mirror of
https://github.com/zeek/zeek.git
synced 2025-10-02 06:38:20 +00:00
29 lines
696 B
Text
29 lines
696 B
Text
# $Id: passwords.bro 688 2004-11-02 23:59:55Z vern $
|
|
|
|
# Generates notices of exposed passwords. Currently just works
|
|
# on telnet/rlogin access. Should be extended to do FTP, HTTP, etc.
|
|
|
|
@load login
|
|
|
|
redef enum Notice += {
|
|
PasswordExposed,
|
|
};
|
|
|
|
# Usernames which we ignore.
|
|
global okay_usernames: set[string] &redef;
|
|
|
|
# Passwords which we ignore.
|
|
global okay_passwords = { "", "<none>" } &redef;
|
|
|
|
event login_success(c:connection, user: string, client_user: string,
|
|
password: string, line: string)
|
|
{
|
|
if ( user in okay_usernames || password in okay_passwords )
|
|
return;
|
|
|
|
NOTICE([$note=PasswordExposed,
|
|
$conn=c,
|
|
$user=user,
|
|
$sub=password,
|
|
$msg="login exposed user's password"]);
|
|
}
|