Mirror/zeek
1
0
Fork 0
mirror of https://github.com/zeek/zeek.git synced 2025-10-12 03:28:19 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 2
989 commits 389 branches 195 tags 271 MiB
Commit graph

369 commits

Author SHA1 Message Date
Seth Hall
47c6afac8e Slight changes to software detection framework. 
- This probably won't fix anything, but I'm checking
  for size of tables a bit more consistently now.
 2011-06-08 00:18:42 -04:00
Seth Hall
0778d5e8d5 Updates to the notice framework. 2011-06-08 00:17:54 -04:00
Seth Hall
57531e0769 Merge remote branch 'origin/master' into topic/policy-scripts-new 
Conflicts:
	policy/bro.init
	policy/ssl.bro
 2011-06-07 23:26:03 -04:00
Seth Hall
29bfc5eff1 Fixed some new bugs with file extraction. 2011-06-07 23:12:49 -04:00
Seth Hall
63efdc89ef Fixes to HTTP scripts based on comments from Jon. 2011-06-07 23:09:31 -04:00
Seth Hall
0c1dac2fce Cleaned up and normalized file extraction across protocols. 2011-06-07 23:08:37 -04:00
Seth Hall
d12dd0f82c Signature script normalization and cleanup. 2011-06-07 23:06:29 -04:00
Seth Hall
e0174f583e Changing empty fields to also use "-" for ascii logging. 2011-06-07 23:05:35 -04:00
Seth Hall
8a0e14f0dc Fixed a bug with detecting webapps. 2011-06-07 17:03:32 -04:00
Seth Hall
0de6393c6f Removed an HTTP dependency that is now gone. 2011-06-07 16:38:41 -04:00
Seth Hall
02b45bc9ea Fixed major bug in IRC analysis. 2011-06-07 16:35:55 -04:00
Seth Hall
6c9ff37e61 Removed the extended http script since it wasn't used. 2011-06-07 16:35:25 -04:00
Robin Sommer
4bdb94955d Merge remote branch 'origin/topic/seth/ssl-binpac' 
* origin/topic/seth/ssl-binpac:
  Fixed bug due to vectors now initially indexed on 0.
  Finished core support for new SSL analyzer.
  SSL analyzer changes with accompanying BiF.
  A table_s_of_s type to get around bifcl type limitation.
  Regenerated the Mozilla CA bundle without the untrusted server authentication certs.
  Complete rewrite to SSL analyzer.

Conflicts:
	src/AnalyzerTags.h
	src/CMakeLists.txt

Notes:

    - Haven't looked at the script-level, postponed to
      policy-scripts-new.

