Mirror/zeek
1
0
Fork 0
mirror of https://github.com/zeek/zeek.git synced 2025-10-11 11:08:20 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 2
11634 commits 387 branches 195 tags 271 MiB
Commit graph

11634 commits

This branch
This branch
All branches
Author SHA1 Message Date
Robin Sommer
58290d6fc0 Updating NEWS. 2013-07-14 08:42:35 -07:00
Robin Sommer
50357ec47a Merge remote-tracking branch 'origin/topic/bernhard/sqlite-update' 
* origin/topic/bernhard/sqlite-update:
  yep, freebsd still needs this fix
  bump sqlite to 3.7.17.

Closes #1037.
 2013-07-14 08:04:19 -07:00
Seth Hall
4dd4c5344e Fix a bug where orig file information in http wasn't working right. 2013-07-12 16:12:26 -04:00
Seth Hall
b14f5a853e Added mime types to http.log 2013-07-12 16:06:40 -04:00
Bernhard Amann
e01678d132 yep, freebsd still needs this fix 2013-07-12 21:09:13 +02:00
Jon Siwek
1a60fae41c Clean up queued but unused file_over_new_connections event args. 2013-07-11 11:36:49 -05:00
Seth Hall
3d5c17e9e0 Add jar files to the default MHR lookups. 2013-07-10 23:46:01 -04:00
Robin Sommer
ef6b4885dd Adding some temporary testing/demonstration to front page. 2013-07-10 15:07:44 -07:00
Robin Sommer
6581844de9 Merge branch 'topic/documentation' of ssh://git.bro-ids.org/bro into topic/documentation 2013-07-10 15:01:05 -07:00
Robin Sommer
8a0cc31d0a Switching btest to topic/robin/parts branch. 2013-07-10 14:59:40 -07:00
Robin Sommer
06287966a1 Bringing the DPD POP3 signature back. 
This also avoids the need for updating the external test suite.
 2013-07-10 14:19:00 -07:00
Seth Hall
be8c947c04 Adding CAB files for MHR checking. 2013-07-10 17:04:09 -04:00
Seth Hall
bf4f57383f Improve malware hash registry script. 
- Include a link to a virustotal search in the notice sub message field.

 - Give all information returned from Team Cymru in the notice message.

 - Add more file types to match on to the default set.
 2013-07-10 16:52:39 -04:00
Seth Hall
22b4f8dd90 Fix a small issue with finding smtp entities. 2013-07-10 16:51:22 -04:00
Seth Hall
788a31edcd Added support for files to the notice framework. 2013-07-10 16:29:07 -04:00
Seth Hall
2e0912b543 Merge remote-tracking branch 'origin/topic/seth/bittorrent-fix-and-dpd-sig-breakout' into topic/seth/faf-updates 
Conflicts:
	magic
	scripts/base/protocols/http/__load__.bro
	scripts/base/protocols/irc/__load__.bro
	scripts/base/protocols/smtp/__load__.bro
 2013-07-10 16:28:38 -04:00
Jon Siwek
99d604c9b5 Make the custom libmagic database a git submodule. 
The magic files couldn't be in the root of that repo or else
libmagic would abort when it ran in to the .git* files and tried
to treat them like magic files, too.
 2013-07-10 14:06:51 -05:00
Robin Sommer
cb09bd6358 Merge remote-tracking branch 'origin/topic/seth/bittorrent-fix-and-dpd-sig-breakout' 
Closes #1035.

* origin/topic/seth/bittorrent-fix-and-dpd-sig-breakout:
  Small test fixes.
  Added a missing curly brace in smtp/dpd.sig
  Fix a bug where the same analyzer tag was reused for two different analyzers.
  Moved DPD signatures into script specific directories.
 2013-07-10 11:37:57 -07:00
Robin Sommer
7d8a135ca4 Merge remote-tracking branch 'origin/fastpath' 
* origin/fastpath:
  const adjustment
 2013-07-10 10:55:45 -07:00
Jon Siwek
0394493fac const adjustment 
And fixes compiler warning about overloaded virtual function hiding.
 2013-07-10 11:55:40 -05:00
Matthias Vallentin
446344ae99 Add missing include for GCC. 2013-07-10 01:32:59 -07:00
Matthias Vallentin
21a07ced82 Merge branch 'topic/matthias/bloom-filter' of ssh://git.bro.org/bro into topic/matthias/bloom-filter 2013-07-10 01:29:06 -07:00
Robin Sommer
40201a180e Fixing for unserializion error. 
Because BloomFilter is a base class, with other classes derived from
it, it needs special treatment.
 2013-07-09 21:00:53 -07:00
Seth Hall
8322bbfd62 Small test fixes. 2013-07-09 23:28:09 -04:00
Seth Hall
60da0f4764 Added a missing curly brace in smtp/dpd.sig 2013-07-09 22:57:36 -04:00
Seth Hall
4dda9cd3ba Fix a bug where the same analyzer tag was reused for two different analyzers. 2013-07-09 22:45:21 -04:00
Seth Hall
39444b5af7 Moved DPD signatures into script specific directories. 
- This caused us to lose signatures for POP3 and Bittorrent.  These will
   need discovered in the repository again when we add scripts
   for those analyzers.
 2013-07-09 22:44:55 -04:00
Bernhard Amann
03b584c34a Merge remote-tracking branch 'origin/master' into topic/bernhard/topk 2013-07-09 14:56:05 -07:00
Jon Siwek
73155c321b Add an is_orig parameter to file_over_new_connection event. 2013-07-09 15:58:28 -05:00
Jon Siwek
efe878f3de Make magic for emitting application/msword mime type less strict. 2013-07-09 15:56:47 -05:00
Jon Siwek
da4a0bed03 Disable more libmagic builtin checks that override the magic database. 2013-07-09 15:55:33 -05:00
Jon Siwek
6a5b825058 Delay file_over_new_connection events until after file_new occurs. 2013-07-09 14:25:41 -05:00
Seth Hall
5dbc354898 extract_filename_from_content_disposition is still hacky but more closely aligns with RFC5987 2013-07-09 14:05:36 -04:00
Seth Hall
ecfac31de0 Fixed SMTP URL extraction for the Intel framework with Files updates. 2013-07-09 11:51:23 -04:00
Seth Hall
cdf6b7864e More file analysis updates. 
- Recorrected the module name to Files.

