/frameworks/intel/main.bro index 9849d4df42..886d5f2f16 100644 --- a/scripts/base/frameworks/intel/main.bro +++ b/scripts/base/frameworks/intel/main.bro @@ -20,6 +20,8 @@ # canary # friend +@load base/frameworks/notice/main + module Intel; export { diff --git a/scripts/base/frameworks/metrics/main.bro b/scripts/base/frameworks/metrics/main.bro index 29f18ab824..a8fa805a31 100644 --- a/scripts/base/frameworks/metrics/main.bro +++ b/scripts/base/frameworks/metrics/main.bro @@ -1,5 +1,7 @@ ##! This is the implementation of the metrics framework. +@load base/frameworks/notice/main + module Metrics; export { diff --git a/scripts/base/frameworks/notice/actions/drop.bro b/scripts/base/frameworks/notice/actions/drop.bro index fc1f608f9f..0116dd4ed4 100644 --- a/scripts/base/frameworks/notice/actions/drop.bro +++ b/scripts/base/frameworks/notice/actions/drop.bro @@ -1,6 +1,8 @@ ##! This script extends the built in notice code to implement the IP address ##! dropping functionality. +@load ../main + module Notice; export { @@ -31,4 +33,4 @@ event bro_init() }; add Notice::sync_functions[drop_func]; - } \ No newline at end of file + } diff --git a/scripts/base/frameworks/notice/actions/email_admin.bro b/scripts/base/frameworks/notice/actions/email_admin.bro index 07a6568327..56c0d5853d 100644 --- a/scripts/base/frameworks/notice/actions/email_admin.bro +++ b/scripts/base/frameworks/notice/actions/email_admin.bro @@ -1,3 +1,5 @@ +@load ../main +@load base/utils/site module Notice; @@ -25,4 +27,4 @@ event notice(n: Notice::Info) &priority=-5 if ( email != "" ) email_notice_to(n, email, T); } - } \ No newline at end of file + } diff --git a/scripts/base/frameworks/notice/actions/page.bro b/scripts/base/frameworks/notice/actions/page.bro index 059a92c0c9..f88064ac47 100644 --- a/scripts/base/frameworks/notice/actions/page.bro +++ b/scripts/base/frameworks/notice/actions/page.bro @@ -1,3 +1,4 @@ +@load ../main module Notice; @@ -16,4 +17,4 @@ event notice(n: Notice::Info) &priority=-5 { if ( ACTION_PAGE in n$actions ) email_notice_to(n, mail_page_dest, F); - } \ No newline at end of file + } diff --git a/scripts/base/frameworks/notice/extend-email/hostnames.bro b/scripts/base/frameworks/notice/extend-email/hostnames.bro index 83cdc4807d..b7be601db0 100644 --- a/scripts/base/frameworks/notice/extend-email/hostnames.bro +++ b/scripts/base/frameworks/notice/extend-email/hostnames.bro @@ -1,3 +1,4 @@ +@load ../main module Notice; @@ -8,7 +9,7 @@ event Notice::notice(n: Notice::Info) &priority=10 return; # This should only be done for notices that are being sent to email. - if ( ACTION_EMAIL !in n$action ) + if ( ACTION_EMAIL !in n$actions ) return; local output = ""; @@ -37,4 +38,4 @@ event Notice::notice(n: Notice::Info) &priority=10 if ( output != "" ) n$email_body_sections[|n$email_body_sections|] = output; - } \ No newline at end of file + } diff --git a/scripts/base/frameworks/notice/weird.bro b/scripts/base/frameworks/notice/weird.bro index 4718dc204a..556b34432a 100644 --- a/scripts/base/frameworks/notice/weird.bro +++ b/scripts/base/frameworks/notice/weird.bro @@ -1,3 +1,6 @@ +@load base/utils/conn-ids +@load base/utils/site +@load ./main module Weird; diff --git a/scripts/base/frameworks/packet-filter/main.bro b/scripts/base/frameworks/packet-filter/main.bro index b030e763f0..74ea4bc6de 100644 --- a/scripts/base/frameworks/packet-filter/main.bro +++ b/scripts/base/frameworks/packet-filter/main.bro @@ -4,6 +4,8 @@ ##! open filter and all filters defined in Bro scripts with the ##! :bro:id:`capture_filters` and :bro:id:`restrict_filters` variables. +@load base/frameworks/notice/main + module PacketFilter; export { diff --git a/scripts/base/frameworks/packet-filter/netstats.bro b/scripts/base/frameworks/packet-filter/netstats.bro index 887c7222e0..081b2d753e 100644 --- a/scripts/base/frameworks/packet-filter/netstats.bro +++ b/scripts/base/frameworks/packet-filter/netstats.bro @@ -1,5 +1,7 @@ ##! This script reports on packet loss from the various packet sources. +@load base/frameworks/notice/main + module PacketFilter; export { diff --git a/scripts/base/frameworks/signatures/main.bro b/scripts/base/frameworks/signatures/main.bro index 9f218ab144..d84223af13 100644 --- a/scripts/base/frameworks/signatures/main.bro +++ b/scripts/base/frameworks/signatures/main.bro @@ -1,5 +1,7 @@ ##! Script level signature support. +@load base/frameworks/notice/main + module Signatures; export { diff --git a/scripts/base/frameworks/software/main.bro b/scripts/base/frameworks/software/main.bro index e35902aff1..7f9a55673b 100644 --- a/scripts/base/frameworks/software/main.bro +++ b/scripts/base/frameworks/software/main.bro @@ -4,6 +4,9 @@ ##! that they analyze. The entry point for providing new software detections ##! to this framework is through the :bro:id:`Software::found` function. +@load base/utils/directions-and-hosts +@load base/utils/numbers + module Software; export { diff --git a/scripts/base/protocols/conn/contents.bro b/scripts/base/protocols/conn/contents.bro index 21945beed5..feabb1303c 100644 --- a/scripts/base/protocols/conn/contents.bro +++ b/scripts/base/protocols/conn/contents.bro @@ -8,6 +8,8 @@ ##! This script does not work well in a cluster context unless it has a ##! remotely mounted disk to write the content files to. +@load base/utils/files + module Conn; export { diff --git a/scripts/base/protocols/conn/main.bro b/scripts/base/protocols/conn/main.bro index 69c4cde64b..1af80bc18d 100644 --- a/scripts/base/protocols/conn/main.bro +++ b/scripts/base/protocols/conn/main.bro @@ -1,3 +1,4 @@ +@load base/utils/site module Conn; diff --git a/scripts/base/protocols/dns/main.bro b/scripts/base/protocols/dns/main.bro index 59ade654d4..eff1b4c4f0 100644 --- a/scripts/base/protocols/dns/main.bro +++ b/scripts/base/protocols/dns/main.bro @@ -1,3 +1,4 @@ +@load ./consts module DNS; diff --git a/scripts/base/protocols/ftp/file-extract.bro b/scripts/base/protocols/ftp/file-extract.bro index 5ebe0ec63c..c638e90a65 100644 --- a/scripts/base/protocols/ftp/file-extract.bro +++ b/scripts/base/protocols/ftp/file-extract.bro @@ -1,5 +1,8 @@ ##! File extraction for FTP. +@load ./main +@load base/utils/files + module FTP; export { @@ -62,4 +65,4 @@ event log_ftp(rec: Info) &priority=-10 { delete rec$extraction_file; delete rec$extract_file; - } \ No newline at end of file + } diff --git a/scripts/base/protocols/ftp/main.bro b/scripts/base/protocols/ftp/main.bro index bf32ba3114..9dd6a4b6d2 100644 --- a/scripts/base/protocols/ftp/main.bro +++ b/scripts/base/protocols/ftp/main.bro @@ -7,6 +7,10 @@ ##! ##! * Handle encrypted sessions correctly (get an example?) +@load ./utils-commands +@load base/utils/paths +@load base/utils/numbers + module FTP; export { diff --git a/scripts/base/protocols/http/file-extract.bro b/scripts/base/protocols/http/file-extract.bro index 24ee1d8b93..d36d95e475 100644 --- a/scripts/base/protocols/http/file-extract.bro +++ b/scripts/base/protocols/http/file-extract.bro @@ -1,6 +1,10 @@ ##! Extracts the items from HTTP traffic, one per file. At this time only ##! the message body from the server can be extracted with this script. +@load ./main +@load ./file-ident +@load base/utils/files + module HTTP; export { diff --git a/scripts/base/protocols/http/file-hash.bro b/scripts/base/protocols/http/file-hash.bro index 26f8abf51a..6da624728d 100644 --- a/scripts/base/protocols/http/file-hash.bro +++ b/scripts/base/protocols/http/file-hash.bro @@ -1,5 +1,7 @@ ##! Calculate hashes for HTTP body transfers. +@load ./file-ident + module HTTP; export { diff --git a/scripts/base/protocols/http/file-ident.bro b/scripts/base/protocols/http/file-ident.bro index 082adf75d3..0803d8680d 100644 --- a/scripts/base/protocols/http/file-ident.bro +++ b/scripts/base/protocols/http/file-ident.bro @@ -1,6 +1,11 @@ ##! This script is involved in the identification of file types in HTTP ##! response bodies. +@load base/frameworks/signatures/main +@load base/frameworks/notice/main +@load base/protocols/http/main +@load base/protocols/http/utils + # Add the magic number signatures to the core signature set. redef signature_files += "base/protocols/http/file-ident.sig"; # Ignore the signatures used to match files diff --git a/scripts/base/protocols/http/main.bro b/scripts/base/protocols/http/main.bro index 172fb2bd1c..f51b49b93c 100644 --- a/scripts/base/protocols/http/main.bro +++ b/scripts/base/protocols/http/main.bro @@ -1,3 +1,4 @@ +@load base/utils/numbers module HTTP; diff --git a/scripts/base/protocols/http/partial-content.bro b/scripts/base/protocols/http/partial-content.bro index 130cc0db28..cc34dd6df6 100644 --- a/scripts/base/protocols/http/partial-content.bro +++ b/scripts/base/protocols/http/partial-content.bro @@ -3,6 +3,10 @@ ##! ##! This script doesn't work yet and isn't loaded by default. +@load base/frameworks/notice/main +@load ./main +@load ./utils + module HTTP; export { diff --git a/scripts/base/protocols/http/utils.bro b/scripts/base/protocols/http/utils.bro index 716b1c608b..6e2583bc75 100644 --- a/scripts/base/protocols/http/utils.bro +++ b/scripts/base/protocols/http/utils.bro @@ -1,5 +1,7 @@ ##! Utilities specific for HTTP processing. +@load ./main + module HTTP; export { diff --git a/scripts/base/protocols/irc/dcc-send.bro b/scripts/base/protocols/irc/dcc-send.bro index 1b8dc67c25..92d73e70bf 100644 --- a/scripts/base/protocols/irc/dcc-send.bro +++ b/scripts/base/protocols/irc/dcc-send.bro @@ -8,6 +8,9 @@ ##! Example line from IRC server indicating that the DCC SEND is about to start: ##! PRIVMSG my_nick :^ADCC SEND whateverfile.zip 3640061780 1026 41709^A +@load ./main +@load base/utils/files + module IRC; export { diff --git a/scripts/base/protocols/mime/__load__.bro b/scripts/base/protocols/mime/__load__.bro index 36e9f16426..86098bb598 100644 --- a/scripts/base/protocols/mime/__load__.bro +++ b/scripts/base/protocols/mime/__load__.bro @@ -1,4 +1,4 @@ -@load protocols/mime/base -@load protocols/mime/file-ident -@load protocols/mime/file-extract -@load protocols/mime/file-hash +@load ./base +@load ./file-ident +@load ./file-extract +@load ./file-hash diff --git a/scripts/base/protocols/mime/base.bro b/scripts/base/protocols/mime/base.bro index d0212870a4..df495387d7 100644 --- a/scripts/base/protocols/mime/base.bro +++ b/scripts/base/protocols/mime/base.bro @@ -1,7 +1,7 @@ ##! The mime script does analysis of MIME encoded messages seen in certain ##! protocols (only SMTP and POP3 at the moment). -@load utils/strings +@load base/utils/strings module MIME; diff --git a/scripts/base/protocols/mime/file-extract.bro b/scripts/base/protocols/mime/file-extract.bro index d6989ad809..33d2c70513 100644 --- a/scripts/base/protocols/mime/file-extract.bro +++ b/scripts/base/protocols/mime/file-extract.bro @@ -1,5 +1,5 @@ -@load protocols/mime/file-ident -@load utils/files +@load ./file-ident +@load base/utils/files module MIME; @@ -57,4 +57,4 @@ event mime_end_entity(c: connection) &priority=-3 if ( c$mime?$extraction_file ) close(c$mime$extraction_file); } - \ No newline at end of file + diff --git a/scripts/base/protocols/mime/file-hash.bro b/scripts/base/protocols/mime/file-hash.bro index 3384928d58..4be2811e43 100644 --- a/scripts/base/protocols/mime/file-hash.bro +++ b/scripts/base/protocols/mime/file-hash.bro @@ -1,4 +1,5 @@ -@load protocols/mime/file-ident +@load ./file-ident +@load base/frameworks/notice/main module MIME; @@ -75,4 +76,4 @@ event mime_end_entity(c: connection) &priority=-3 NOTICE([$note=MD5, $msg=fmt("Calculated a hash for a MIME entity from %s", c$id$orig_h), $sub=c$mime$md5, $conn=c]); } - } \ No newline at end of file + } diff --git a/scripts/base/protocols/mime/file-ident.bro b/scripts/base/protocols/mime/file-ident.bro index ba5310d362..346fde1bba 100644 --- a/scripts/base/protocols/mime/file-ident.bro +++ b/scripts/base/protocols/mime/file-ident.bro @@ -1,4 +1,4 @@ -@load protocols/mime/base +@load ./base module MIME; diff --git a/scripts/base/protocols/rpc/base.bro b/scripts/base/protocols/rpc/base.bro index 936684a728..36a524c880 100644 --- a/scripts/base/protocols/rpc/base.bro +++ b/scripts/base/protocols/rpc/base.bro @@ -8,6 +8,8 @@ # programs for which we don't have an analyzer. # +@load base/utils/conn-ids + module RPC; export { diff --git a/scripts/base/protocols/smtp/main.bro b/scripts/base/protocols/smtp/main.bro index e034a459d4..bebd902ebc 100644 --- a/scripts/base/protocols/smtp/main.bro +++ b/scripts/base/protocols/smtp/main.bro @@ -1,3 +1,6 @@ +@load base/frameworks/notice/main +@load base/utils/addrs +@load base/utils/directions-and-hosts module SMTP; diff --git a/scripts/base/protocols/ssh/main.bro b/scripts/base/protocols/ssh/main.bro index 7cc87b6684..1d1747a2fe 100644 --- a/scripts/base/protocols/ssh/main.bro +++ b/scripts/base/protocols/ssh/main.bro @@ -1,3 +1,7 @@ +@load base/frameworks/notice/main +@load base/utils/site +@load base/utils/thresholds +@load base/utils/conn-ids module SSH; diff --git a/scripts/base/protocols/ssl/main.bro b/scripts/base/protocols/ssl/main.bro index 775b59a6e5..696131d2fb 100644 --- a/scripts/base/protocols/ssl/main.bro +++ b/scripts/base/protocols/ssl/main.bro @@ -1,3 +1,5 @@ +@load ./consts +@load base/frameworks/notice/main module SSL; diff --git a/scripts/base/protocols/ssl/mozilla-ca-list.bro b/scripts/base/protocols/ssl/mozilla-ca-list.bro index 0df3e0b9f2..2e89d83d6e 100644 --- a/scripts/base/protocols/ssl/mozilla-ca-list.bro +++ b/scripts/base/protocols/ssl/mozilla-ca-list.bro @@ -1,6 +1,6 @@ # Don't edit! This file is automatically generated. # Generated at: Wed Jun 29 07:52:38 -0400 2011 - +@load base/protocols/ssl/main module SSL; redef root_certs += { ["GTE CyberTrust Global Root"] = "\x30\x82\x02\x5A\x30\x82\x01\xC3\x02\x02\x01\xA5\x30\x0D\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x01\x04\x05\x00\x30\x75\x31\x0B\x30\x09\x06\x03\x55\x04\x06\x13\x02\x55\x53\x31\x18\x30\x16\x06\x03\x55\x04\x0A\x13\x0F\x47\x54\x45\x20\x43\x6F\x72\x70\x6F\x72\x61\x74\x69\x6F\x6E\x31\x27\x30\x25\x06\x03\x55\x04\x0B\x13\x1E\x47\x54\x45\x20\x43\x79\x62\x65\x72\x54\x72\x75\x73\x74\x20\x53\x6F\x6C\x75\x74\x69\x6F\x6E\x73\x2C\x20\x49\x6E\x63\x2E\x31\x23\x30\x21\x06\x03\x55\x04\x03\x13\x1A\x47\x54\x45\x20\x43\x79\x62\x65\x72\x54\x72\x75\x73\x74\x20\x47\x6C\x6F\x62\x61\x6C\x20\x52\x6F\x6F\x74\x30\x1E\x17\x0D\x39\x38\x30\x38\x31\x33\x30\x30\x32\x39\x30\x30\x5A\x17\x0D\x31\x38\x30\x38\x31\x33\x32\x33\x35\x39\x30\x30\x5A\x30\x75\x31\x0B\x30\x09\x06\x03\x55\x04\x06\x13\x02\x55\x53\x31\x18\x30\x16\x06\x03\x55\x04\x0A\x13\x0F\x47\x54\x45\x20\x43\x6F\x72\x70\x6F\x72\x61\x74\x69\x6F\x6E\x31\x27\x30\x25\x06\x03\x55\x04\x0B\x13\x1E\x47\x54\x45\x20\x43\x79\x62\x65\x72\x54\x72\x75\x73\x74\x20\x53\x6F\x6C\x75\x74\x69\x6F\x6E\x73\x2C\x20\x49\x6E\x63\x2E\x31\x23\x30\x21\x06\x03\x55\x04\x03\x13\x1A\x47\x54\x45\x20\x43\x79\x62\x65\x72\x54\x72\x75\x73\x74\x20\x47\x6C\x6F\x62\x61\x6C\x20\x52\x6F\x6F\x74\x30\x81\x9F\x30\x0D\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x01\x01\x05\x00\x03\x81\x8D\x00\x30\x81\x89\x02\x81\x81\x00\x95\x0F\xA0\xB6\xF0\x50\x9C\xE8\x7A\xC7\x88\xCD\xDD\x17\x0E\x2E\xB0\x94\xD0\x1B\x3D\x0E\xF6\x94\xC0\x8A\x94\xC7\x06\xC8\x90\x97\xC8\xB8\x64\x1A\x7A\x7E\x6C\x3C\x53\xE1\x37\x28\x73\x60\x7F\xB2\x97\x53\x07\x9F\x53\xF9\x6D\x58\x94\xD2\xAF\x8D\x6D\x88\x67\x80\xE6\xED\xB2\x95\xCF\x72\x31\xCA\xA5\x1C\x72\xBA\x5C\x02\xE7\x64\x42\xE7\xF9\xA9\x2C\xD6\x3A\x0D\xAC\x8D\x42\xAA\x24\x01\x39\xE6\x9C\x3F\x01\x85\x57\x0D\x58\x87\x45\xF8\xD3\x85\xAA\x93\x69\x26\x85\x70\x48\x80\x3F\x12\x15\xC7\x79\xB4\x1F\x05\x2F\x3B\x62\x99\x02\x03\x01\x00\x01\x30\x0D\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x01\x04\x05\x00\x03\x81\x81\x00\x6D\xEB\x1B\x09\xE9\x5E\xD9\x51\xDB\x67\x22\x61\xA4\x2A\x3C\x48\x77\xE3\xA0\x7C\xA6\xDE\x73\xA2\x14\x03\x85\x3D\xFB\xAB\x0E\x30\xC5\x83\x16\x33\x81\x13\x08\x9E\x7B\x34\x4E\xDF\x40\xC8\x74\xD7\xB9\x7D\xDC\xF4\x76\x55\x7D\x9B\x63\x54\x18\xE9\xF0\xEA\xF3\x5C\xB1\xD9\x8B\x42\x1E\xB9\xC0\x95\x4E\xBA\xFA\xD5\xE2\x7C\xF5\x68\x61\xBF\x8E\xEC\x05\x97\x5F\x5B\xB0\xD7\xA3\x85\x34\xC4\x24\xA7\x0D\x0F\x95\x93\xEF\xCB\x94\xD8\x9E\x1F\x9D\x5C\x85\x6D\xC7\xAA\xAE\x4F\x1F\x22\xB5\xCD\x95\xAD\xBA\xA7\xCC\xF9\xAB\x0B\x7A\x7F", diff --git a/scripts/base/utils/directions-and-hosts.bro b/scripts/base/utils/directions-and-hosts.bro index 6b387ef980..a88c4827a6 100644 --- a/scripts/base/utils/directions-and-hosts.bro +++ b/scripts/base/utils/directions-and-hosts.bro @@ -1,3 +1,4 @@ +@load ./site type Direction: enum { ## The connection originator is not within the locally-monitored network, diff --git a/scripts/policy/frameworks/communication/listen-clear.bro b/scripts/policy/frameworks/communication/listen-clear.bro index 1854e12f56..44fa197570 100644 --- a/scripts/policy/frameworks/communication/listen-clear.bro +++ b/scripts/policy/frameworks/communication/listen-clear.bro @@ -1,5 +1,7 @@ ##! Listen for other Bro instances to make unencrypted connections. +@load base/frameworks/communication/main + module Communication; export { diff --git a/scripts/policy/frameworks/communication/listen-ssl.bro b/scripts/policy/frameworks/communication/listen-ssl.bro index fe6304206f..f4e7f955b7 100644 --- a/scripts/policy/frameworks/communication/listen-ssl.bro +++ b/scripts/policy/frameworks/communication/listen-ssl.bro @@ -1,5 +1,7 @@ ##! Listen for other Bro instances and encrypt the connection with SSL. +@load base/frameworks/communication/main + module Communication; export { diff --git a/scripts/policy/frameworks/control/controllee.bro b/scripts/policy/frameworks/control/controllee.bro index 518336abd8..abddaec5b0 100644 --- a/scripts/policy/frameworks/control/controllee.bro +++ b/scripts/policy/frameworks/control/controllee.bro @@ -1,4 +1,4 @@ - +@load base/frameworks/control/main # If an instance is a controllee, it implicitly needs to listen for remote # connections. @load frameworks/communication/listen-clear diff --git a/scripts/policy/frameworks/control/controller.bro b/scripts/policy/frameworks/control/controller.bro index 8c60ef457a..4f1021ffc6 100644 --- a/scripts/policy/frameworks/control/controller.bro +++ b/scripts/policy/frameworks/control/controller.bro @@ -1,3 +1,5 @@ +@load base/frameworks/control/main +@load base/frameworks/communication/main module Control; @@ -99,4 +101,4 @@ event remote_connection_handshake_done(p: event_peer) &priority=-10 # Signal configuration update to peer. event Control::configuration_update_request(); } - } \ No newline at end of file + } diff --git a/scripts/policy/frameworks/dpd/detect-protocols.bro b/scripts/policy/frameworks/dpd/detect-protocols.bro index cbe81df889..2d6f4a936a 100644 --- a/scripts/policy/frameworks/dpd/detect-protocols.bro +++ b/scripts/policy/frameworks/dpd/detect-protocols.bro @@ -1,5 +1,9 @@ ##! Finds connections with protocols on non-standard ports with DPD. +@load base/frameworks/notice/main +@load base/utils/site +@load base/utils/conn-ids + module ProtocolDetector; export { diff --git a/scripts/policy/frameworks/dpd/packet-segment-logging.bro b/scripts/policy/frameworks/dpd/packet-segment-logging.bro index 2276b49e64..96acf9c99a 100644 --- a/scripts/policy/frameworks/dpd/packet-segment-logging.bro +++ b/scripts/policy/frameworks/dpd/packet-segment-logging.bro @@ -4,6 +4,8 @@ ##! A caveat to logging packet data is that in some cases, the packet may ##! not be the packet that actually caused the protocol violation. +@load base/frameworks/dpd/main + module DPD; export { diff --git a/scripts/policy/frameworks/metrics/conn-example.bro b/scripts/policy/frameworks/metrics/conn-example.bro index e67117a7e0..10ea0efc34 100644 --- a/scripts/policy/frameworks/metrics/conn-example.bro +++ b/scripts/policy/frameworks/metrics/conn-example.bro @@ -1,3 +1,5 @@ +@load base/frameworks/metrics/main +@load base/utils/site redef enum Metrics::ID += { CONNS_ORIGINATED, @@ -17,4 +19,4 @@ event connection_established(c: connection) Metrics::add_data(CONNS_ORIGINATED, [$host=c$id$orig_h]); Metrics::add_data(CONNS_RESPONDED, [$host=c$id$resp_h]); } - \ No newline at end of file + diff --git a/scripts/policy/frameworks/metrics/http-example.bro b/scripts/policy/frameworks/metrics/http-example.bro index 904ec9a227..be3b3a66e7 100644 --- a/scripts/policy/frameworks/metrics/http-example.bro +++ b/scripts/policy/frameworks/metrics/http-example.bro @@ -1,4 +1,6 @@ - +@load base/frameworks/metrics/main +@load base/protocols/http/main +@load base/utils/site redef enum Metrics::ID += { HTTP_REQUESTS_BY_STATUS_CODE, @@ -19,4 +21,4 @@ event HTTP::log_http(rec: HTTP::Info) Metrics::add_data(HTTP_REQUESTS_BY_HOST_HEADER, [$index=rec$host]); if ( rec?$status_code ) Metrics::add_data(HTTP_REQUESTS_BY_STATUS_CODE, [$host=rec$id$orig_h, $index=fmt("%d", rec$status_code)]); - } \ No newline at end of file + } diff --git a/scripts/policy/frameworks/metrics/ssl-example.bro b/scripts/policy/frameworks/metrics/ssl-example.bro index e043690feb..0b544507dd 100644 --- a/scripts/policy/frameworks/metrics/ssl-example.bro +++ b/scripts/policy/frameworks/metrics/ssl-example.bro @@ -1,4 +1,5 @@ - +@load base/frameworks/metrics/main +@load base/protocols/ssl/main redef enum Metrics::ID += { SSL_SERVERNAME, @@ -19,4 +20,4 @@ event SSL::log_ssl(rec: SSL::Info) { if ( rec?$server_name ) Metrics::add_data(SSL_SERVERNAME, [$index=rec$server_name]); - } \ No newline at end of file + } diff --git a/scripts/policy/frameworks/software/version-changes.bro b/scripts/policy/frameworks/software/version-changes.bro index 3b562b5334..6837aa3140 100644 --- a/scripts/policy/frameworks/software/version-changes.bro +++ b/scripts/policy/frameworks/software/version-changes.bro @@ -1,3 +1,5 @@ +@load base/frameworks/notice/main +@load base/frameworks/software/main module Software; diff --git a/scripts/policy/frameworks/software/vulnerable.bro b/scripts/policy/frameworks/software/vulnerable.bro index ec0348d563..1a046471ee 100644 --- a/scripts/policy/frameworks/software/vulnerable.bro +++ b/scripts/policy/frameworks/software/vulnerable.bro @@ -1,3 +1,5 @@ +@load base/frameworks/notice/main +@load base/frameworks/software/main module Software; @@ -18,4 +20,4 @@ event log_software(rec: Info) { NOTICE([$note=Vulnerable_Version, $src=rec$host, $msg=software_fmt(rec)]); } - } \ No newline at end of file + } diff --git a/scripts/policy/integration/barnyard2/__load__.bro b/scripts/policy/integration/barnyard2/__load__.bro index 9e870eb7aa..ce5bad3fe8 100644 --- a/scripts/policy/integration/barnyard2/__load__.bro +++ b/scripts/policy/integration/barnyard2/__load__.bro @@ -1,3 +1,2 @@ -@load integration/barnyard2/types -@load integration/barnyard2/event -@load integration/barnyard2/base +@load ./types +@load ./base diff --git a/scripts/policy/integration/barnyard2/base.bro b/scripts/policy/integration/barnyard2/base.bro index f05ad0e9bf..f8ba48dd99 100644 --- a/scripts/policy/integration/barnyard2/base.bro +++ b/scripts/policy/integration/barnyard2/base.bro @@ -2,7 +2,7 @@ ##! Barnyard2 and logs them. In the future it will do more correlation ##! and derive new notices from the alerts. -@load integration/barnyard2/types +@load ./types module Barnyard2; diff --git a/scripts/policy/integration/barnyard2/event.bro b/scripts/policy/integration/barnyard2/event.bro deleted file mode 100644 index 5fa2747a28..0000000000 --- a/scripts/policy/integration/barnyard2/event.bro +++ /dev/null @@ -1,3 +0,0 @@ -## This is the event that Barnyard2 instances will send if they're -## configured with the bro_alert output plugin. -global barnyard_alert: event(id: Barnyard2::PacketID, alert: Barnyard2::AlertData, msg: string, data: string); diff --git a/scripts/policy/integration/barnyard2/types.bro b/scripts/policy/integration/barnyard2/types.bro index 9bc56773ef..6cfcbb9535 100644 --- a/scripts/policy/integration/barnyard2/types.bro +++ b/scripts/policy/integration/barnyard2/types.bro @@ -22,4 +22,11 @@ export { dst_ip: addr; dst_p: port; } &log; -} \ No newline at end of file + + ## This is the event that Barnyard2 instances will send if they're + ## configured with the bro_alert output plugin. + global barnyard_alert: event(id: Barnyard2::PacketID, + alert: Barnyard2::AlertData, + msg: string, + data: string); +} diff --git a/scripts/policy/protocols/conn/known-hosts.bro b/scripts/policy/protocols/conn/known-hosts.bro index 72bdaf01a4..6fc59d4d15 100644 --- a/scripts/policy/protocols/conn/known-hosts.bro +++ b/scripts/policy/protocols/conn/known-hosts.bro @@ -3,6 +3,8 @@ ##! output provides an easy way to determine a count of the IP addresses in ##! use on a network per day. +@load base/utils/directions-and-hosts + module KnownHosts; export { diff --git a/scripts/policy/protocols/conn/known-services.bro b/scripts/policy/protocols/conn/known-services.bro index 35a19a14f0..3676cbb05b 100644 --- a/scripts/policy/protocols/conn/known-services.bro +++ b/scripts/policy/protocols/conn/known-services.bro @@ -3,6 +3,8 @@ ##! completed a TCP handshake with another host. If a protocol is detected ##! during the session, the protocol will also be logged. +@load base/utils/directions-and-hosts + module KnownServices; redef enum Log::ID += { KNOWN_SERVICES }; diff --git a/scripts/policy/protocols/conn/scan.bro b/scripts/policy/protocols/conn/scan.bro index fabb865093..a0e2408679 100644 --- a/scripts/policy/protocols/conn/scan.bro +++ b/scripts/policy/protocols/conn/scan.bro @@ -1,4 +1,4 @@ -@load frameworks/notice +@load base/frameworks/notice/main @load port-name module Scan; diff --git a/scripts/policy/protocols/dns/auth-addl.bro b/scripts/policy/protocols/dns/auth-addl.bro index ba21131f7c..dd00e59c2e 100644 --- a/scripts/policy/protocols/dns/auth-addl.bro +++ b/scripts/policy/protocols/dns/auth-addl.bro @@ -1,3 +1,4 @@ +@load base/protocols/dns/main redef dns_skip_all_auth = F; redef dns_skip_all_addl = F; diff --git a/scripts/policy/protocols/dns/detect-external-names.bro b/scripts/policy/protocols/dns/detect-external-names.bro index fd49fee183..f6f0e596cc 100644 --- a/scripts/policy/protocols/dns/detect-external-names.bro +++ b/scripts/policy/protocols/dns/detect-external-names.bro @@ -8,6 +8,9 @@ ##! to be within a local zone. :bro:id:`local_zones` variable **must** ##! be set appropriately for this detection. +@load base/frameworks/notice/main +@load base/utils/site + module DNS; export { diff --git a/scripts/policy/protocols/ftp/detect.bro b/scripts/policy/protocols/ftp/detect.bro index 4e69dec655..cb89599a93 100644 --- a/scripts/policy/protocols/ftp/detect.bro +++ b/scripts/policy/protocols/ftp/detect.bro @@ -1,3 +1,5 @@ +@load base/frameworks/notice/main +@load base/protocols/ftp/main module FTP; @@ -21,4 +23,4 @@ event ftp_reply(c: connection, code: count, msg: string, cont_resp: bool) &prior NOTICE([$note=Site_Exec_Success, $conn=c, $msg=fmt("%s %s", c$ftp$cmdarg$cmd, c$ftp$cmdarg$arg)]); } - } \ No newline at end of file + } diff --git a/scripts/policy/protocols/ftp/software.bro b/scripts/policy/protocols/ftp/software.bro index 918123bb4c..7dfd54ddca 100644 --- a/scripts/policy/protocols/ftp/software.bro +++ b/scripts/policy/protocols/ftp/software.bro @@ -6,6 +6,8 @@ ##! * Detect client software with password given for anonymous users ##! (e.g. cyberduck@example.net) +@load base/frameworks/software/main + module FTP; export { diff --git a/scripts/policy/protocols/http/detect-MHR.bro b/scripts/policy/protocols/http/detect-MHR.bro index 11e1d9f87e..adf0707205 100644 --- a/scripts/policy/protocols/http/detect-MHR.bro +++ b/scripts/policy/protocols/http/detect-MHR.bro @@ -4,6 +4,11 @@ ##! documentation for the protocols/http/file-hash.bro script to see how to ##! configure which transfers will have hashes calculated. +@load base/frameworks/notice/main +@load base/protocols/http/main +@load base/protocols/http/utils +@load base/protocols/http/file-hash + export { redef enum Notice::Type += { ## If the MD5 sum of a file transferred over HTTP diff --git a/scripts/policy/protocols/http/detect-intel.bro b/scripts/policy/protocols/http/detect-intel.bro index ebe6713c03..6da4d8d1e1 100644 --- a/scripts/policy/protocols/http/detect-intel.bro +++ b/scripts/policy/protocols/http/detect-intel.bro @@ -1,5 +1,9 @@ ##! Intelligence based HTTP detections. +@load base/protocols/http/main +@load base/protocols/http/utils +@load base/frameworks/intel/main + module HTTP; event log_http(rec: Info) @@ -14,4 +18,4 @@ event log_http(rec: Info) $sub=HTTP::build_url_http(rec), $id=rec$id]); } - } \ No newline at end of file + } diff --git a/scripts/policy/protocols/http/detect-sqli.bro b/scripts/policy/protocols/http/detect-sqli.bro index 45a2bdb205..c1e6281c6b 100644 --- a/scripts/policy/protocols/http/detect-sqli.bro +++ b/scripts/policy/protocols/http/detect-sqli.bro @@ -1,5 +1,9 @@ ##! SQL injection detection in HTTP. +@load base/frameworks/notice/main +@load base/frameworks/metrics/main +@load base/protocols/http/main + module HTTP; export { @@ -54,4 +58,4 @@ event http_request(c: connection, method: string, original_URI: string, Metrics::add_data(SQL_ATTACKS, [$host=c$id$orig_h]); Metrics::add_data(SQL_ATTACKS_AGAINST, [$host=c$id$resp_h]); } - } \ No newline at end of file + } diff --git a/scripts/policy/protocols/http/detect-webapps.bro b/scripts/policy/protocols/http/detect-webapps.bro index 350f0def98..493ea9b44b 100644 --- a/scripts/policy/protocols/http/detect-webapps.bro +++ b/scripts/policy/protocols/http/detect-webapps.bro @@ -1,3 +1,7 @@ +@load base/frameworks/signatures/main +@load base/frameworks/software/main +@load base/protocols/http/main +@load base/protocols/http/utils module HTTP; diff --git a/scripts/policy/protocols/http/headers.bro b/scripts/policy/protocols/http/headers.bro index 4451e876ec..dc3eddcbc0 100644 --- a/scripts/policy/protocols/http/headers.bro +++ b/scripts/policy/protocols/http/headers.bro @@ -1,5 +1,7 @@ ##! Extract and include the header keys used for each request in the log. +@load base/protocols/http/main + module HTTP; export { diff --git a/scripts/policy/protocols/http/software.bro b/scripts/policy/protocols/http/software.bro index 5a16b862a6..a7948d6a5b 100644 --- a/scripts/policy/protocols/http/software.bro +++ b/scripts/policy/protocols/http/software.bro @@ -1,5 +1,7 @@ ##! Software identification and extraction for HTTP traffic. +@load base/frameworks/software/main + module HTTP; export { @@ -52,4 +54,4 @@ event http_header(c: connection, is_orig: bool, name: string, value: string) &pr Software::found(c$id, Software::parse(value, c$id$resp_h, WEB_APPSERVER)); } } - } \ No newline at end of file + } diff --git a/scripts/policy/protocols/http/var-extraction-cookies.bro b/scripts/policy/protocols/http/var-extraction-cookies.bro index b30be9d2c1..2b3f282b03 100644 --- a/scripts/policy/protocols/http/var-extraction-cookies.bro +++ b/scripts/policy/protocols/http/var-extraction-cookies.bro @@ -1,5 +1,8 @@ ##! This script extracts and logs variables from cookies sent by clients +@load base/protocols/http/main +@load base/protocols/http/utils + module HTTP; redef record Info += { diff --git a/scripts/policy/protocols/http/var-extraction-uri.bro b/scripts/policy/protocols/http/var-extraction-uri.bro index a6e6b1d971..32ea147961 100644 --- a/scripts/policy/protocols/http/var-extraction-uri.bro +++ b/scripts/policy/protocols/http/var-extraction-uri.bro @@ -1,5 +1,8 @@ ##! This script extracts and logs variables from the requested URI +@load base/protocols/http/main +@load base/protocols/http/utils + module HTTP; redef record Info += { diff --git a/scripts/policy/protocols/smtp/detect-suspicious-orig.bro b/scripts/policy/protocols/smtp/detect-suspicious-orig.bro index 26f667cfd6..8e85b8db97 100644 --- a/scripts/policy/protocols/smtp/detect-suspicious-orig.bro +++ b/scripts/policy/protocols/smtp/detect-suspicious-orig.bro @@ -1,3 +1,5 @@ +@load base/frameworks/notice/main +@load base/protocols/smtp/main module SMTP; diff --git a/scripts/policy/protocols/smtp/software.bro b/scripts/policy/protocols/smtp/software.bro index 09bc59c636..2099c89dc6 100644 --- a/scripts/policy/protocols/smtp/software.bro +++ b/scripts/policy/protocols/smtp/software.bro @@ -7,6 +7,9 @@ ##! * Find some heuristic to determine if email was sent through ##! a MS Exhange webmail interface as opposed to a desktop client. +@load base/frameworks/software/main +@load base/protocols/smtp/main + module SMTP; export { diff --git a/scripts/policy/protocols/ssh/software.bro b/scripts/policy/protocols/ssh/software.bro index d40ad513c8..ea04d44370 100644 --- a/scripts/policy/protocols/ssh/software.bro +++ b/scripts/policy/protocols/ssh/software.bro @@ -1,3 +1,4 @@ +@load base/frameworks/software/main module SSH; diff --git a/scripts/policy/protocols/ssl/known-certs.bro b/scripts/policy/protocols/ssl/known-certs.bro index a8815dca07..7bff4bbf38 100644 --- a/scripts/policy/protocols/ssl/known-certs.bro +++ b/scripts/policy/protocols/ssl/known-certs.bro @@ -1,3 +1,4 @@ +@load base/utils/directions-and-hosts module KnownCerts; diff --git a/scripts/policy/protocols/ssl/validate-certs.bro b/scripts/policy/protocols/ssl/validate-certs.bro index 43920557f4..3e457c72ea 100644 --- a/scripts/policy/protocols/ssl/validate-certs.bro +++ b/scripts/policy/protocols/ssl/validate-certs.bro @@ -1,3 +1,5 @@ +@load base/frameworks/notice/main +@load base/protocols/ssl/main module SSL; diff --git a/scripts/policy/tuning/defaults/remove-high-volume-notices.bro b/scripts/policy/tuning/defaults/remove-high-volume-notices.bro index 1133bf952b..68c22aeb3f 100644 --- a/scripts/policy/tuning/defaults/remove-high-volume-notices.bro +++ b/scripts/policy/tuning/defaults/remove-high-volume-notices.bro @@ -1,6 +1,9 @@ ##! This strives to tune out high volume and less useful data ##! from the notice log. +@load base/frameworks/notice/main +@load base/frameworks/notice/weird + # Remove these notices from logging since they can be too noisy. redef Notice::ignored_types += { Weird::Content_Gap, diff --git a/scripts/policy/tuning/defaults/warnings.bro b/scripts/policy/tuning/defaults/warnings.bro index ea8f18c3bc..cedc3d62ad 100644 --- a/scripts/policy/tuning/defaults/warnings.bro +++ b/scripts/policy/tuning/defaults/warnings.bro @@ -2,8 +2,10 @@ ##! good to set in most cases or other things that could be done to achieve ##! better detection. +@load base/utils/site + event bro_init() &priority=-10 { if ( |Site::local_nets| == 0 ) print "WARNING: No Site::local_nets have been defined. It's usually a good idea to define your local networks."; - } \ No newline at end of file + } diff --git a/scripts/policy/tuning/track-all-assets.bro b/scripts/policy/tuning/track-all-assets.bro index fe61ff93b6..40fa6913df 100644 --- a/scripts/policy/tuning/track-all-assets.bro +++ b/scripts/policy/tuning/track-all-assets.bro @@ -1,4 +1,4 @@ - +@load base/frameworks/software/main @load protocols/conn/known-hosts @load protocols/conn/known-services @load protocols/ssl/known-certs diff --git a/scripts/test-all-policy.bro b/scripts/test-all-policy.bro index a42ef893fc..49f123f880 100644 --- a/scripts/test-all-policy.bro +++ b/scripts/test-all-policy.bro @@ -19,7 +19,6 @@ @load frameworks/software/vulnerable.bro @load integration/barnyard2/__load__.bro @load integration/barnyard2/base.bro -@load integration/barnyard2/event.bro @load integration/barnyard2/types.bro @load misc/analysis-groups.bro @load misc/loaded-scripts.bro diff --git a/testing/btest/Baseline/policy.misc.bare-mode-coverage/unique_errors b/testing/btest/Baseline/policy.misc.bare-mode-coverage/unique_errors new file mode 100644 index 0000000000..e69de29bb2 diff --git a/testing/btest/policy/misc/bare-mode-coverage.test b/testing/btest/policy/misc/bare-mode-coverage.test new file mode 100644 index 0000000000..40cd5ab76e --- /dev/null +++ b/testing/btest/policy/misc/bare-mode-coverage.test @@ -0,0 +1,8 @@ +# Makes sure any given policy script in the scripts/ tree can be loaded in +# bare mode. btest-bg-run/btest-bg-wait are used to kill off scripts that +# block after loading, e.g. start listening on a socket. +# +# @TEST-EXEC: test -e $DIST/scripts +# @TEST-EXEC: for script in `find $DIST/scripts -name \*\.bro`; do echo $script;if [[ "$script" =~ listen-clear|listen-ssl|controllee ]]; then rm -rf load_attempt .bgprocs; btest-bg-run load_attempt bro -b $script; btest-bg-wait -k 2; cat load_attempt/.stderr >>allerrors; else bro -b $script 2>>allerrors; fi done || exit 0 +# @TEST-EXEC: cat allerrors | grep -v "received termination signal" | sort | uniq > unique_errors +# @TEST-EXEC: btest-diff unique_errors diff --git a/testing/btest/policy/misc/check-bare-test-all-policy.bro b/testing/btest/policy/misc/check-bare-test-all-policy.bro deleted file mode 100644 index a3474942e3..0000000000 --- a/testing/btest/policy/misc/check-bare-test-all-policy.bro +++ /dev/null @@ -1,7 +0,0 @@ -# Makes sures test-all-policy.bro (which loads *all* other policy scripts) -# compiles correctly even in bare mode. -# -# @TEST-EXEC: bro -b %INPUT >output -# @TEST-EXEC: btest-diff output - -@load test-all-policy From fae54dc8f0a2e9cea7c2a4239744942afe4023a9 Mon Sep 17 00:00:00 2001 From: Jon Siwek Date: Wed, 10 Aug 2011 15:39:16 -0500 Subject: [PATCH 02/11] Normalizing base.bro script naming as main.bro --- scripts/base/protocols/mime/__load__.bro | 2 +- scripts/base/protocols/mime/file-ident.bro | 2 +- scripts/base/protocols/mime/{base.bro => main.bro} | 0 scripts/base/protocols/rpc/{base.bro => main.bro} | 0 scripts/policy/integration/barnyard2/__load__.bro | 2 +- scripts/policy/integration/barnyard2/{base.bro => main.bro} | 0 scripts/test-all-policy.bro | 2 +- 7 files changed, 4 insertions(+), 4 deletions(-) rename scripts/base/protocols/mime/{base.bro => main.bro} (100%) rename scripts/base/protocols/rpc/{base.bro => main.bro} (100%) rename scripts/policy/integration/barnyard2/{base.bro => main.bro} (100%) diff --git a/scripts/base/protocols/mime/__load__.bro b/scripts/base/protocols/mime/__load__.bro index 86098bb598..6c3f1804ec 100644 --- a/scripts/base/protocols/mime/__load__.bro +++ b/scripts/base/protocols/mime/__load__.bro @@ -1,4 +1,4 @@ -@load ./base +@load ./main @load ./file-ident @load ./file-extract @load ./file-hash diff --git a/scripts/base/protocols/mime/file-ident.bro b/scripts/base/protocols/mime/file-ident.bro index 346fde1bba..932085cd1a 100644 --- a/scripts/base/protocols/mime/file-ident.bro +++ b/scripts/base/protocols/mime/file-ident.bro @@ -1,4 +1,4 @@ -@load ./base +@load ./main module MIME; diff --git a/scripts/base/protocols/mime/base.bro b/scripts/base/protocols/mime/main.bro similarity index 100% rename from scripts/base/protocols/mime/base.bro rename to scripts/base/protocols/mime/main.bro diff --git a/scripts/base/protocols/rpc/base.bro b/scripts/base/protocols/rpc/main.bro similarity index 100% rename from scripts/base/protocols/rpc/base.bro rename to scripts/base/protocols/rpc/main.bro diff --git a/scripts/policy/integration/barnyard2/__load__.bro b/scripts/policy/integration/barnyard2/__load__.bro index ce5bad3fe8..c4790c6b32 100644 --- a/scripts/policy/integration/barnyard2/__load__.bro +++ b/scripts/policy/integration/barnyard2/__load__.bro @@ -1,2 +1,2 @@ @load ./types -@load ./base +@load ./main diff --git a/scripts/policy/integration/barnyard2/base.bro b/scripts/policy/integration/barnyard2/main.bro similarity index 100% rename from scripts/policy/integration/barnyard2/base.bro rename to scripts/policy/integration/barnyard2/main.bro diff --git a/scripts/test-all-policy.bro b/scripts/test-all-policy.bro index 49f123f880..4039fe2732 100644 --- a/scripts/test-all-policy.bro +++ b/scripts/test-all-policy.bro @@ -18,7 +18,7 @@ @load frameworks/software/version-changes.bro @load frameworks/software/vulnerable.bro @load integration/barnyard2/__load__.bro -@load integration/barnyard2/base.bro +@load integration/barnyard2/main.bro @load integration/barnyard2/types.bro @load misc/analysis-groups.bro @load misc/loaded-scripts.bro From 9e7934dc32f136430c64d3f500fa47cfa402df37 Mon Sep 17 00:00:00 2001 From: Jon Siwek Date: Wed, 10 Aug 2011 16:06:05 -0500 Subject: [PATCH 03/11] Normalize some intra-package @loads --- scripts/base/protocols/http/file-ident.bro | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/scripts/base/protocols/http/file-ident.bro b/scripts/base/protocols/http/file-ident.bro index 0803d8680d..489267e6f1 100644 --- a/scripts/base/protocols/http/file-ident.bro +++ b/scripts/base/protocols/http/file-ident.bro @@ -3,8 +3,8 @@ @load base/frameworks/signatures/main @load base/frameworks/notice/main -@load base/protocols/http/main -@load base/protocols/http/utils +@load ./main +@load ./utils # Add the magic number signatures to the core signature set. redef signature_files += "base/protocols/http/file-ident.sig"; From ac257c7a6d48ecd67cacc48e89f0105c89dcbe11 Mon Sep 17 00:00:00 2001 From: Jon Siwek Date: Wed, 10 Aug 2011 16:29:52 -0500 Subject: [PATCH 04/11] Change/fix some cluster script error reporting. The main script now uses the Reporter::error BIF instead of scheduling a reporter_error event to report an invalid node name. The later only works if the reporter framework is loaded, but the BIF will do the right thing and use stderr if there's no event handler. I also @if'd out most of the setup-connections script when the node is invalid because that's what the cluster/__load__.bro would normally do. --- scripts/base/frameworks/cluster/main.bro | 3 +-- scripts/base/frameworks/cluster/setup-connections.bro | 4 ++++ 2 files changed, 5 insertions(+), 2 deletions(-) diff --git a/scripts/base/frameworks/cluster/main.bro b/scripts/base/frameworks/cluster/main.bro index 7b277769fb..4817db0ea7 100644 --- a/scripts/base/frameworks/cluster/main.bro +++ b/scripts/base/frameworks/cluster/main.bro @@ -60,8 +60,7 @@ event bro_init() # If a node is given, but it's an unknown name we need to fail. if ( node != "" && node !in nodes ) { - local msg = "You didn't supply a valid node in the Cluster::nodes configuration."; - event reporter_error(current_time(), msg, ""); + Reporter::error(fmt("'%s' is not a valid node in the Cluster::nodes configuration", node)); terminate(); } diff --git a/scripts/base/frameworks/cluster/setup-connections.bro b/scripts/base/frameworks/cluster/setup-connections.bro index 956a6194f4..b0d833d362 100644 --- a/scripts/base/frameworks/cluster/setup-connections.bro +++ b/scripts/base/frameworks/cluster/setup-connections.bro @@ -1,6 +1,8 @@ @load ./main @load base/frameworks/communication/main +@if ( Cluster::node in Cluster::nodes ) + module Cluster; event bro_init() &priority=9 @@ -80,3 +82,5 @@ event bro_init() &priority=9 } } } + +@endif From 7b07a19cd6a0267ce889b22646ce013848fa8528 Mon Sep 17 00:00:00 2001 From: Jon Siwek Date: Wed, 10 Aug 2011 17:16:26 -0500 Subject: [PATCH 05/11] bro scripts generated from bifs now install to $prefix/share/bro/base/ Addresses #545 --- scripts/base/frameworks/logging/main.bro | 2 +- scripts/base/init-bare.bro | 12 ++++++------ src/CMakeLists.txt | 9 ++++++++- 3 files changed, 15 insertions(+), 8 deletions(-) diff --git a/scripts/base/frameworks/logging/main.bro b/scripts/base/frameworks/logging/main.bro index e31f931de9..be575247ec 100644 --- a/scripts/base/frameworks/logging/main.bro +++ b/scripts/base/frameworks/logging/main.bro @@ -149,7 +149,7 @@ export { # We keep a script-level copy of all filters so that we can manipulate them. global filters: table[ID, string] of Filter; -@load logging.bif.bro # Needs Filter and Stream defined. +@load base/logging.bif # Needs Filter and Stream defined. module Log; diff --git a/scripts/base/init-bare.bro b/scripts/base/init-bare.bro index 30674fafc7..42580e95e7 100644 --- a/scripts/base/init-bare.bro +++ b/scripts/base/init-bare.bro @@ -1,5 +1,5 @@ -@load const.bif.bro -@load types.bif.bro +@load base/const.bif +@load base/types.bif # Type declarations type string_array: table[count] of string; @@ -298,9 +298,9 @@ type entropy_test_result: record { }; # Prototypes of Bro built-in functions. -@load strings.bif.bro -@load bro.bif.bro -@load reporter.bif.bro +@load base/strings.bif +@load base/bro.bif +@load base/reporter.bif global log_file_name: function(tag: string): string &redef; global open_log_file: function(tag: string): file &redef; @@ -1264,7 +1264,7 @@ type bittorrent_benc_dir: table[string] of bittorrent_benc_value; # The header table type used by the bittorrenttracker analyzer. type bt_tracker_headers: table[string] of string; -@load event.bif.bro +@load base/event.bif # The filter the user has set via the -f command line options, or # empty if none. diff --git a/src/CMakeLists.txt b/src/CMakeLists.txt index 1a5f096f70..db6a139e58 100644 --- a/src/CMakeLists.txt +++ b/src/CMakeLists.txt @@ -107,6 +107,12 @@ macro(BIF_TARGET bifInput) add_custom_command(OUTPUT ${bifOutputs} COMMAND bifcl ARGS ${CMAKE_CURRENT_SOURCE_DIR}/${bifInput} || (rm -f ${bifOutputs} && exit 1) + # in order be able to run bro from the build directory, + # a copy of the generated bro script needs to be copied + # to a directory tree named the same way it will be + # referenced from an @load + COMMAND "${CMAKE_COMMAND}" + ARGS -E copy ${bifInput}.bro base/${bifInput}.bro DEPENDS ${bifInput} DEPENDS bifcl COMMENT "[BIFCL] Processing ${bifInput}" @@ -121,6 +127,7 @@ endmacro(BIF_TARGET) macro(GET_BIF_OUTPUT_FILES inputFile outputFileVar) set(${outputFileVar} ${inputFile}.bro + base/${inputFile}.bro ${inputFile}.func_def ${inputFile}.func_h ${inputFile}.func_init @@ -423,7 +430,7 @@ set(brolibs target_link_libraries(bro ${brolibs}) install(TARGETS bro DESTINATION bin) -install(FILES ${INSTALL_BIF_OUTPUTS} DESTINATION ${POLICYDIR}) +install(FILES ${INSTALL_BIF_OUTPUTS} DESTINATION ${POLICYDIR}/base) set(BRO_EXE bro CACHE STRING "Bro executable binary" FORCE) From 2eea193d79ddcccca6d32fd4208e7cd54c9893af Mon Sep 17 00:00:00 2001 From: Jon Siwek Date: Wed, 10 Aug 2011 20:34:49 -0500 Subject: [PATCH 06/11] Update default/bare loaded scripts test and test-all-policy coverage. --- scripts/test-all-policy.bro | 3 +++ .../canonified_loaded_scripts.log | 14 +++++++------- .../canonified_loaded_scripts.log | 17 ++++++++++------- ...overage.bro => test-all-policy-coverage.bro} | 0 4 files changed, 20 insertions(+), 14 deletions(-) rename testing/btest/policy/misc/{test-all-default-coverage.bro => test-all-policy-coverage.bro} (100%) diff --git a/scripts/test-all-policy.bro b/scripts/test-all-policy.bro index 4039fe2732..0e47543404 100644 --- a/scripts/test-all-policy.bro +++ b/scripts/test-all-policy.bro @@ -15,6 +15,9 @@ # @load frameworks/control/controller.bro @load frameworks/dpd/detect-protocols.bro @load frameworks/dpd/packet-segment-logging.bro +@load frameworks/metrics/conn-example.bro +@load frameworks/metrics/http-example.bro +@load frameworks/metrics/ssl-example.bro @load frameworks/software/version-changes.bro @load frameworks/software/vulnerable.bro @load integration/barnyard2/__load__.bro diff --git a/testing/btest/Baseline/policy.misc.bare-loaded-scripts/canonified_loaded_scripts.log b/testing/btest/Baseline/policy.misc.bare-loaded-scripts/canonified_loaded_scripts.log index 7d40d728da..8386089200 100644 --- a/testing/btest/Baseline/policy.misc.bare-loaded-scripts/canonified_loaded_scripts.log +++ b/testing/btest/Baseline/policy.misc.bare-loaded-scripts/canonified_loaded_scripts.log @@ -1,13 +1,13 @@ # depth name 0 scripts/base/init-bare.bro -1 build/src/const.bif.bro -1 build/src/types.bif.bro -1 build/src/strings.bif.bro -1 build/src/bro.bif.bro -1 build/src/reporter.bif.bro -1 build/src/event.bif.bro +1 build/src/base/const.bif.bro +1 build/src/base/types.bif.bro +1 build/src/base/strings.bif.bro +1 build/src/base/bro.bif.bro +1 build/src/base/reporter.bif.bro +1 build/src/base/event.bif.bro 1 scripts/base/frameworks/logging/__load__.bro 2 scripts/base/frameworks/logging/./main.bro -3 build/src/logging.bif.bro +3 build/src/base/logging.bif.bro 2 scripts/base/frameworks/logging/./writers/ascii.bro 0 scripts/policy/misc/loaded-scripts.bro diff --git a/testing/btest/Baseline/policy.misc.default-loaded-scripts/canonified_loaded_scripts.log b/testing/btest/Baseline/policy.misc.default-loaded-scripts/canonified_loaded_scripts.log index 73ef868313..4a5f570e81 100644 --- a/testing/btest/Baseline/policy.misc.default-loaded-scripts/canonified_loaded_scripts.log +++ b/testing/btest/Baseline/policy.misc.default-loaded-scripts/canonified_loaded_scripts.log @@ -1,14 +1,14 @@ # depth name 0 scripts/base/init-bare.bro -1 build/src/const.bif.bro -1 build/src/types.bif.bro -1 build/src/strings.bif.bro -1 build/src/bro.bif.bro -1 build/src/reporter.bif.bro -1 build/src/event.bif.bro +1 build/src/base/const.bif.bro +1 build/src/base/types.bif.bro +1 build/src/base/strings.bif.bro +1 build/src/base/bro.bif.bro +1 build/src/base/reporter.bif.bro +1 build/src/base/event.bif.bro 1 scripts/base/frameworks/logging/__load__.bro 2 scripts/base/frameworks/logging/./main.bro -3 build/src/logging.bif.bro +3 build/src/base/logging.bif.bro 2 scripts/base/frameworks/logging/./writers/ascii.bro 0 scripts/base/init-default.bro 1 scripts/base/utils/site.bro @@ -41,6 +41,7 @@ 1 scripts/base/frameworks/metrics/__load__.bro 2 scripts/base/frameworks/metrics/./main.bro 1 scripts/base/frameworks/communication/__load__.bro +2 scripts/base/frameworks/communication/./main.bro 1 scripts/base/frameworks/control/__load__.bro 2 scripts/base/frameworks/control/./main.bro 1 scripts/base/frameworks/cluster/__load__.bro @@ -69,6 +70,8 @@ 2 scripts/base/protocols/irc/./dcc-send.bro 1 scripts/base/protocols/smtp/__load__.bro 2 scripts/base/protocols/smtp/./main.bro +2 scripts/base/protocols/smtp/./entities.bro +2 scripts/base/protocols/smtp/./entities-excerpt.bro 1 scripts/base/protocols/ssh/__load__.bro 2 scripts/base/protocols/ssh/./main.bro 1 scripts/base/protocols/ssl/__load__.bro diff --git a/testing/btest/policy/misc/test-all-default-coverage.bro b/testing/btest/policy/misc/test-all-policy-coverage.bro similarity index 100% rename from testing/btest/policy/misc/test-all-default-coverage.bro rename to testing/btest/policy/misc/test-all-policy-coverage.bro From c3fb0ea03567c7b82fb008fb42be2206eb1ed657 Mon Sep 17 00:00:00 2001 From: Jon Siwek Date: Thu, 11 Aug 2011 10:43:11 -0500 Subject: [PATCH 07/11] Reorganizing btest/policy directory to match new scripts/ organization Addresses #545 --- .../unique_errors | 0 .../manager-1..stdout | 0 .../proxy-1..stdout | 0 .../proxy-2..stdout | 0 .../worker-1..stdout | 0 .../worker-2..stdout | 0 .../controllee..stdout | 0 .../controller..stdout | 0 .../out | 0 .../ssh-new-default.log | 0 .../ssh.log | Bin .../ssh.log | 0 .../ssh.log | Bin .../ssh.log | 0 .../test.log | 0 .../ssh.log | 0 .../ssh.log | 0 .../ssh.log | 0 .../output | 0 .../ssh.log | 0 .../ssh.log | 0 .../ssh.log | 0 .../output | 0 .../ssh.failure.log | 0 .../ssh.success.log | 0 .../receiver.test.log | 0 .../sender.test.failure.log | 0 .../sender.test.log | 0 .../sender.test.success.log | 0 .../ssh.failure.log | 0 .../ssh.log | 0 .../out | 0 .../out | 0 .../output | 0 .../ssh.log | 0 .../ssh.log | 0 .../testing.log | 0 .../ssh.log | 0 .../output | 0 .../http.log | 0 .../http.log | 0 .../irc.log | 0 ...em_192.168.1.77:57655-209.197.168.151:1024_1.dat | Bin .../irc.log | 0 .../smtp.log | 0 ...mtp-entity_10.10.1.4:1470-74.53.140.153:25_1.dat | 0 ...mtp-entity_10.10.1.4:1470-74.53.140.153:25_2.dat | 0 .../smtp_entities.log | 0 .../smtp_entities.log | 0 .../output | 0 .../output | 0 .../output | 0 .../output | 0 .../output | 0 .../output | 0 .../output | 0 .../output | 0 .../output | 0 .../output | 0 .../output | 0 .../canonified_loaded_scripts.log | 0 .../canonified_loaded_scripts.log | 0 .../knownhosts-all.log | 0 .../knownhosts-local.log | 0 .../knownhosts-remote.log | 0 .../knownservices-all.log | 0 .../knownservices-local.log | 0 .../knownservices-remote.log | 0 .../dns.log | 0 .../output | 0 testing/btest/btest.cfg | 2 +- .../misc => scripts}/bare-mode-coverage.test | 2 +- .../base}/frameworks/cluster/start-it-up.bro | 0 .../frameworks/control/configuration_update.bro | 0 .../base}/frameworks/control/id_value.bro | 0 .../base}/frameworks/control/shutdown.bro | 0 .../base}/frameworks/intel/insert-and-matcher.bro | 0 .../base}/frameworks/logging/adapt-filter.bro | 0 .../base}/frameworks/logging/ascii-binary.bro | 0 .../base}/frameworks/logging/ascii-empty.bro | 0 .../base}/frameworks/logging/ascii-escape.bro | 0 .../base}/frameworks/logging/ascii-options.bro | 0 .../base}/frameworks/logging/ascii-timestamps.bro | 0 .../base}/frameworks/logging/attr-extend.bro | 0 .../base}/frameworks/logging/attr.bro | 0 .../base}/frameworks/logging/disable-stream.bro | 0 .../base}/frameworks/logging/empty-event.bro | 0 .../base}/frameworks/logging/events.bro | 0 .../base}/frameworks/logging/exclude.bro | 0 .../base}/frameworks/logging/file.bro | 0 .../base}/frameworks/logging/include.bro | 0 .../base}/frameworks/logging/no-local.bro | 0 .../base}/frameworks/logging/path-func.bro | 0 .../base}/frameworks/logging/pred.bro | 0 .../base}/frameworks/logging/remote-types.bro | 0 .../base}/frameworks/logging/remote.bro | 0 .../base}/frameworks/logging/remove.bro | 0 .../base}/frameworks/logging/rotate-custom.bro | 0 .../base}/frameworks/logging/rotate.bro | 0 .../base}/frameworks/logging/rotation.trace | Bin .../base}/frameworks/logging/stdout.bro | 0 .../base}/frameworks/logging/test-logging.bro | 0 .../base}/frameworks/logging/types.bro | 0 .../base}/frameworks/logging/unset-record.bro | 0 .../base}/frameworks/logging/vec.bro | 0 .../base}/frameworks/software/version-parsing.bro | 0 .../misc => scripts/base}/init-default-coverage.bro | 0 .../base}/protocols/http/http-header-crlf.bro | 0 .../base}/protocols/http/http-mime-and-md5.bro | 0 .../base}/protocols/http/http-pipelining.bro | 0 .../base}/protocols/irc/basic.test | 0 .../base}/protocols/irc/dcc-extract.test | 0 .../base}/protocols/smtp/basic.test | 0 .../base}/protocols/smtp/mime-extract.test | 0 .../base}/protocols/smtp/mime.test | 0 .../btest/{policy => scripts/base}/utils/addrs.test | 0 .../{policy => scripts/base}/utils/conn-ids.test | 0 .../base}/utils/directions-and-hosts.test | 0 .../btest/{policy => scripts/base}/utils/files.test | 0 .../{policy => scripts/base}/utils/numbers.test | 0 .../btest/{policy => scripts/base}/utils/paths.test | 0 .../{policy => scripts/base}/utils/pattern.test | 0 .../btest/{policy => scripts/base}/utils/site.test | 0 .../{policy => scripts/base}/utils/strings.test | 0 .../{policy => scripts/base}/utils/thresholds.test | 0 .../misc => scripts}/check-test-all-policy.bro | 0 .../policy/misc/bare-loaded-scripts.test | 0 .../policy/misc/default-loaded-scripts.test | 0 .../policy/protocols/conn/known-hosts.bro | 0 .../policy/protocols/conn/known-services.bro | 0 .../policy/protocols/dns/event-priority.bro | 0 .../protocols/http/test-sql-injection-regex.bro | 0 .../testing-local.bro => scripts/site/local.test} | 0 .../misc => scripts}/test-all-policy-coverage.bro | 0 134 files changed, 2 insertions(+), 2 deletions(-) rename testing/btest/Baseline/{policy.misc.bare-mode-coverage => scripts.bare-mode-coverage}/unique_errors (100%) rename testing/btest/Baseline/{policy.frameworks.cluster.start-it-up => scripts.base.frameworks.cluster.start-it-up}/manager-1..stdout (100%) rename testing/btest/Baseline/{policy.frameworks.cluster.start-it-up => scripts.base.frameworks.cluster.start-it-up}/proxy-1..stdout (100%) rename testing/btest/Baseline/{policy.frameworks.cluster.start-it-up => scripts.base.frameworks.cluster.start-it-up}/proxy-2..stdout (100%) rename testing/btest/Baseline/{policy.frameworks.cluster.start-it-up => scripts.base.frameworks.cluster.start-it-up}/worker-1..stdout (100%) rename testing/btest/Baseline/{policy.frameworks.cluster.start-it-up => scripts.base.frameworks.cluster.start-it-up}/worker-2..stdout (100%) rename testing/btest/Baseline/{policy.frameworks.control.configuration_update => scripts.base.frameworks.control.configuration_update}/controllee..stdout (100%) rename testing/btest/Baseline/{policy.frameworks.control.id_value => scripts.base.frameworks.control.id_value}/controller..stdout (100%) rename testing/btest/Baseline/{policy.frameworks.intel.insert-and-matcher => scripts.base.frameworks.intel.insert-and-matcher}/out (100%) rename testing/btest/Baseline/{policy.frameworks.logging.adapt-filter => scripts.base.frameworks.logging.adapt-filter}/ssh-new-default.log (100%) rename testing/btest/Baseline/{policy.frameworks.logging.ascii-binary => scripts.base.frameworks.logging.ascii-binary}/ssh.log (100%) rename testing/btest/Baseline/{policy.frameworks.logging.ascii-empty => scripts.base.frameworks.logging.ascii-empty}/ssh.log (100%) rename testing/btest/Baseline/{policy.frameworks.logging.ascii-escape => scripts.base.frameworks.logging.ascii-escape}/ssh.log (100%) rename testing/btest/Baseline/{policy.frameworks.logging.ascii-options => scripts.base.frameworks.logging.ascii-options}/ssh.log (100%) rename testing/btest/Baseline/{policy.frameworks.logging.ascii-timestamps => scripts.base.frameworks.logging.ascii-timestamps}/test.log (100%) rename testing/btest/Baseline/{policy.frameworks.logging.attr-extend => scripts.base.frameworks.logging.attr-extend}/ssh.log (100%) rename testing/btest/Baseline/{policy.frameworks.logging.attr => scripts.base.frameworks.logging.attr}/ssh.log (100%) rename testing/btest/Baseline/{policy.frameworks.logging.empty-event => scripts.base.frameworks.logging.empty-event}/ssh.log (100%) rename testing/btest/Baseline/{policy.frameworks.logging.events => scripts.base.frameworks.logging.events}/output (100%) rename testing/btest/Baseline/{policy.frameworks.logging.exclude => scripts.base.frameworks.logging.exclude}/ssh.log (100%) rename testing/btest/Baseline/{policy.frameworks.logging.file => scripts.base.frameworks.logging.file}/ssh.log (100%) rename testing/btest/Baseline/{policy.frameworks.logging.include => scripts.base.frameworks.logging.include}/ssh.log (100%) rename testing/btest/Baseline/{policy.frameworks.logging.path-func => scripts.base.frameworks.logging.path-func}/output (100%) rename testing/btest/Baseline/{policy.frameworks.logging.pred => scripts.base.frameworks.logging.pred}/ssh.failure.log (100%) rename testing/btest/Baseline/{policy.frameworks.logging.pred => scripts.base.frameworks.logging.pred}/ssh.success.log (100%) rename testing/btest/Baseline/{policy.frameworks.logging.remote-types => scripts.base.frameworks.logging.remote-types}/receiver.test.log (100%) rename testing/btest/Baseline/{policy.frameworks.logging.remote => scripts.base.frameworks.logging.remote}/sender.test.failure.log (100%) rename testing/btest/Baseline/{policy.frameworks.logging.remote => scripts.base.frameworks.logging.remote}/sender.test.log (100%) rename testing/btest/Baseline/{policy.frameworks.logging.remote => scripts.base.frameworks.logging.remote}/sender.test.success.log (100%) rename testing/btest/Baseline/{policy.frameworks.logging.remove => scripts.base.frameworks.logging.remove}/ssh.failure.log (100%) rename testing/btest/Baseline/{policy.frameworks.logging.remove => scripts.base.frameworks.logging.remove}/ssh.log (100%) rename testing/btest/Baseline/{policy.frameworks.logging.rotate-custom => scripts.base.frameworks.logging.rotate-custom}/out (100%) rename testing/btest/Baseline/{policy.frameworks.logging.rotate => scripts.base.frameworks.logging.rotate}/out (100%) rename testing/btest/Baseline/{policy.frameworks.logging.stdout => scripts.base.frameworks.logging.stdout}/output (100%) rename testing/btest/Baseline/{policy.frameworks.logging.test-logging => scripts.base.frameworks.logging.test-logging}/ssh.log (100%) rename testing/btest/Baseline/{policy.frameworks.logging.types => scripts.base.frameworks.logging.types}/ssh.log (100%) rename testing/btest/Baseline/{policy.frameworks.logging.unset-record => scripts.base.frameworks.logging.unset-record}/testing.log (100%) rename testing/btest/Baseline/{policy.frameworks.logging.vec => scripts.base.frameworks.logging.vec}/ssh.log (100%) rename testing/btest/Baseline/{policy.frameworks.software.version-parsing => scripts.base.frameworks.software.version-parsing}/output (100%) rename testing/btest/Baseline/{policy.protocols.http.http-mime-and-md5 => scripts.base.protocols.http.http-mime-and-md5}/http.log (100%) rename testing/btest/Baseline/{policy.protocols.http.http-pipelining => scripts.base.protocols.http.http-pipelining}/http.log (100%) rename testing/btest/Baseline/{policy.protocols.irc.basic => scripts.base.protocols.irc.basic}/irc.log (100%) rename testing/btest/Baseline/{policy.protocols.irc.dcc-extract => scripts.base.protocols.irc.dcc-extract}/irc-dcc-item_192.168.1.77:57655-209.197.168.151:1024_1.dat (100%) rename testing/btest/Baseline/{policy.protocols.irc.dcc-extract => scripts.base.protocols.irc.dcc-extract}/irc.log (100%) rename testing/btest/Baseline/{policy.protocols.smtp.basic => scripts.base.protocols.smtp.basic}/smtp.log (100%) rename testing/btest/Baseline/{policy.protocols.smtp.mime-extract => scripts.base.protocols.smtp.mime-extract}/smtp-entity_10.10.1.4:1470-74.53.140.153:25_1.dat (100%) rename testing/btest/Baseline/{policy.protocols.smtp.mime-extract => scripts.base.protocols.smtp.mime-extract}/smtp-entity_10.10.1.4:1470-74.53.140.153:25_2.dat (100%) rename testing/btest/Baseline/{policy.protocols.smtp.mime-extract => scripts.base.protocols.smtp.mime-extract}/smtp_entities.log (100%) rename testing/btest/Baseline/{policy.protocols.smtp.mime => scripts.base.protocols.smtp.mime}/smtp_entities.log (100%) rename testing/btest/Baseline/{policy.utils.addrs => scripts.base.utils.addrs}/output (100%) rename testing/btest/Baseline/{policy.utils.conn-ids => scripts.base.utils.conn-ids}/output (100%) rename testing/btest/Baseline/{policy.utils.directions-and-hosts => scripts.base.utils.directions-and-hosts}/output (100%) rename testing/btest/Baseline/{policy.utils.files => scripts.base.utils.files}/output (100%) rename testing/btest/Baseline/{policy.utils.numbers => scripts.base.utils.numbers}/output (100%) rename testing/btest/Baseline/{policy.utils.paths => scripts.base.utils.paths}/output (100%) rename testing/btest/Baseline/{policy.utils.pattern => scripts.base.utils.pattern}/output (100%) rename testing/btest/Baseline/{policy.utils.site => scripts.base.utils.site}/output (100%) rename testing/btest/Baseline/{policy.utils.strings => scripts.base.utils.strings}/output (100%) rename testing/btest/Baseline/{policy.utils.thresholds => scripts.base.utils.thresholds}/output (100%) rename testing/btest/Baseline/{policy.misc.check-test-all-policy => scripts.check-test-all-policy}/output (100%) rename testing/btest/Baseline/{policy.misc.bare-loaded-scripts => scripts.policy.misc.bare-loaded-scripts}/canonified_loaded_scripts.log (100%) rename testing/btest/Baseline/{policy.misc.default-loaded-scripts => scripts.policy.misc.default-loaded-scripts}/canonified_loaded_scripts.log (100%) rename testing/btest/Baseline/{policy.protocols.conn.known-hosts => scripts.policy.protocols.conn.known-hosts}/knownhosts-all.log (100%) rename testing/btest/Baseline/{policy.protocols.conn.known-hosts => scripts.policy.protocols.conn.known-hosts}/knownhosts-local.log (100%) rename testing/btest/Baseline/{policy.protocols.conn.known-hosts => scripts.policy.protocols.conn.known-hosts}/knownhosts-remote.log (100%) rename testing/btest/Baseline/{policy.protocols.conn.known-services => scripts.policy.protocols.conn.known-services}/knownservices-all.log (100%) rename testing/btest/Baseline/{policy.protocols.conn.known-services => scripts.policy.protocols.conn.known-services}/knownservices-local.log (100%) rename testing/btest/Baseline/{policy.protocols.conn.known-services => scripts.policy.protocols.conn.known-services}/knownservices-remote.log (100%) rename testing/btest/Baseline/{policy.protocols.dns.event-priority => scripts.policy.protocols.dns.event-priority}/dns.log (100%) rename testing/btest/Baseline/{policy.protocols.http.test-sql-injection-regex => scripts.policy.protocols.http.test-sql-injection-regex}/output (100%) rename testing/btest/{policy/misc => scripts}/bare-mode-coverage.test (94%) rename testing/btest/{policy => scripts/base}/frameworks/cluster/start-it-up.bro (100%) rename testing/btest/{policy => scripts/base}/frameworks/control/configuration_update.bro (100%) rename testing/btest/{policy => scripts/base}/frameworks/control/id_value.bro (100%) rename testing/btest/{policy => scripts/base}/frameworks/control/shutdown.bro (100%) rename testing/btest/{policy => scripts/base}/frameworks/intel/insert-and-matcher.bro (100%) rename testing/btest/{policy => scripts/base}/frameworks/logging/adapt-filter.bro (100%) rename testing/btest/{policy => scripts/base}/frameworks/logging/ascii-binary.bro (100%) rename testing/btest/{policy => scripts/base}/frameworks/logging/ascii-empty.bro (100%) rename testing/btest/{policy => scripts/base}/frameworks/logging/ascii-escape.bro (100%) rename testing/btest/{policy => scripts/base}/frameworks/logging/ascii-options.bro (100%) rename testing/btest/{policy => scripts/base}/frameworks/logging/ascii-timestamps.bro (100%) rename testing/btest/{policy => scripts/base}/frameworks/logging/attr-extend.bro (100%) rename testing/btest/{policy => scripts/base}/frameworks/logging/attr.bro (100%) rename testing/btest/{policy => scripts/base}/frameworks/logging/disable-stream.bro (100%) rename testing/btest/{policy => scripts/base}/frameworks/logging/empty-event.bro (100%) rename testing/btest/{policy => scripts/base}/frameworks/logging/events.bro (100%) rename testing/btest/{policy => scripts/base}/frameworks/logging/exclude.bro (100%) rename testing/btest/{policy => scripts/base}/frameworks/logging/file.bro (100%) rename testing/btest/{policy => scripts/base}/frameworks/logging/include.bro (100%) rename testing/btest/{policy => scripts/base}/frameworks/logging/no-local.bro (100%) rename testing/btest/{policy => scripts/base}/frameworks/logging/path-func.bro (100%) rename testing/btest/{policy => scripts/base}/frameworks/logging/pred.bro (100%) rename testing/btest/{policy => scripts/base}/frameworks/logging/remote-types.bro (100%) rename testing/btest/{policy => scripts/base}/frameworks/logging/remote.bro (100%) rename testing/btest/{policy => scripts/base}/frameworks/logging/remove.bro (100%) rename testing/btest/{policy => scripts/base}/frameworks/logging/rotate-custom.bro (100%) rename testing/btest/{policy => scripts/base}/frameworks/logging/rotate.bro (100%) rename testing/btest/{policy => scripts/base}/frameworks/logging/rotation.trace (100%) rename testing/btest/{policy => scripts/base}/frameworks/logging/stdout.bro (100%) rename testing/btest/{policy => scripts/base}/frameworks/logging/test-logging.bro (100%) rename testing/btest/{policy => scripts/base}/frameworks/logging/types.bro (100%) rename testing/btest/{policy => scripts/base}/frameworks/logging/unset-record.bro (100%) rename testing/btest/{policy => scripts/base}/frameworks/logging/vec.bro (100%) rename testing/btest/{policy => scripts/base}/frameworks/software/version-parsing.bro (100%) rename testing/btest/{policy/misc => scripts/base}/init-default-coverage.bro (100%) rename testing/btest/{policy => scripts/base}/protocols/http/http-header-crlf.bro (100%) rename testing/btest/{policy => scripts/base}/protocols/http/http-mime-and-md5.bro (100%) rename testing/btest/{policy => scripts/base}/protocols/http/http-pipelining.bro (100%) rename testing/btest/{policy => scripts/base}/protocols/irc/basic.test (100%) rename testing/btest/{policy => scripts/base}/protocols/irc/dcc-extract.test (100%) rename testing/btest/{policy => scripts/base}/protocols/smtp/basic.test (100%) rename testing/btest/{policy => scripts/base}/protocols/smtp/mime-extract.test (100%) rename testing/btest/{policy => scripts/base}/protocols/smtp/mime.test (100%) rename testing/btest/{policy => scripts/base}/utils/addrs.test (100%) rename testing/btest/{policy => scripts/base}/utils/conn-ids.test (100%) rename testing/btest/{policy => scripts/base}/utils/directions-and-hosts.test (100%) rename testing/btest/{policy => scripts/base}/utils/files.test (100%) rename testing/btest/{policy => scripts/base}/utils/numbers.test (100%) rename testing/btest/{policy => scripts/base}/utils/paths.test (100%) rename testing/btest/{policy => scripts/base}/utils/pattern.test (100%) rename testing/btest/{policy => scripts/base}/utils/site.test (100%) rename testing/btest/{policy => scripts/base}/utils/strings.test (100%) rename testing/btest/{policy => scripts/base}/utils/thresholds.test (100%) rename testing/btest/{policy/misc => scripts}/check-test-all-policy.bro (100%) rename testing/btest/{ => scripts}/policy/misc/bare-loaded-scripts.test (100%) rename testing/btest/{ => scripts}/policy/misc/default-loaded-scripts.test (100%) rename testing/btest/{ => scripts}/policy/protocols/conn/known-hosts.bro (100%) rename testing/btest/{ => scripts}/policy/protocols/conn/known-services.bro (100%) rename testing/btest/{ => scripts}/policy/protocols/dns/event-priority.bro (100%) rename testing/btest/{ => scripts}/policy/protocols/http/test-sql-injection-regex.bro (100%) rename testing/btest/{policy/site/testing-local.bro => scripts/site/local.test} (100%) rename testing/btest/{policy/misc => scripts}/test-all-policy-coverage.bro (100%) diff --git a/testing/btest/Baseline/policy.misc.bare-mode-coverage/unique_errors b/testing/btest/Baseline/scripts.bare-mode-coverage/unique_errors similarity index 100% rename from testing/btest/Baseline/policy.misc.bare-mode-coverage/unique_errors rename to testing/btest/Baseline/scripts.bare-mode-coverage/unique_errors diff --git a/testing/btest/Baseline/policy.frameworks.cluster.start-it-up/manager-1..stdout b/testing/btest/Baseline/scripts.base.frameworks.cluster.start-it-up/manager-1..stdout similarity index 100% rename from testing/btest/Baseline/policy.frameworks.cluster.start-it-up/manager-1..stdout rename to testing/btest/Baseline/scripts.base.frameworks.cluster.start-it-up/manager-1..stdout diff --git a/testing/btest/Baseline/policy.frameworks.cluster.start-it-up/proxy-1..stdout b/testing/btest/Baseline/scripts.base.frameworks.cluster.start-it-up/proxy-1..stdout similarity index 100% rename from testing/btest/Baseline/policy.frameworks.cluster.start-it-up/proxy-1..stdout rename to testing/btest/Baseline/scripts.base.frameworks.cluster.start-it-up/proxy-1..stdout diff --git a/testing/btest/Baseline/policy.frameworks.cluster.start-it-up/proxy-2..stdout b/testing/btest/Baseline/scripts.base.frameworks.cluster.start-it-up/proxy-2..stdout similarity index 100% rename from testing/btest/Baseline/policy.frameworks.cluster.start-it-up/proxy-2..stdout rename to testing/btest/Baseline/scripts.base.frameworks.cluster.start-it-up/proxy-2..stdout diff --git a/testing/btest/Baseline/policy.frameworks.cluster.start-it-up/worker-1..stdout b/testing/btest/Baseline/scripts.base.frameworks.cluster.start-it-up/worker-1..stdout similarity index 100% rename from testing/btest/Baseline/policy.frameworks.cluster.start-it-up/worker-1..stdout rename to testing/btest/Baseline/scripts.base.frameworks.cluster.start-it-up/worker-1..stdout diff --git a/testing/btest/Baseline/policy.frameworks.cluster.start-it-up/worker-2..stdout b/testing/btest/Baseline/scripts.base.frameworks.cluster.start-it-up/worker-2..stdout similarity index 100% rename from testing/btest/Baseline/policy.frameworks.cluster.start-it-up/worker-2..stdout rename to testing/btest/Baseline/scripts.base.frameworks.cluster.start-it-up/worker-2..stdout diff --git a/testing/btest/Baseline/policy.frameworks.control.configuration_update/controllee..stdout b/testing/btest/Baseline/scripts.base.frameworks.control.configuration_update/controllee..stdout similarity index 100% rename from testing/btest/Baseline/policy.frameworks.control.configuration_update/controllee..stdout rename to testing/btest/Baseline/scripts.base.frameworks.control.configuration_update/controllee..stdout diff --git a/testing/btest/Baseline/policy.frameworks.control.id_value/controller..stdout b/testing/btest/Baseline/scripts.base.frameworks.control.id_value/controller..stdout similarity index 100% rename from testing/btest/Baseline/policy.frameworks.control.id_value/controller..stdout rename to testing/btest/Baseline/scripts.base.frameworks.control.id_value/controller..stdout diff --git a/testing/btest/Baseline/policy.frameworks.intel.insert-and-matcher/out b/testing/btest/Baseline/scripts.base.frameworks.intel.insert-and-matcher/out similarity index 100% rename from testing/btest/Baseline/policy.frameworks.intel.insert-and-matcher/out rename to testing/btest/Baseline/scripts.base.frameworks.intel.insert-and-matcher/out diff --git a/testing/btest/Baseline/policy.frameworks.logging.adapt-filter/ssh-new-default.log b/testing/btest/Baseline/scripts.base.frameworks.logging.adapt-filter/ssh-new-default.log similarity index 100% rename from testing/btest/Baseline/policy.frameworks.logging.adapt-filter/ssh-new-default.log rename to testing/btest/Baseline/scripts.base.frameworks.logging.adapt-filter/ssh-new-default.log diff --git a/testing/btest/Baseline/policy.frameworks.logging.ascii-binary/ssh.log b/testing/btest/Baseline/scripts.base.frameworks.logging.ascii-binary/ssh.log similarity index 100% rename from testing/btest/Baseline/policy.frameworks.logging.ascii-binary/ssh.log rename to testing/btest/Baseline/scripts.base.frameworks.logging.ascii-binary/ssh.log diff --git a/testing/btest/Baseline/policy.frameworks.logging.ascii-empty/ssh.log b/testing/btest/Baseline/scripts.base.frameworks.logging.ascii-empty/ssh.log similarity index 100% rename from testing/btest/Baseline/policy.frameworks.logging.ascii-empty/ssh.log rename to testing/btest/Baseline/scripts.base.frameworks.logging.ascii-empty/ssh.log diff --git a/testing/btest/Baseline/policy.frameworks.logging.ascii-escape/ssh.log b/testing/btest/Baseline/scripts.base.frameworks.logging.ascii-escape/ssh.log similarity index 100% rename from testing/btest/Baseline/policy.frameworks.logging.ascii-escape/ssh.log rename to testing/btest/Baseline/scripts.base.frameworks.logging.ascii-escape/ssh.log diff --git a/testing/btest/Baseline/policy.frameworks.logging.ascii-options/ssh.log b/testing/btest/Baseline/scripts.base.frameworks.logging.ascii-options/ssh.log similarity index 100% rename from testing/btest/Baseline/policy.frameworks.logging.ascii-options/ssh.log rename to testing/btest/Baseline/scripts.base.frameworks.logging.ascii-options/ssh.log diff --git a/testing/btest/Baseline/policy.frameworks.logging.ascii-timestamps/test.log b/testing/btest/Baseline/scripts.base.frameworks.logging.ascii-timestamps/test.log similarity index 100% rename from testing/btest/Baseline/policy.frameworks.logging.ascii-timestamps/test.log rename to testing/btest/Baseline/scripts.base.frameworks.logging.ascii-timestamps/test.log diff --git a/testing/btest/Baseline/policy.frameworks.logging.attr-extend/ssh.log b/testing/btest/Baseline/scripts.base.frameworks.logging.attr-extend/ssh.log similarity index 100% rename from testing/btest/Baseline/policy.frameworks.logging.attr-extend/ssh.log rename to testing/btest/Baseline/scripts.base.frameworks.logging.attr-extend/ssh.log diff --git a/testing/btest/Baseline/policy.frameworks.logging.attr/ssh.log b/testing/btest/Baseline/scripts.base.frameworks.logging.attr/ssh.log similarity index 100% rename from testing/btest/Baseline/policy.frameworks.logging.attr/ssh.log rename to testing/btest/Baseline/scripts.base.frameworks.logging.attr/ssh.log diff --git a/testing/btest/Baseline/policy.frameworks.logging.empty-event/ssh.log b/testing/btest/Baseline/scripts.base.frameworks.logging.empty-event/ssh.log similarity index 100% rename from testing/btest/Baseline/policy.frameworks.logging.empty-event/ssh.log rename to testing/btest/Baseline/scripts.base.frameworks.logging.empty-event/ssh.log diff --git a/testing/btest/Baseline/policy.frameworks.logging.events/output b/testing/btest/Baseline/scripts.base.frameworks.logging.events/output similarity index 100% rename from testing/btest/Baseline/policy.frameworks.logging.events/output rename to testing/btest/Baseline/scripts.base.frameworks.logging.events/output diff --git a/testing/btest/Baseline/policy.frameworks.logging.exclude/ssh.log b/testing/btest/Baseline/scripts.base.frameworks.logging.exclude/ssh.log similarity index 100% rename from testing/btest/Baseline/policy.frameworks.logging.exclude/ssh.log rename to testing/btest/Baseline/scripts.base.frameworks.logging.exclude/ssh.log diff --git a/testing/btest/Baseline/policy.frameworks.logging.file/ssh.log b/testing/btest/Baseline/scripts.base.frameworks.logging.file/ssh.log similarity index 100% rename from testing/btest/Baseline/policy.frameworks.logging.file/ssh.log rename to testing/btest/Baseline/scripts.base.frameworks.logging.file/ssh.log diff --git a/testing/btest/Baseline/policy.frameworks.logging.include/ssh.log b/testing/btest/Baseline/scripts.base.frameworks.logging.include/ssh.log similarity index 100% rename from testing/btest/Baseline/policy.frameworks.logging.include/ssh.log rename to testing/btest/Baseline/scripts.base.frameworks.logging.include/ssh.log diff --git a/testing/btest/Baseline/policy.frameworks.logging.path-func/output b/testing/btest/Baseline/scripts.base.frameworks.logging.path-func/output similarity index 100% rename from testing/btest/Baseline/policy.frameworks.logging.path-func/output rename to testing/btest/Baseline/scripts.base.frameworks.logging.path-func/output diff --git a/testing/btest/Baseline/policy.frameworks.logging.pred/ssh.failure.log b/testing/btest/Baseline/scripts.base.frameworks.logging.pred/ssh.failure.log similarity index 100% rename from testing/btest/Baseline/policy.frameworks.logging.pred/ssh.failure.log rename to testing/btest/Baseline/scripts.base.frameworks.logging.pred/ssh.failure.log diff --git a/testing/btest/Baseline/policy.frameworks.logging.pred/ssh.success.log b/testing/btest/Baseline/scripts.base.frameworks.logging.pred/ssh.success.log similarity index 100% rename from testing/btest/Baseline/policy.frameworks.logging.pred/ssh.success.log rename to testing/btest/Baseline/scripts.base.frameworks.logging.pred/ssh.success.log diff --git a/testing/btest/Baseline/policy.frameworks.logging.remote-types/receiver.test.log b/testing/btest/Baseline/scripts.base.frameworks.logging.remote-types/receiver.test.log similarity index 100% rename from testing/btest/Baseline/policy.frameworks.logging.remote-types/receiver.test.log rename to testing/btest/Baseline/scripts.base.frameworks.logging.remote-types/receiver.test.log diff --git a/testing/btest/Baseline/policy.frameworks.logging.remote/sender.test.failure.log b/testing/btest/Baseline/scripts.base.frameworks.logging.remote/sender.test.failure.log similarity index 100% rename from testing/btest/Baseline/policy.frameworks.logging.remote/sender.test.failure.log rename to testing/btest/Baseline/scripts.base.frameworks.logging.remote/sender.test.failure.log diff --git a/testing/btest/Baseline/policy.frameworks.logging.remote/sender.test.log b/testing/btest/Baseline/scripts.base.frameworks.logging.remote/sender.test.log similarity index 100% rename from testing/btest/Baseline/policy.frameworks.logging.remote/sender.test.log rename to testing/btest/Baseline/scripts.base.frameworks.logging.remote/sender.test.log diff --git a/testing/btest/Baseline/policy.frameworks.logging.remote/sender.test.success.log b/testing/btest/Baseline/scripts.base.frameworks.logging.remote/sender.test.success.log similarity index 100% rename from testing/btest/Baseline/policy.frameworks.logging.remote/sender.test.success.log rename to testing/btest/Baseline/scripts.base.frameworks.logging.remote/sender.test.success.log diff --git a/testing/btest/Baseline/policy.frameworks.logging.remove/ssh.failure.log b/testing/btest/Baseline/scripts.base.frameworks.logging.remove/ssh.failure.log similarity index 100% rename from testing/btest/Baseline/policy.frameworks.logging.remove/ssh.failure.log rename to testing/btest/Baseline/scripts.base.frameworks.logging.remove/ssh.failure.log diff --git a/testing/btest/Baseline/policy.frameworks.logging.remove/ssh.log b/testing/btest/Baseline/scripts.base.frameworks.logging.remove/ssh.log similarity index 100% rename from testing/btest/Baseline/policy.frameworks.logging.remove/ssh.log rename to testing/btest/Baseline/scripts.base.frameworks.logging.remove/ssh.log diff --git a/testing/btest/Baseline/policy.frameworks.logging.rotate-custom/out b/testing/btest/Baseline/scripts.base.frameworks.logging.rotate-custom/out similarity index 100% rename from testing/btest/Baseline/policy.frameworks.logging.rotate-custom/out rename to testing/btest/Baseline/scripts.base.frameworks.logging.rotate-custom/out diff --git a/testing/btest/Baseline/policy.frameworks.logging.rotate/out b/testing/btest/Baseline/scripts.base.frameworks.logging.rotate/out similarity index 100% rename from testing/btest/Baseline/policy.frameworks.logging.rotate/out rename to testing/btest/Baseline/scripts.base.frameworks.logging.rotate/out diff --git a/testing/btest/Baseline/policy.frameworks.logging.stdout/output b/testing/btest/Baseline/scripts.base.frameworks.logging.stdout/output similarity index 100% rename from testing/btest/Baseline/policy.frameworks.logging.stdout/output rename to testing/btest/Baseline/scripts.base.frameworks.logging.stdout/output diff --git a/testing/btest/Baseline/policy.frameworks.logging.test-logging/ssh.log b/testing/btest/Baseline/scripts.base.frameworks.logging.test-logging/ssh.log similarity index 100% rename from testing/btest/Baseline/policy.frameworks.logging.test-logging/ssh.log rename to testing/btest/Baseline/scripts.base.frameworks.logging.test-logging/ssh.log diff --git a/testing/btest/Baseline/policy.frameworks.logging.types/ssh.log b/testing/btest/Baseline/scripts.base.frameworks.logging.types/ssh.log similarity index 100% rename from testing/btest/Baseline/policy.frameworks.logging.types/ssh.log rename to testing/btest/Baseline/scripts.base.frameworks.logging.types/ssh.log diff --git a/testing/btest/Baseline/policy.frameworks.logging.unset-record/testing.log b/testing/btest/Baseline/scripts.base.frameworks.logging.unset-record/testing.log similarity index 100% rename from testing/btest/Baseline/policy.frameworks.logging.unset-record/testing.log rename to testing/btest/Baseline/scripts.base.frameworks.logging.unset-record/testing.log diff --git a/testing/btest/Baseline/policy.frameworks.logging.vec/ssh.log b/testing/btest/Baseline/scripts.base.frameworks.logging.vec/ssh.log similarity index 100% rename from testing/btest/Baseline/policy.frameworks.logging.vec/ssh.log rename to testing/btest/Baseline/scripts.base.frameworks.logging.vec/ssh.log diff --git a/testing/btest/Baseline/policy.frameworks.software.version-parsing/output b/testing/btest/Baseline/scripts.base.frameworks.software.version-parsing/output similarity index 100% rename from testing/btest/Baseline/policy.frameworks.software.version-parsing/output rename to testing/btest/Baseline/scripts.base.frameworks.software.version-parsing/output diff --git a/testing/btest/Baseline/policy.protocols.http.http-mime-and-md5/http.log b/testing/btest/Baseline/scripts.base.protocols.http.http-mime-and-md5/http.log similarity index 100% rename from testing/btest/Baseline/policy.protocols.http.http-mime-and-md5/http.log rename to testing/btest/Baseline/scripts.base.protocols.http.http-mime-and-md5/http.log diff --git a/testing/btest/Baseline/policy.protocols.http.http-pipelining/http.log b/testing/btest/Baseline/scripts.base.protocols.http.http-pipelining/http.log similarity index 100% rename from testing/btest/Baseline/policy.protocols.http.http-pipelining/http.log rename to testing/btest/Baseline/scripts.base.protocols.http.http-pipelining/http.log diff --git a/testing/btest/Baseline/policy.protocols.irc.basic/irc.log