Mirror/zeek
1
0
Fork 0
mirror of https://github.com/zeek/zeek.git synced 2025-10-02 22:58:20 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 3
7005 commits 386 branches 195 tags 257 MiB
Commit graph

5 commits

Author SHA1 Message Date
Vlad Grigorescu
70aaffbaac Logic fix for ssh/main.bro when the auth status is indeterminate, and fix a test. Addresses BIT-1641. 2016-10-14 09:14:22 -05:00
Johanna Amann
bac1bd5bdf Merge remote-tracking branch 'origin/topic/robin/bit-1641' 
* origin/topic/robin/bit-1641:
  Fixing duplicate SSH authentication failure events.

I changed the test slightly; the output of uniq is not stable between
operating systems (on OS-X, it emits a space, on Linux it apparently
emits a tab). I removed the call to uniq - sort by itself is enough to
create a difference if there are duplicate entries.

Addresses BIT-1641
 2016-08-02 15:28:31 -07:00
Robin Sommer
176d9f23be Fixing duplicate SSH authentication failure events. 
We now do not raise more than one failure event per connection.

Addresses BIT-1641.
 2016-08-01 12:42:03 -07:00
Johanna Amann
f89874b9e9 Merge branch 'patch-4' of https://github.com/aeppert/bro 
* 'patch-4' of https://github.com/aeppert/bro:
  (BIT-1545) Add "disable_analyzer_after_detection" en lieu of "skip_processing_after_detection"

I also removed the old disable_analyzer_after_detection option
completely - if someone wants that, they can just catch the event
themselves and call skip_further_processing.

I also adjusted the ssh test case to contain conn.log to prevent
re-addition of this problem in the future.

BIT-1545 #merged
 2016-03-07 13:39:28 -08:00
Vlad Grigorescu
be6188bf00 SSH: Update baselines 2015-03-18 13:02:33 -04:00