  - Added Files::analyzer_name to get a more readable name for a
    file analyzer.

  - Improved and just overall better handled multipart mime
    transfers in HTTP and SMTP.  HTTP now has orig_fuids and resp_fuids
    log fields since multiple "files" can be transferred with
    multipart mime in a single request/response pair.  SMTP has
    an fuids field which has file unique IDs for all parts
    transferred. FTP and IRC have a log field named fuid added
    because only a single file can be transferred per irc and ftp
    log line.
 2013-07-09 11:50:54 -04:00
Robin Sommer
841604bebe Updating submodule(s). 
[nomail]
 2013-07-08 20:46:52 -07:00
Robin Sommer
7fe7684d4a Updating submodule(s). 
[nomail]
 2013-07-08 13:28:07 -07:00
Robin Sommer
2ea1f483db Bringing back test for enable_auto_protocol_capture_filters (formerly 
all_packets).
 2013-07-08 13:06:03 -07:00
Robin Sommer
b62927e9de Merge remote-tracking branch 'origin/topic/seth/packet-filter-updates' 
Closes #1030.

* origin/topic/seth/packet-filter-updates:
  Missed a test fix.
  Updating test baselines.
  Updates for the PacketFilter framework to simplify it.
  Last test update for PacketFilter framework.
  Several final fixes for PacketFilter framework.
  Packet filter framework checkpoint.
  Checkpoint on the packet filter framework.
  Initial rework of packet filter framework.
 2013-07-07 21:09:28 -07:00
Seth Hall
58d133e764 Merge remote-tracking branch 'origin/master' into topic/seth/faf-updates 
Conflicts:
	scripts/base/frameworks/files/main.bro
	scripts/base/init-bare.bro
	scripts/base/protocols/ftp/file-analysis.bro
	scripts/base/protocols/http/file-analysis.bro
	scripts/base/protocols/irc/file-analysis.bro
	scripts/base/protocols/smtp/file-analysis.bro
	src/const.bif
	src/event.bif
	src/file_analysis/Analyzer.h
	src/file_analysis/file_analysis.bif
 2013-07-05 02:13:27 -04:00
Seth Hall
2b48396d23 Check file_over_new_connetion to fire for each connection (including the first). 2013-07-05 02:00:35 -04:00
Seth Hall
df2841458d Large overhaul in name and appearance for file analysis. 2013-07-05 02:00:14 -04:00
Seth Hall
1e5906af08 Missed a test fix. 2013-07-05 01:52:37 -04:00
Seth Hall
af87126521 Updating test baselines. 2013-07-05 01:27:59 -04:00
Seth Hall
4149724f59 Updates for the PacketFilter framework to simplify it. 2013-07-05 01:12:22 -04:00
Seth Hall
5f8ee93ef0 Merge remote-tracking branch 'origin/master' into topic/seth/analyzer-framework 
Conflicts:
	scripts/base/init-default.bro
	scripts/base/protocols/dns/main.bro
	scripts/base/protocols/ftp/main.bro
	scripts/base/protocols/http/main.bro
	scripts/base/protocols/irc/main.bro
	scripts/base/protocols/smtp/main.bro
	scripts/base/protocols/ssh/main.bro
	scripts/base/protocols/ssl/main.bro
	scripts/base/protocols/syslog/main.bro
	src/main.cc
	testing/btest/Baseline/coverage.default-load-baseline/canonified_loaded_scripts.log
 2013-07-04 23:07:52 -04:00
Seth Hall
fefef47f30 Merge branch 'topic/seth/ssh-login-monitoring-fix' 
* topic/seth/ssh-login-monitoring-fix:
  Add a call to lookup_connection in SSH scripts to update connval.
 2013-07-04 22:47:56 -04:00
Seth Hall
ca6d2bb6bc Add a call to lookup_connection in SSH scripts to update connval. 2013-07-04 22:32:07 -04:00
Robin Sommer
23b58d62d2 Updating submodule(s). 
[nomail]
 2013-07-03 17:24:11 -07:00
Robin Sommer
fa8777cbd2 Merge remote-tracking branch 'origin/topic/seth/ssl-remove-log-queue' 
Closes #1027.

* origin/topic/seth/ssl-remove-log-queue:
  Remove the log queueing mechanism that was included with the SSL log delay mechanism.
 2013-07-03 17:01:20 -07:00