b/testing/btest/Baseline/scripts.base.protocols.irc.basic/irc.log similarity index 100% rename from testing/btest/Baseline/policy.protocols.irc.basic/irc.log rename to testing/btest/Baseline/scripts.base.protocols.irc.basic/irc.log diff --git a/testing/btest/Baseline/policy.protocols.irc.dcc-extract/irc-dcc-item_192.168.1.77:57655-209.197.168.151:1024_1.dat b/testing/btest/Baseline/scripts.base.protocols.irc.dcc-extract/irc-dcc-item_192.168.1.77:57655-209.197.168.151:1024_1.dat similarity index 100% rename from testing/btest/Baseline/policy.protocols.irc.dcc-extract/irc-dcc-item_192.168.1.77:57655-209.197.168.151:1024_1.dat rename to testing/btest/Baseline/scripts.base.protocols.irc.dcc-extract/irc-dcc-item_192.168.1.77:57655-209.197.168.151:1024_1.dat diff --git a/testing/btest/Baseline/policy.protocols.irc.dcc-extract/irc.log b/testing/btest/Baseline/scripts.base.protocols.irc.dcc-extract/irc.log similarity index 100% rename from testing/btest/Baseline/policy.protocols.irc.dcc-extract/irc.log rename to testing/btest/Baseline/scripts.base.protocols.irc.dcc-extract/irc.log diff --git a/testing/btest/Baseline/policy.protocols.smtp.basic/smtp.log b/testing/btest/Baseline/scripts.base.protocols.smtp.basic/smtp.log similarity index 100% rename from testing/btest/Baseline/policy.protocols.smtp.basic/smtp.log rename to testing/btest/Baseline/scripts.base.protocols.smtp.basic/smtp.log diff --git a/testing/btest/Baseline/policy.protocols.smtp.mime-extract/smtp-entity_10.10.1.4:1470-74.53.140.153:25_1.dat b/testing/btest/Baseline/scripts.base.protocols.smtp.mime-extract/smtp-entity_10.10.1.4:1470-74.53.140.153:25_1.dat similarity index 100% rename from testing/btest/Baseline/policy.protocols.smtp.mime-extract/smtp-entity_10.10.1.4:1470-74.53.140.153:25_1.dat rename to testing/btest/Baseline/scripts.base.protocols.smtp.mime-extract/smtp-entity_10.10.1.4:1470-74.53.140.153:25_1.dat diff --git a/testing/btest/Baseline/policy.protocols.smtp.mime-extract/smtp-entity_10.10.1.4:1470-74.53.140.153:25_2.dat b/testing/btest/Baseline/scripts.base.protocols.smtp.mime-extract/smtp-entity_10.10.1.4:1470-74.53.140.153:25_2.dat similarity index 100% rename from testing/btest/Baseline/policy.protocols.smtp.mime-extract/smtp-entity_10.10.1.4:1470-74.53.140.153:25_2.dat rename to testing/btest/Baseline/scripts.base.protocols.smtp.mime-extract/smtp-entity_10.10.1.4:1470-74.53.140.153:25_2.dat diff --git a/testing/btest/Baseline/policy.protocols.smtp.mime-extract/smtp_entities.log b/testing/btest/Baseline/scripts.base.protocols.smtp.mime-extract/smtp_entities.log similarity index 100% rename from testing/btest/Baseline/policy.protocols.smtp.mime-extract/smtp_entities.log rename to testing/btest/Baseline/scripts.base.protocols.smtp.mime-extract/smtp_entities.log diff --git a/testing/btest/Baseline/policy.protocols.smtp.mime/smtp_entities.log b/testing/btest/Baseline/scripts.base.protocols.smtp.mime/smtp_entities.log similarity index 100% rename from testing/btest/Baseline/policy.protocols.smtp.mime/smtp_entities.log rename to testing/btest/Baseline/scripts.base.protocols.smtp.mime/smtp_entities.log diff --git a/testing/btest/Baseline/policy.utils.addrs/output b/testing/btest/Baseline/scripts.base.utils.addrs/output similarity index 100% rename from testing/btest/Baseline/policy.utils.addrs/output rename to testing/btest/Baseline/scripts.base.utils.addrs/output diff --git a/testing/btest/Baseline/policy.utils.conn-ids/output b/testing/btest/Baseline/scripts.base.utils.conn-ids/output similarity index 100% rename from testing/btest/Baseline/policy.utils.conn-ids/output rename to testing/btest/Baseline/scripts.base.utils.conn-ids/output diff --git a/testing/btest/Baseline/policy.utils.directions-and-hosts/output b/testing/btest/Baseline/scripts.base.utils.directions-and-hosts/output similarity index 100% rename from testing/btest/Baseline/policy.utils.directions-and-hosts/output rename to testing/btest/Baseline/scripts.base.utils.directions-and-hosts/output diff --git a/testing/btest/Baseline/policy.utils.files/output b/testing/btest/Baseline/scripts.base.utils.files/output similarity index 100% rename from testing/btest/Baseline/policy.utils.files/output rename to testing/btest/Baseline/scripts.base.utils.files/output diff --git a/testing/btest/Baseline/policy.utils.numbers/output b/testing/btest/Baseline/scripts.base.utils.numbers/output similarity index 100% rename from testing/btest/Baseline/policy.utils.numbers/output rename to testing/btest/Baseline/scripts.base.utils.numbers/output diff --git a/testing/btest/Baseline/policy.utils.paths/output b/testing/btest/Baseline/scripts.base.utils.paths/output similarity index 100% rename from testing/btest/Baseline/policy.utils.paths/output rename to testing/btest/Baseline/scripts.base.utils.paths/output diff --git a/testing/btest/Baseline/policy.utils.pattern/output b/testing/btest/Baseline/scripts.base.utils.pattern/output similarity index 100% rename from testing/btest/Baseline/policy.utils.pattern/output rename to testing/btest/Baseline/scripts.base.utils.pattern/output diff --git a/testing/btest/Baseline/policy.utils.site/output b/testing/btest/Baseline/scripts.base.utils.site/output similarity index 100% rename from testing/btest/Baseline/policy.utils.site/output rename to testing/btest/Baseline/scripts.base.utils.site/output diff --git a/testing/btest/Baseline/policy.utils.strings/output b/testing/btest/Baseline/scripts.base.utils.strings/output similarity index 100% rename from testing/btest/Baseline/policy.utils.strings/output rename to testing/btest/Baseline/scripts.base.utils.strings/output diff --git a/testing/btest/Baseline/policy.utils.thresholds/output b/testing/btest/Baseline/scripts.base.utils.thresholds/output similarity index 100% rename from testing/btest/Baseline/policy.utils.thresholds/output rename to testing/btest/Baseline/scripts.base.utils.thresholds/output diff --git a/testing/btest/Baseline/policy.misc.check-test-all-policy/output b/testing/btest/Baseline/scripts.check-test-all-policy/output similarity index 100% rename from testing/btest/Baseline/policy.misc.check-test-all-policy/output rename to testing/btest/Baseline/scripts.check-test-all-policy/output diff --git a/testing/btest/Baseline/policy.misc.bare-loaded-scripts/canonified_loaded_scripts.log b/testing/btest/Baseline/scripts.policy.misc.bare-loaded-scripts/canonified_loaded_scripts.log similarity index 100% rename from testing/btest/Baseline/policy.misc.bare-loaded-scripts/canonified_loaded_scripts.log rename to testing/btest/Baseline/scripts.policy.misc.bare-loaded-scripts/canonified_loaded_scripts.log diff --git a/testing/btest/Baseline/policy.misc.default-loaded-scripts/canonified_loaded_scripts.log b/testing/btest/Baseline/scripts.policy.misc.default-loaded-scripts/canonified_loaded_scripts.log similarity index 100% rename from testing/btest/Baseline/policy.misc.default-loaded-scripts/canonified_loaded_scripts.log rename to testing/btest/Baseline/scripts.policy.misc.default-loaded-scripts/canonified_loaded_scripts.log diff --git a/testing/btest/Baseline/policy.protocols.conn.known-hosts/knownhosts-all.log b/testing/btest/Baseline/scripts.policy.protocols.conn.known-hosts/knownhosts-all.log similarity index 100% rename from testing/btest/Baseline/policy.protocols.conn.known-hosts/knownhosts-all.log rename to testing/btest/Baseline/scripts.policy.protocols.conn.known-hosts/knownhosts-all.log diff --git a/testing/btest/Baseline/policy.protocols.conn.known-hosts/knownhosts-local.log b/testing/btest/Baseline/scripts.policy.protocols.conn.known-hosts/knownhosts-local.log similarity index 100% rename from testing/btest/Baseline/policy.protocols.conn.known-hosts/knownhosts-local.log rename to testing/btest/Baseline/scripts.policy.protocols.conn.known-hosts/knownhosts-local.log diff --git a/testing/btest/Baseline/policy.protocols.conn.known-hosts/knownhosts-remote.log b/testing/btest/Baseline/scripts.policy.protocols.conn.known-hosts/knownhosts-remote.log similarity index 100% rename from testing/btest/Baseline/policy.protocols.conn.known-hosts/knownhosts-remote.log rename to testing/btest/Baseline/scripts.policy.protocols.conn.known-hosts/knownhosts-remote.log diff --git a/testing/btest/Baseline/policy.protocols.conn.known-services/knownservices-all.log b/testing/btest/Baseline/scripts.policy.protocols.conn.known-services/knownservices-all.log similarity index 100% rename from testing/btest/Baseline/policy.protocols.conn.known-services/knownservices-all.log rename to testing/btest/Baseline/scripts.policy.protocols.conn.known-services/knownservices-all.log diff --git a/testing/btest/Baseline/policy.protocols.conn.known-services/knownservices-local.log b/testing/btest/Baseline/scripts.policy.protocols.conn.known-services/knownservices-local.log similarity index 100% rename from testing/btest/Baseline/policy.protocols.conn.known-services/knownservices-local.log rename to testing/btest/Baseline/scripts.policy.protocols.conn.known-services/knownservices-local.log diff --git a/testing/btest/Baseline/policy.protocols.conn.known-services/knownservices-remote.log b/testing/btest/Baseline/scripts.policy.protocols.conn.known-services/knownservices-remote.log similarity index 100% rename from testing/btest/Baseline/policy.protocols.conn.known-services/knownservices-remote.log rename to testing/btest/Baseline/scripts.policy.protocols.conn.known-services/knownservices-remote.log diff --git a/testing/btest/Baseline/policy.protocols.dns.event-priority/dns.log b/testing/btest/Baseline/scripts.policy.protocols.dns.event-priority/dns.log similarity index 100% rename from testing/btest/Baseline/policy.protocols.dns.event-priority/dns.log rename to testing/btest/Baseline/scripts.policy.protocols.dns.event-priority/dns.log diff --git a/testing/btest/Baseline/policy.protocols.http.test-sql-injection-regex/output b/testing/btest/Baseline/scripts.policy.protocols.http.test-sql-injection-regex/output similarity index 100% rename from testing/btest/Baseline/policy.protocols.http.test-sql-injection-regex/output rename to testing/btest/Baseline/scripts.policy.protocols.http.test-sql-injection-regex/output diff --git a/testing/btest/btest.cfg b/testing/btest/btest.cfg index 1aa7b28f25..f674ae68c8 100644 --- a/testing/btest/btest.cfg +++ b/testing/btest/btest.cfg @@ -1,5 +1,5 @@ [btest] -TestDirs = doc bifs language core policy istate +TestDirs = doc bifs language core scripts istate TmpDir = %(testbase)s/.tmp BaselineDir = %(testbase)s/Baseline IgnoreDirs = .svn CVS .tmp diff --git a/testing/btest/policy/misc/bare-mode-coverage.test b/testing/btest/scripts/bare-mode-coverage.test similarity index 94% rename from testing/btest/policy/misc/bare-mode-coverage.test rename to testing/btest/scripts/bare-mode-coverage.test index 40cd5ab76e..12744023dc 100644 --- a/testing/btest/policy/misc/bare-mode-coverage.test +++ b/testing/btest/scripts/bare-mode-coverage.test @@ -2,7 +2,7 @@ # bare mode. btest-bg-run/btest-bg-wait are used to kill off scripts that # block after loading, e.g. start listening on a socket. # -# @TEST-EXEC: test -e $DIST/scripts +# @TEST-EXEC: test -d $DIST/scripts # @TEST-EXEC: for script in `find $DIST/scripts -name \*\.bro`; do echo $script;if [[ "$script" =~ listen-clear|listen-ssl|controllee ]]; then rm -rf load_attempt .bgprocs; btest-bg-run load_attempt bro -b $script; btest-bg-wait -k 2; cat load_attempt/.stderr >>allerrors; else bro -b $script 2>>allerrors; fi done || exit 0 # @TEST-EXEC: cat allerrors | grep -v "received termination signal" | sort | uniq > unique_errors # @TEST-EXEC: btest-diff unique_errors diff --git a/testing/btest/policy/frameworks/cluster/start-it-up.bro b/testing/btest/scripts/base/frameworks/cluster/start-it-up.bro similarity index 100% rename from testing/btest/policy/frameworks/cluster/start-it-up.bro rename to testing/btest/scripts/base/frameworks/cluster/start-it-up.bro diff --git a/testing/btest/policy/frameworks/control/configuration_update.bro b/testing/btest/scripts/base/frameworks/control/configuration_update.bro similarity index 100% rename from testing/btest/policy/frameworks/control/configuration_update.bro rename to testing/btest/scripts/base/frameworks/control/configuration_update.bro diff --git a/testing/btest/policy/frameworks/control/id_value.bro b/testing/btest/scripts/base/frameworks/control/id_value.bro similarity index 100% rename from testing/btest/policy/frameworks/control/id_value.bro rename to testing/btest/scripts/base/frameworks/control/id_value.bro diff --git a/testing/btest/policy/frameworks/control/shutdown.bro b/testing/btest/scripts/base/frameworks/control/shutdown.bro similarity index 100% rename from testing/btest/policy/frameworks/control/shutdown.bro rename to testing/btest/scripts/base/frameworks/control/shutdown.bro diff --git a/testing/btest/policy/frameworks/intel/insert-and-matcher.bro b/testing/btest/scripts/base/frameworks/intel/insert-and-matcher.bro similarity index 100% rename from testing/btest/policy/frameworks/intel/insert-and-matcher.bro rename to testing/btest/scripts/base/frameworks/intel/insert-and-matcher.bro diff --git a/testing/btest/policy/frameworks/logging/adapt-filter.bro b/testing/btest/scripts/base/frameworks/logging/adapt-filter.bro similarity index 100% rename from testing/btest/policy/frameworks/logging/adapt-filter.bro rename to testing/btest/scripts/base/frameworks/logging/adapt-filter.bro diff --git a/testing/btest/policy/frameworks/logging/ascii-binary.bro b/testing/btest/scripts/base/frameworks/logging/ascii-binary.bro similarity index 100% rename from testing/btest/policy/frameworks/logging/ascii-binary.bro rename to testing/btest/scripts/base/frameworks/logging/ascii-binary.bro diff --git a/testing/btest/policy/frameworks/logging/ascii-empty.bro b/testing/btest/scripts/base/frameworks/logging/ascii-empty.bro similarity index 100% rename from testing/btest/policy/frameworks/logging/ascii-empty.bro rename to testing/btest/scripts/base/frameworks/logging/ascii-empty.bro diff --git a/testing/btest/policy/frameworks/logging/ascii-escape.bro b/testing/btest/scripts/base/frameworks/logging/ascii-escape.bro similarity index 100% rename from testing/btest/policy/frameworks/logging/ascii-escape.bro rename to testing/btest/scripts/base/frameworks/logging/ascii-escape.bro diff --git a/testing/btest/policy/frameworks/logging/ascii-options.bro b/testing/btest/scripts/base/frameworks/logging/ascii-options.bro similarity index 100% rename from testing/btest/policy/frameworks/logging/ascii-options.bro rename to testing/btest/scripts/base/frameworks/logging/ascii-options.bro diff --git a/testing/btest/policy/frameworks/logging/ascii-timestamps.bro b/testing/btest/scripts/base/frameworks/logging/ascii-timestamps.bro similarity index 100% rename from testing/btest/policy/frameworks/logging/ascii-timestamps.bro rename to testing/btest/scripts/base/frameworks/logging/ascii-timestamps.bro diff --git a/testing/btest/policy/frameworks/logging/attr-extend.bro b/testing/btest/scripts/base/frameworks/logging/attr-extend.bro similarity index 100% rename from testing/btest/policy/frameworks/logging/attr-extend.bro rename to testing/btest/scripts/base/frameworks/logging/attr-extend.bro diff --git a/testing/btest/policy/frameworks/logging/attr.bro b/testing/btest/scripts/base/frameworks/logging/attr.bro similarity index 100% rename from testing/btest/policy/frameworks/logging/attr.bro rename to testing/btest/scripts/base/frameworks/logging/attr.bro diff --git a/testing/btest/policy/frameworks/logging/disable-stream.bro b/testing/btest/scripts/base/frameworks/logging/disable-stream.bro similarity index 100% rename from testing/btest/policy/frameworks/logging/disable-stream.bro rename to testing/btest/scripts/base/frameworks/logging/disable-stream.bro diff --git a/testing/btest/policy/frameworks/logging/empty-event.bro b/testing/btest/scripts/base/frameworks/logging/empty-event.bro similarity index 100% rename from testing/btest/policy/frameworks/logging/empty-event.bro rename to testing/btest/scripts/base/frameworks/logging/empty-event.bro diff --git a/testing/btest/policy/frameworks/logging/events.bro b/testing/btest/scripts/base/frameworks/logging/events.bro similarity index 100% rename from testing/btest/policy/frameworks/logging/events.bro rename to testing/btest/scripts/base/frameworks/logging/events.bro diff --git a/testing/btest/policy/frameworks/logging/exclude.bro b/testing/btest/scripts/base/frameworks/logging/exclude.bro similarity index 100% rename from testing/btest/policy/frameworks/logging/exclude.bro rename to testing/btest/scripts/base/frameworks/logging/exclude.bro diff --git a/testing/btest/policy/frameworks/logging/file.bro b/testing/btest/scripts/base/frameworks/logging/file.bro