    - I renamed X509Extension to X509_extension for consistency.
 2011-06-07 10:12:25 -07:00
Seth Hall
7d68b4c7a0 Removed some accidental debugging print statements. 2011-06-03 07:53:02 -04:00
Seth Hall
737315aa54 Clean up for the functions.bro script. 
Just a little more until that file is gone.
 2011-06-03 07:51:46 -04:00
Seth Hall
aa602b9cdd Fixed a bug with threshold checking for the SSH script. 2011-06-03 07:50:49 -04:00
Seth Hall
72f2472d1d Updates for the pcap.bro script. 
- The install_pcap_filter BiF no longer will prevent
  a filter from being installed if a -f filter was
  provided.  This was already causing a problem where
  command line supplied filters weren't working.
  The pcap.bro script is now where the filter update
  limitation is placed making it possible for users
  to still update the filter at runtime if they really
  want to.
 2011-06-03 07:50:30 -04:00
Seth Hall
8bffd350a4 Updating to use the new directory loading technique. 2011-06-03 07:47:49 -04:00
Seth Hall
27f006f317 Missed a comment from Robin about IRC. 2011-06-02 16:32:18 -04:00
Seth Hall
362f1a8ee1 Updated IRC script based on comments from Robin. 2011-06-02 16:30:08 -04:00
Seth Hall
f0d4447971 Re-added the $force_log attribute to the Software::Info record. 
I re-added it because it's used by the detect-webapps
script to re-log software that may already be logged
if a more-root URL is found that still represents the
same software.
 2011-06-02 16:20:16 -04:00
Seth Hall
08b8873e8b Updates to the notice framework based on comments from Robin. 
- New extension mechanism.
  - Notices requiring realtime actions can be accomodated with
    the notice_functions set which are called synchronously
    prior to logging or any further handling.
  - Notice::notice event handlers will be called afterward
    and follow normal (old) notice handling process.  Logging
    is done by handling this event.
- Lots of new docs.
- Renaming Action enums to reduce confusion with Type enums.
- Notice tags are attached to the Conn::Info record as a set[string].
 2011-06-02 16:18:23 -04:00
Seth Hall
beab408164 Updates for the software framework based on comments from Robin. 2011-06-02 10:38:24 -04:00
Seth Hall
aaab2f8cbb Fixed some more script bugs and more cleanup. 2011-06-01 15:04:05 -04:00
Seth Hall
ec5fed4c68 Responding to comments from Jon. 2011-06-01 15:00:20 -04:00
Seth Hall
6c8c26e106 Adding the new wrapper script for SSL analysis scripts. 2011-06-01 13:27:40 -04:00
Seth Hall
dddabcaafb Checkpoint for reorganization of SSL analysis scripts. 2011-06-01 13:27:26 -04:00
Seth Hall
a432e3ce25 Reorganizing the notice framework. 2011-06-01 11:13:34 -04:00
Seth Hall
0504bf53fc Updates to bro.init and more logging reorg. 2011-06-01 11:10:52 -04:00
Seth Hall
799199eb4f Reorganized logging framework a bit. 2011-06-01 11:08:17 -04:00
Seth Hall
afda3c68ba More script movement and documentation. 2011-06-01 11:04:07 -04:00
Seth Hall
ae3bd76769 Reorganizing the policy scripts for clarity. 2011-06-01 10:07:53 -04:00
Seth Hall
e0467fad2d Fixing bugs discovered by Jon in SMTP script. 2011-05-31 14:48:03 -04:00
Seth Hall
e07189e129 Merge branch 'topic/policy-scripts-new' of ssh://git.bro-ids.org/bro into topic/policy-scripts-new 2011-05-26 00:28:37 -04:00
Seth Hall
da6105ac53 A bit more filename cleanup for the content extraction. 2011-05-26 00:28:28 -04:00
Seth Hall
eacffb7b53 Added a uid column to the dpd log. 2011-05-26 00:28:06 -04:00
Jon Siwek
33f0c237ca Doc tweaks for new conn/contents.bro 2011-05-25 15:34:57 -05:00
Seth Hall
b32ff14a77 New conn/ script for extracting contents. 
- Restructured conn scripts to match other core scripts.
 2011-05-25 14:56:48 -04:00
Seth Hall
b8a1336088 Renaming a helper function for building regexes. 2011-05-24 14:45:16 -04:00
Seth Hall
7ab4601116 Adding a script dependency. 2011-05-24 14:44:40 -04:00
Seth Hall
354f41d964 Updates to FTP script based on comments from Jon. 2011-05-24 14:44:18 -04:00
Seth Hall
b2e2905e87 Updates to DPD scripts. 
- Moved the DPD sigs into the dpd/ directory.
- Updated some comments to reflect reality.
- Added a TODO about a bug.
 2011-05-24 14:42:37 -04:00
Seth Hall
5414c146fa Merge branch 'topic/policy-scripts-new' of ssh://git.bro-ids.org/bro into topic/policy-scripts-new 
Conflicts:
	policy/http.bro
 2011-05-24 10:12:45 -04:00
Seth Hall
d0b4fabcad Updates and fixes for HTTP analysis scripts. 
- File hashing is enabled by default and fixed.
- Other small fixes.
 2011-05-24 10:11:10 -04:00
Seth Hall
15bfa23ce1 Merge remote branch 'origin/master' into topic/seth/ssl-binpac 
Conflicts:
	src/bro.bif
 2011-05-23 17:09:41 -04:00
Seth Hall
297a2cb9c5 A table_s_of_s type to get around bifcl type limitation. 2011-05-23 14:52:18 -04:00
Jon Siwek
196b4af44d Small doc-comment tweak. 2011-05-17 11:26:34 -05:00
Jon Siwek
3a655c610c Add all new policy scripts to doc generation target. 
Minor script tweaks along the way to get rid of reST format warnings
or @load dependency issues.
 2011-05-17 11:15:09 -05:00
Jon Siwek
3fe92fc1ff Remove duplicate 'addr_set' type declaration. 2011-05-12 13:01:58 -05:00
Jon Siwek
6b7e300e0b Remove unused events 'bro_signal' and 'no_handler' 2011-05-12 13:00:22 -05:00