Mirror/zeek
1
0
Fork 0
mirror of https://github.com/zeek/zeek.git synced 2025-10-05 08:08:19 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 1

Merge branch 'topic/seth/ssh-login-monitoring-fix'

Browse source 
* topic/seth/ssh-login-monitoring-fix:
  Add a call to lookup_connection in SSH scripts to update connval.
This commit is contained in:
Seth Hall 2013-07-04 22:47:56 -04:00
commit fefef47f30
3 changed files with 9 additions and 2 deletions
Download patch file Download diff file Expand all files Collapse all files

6
CHANGES
View file

@ -1,4 +1,10 @@
2.1-784 | 2013-07-04 22:28:48 -0400
* Add a call to lookup_connection in SSH scripts to update connval. (Seth Hall)
* Updating submodule(s). (Robin Sommer)
2.1-782 | 2013-07-03 17:00:39 -0700 2.1-782 | 2013-07-03 17:00:39 -0700
* Remove the SSL log queueing mechanism that was included with the * Remove the SSL log queueing mechanism that was included with the

2
VERSION
View file

@ -1 +1 @@
2.1-782 2.1-784

3
scripts/base/protocols/ssh/main.bro
View file

@ -118,7 +118,7 @@ function check_ssh_connection(c: connection, done: bool)
# Responder must have sent fewer than 40 packets. # Responder must have sent fewer than 40 packets.
c$resp$num_pkts < 40 && c$resp$num_pkts < 40 &&
# If there was a content gap we can't reliably do this heuristic. # If there was a content gap we can't reliably do this heuristic.
c?$conn && c$conn$missed_bytes == 0)# && c?$conn && c$conn$missed_bytes == 0 )# &&
# Only "normal" connections can count. # Only "normal" connections can count.
#c$conn?$conn_state && c$conn$conn_state in valid_states ) #c$conn?$conn_state && c$conn$conn_state in valid_states )
{ {
@ -178,6 +178,7 @@ event ssh_watcher(c: connection)
if ( ! connection_exists(id) ) if ( ! connection_exists(id) )
return; return;
lookup_connection(c$id);
check_ssh_connection(c, F); check_ssh_connection(c, F);
if ( ! c$ssh$done ) if ( ! c$ssh$done )
schedule +15secs { ssh_watcher(c) }; schedule +15secs { ssh_watcher(c) };