similarity index 100% rename from testing/btest/policy/frameworks/logging/file.bro rename to testing/btest/scripts/base/frameworks/logging/file.bro diff --git a/testing/btest/policy/frameworks/logging/include.bro b/testing/btest/scripts/base/frameworks/logging/include.bro similarity index 100% rename from testing/btest/policy/frameworks/logging/include.bro rename to testing/btest/scripts/base/frameworks/logging/include.bro diff --git a/testing/btest/policy/frameworks/logging/no-local.bro b/testing/btest/scripts/base/frameworks/logging/no-local.bro similarity index 100% rename from testing/btest/policy/frameworks/logging/no-local.bro rename to testing/btest/scripts/base/frameworks/logging/no-local.bro diff --git a/testing/btest/policy/frameworks/logging/path-func.bro b/testing/btest/scripts/base/frameworks/logging/path-func.bro similarity index 100% rename from testing/btest/policy/frameworks/logging/path-func.bro rename to testing/btest/scripts/base/frameworks/logging/path-func.bro diff --git a/testing/btest/policy/frameworks/logging/pred.bro b/testing/btest/scripts/base/frameworks/logging/pred.bro similarity index 100% rename from testing/btest/policy/frameworks/logging/pred.bro rename to testing/btest/scripts/base/frameworks/logging/pred.bro diff --git a/testing/btest/policy/frameworks/logging/remote-types.bro b/testing/btest/scripts/base/frameworks/logging/remote-types.bro similarity index 100% rename from testing/btest/policy/frameworks/logging/remote-types.bro rename to testing/btest/scripts/base/frameworks/logging/remote-types.bro diff --git a/testing/btest/policy/frameworks/logging/remote.bro b/testing/btest/scripts/base/frameworks/logging/remote.bro similarity index 100% rename from testing/btest/policy/frameworks/logging/remote.bro rename to testing/btest/scripts/base/frameworks/logging/remote.bro diff --git a/testing/btest/policy/frameworks/logging/remove.bro b/testing/btest/scripts/base/frameworks/logging/remove.bro similarity index 100% rename from testing/btest/policy/frameworks/logging/remove.bro rename to testing/btest/scripts/base/frameworks/logging/remove.bro diff --git a/testing/btest/policy/frameworks/logging/rotate-custom.bro b/testing/btest/scripts/base/frameworks/logging/rotate-custom.bro similarity index 100% rename from testing/btest/policy/frameworks/logging/rotate-custom.bro rename to testing/btest/scripts/base/frameworks/logging/rotate-custom.bro diff --git a/testing/btest/policy/frameworks/logging/rotate.bro b/testing/btest/scripts/base/frameworks/logging/rotate.bro similarity index 100% rename from testing/btest/policy/frameworks/logging/rotate.bro rename to testing/btest/scripts/base/frameworks/logging/rotate.bro diff --git a/testing/btest/policy/frameworks/logging/rotation.trace b/testing/btest/scripts/base/frameworks/logging/rotation.trace similarity index 100% rename from testing/btest/policy/frameworks/logging/rotation.trace rename to testing/btest/scripts/base/frameworks/logging/rotation.trace diff --git a/testing/btest/policy/frameworks/logging/stdout.bro b/testing/btest/scripts/base/frameworks/logging/stdout.bro similarity index 100% rename from testing/btest/policy/frameworks/logging/stdout.bro rename to testing/btest/scripts/base/frameworks/logging/stdout.bro diff --git a/testing/btest/policy/frameworks/logging/test-logging.bro b/testing/btest/scripts/base/frameworks/logging/test-logging.bro similarity index 100% rename from testing/btest/policy/frameworks/logging/test-logging.bro rename to testing/btest/scripts/base/frameworks/logging/test-logging.bro diff --git a/testing/btest/policy/frameworks/logging/types.bro b/testing/btest/scripts/base/frameworks/logging/types.bro similarity index 100% rename from testing/btest/policy/frameworks/logging/types.bro rename to testing/btest/scripts/base/frameworks/logging/types.bro diff --git a/testing/btest/policy/frameworks/logging/unset-record.bro b/testing/btest/scripts/base/frameworks/logging/unset-record.bro similarity index 100% rename from testing/btest/policy/frameworks/logging/unset-record.bro rename to testing/btest/scripts/base/frameworks/logging/unset-record.bro diff --git a/testing/btest/policy/frameworks/logging/vec.bro b/testing/btest/scripts/base/frameworks/logging/vec.bro similarity index 100% rename from testing/btest/policy/frameworks/logging/vec.bro rename to testing/btest/scripts/base/frameworks/logging/vec.bro diff --git a/testing/btest/policy/frameworks/software/version-parsing.bro b/testing/btest/scripts/base/frameworks/software/version-parsing.bro similarity index 100% rename from testing/btest/policy/frameworks/software/version-parsing.bro rename to testing/btest/scripts/base/frameworks/software/version-parsing.bro diff --git a/testing/btest/policy/misc/init-default-coverage.bro b/testing/btest/scripts/base/init-default-coverage.bro similarity index 100% rename from testing/btest/policy/misc/init-default-coverage.bro rename to testing/btest/scripts/base/init-default-coverage.bro diff --git a/testing/btest/policy/protocols/http/http-header-crlf.bro b/testing/btest/scripts/base/protocols/http/http-header-crlf.bro similarity index 100% rename from testing/btest/policy/protocols/http/http-header-crlf.bro rename to testing/btest/scripts/base/protocols/http/http-header-crlf.bro diff --git a/testing/btest/policy/protocols/http/http-mime-and-md5.bro b/testing/btest/scripts/base/protocols/http/http-mime-and-md5.bro similarity index 100% rename from testing/btest/policy/protocols/http/http-mime-and-md5.bro rename to testing/btest/scripts/base/protocols/http/http-mime-and-md5.bro diff --git a/testing/btest/policy/protocols/http/http-pipelining.bro b/testing/btest/scripts/base/protocols/http/http-pipelining.bro similarity index 100% rename from testing/btest/policy/protocols/http/http-pipelining.bro rename to testing/btest/scripts/base/protocols/http/http-pipelining.bro diff --git a/testing/btest/policy/protocols/irc/basic.test b/testing/btest/scripts/base/protocols/irc/basic.test similarity index 100% rename from testing/btest/policy/protocols/irc/basic.test rename to testing/btest/scripts/base/protocols/irc/basic.test diff --git a/testing/btest/policy/protocols/irc/dcc-extract.test b/testing/btest/scripts/base/protocols/irc/dcc-extract.test similarity index 100% rename from testing/btest/policy/protocols/irc/dcc-extract.test rename to testing/btest/scripts/base/protocols/irc/dcc-extract.test diff --git a/testing/btest/policy/protocols/smtp/basic.test b/testing/btest/scripts/base/protocols/smtp/basic.test similarity index 100% rename from testing/btest/policy/protocols/smtp/basic.test rename to testing/btest/scripts/base/protocols/smtp/basic.test diff --git a/testing/btest/policy/protocols/smtp/mime-extract.test b/testing/btest/scripts/base/protocols/smtp/mime-extract.test similarity index 100% rename from testing/btest/policy/protocols/smtp/mime-extract.test rename to testing/btest/scripts/base/protocols/smtp/mime-extract.test diff --git a/testing/btest/policy/protocols/smtp/mime.test b/testing/btest/scripts/base/protocols/smtp/mime.test similarity index 100% rename from testing/btest/policy/protocols/smtp/mime.test rename to testing/btest/scripts/base/protocols/smtp/mime.test diff --git a/testing/btest/policy/utils/addrs.test b/testing/btest/scripts/base/utils/addrs.test similarity index 100% rename from testing/btest/policy/utils/addrs.test rename to testing/btest/scripts/base/utils/addrs.test diff --git a/testing/btest/policy/utils/conn-ids.test b/testing/btest/scripts/base/utils/conn-ids.test similarity index 100% rename from testing/btest/policy/utils/conn-ids.test rename to testing/btest/scripts/base/utils/conn-ids.test diff --git a/testing/btest/policy/utils/directions-and-hosts.test b/testing/btest/scripts/base/utils/directions-and-hosts.test similarity index 100% rename from testing/btest/policy/utils/directions-and-hosts.test rename to testing/btest/scripts/base/utils/directions-and-hosts.test diff --git a/testing/btest/policy/utils/files.test b/testing/btest/scripts/base/utils/files.test similarity index 100% rename from testing/btest/policy/utils/files.test rename to testing/btest/scripts/base/utils/files.test diff --git a/testing/btest/policy/utils/numbers.test b/testing/btest/scripts/base/utils/numbers.test similarity index 100% rename from testing/btest/policy/utils/numbers.test rename to testing/btest/scripts/base/utils/numbers.test diff --git a/testing/btest/policy/utils/paths.test b/testing/btest/scripts/base/utils/paths.test similarity index 100% rename from testing/btest/policy/utils/paths.test rename to testing/btest/scripts/base/utils/paths.test diff --git a/testing/btest/policy/utils/pattern.test b/testing/btest/scripts/base/utils/pattern.test similarity index 100% rename from testing/btest/policy/utils/pattern.test rename to testing/btest/scripts/base/utils/pattern.test diff --git a/testing/btest/policy/utils/site.test b/testing/btest/scripts/base/utils/site.test similarity index 100% rename from testing/btest/policy/utils/site.test rename to testing/btest/scripts/base/utils/site.test diff --git a/testing/btest/policy/utils/strings.test b/testing/btest/scripts/base/utils/strings.test similarity index 100% rename from testing/btest/policy/utils/strings.test rename to testing/btest/scripts/base/utils/strings.test diff --git a/testing/btest/policy/utils/thresholds.test b/testing/btest/scripts/base/utils/thresholds.test similarity index 100% rename from testing/btest/policy/utils/thresholds.test rename to testing/btest/scripts/base/utils/thresholds.test diff --git a/testing/btest/policy/misc/check-test-all-policy.bro b/testing/btest/scripts/check-test-all-policy.bro similarity index 100% rename from testing/btest/policy/misc/check-test-all-policy.bro rename to testing/btest/scripts/check-test-all-policy.bro diff --git a/testing/btest/policy/misc/bare-loaded-scripts.test b/testing/btest/scripts/policy/misc/bare-loaded-scripts.test similarity index 100% rename from testing/btest/policy/misc/bare-loaded-scripts.test rename to testing/btest/scripts/policy/misc/bare-loaded-scripts.test diff --git a/testing/btest/policy/misc/default-loaded-scripts.test b/testing/btest/scripts/policy/misc/default-loaded-scripts.test similarity index 100% rename from testing/btest/policy/misc/default-loaded-scripts.test rename to testing/btest/scripts/policy/misc/default-loaded-scripts.test diff --git a/testing/btest/policy/protocols/conn/known-hosts.bro b/testing/btest/scripts/policy/protocols/conn/known-hosts.bro similarity index 100% rename from testing/btest/policy/protocols/conn/known-hosts.bro rename to testing/btest/scripts/policy/protocols/conn/known-hosts.bro diff --git a/testing/btest/policy/protocols/conn/known-services.bro b/testing/btest/scripts/policy/protocols/conn/known-services.bro similarity index 100% rename from testing/btest/policy/protocols/conn/known-services.bro rename to testing/btest/scripts/policy/protocols/conn/known-services.bro diff --git a/testing/btest/policy/protocols/dns/event-priority.bro b/testing/btest/scripts/policy/protocols/dns/event-priority.bro similarity index 100% rename from testing/btest/policy/protocols/dns/event-priority.bro rename to testing/btest/scripts/policy/protocols/dns/event-priority.bro diff --git a/testing/btest/policy/protocols/http/test-sql-injection-regex.bro b/testing/btest/scripts/policy/protocols/http/test-sql-injection-regex.bro similarity index 100% rename from testing/btest/policy/protocols/http/test-sql-injection-regex.bro rename to testing/btest/scripts/policy/protocols/http/test-sql-injection-regex.bro diff --git a/testing/btest/policy/site/testing-local.bro b/testing/btest/scripts/site/local.test similarity index 100% rename from testing/btest/policy/site/testing-local.bro rename to testing/btest/scripts/site/local.test diff --git a/testing/btest/policy/misc/test-all-policy-coverage.bro b/testing/btest/scripts/test-all-policy-coverage.bro similarity index 100% rename from testing/btest/policy/misc/test-all-policy-coverage.bro rename to testing/btest/scripts/test-all-policy-coverage.bro From ed281fb634a3f2959c8969e9f2ca3925b00c37c3 Mon Sep 17 00:00:00 2001 From: Jon Siwek Date: Thu, 11 Aug 2011 10:49:41 -0500 Subject: [PATCH 08/11] Fixing some more bare-mode @load dependency issues --- scripts/base/protocols/http/main.bro | 1 + scripts/site/local.bro | 1 + 2 files changed, 2 insertions(+) diff --git a/scripts/base/protocols/http/main.bro b/scripts/base/protocols/http/main.bro index 35e3874e6d..ec54b1f428 100644 --- a/scripts/base/protocols/http/main.bro +++ b/scripts/base/protocols/http/main.bro @@ -1,4 +1,5 @@ @load base/utils/numbers +@load base/utils/files module HTTP; diff --git a/scripts/site/local.bro b/scripts/site/local.bro index cd0d6634b2..7165757eab 100644 --- a/scripts/site/local.bro +++ b/scripts/site/local.bro @@ -48,6 +48,7 @@ redef signature_files += "frameworks/signatures/detect-windows-shells.sig"; # Uncomment this redef if you want to extract SMTP MIME entities for # some file types. The numbers given indicate how many bytes to extract for # the various mime types. +@load base/protocols/smtp/entities-excerpt redef SMTP::entity_excerpt_len += { # ["text/plain"] = 1024, # ["text/html"] = 1024, From 521f54c4f0f7770e120bcbd9841efa8ed84328f6 Mon Sep 17 00:00:00 2001 From: Jon Siwek Date: Thu, 11 Aug 2011 11:34:42 -0500 Subject: [PATCH 09/11] Fix check_for_unused_event_handlers option. The format string given to the reporter warning call wasn't printing the handler names. Also changed it so that each warning message has the full context of the warning. --- src/main.cc | 3 +-- .../Baseline/core.check-unused-event-handlers/.stderr | 1 + testing/btest/core/check-unused-event-handlers.test | 8 ++++++++ 3 files changed, 10 insertions(+), 2 deletions(-) create mode 100644 testing/btest/Baseline/core.check-unused-event-handlers/.stderr create mode 100644 testing/btest/core/check-unused-event-handlers.test diff --git a/src/main.cc b/src/main.cc index f1b393310b..c2d61e7c60 100644 --- a/src/main.cc +++ b/src/main.cc @@ -931,9 +931,8 @@ int main(int argc, char** argv) if ( dead_handlers->length() > 0 && check_for_unused_event_handlers ) { - reporter->Warning("event handlers never invoked:"); for ( int i = 0; i < dead_handlers->length(); ++i ) - reporter->Warning("\t", (*dead_handlers)[i]); + reporter->Warning("event handler never invoked: %s", (*dead_handlers)[i]); } delete dead_handlers; diff --git a/testing/btest/Baseline/core.check-unused-event-handlers/.stderr b/testing/btest/Baseline/core.check-unused-event-handlers/.stderr new file mode 100644 index 0000000000..8d8bf1a85b --- /dev/null +++ b/testing/btest/Baseline/core.check-unused-event-handlers/.stderr @@ -0,0 +1 @@ +warning in , line 1: event handler never invoked: this_is_never_used diff --git a/testing/btest/core/check-unused-event-handlers.test b/testing/btest/core/check-unused-event-handlers.test new file mode 100644 index 0000000000..f9ad105ff6 --- /dev/null +++ b/testing/btest/core/check-unused-event-handlers.test @@ -0,0 +1,8 @@ +# This test should print a warning that the event handler is never invoked. +# @TEST-EXEC: bro -b %INPUT check_for_unused_event_handlers=T +# @TEST-EXEC: btest-diff .stderr + +event this_is_never_used() + { + print "not even once"; + } From 351b13d1c81e4a776dbc3961e0492c2471acda7e Mon Sep 17 00:00:00 2001 From: Jon Siwek Date: Thu, 11 Aug 2011 11:47:12 -0500 Subject: [PATCH 10/11] Fix more bare-mode @load dependency problems --- scripts/base/protocols/ssh/main.bro | 1 + scripts/policy/protocols/ssh/detect-bruteforcing.bro | 4 +++- scripts/policy/protocols/ssh/geo-data.bro | 3 +++ scripts/policy/protocols/ssh/interesting-hostnames.bro | 1 + scripts/site/local-manager.bro | 2 ++ 5 files changed, 10 insertions(+), 1 deletion(-) diff --git a/scripts/base/protocols/ssh/main.bro b/scripts/base/protocols/ssh/main.bro index 4c2af3ee42..836676af37 100644 --- a/scripts/base/protocols/ssh/main.bro +++ b/scripts/base/protocols/ssh/main.bro @@ -9,6 +9,7 @@ @load base/utils/site @load base/utils/thresholds @load base/utils/conn-ids +@load base/utils/directions-and-hosts module SSH; diff --git a/scripts/policy/protocols/ssh/detect-bruteforcing.bro b/scripts/policy/protocols/ssh/detect-bruteforcing.bro index 36e73bfa59..10c5019f27 100644 --- a/scripts/policy/protocols/ssh/detect-bruteforcing.bro +++ b/scripts/policy/protocols/ssh/detect-bruteforcing.bro @@ -1,3 +1,5 @@ +@load base/frameworks/notice/main +@load base/utils/thresholds module SSH; @@ -76,4 +78,4 @@ event SSH::heuristic_failed_login(c: connection) $sub=fmt("%d apparently failed logins", password_rejections[id$orig_h]$n), $n=password_rejections[id$orig_h]$n]); } - } \ No newline at end of file + } diff --git a/scripts/policy/protocols/ssh/geo-data.bro b/scripts/policy/protocols/ssh/geo-data.bro index 97bd0a5803..4dfd8bbae4 100644 --- a/scripts/policy/protocols/ssh/geo-data.bro +++ b/scripts/policy/protocols/ssh/geo-data.bro @@ -1,6 +1,9 @@ ##! This implements all of the additional information and geodata detections ##! for SSH analysis. +@load base/frameworks/notice/main +@load base/protocols/ssh/main + module SSH; export { diff --git a/scripts/policy/protocols/ssh/interesting-hostnames.bro b/scripts/policy/protocols/ssh/interesting-hostnames.bro index cf6ab7e40a..c0c6262be1 100644 --- a/scripts/policy/protocols/ssh/interesting-hostnames.bro +++ b/scripts/policy/protocols/ssh/interesting-hostnames.bro @@ -1,3 +1,4 @@ +@load base/frameworks/notice/main module SSH; diff --git a/scripts/site/local-manager.bro b/scripts/site/local-manager.bro index aa28bd79da..e1e7e83a5e 100644 --- a/scripts/site/local-manager.bro +++ b/scripts/site/local-manager.bro @@ -1,5 +1,7 @@ ##! Local site policy loaded only by the manager in a cluster. +@load base/frameworks/notice/main + # If you are running a cluster you should define your Notice::policy here # so that notice processing occurs on the manager. redef Notice::policy += { From 33fce8a71d384e569284fdf09d0a5d999a7009e6 Mon Sep 17 00:00:00 2001 From: Jon Siwek Date: Mon, 15 Aug 2011 17:29:41 -0500 Subject: [PATCH 11/11] Misc. doc/script/test cleanup. - fixing some Metrics::add_data() call signatures - slight refactors to cluster framework @if and adding a NONE NodeType for so local_node_type() will return that instead of just emitting an error when cluster mode isn't enabled - `make restdoc` target now uses bro's bare-mode - bro scripts generated from bifs now really only live in the build/src/base/ directory and changed the DocSourcesList.cmake to dynamically figure out what bifs exist by looking in src/ instead of build/src/ - add some missing @load dependencies --- doc/scripts/CMakeLists.txt | 2 +- doc/scripts/DocSourcesList.cmake | 23 ++++++++++--------- doc/scripts/genDocSourcesList.sh | 6 ++--- scripts/base/frameworks/cluster/__load__.bro | 10 ++++---- scripts/base/frameworks/cluster/main.bro | 7 +++--- scripts/base/frameworks/metrics/cluster.bro | 3 ++- .../base/frameworks/metrics/non-cluster.bro | 1 + .../frameworks/notice/actions/add-geodata.bro | 5 +++- .../frameworks/metrics/http-example.bro | 9 ++------ scripts/policy/protocols/http/detect-sqli.bro | 4 ++-- src/BroDoc.cc | 2 +- src/CMakeLists.txt | 9 ++++---- .../manager-1.metrics.log | 0 .../metrics.log | 0 .../notice.log | 0 .../frameworks/metrics/basic-cluster.bro | 0 .../base}/frameworks/metrics/basic.bro | 0 .../base}/frameworks/metrics/notice.bro | 0 18 files changed, 42 insertions(+), 39 deletions(-) rename testing/btest/Baseline/{policy.frameworks.metrics.basic-cluster => scripts.base.frameworks.metrics.basic-cluster}/manager-1.metrics.log (100%) rename testing/btest/Baseline/{policy.frameworks.metrics.basic => scripts.base.frameworks.metrics.basic}/metrics.log (100%) rename testing/btest/Baseline/{policy.frameworks.metrics.notice => scripts.base.frameworks.metrics.notice}/notice.log (100%) rename testing/btest/{policy => scripts/base}/frameworks/metrics/basic-cluster.bro (100%) rename testing/btest/{policy => scripts/base}/frameworks/metrics/basic.bro (100%) rename testing/btest/{policy => scripts/base}/frameworks/metrics/notice.bro (100%) diff --git a/doc/scripts/CMakeLists.txt b/doc/scripts/CMakeLists.txt index cb7a42929c..b82605d533 100644 --- a/doc/scripts/CMakeLists.txt +++ b/doc/scripts/CMakeLists.txt @@ -119,7 +119,7 @@ macro(REST_TARGET srcDir broInput) ARGS -E remove_directory .state # generate the reST documentation using bro COMMAND BROPATH=${BROPATH}:${srcDir} ${CMAKE_BINARY_DIR}/src/bro - ARGS --doc-scripts ${broInput} || (rm -rf .state *.log *.rst && exit 1) + ARGS -b -Z ${broInput} || (rm -rf .state *.log *.rst && exit 1) # move generated doc into a new directory tree that # defines the final structure of documents COMMAND "${CMAKE_COMMAND}" diff --git a/doc/scripts/DocSourcesList.cmake b/doc/scripts/DocSourcesList.cmake index 8290d3d102..e071de47e5 100644 --- a/doc/scripts/DocSourcesList.cmake +++ b/doc/scripts/DocSourcesList.cmake @@ -16,13 +16,13 @@ rest_target(${CMAKE_CURRENT_SOURCE_DIR} example.bro internal) rest_target(${psd} base/init-default.bro internal) rest_target(${psd} base/init-bare.bro internal) -rest_target(${CMAKE_BINARY_DIR}/src bro.bif.bro) -rest_target(${CMAKE_BINARY_DIR}/src const.bif.bro) -rest_target(${CMAKE_BINARY_DIR}/src event.bif.bro) -rest_target(${CMAKE_BINARY_DIR}/src logging.bif.bro) -rest_target(${CMAKE_BINARY_DIR}/src reporter.bif.bro) -rest_target(${CMAKE_BINARY_DIR}/src strings.bif.bro) -rest_target(${CMAKE_BINARY_DIR}/src types.bif.bro) +rest_target(${CMAKE_BINARY_DIR}/src/base bro.bif.bro) +rest_target(${CMAKE_BINARY_DIR}/src/base const.bif.bro) +rest_target(${CMAKE_BINARY_DIR}/src/base event.bif.bro) +rest_target(${CMAKE_BINARY_DIR}/src/base logging.bif.bro) +rest_target(${CMAKE_BINARY_DIR}/src/base reporter.bif.bro) +rest_target(${CMAKE_BINARY_DIR}/src/base strings.bif.bro) +rest_target(${CMAKE_BINARY_DIR}/src/base types.bif.bro) rest_target(${psd} base/frameworks/cluster/main.bro) rest_target(${psd} base/frameworks/cluster/nodes/manager.bro) rest_target(${psd} base/frameworks/cluster/nodes/proxy.bro) @@ -34,7 +34,9 @@ rest_target(${psd} base/frameworks/dpd/main.bro) rest_target(${psd} base/frameworks/intel/main.bro) rest_target(${psd} base/frameworks/logging/main.bro) rest_target(${psd} base/frameworks/logging/writers/ascii.bro) +rest_target(${psd} base/frameworks/metrics/cluster.bro) rest_target(${psd} base/frameworks/metrics/main.bro) +rest_target(${psd} base/frameworks/metrics/non-cluster.bro) rest_target(${psd} base/frameworks/notice/actions/add-geodata.bro) rest_target(${psd} base/frameworks/notice/actions/drop.bro) rest_target(${psd} base/frameworks/notice/actions/email_admin.bro) @@ -64,11 +66,11 @@ rest_target(${psd} base/protocols/http/partial-content.bro) rest_target(${psd} base/protocols/http/utils.bro) rest_target(${psd} base/protocols/irc/dcc-send.bro) rest_target(${psd} base/protocols/irc/main.bro) -rest_target(${psd} base/protocols/mime/base.bro) rest_target(${psd} base/protocols/mime/file-extract.bro) rest_target(${psd} base/protocols/mime/file-hash.bro) rest_target(${psd} base/protocols/mime/file-ident.bro) -rest_target(${psd} base/protocols/rpc/base.bro) +rest_target(${psd} base/protocols/mime/main.bro) +rest_target(${psd} base/protocols/rpc/main.bro) rest_target(${psd} base/protocols/smtp/entities-excerpt.bro) rest_target(${psd} base/protocols/smtp/entities.bro) rest_target(${psd} base/protocols/smtp/main.bro) @@ -99,8 +101,7 @@ rest_target(${psd} policy/frameworks/metrics/http-example.bro) rest_target(${psd} policy/frameworks/metrics/ssl-example.bro) rest_target(${psd} policy/frameworks/software/version-changes.bro) rest_target(${psd} policy/frameworks/software/vulnerable.bro) -rest_target(${psd} policy/integration/barnyard2/base.bro) -rest_target(${psd} policy/integration/barnyard2/event.bro) +rest_target(${psd} policy/integration/barnyard2/main.bro) rest_target(${psd} policy/integration/barnyard2/types.bro) rest_target(${psd} policy/misc/analysis-groups.bro) rest_target(${psd} policy/misc/loaded-scripts.bro) diff --git a/doc/scripts/genDocSourcesList.sh b/doc/scripts/genDocSourcesList.sh index 8ef4ff9c14..1f56843f5f 100755 --- a/doc/scripts/genDocSourcesList.sh +++ b/doc/scripts/genDocSourcesList.sh @@ -68,12 +68,12 @@ sourcedir=${thisdir}/../.. echo "$statictext" > $outfile -bifs=`( cd ${sourcedir}/build/src && find . -name \*\.bro | sort )` +bifs=`( cd ${sourcedir}/src && find . -name \*\.bif | sort )` for file in $bifs do - f=${file:2} - echo "rest_target(\${CMAKE_BINARY_DIR}/src $f)" >> $outfile + f=${file:2}.bro + echo "rest_target(\${CMAKE_BINARY_DIR}/src/base $f)" >> $outfile done scriptfiles=`( cd ${sourcedir}/scripts && find . -name \*\.bro | sort )` diff --git a/scripts/base/frameworks/cluster/__load__.bro b/scripts/base/frameworks/cluster/__load__.bro index 03262d3d75..d0b72dad4f 100644 --- a/scripts/base/frameworks/cluster/__load__.bro +++ b/scripts/base/frameworks/cluster/__load__.bro @@ -1,7 +1,7 @@ # Load the core cluster support. @load ./main -@if ( Cluster::node != "" ) +@if ( Cluster::is_enabled() ) # Give the node being started up it's peer name. redef peer_description = Cluster::node; @@ -26,17 +26,17 @@ redef peer_description = Cluster::node; ## Set the port that this node is supposed to listen on. redef Communication::listen_port_clear = Cluster::nodes[Cluster::node]$p; -@if ( Cluster::nodes[Cluster::node]$node_type == Cluster::MANAGER ) +@if ( Cluster::local_node_type() == Cluster::MANAGER ) @load ./nodes/manager @endif -@if ( Cluster::nodes[Cluster::node]$node_type == Cluster::PROXY ) +@if ( Cluster::local_node_type() == Cluster::PROXY ) @load ./nodes/proxy @endif -@if ( Cluster::nodes[Cluster::node]$node_type == Cluster::WORKER ) +@if ( Cluster::local_node_type() == Cluster::WORKER ) @load ./nodes/worker @endif @endif -@endif \ No newline at end of file +@endif diff --git a/scripts/base/frameworks/cluster/main.bro b/scripts/base/frameworks/cluster/main.bro index caf8c48bff..c8e42ec5ea 100644 --- a/scripts/base/frameworks/cluster/main.bro +++ b/scripts/base/frameworks/cluster/main.bro @@ -10,6 +10,7 @@ export { } &log; type NodeType: enum { + NONE, CONTROL, MANAGER, PROXY, @@ -54,8 +55,8 @@ export { ## This function can be called at any time to determine what type of ## cluster node the current Bro instance is going to be acting as. - ## :bro:id:`is_enabled` should be called first to find out if this is - ## actually going to be a cluster node. + ## If :bro:id:`Cluster::is_enabled` returns false, then + ## :bro:enum:`Cluster::NONE` is returned. global local_node_type: function(): NodeType; ## This gives the value for the number of workers currently connected to, @@ -81,7 +82,7 @@ function is_enabled(): bool function local_node_type(): NodeType { - return nodes[node]$node_type; + return is_enabled() ? nodes[node]$node_type : NONE; } diff --git a/scripts/base/frameworks/metrics/cluster.bro b/scripts/base/frameworks/metrics/cluster.bro index 94281eb883..41cf1e55cf 100644 --- a/scripts/base/frameworks/metrics/cluster.bro +++ b/scripts/base/frameworks/metrics/cluster.bro @@ -5,6 +5,7 @@ ##! transparently automated when running on a cluster. @load base/frameworks/cluster +@load ./main module Metrics; @@ -143,4 +144,4 @@ event Metrics::cluster_results(uid: string, id: ID, filter_name: string, data: M } } -@endif \ No newline at end of file +@endif diff --git a/scripts/base/frameworks/metrics/non-cluster.bro b/scripts/base/frameworks/metrics/non-cluster.bro index a96210649e..b3dbf029ca 100644 --- a/scripts/base/frameworks/metrics/non-cluster.bro +++ b/scripts/base/frameworks/metrics/non-cluster.bro @@ -1,3 +1,4 @@ +@load ./main module Metrics; diff --git a/scripts/base/frameworks/notice/actions/add-geodata.bro b/scripts/base/frameworks/notice/actions/add-geodata.bro index 71e9c6b490..423d93a8c1 100644 --- a/scripts/base/frameworks/notice/actions/add-geodata.bro +++ b/scripts/base/frameworks/notice/actions/add-geodata.bro @@ -4,6 +4,9 @@ ##! probably a safe assumption to make in most cases. If both addresses ##! are remote, it will use the $src address. +@load base/frameworks/notice/main +@load base/utils/site + module Notice; export { @@ -44,4 +47,4 @@ event notice(n: Notice::Info) &priority=10 else if ( n?$dst && ! Site::is_local_addr(n$dst) ) n$remote_location = lookup_location(n$dst); } - } \ No newline at end of file + } diff --git a/scripts/policy/frameworks/metrics/http-example.bro b/scripts/policy/frameworks/metrics/http-example.bro index fb71fb9013..117923185a 100644 --- a/scripts/policy/frameworks/metrics/http-example.bro +++ b/scripts/policy/frameworks/metrics/http-example.bro @@ -23,12 +23,7 @@ event bro_init() event HTTP::log_http(rec: HTTP::Info) { if ( rec?$host ) - Metrics::add_data(HTTP_REQUESTS_BY_HOST_HEADER, [$str=rec$host]); + Metrics::add_data(HTTP_REQUESTS_BY_HOST_HEADER, [$str=rec$host], 1); if ( rec?$status_code ) -<<<<<<< HEAD - Metrics::add_data(HTTP_REQUESTS_BY_STATUS_CODE, [$host=rec$id$orig_h, $index=fmt("%d", rec$status_code)]); + Metrics::add_data(HTTP_REQUESTS_BY_STATUS_CODE, [$host=rec$id$orig_h, $str=fmt("%d", rec$status_code)], 1); } -======= - Metrics::add_data(HTTP_REQUESTS_BY_STATUS_CODE, [$host=rec$id$orig_h, $str=fmt("%d", rec$status_code)]); - } ->>>>>>> master diff --git a/scripts/policy/protocols/http/detect-sqli.bro b/scripts/policy/protocols/http/detect-sqli.bro index c1e6281c6b..4dde93f6bf 100644 --- a/scripts/policy/protocols/http/detect-sqli.bro +++ b/scripts/policy/protocols/http/detect-sqli.bro @@ -55,7 +55,7 @@ event http_request(c: connection, method: string, original_URI: string, { add c$http$tags[URI_SQLI]; - Metrics::add_data(SQL_ATTACKS, [$host=c$id$orig_h]); - Metrics::add_data(SQL_ATTACKS_AGAINST, [$host=c$id$resp_h]); + Metrics::add_data(SQL_ATTACKS, [$host=c$id$orig_h], 1); + Metrics::add_data(SQL_ATTACKS_AGAINST, [$host=c$id$resp_h], 1); } } diff --git a/src/BroDoc.cc b/src/BroDoc.cc index 302bd04c88..d3406ad113 100644 --- a/src/BroDoc.cc +++ b/src/BroDoc.cc @@ -60,7 +60,7 @@ BroDoc::BroDoc(const std::string& rel, const std::string& abs) if ( ! reST_file ) fprintf(stderr, "Failed to open %s\n", reST_filename.c_str()); -#ifdef DEBUG +#ifdef DOCDEBUG fprintf(stdout, "Documenting absolute source: %s\n", abs.c_str()); fprintf(stdout, "\trelative dir: %s\n", rel.c_str()); fprintf(stdout, "\tdoc title: %s\n", doc_title.c_str()); diff --git a/src/CMakeLists.txt b/src/CMakeLists.txt index c7e99c2e21..0bbced32db 100644 --- a/src/CMakeLists.txt +++ b/src/CMakeLists.txt @@ -108,25 +108,26 @@ macro(BIF_TARGET bifInput) COMMAND bifcl ARGS ${CMAKE_CURRENT_SOURCE_DIR}/${bifInput} || (rm -f ${bifOutputs} && exit 1) # in order be able to run bro from the build directory, - # a copy of the generated bro script needs to be copied - # to a directory tree named the same way it will be + # the generated bro script needs to be inside a + # a directory tree named the same way it will be # referenced from an @load COMMAND "${CMAKE_COMMAND}" ARGS -E copy ${bifInput}.bro base/${bifInput}.bro + COMMAND "${CMAKE_COMMAND}" + ARGS -E remove -f ${bifInput}.bro DEPENDS ${bifInput} DEPENDS bifcl COMMENT "[BIFCL] Processing ${bifInput}" ) list(APPEND ALL_BIF_OUTPUTS ${bifOutputs}) list(APPEND INSTALL_BIF_OUTPUTS - ${CMAKE_CURRENT_BINARY_DIR}/${bifInput}.bro) + ${CMAKE_CURRENT_BINARY_DIR}/base/${bifInput}.bro) endmacro(BIF_TARGET) # returns a list of output files that bifcl will produce # for given input file in ${outputFileVar} macro(GET_BIF_OUTPUT_FILES inputFile outputFileVar) set(${outputFileVar} - ${inputFile}.bro base/${inputFile}.bro ${inputFile}.func_def ${inputFile}.func_h diff --git a/testing/btest/Baseline/policy.frameworks.metrics.basic-cluster/manager-1.metrics.log b/testing/btest/Baseline/scripts.base.frameworks.metrics.basic-cluster/manager-1.metrics.log similarity index 100% rename from testing/btest/Baseline/policy.frameworks.metrics.basic-cluster/manager-1.metrics.log rename to testing/btest/Baseline/scripts.base.frameworks.metrics.basic-cluster/manager-1.metrics.log diff --git a/testing/btest/Baseline/policy.frameworks.metrics.basic/metrics.log b/testing/btest/Baseline/scripts.base.frameworks.metrics.basic/metrics.log similarity index 100% rename from testing/btest/Baseline/policy.frameworks.metrics.basic/metrics.log rename to testing/btest/Baseline/scripts.base.frameworks.metrics.basic/metrics.log diff --git a/testing/btest/Baseline/policy.frameworks.metrics.notice/notice.log b/testing/btest/Baseline/scripts.base.frameworks.metrics.notice/notice.log similarity index 100% rename from testing/btest/Baseline/policy.frameworks.metrics.notice/notice.log rename to testing/btest/Baseline/scripts.base.frameworks.metrics.notice/notice.log diff --git a/testing/btest/policy/frameworks/metrics/basic-cluster.bro b/testing/btest/scripts/base/frameworks/metrics/basic-cluster.bro similarity index 100% rename from testing/btest/policy/frameworks/metrics/basic-cluster.bro rename to testing/btest/scripts/base/frameworks/metrics/basic-cluster.bro diff --git a/testing/btest/policy/frameworks/metrics/basic.bro b/testing/btest/scripts/base/frameworks/metrics/basic.bro similarity index 100% rename from testing/btest/policy/frameworks/metrics/basic.bro rename to testing/btest/scripts/base/frameworks/metrics/basic.bro diff --git a/testing/btest/policy/frameworks/metrics/notice.bro b/testing/btest/scripts/base/frameworks/metrics/notice.bro similarity index 100% rename from testing/btest/policy/frameworks/metrics/notice.bro rename to testing/btest/scripts/base/frameworks/metrics/notice.bro