Mirror/zeek
1
0
Fork 0
mirror of https://github.com/zeek/zeek.git synced 2025-10-02 06:38:20 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 1
zeek/scripts
History
Arne Welzel 3dae8ab086 smb2: Raise smb2_file_delete for CREATE with FILE_DELETE_ON_CLOSE 
When a CREATE request contains the FILE_DELETE_ON_CLOSE option and
the subsequent CREATE response indicates success, we now raise the
smb2_file_delete event to log a delete action in smb_files.log and
also give users a way to handle this scenario.

The provided pcap was generated locally by recording a smbtorture run
of the smb2.delete-on-close-perms test case.

Placed the create_options into the CmdInfo record for potential
exposure in smb_cmd.log (wasn't sure how that would look so left it
for the future).

Fixes #2276.
2022-07-16 17:14:13 +02:00
..
base smb2: Raise smb2_file_delete for CREATE with FILE_DELETE_ON_CLOSE 2022-07-16 17:14:13 +02:00
policy Management framework: additional logging tweaks 2022-07-12 17:53:35 -07:00
site Deprecate ICSI SSL notary script. 2021-06-29 09:34:29 +01:00
zeekygen Remove some deprecated ocsp/ssl base scripts 2022-06-30 19:17:08 +00:00
CMakeLists.txt Add base/misc/installation.zeek, with Zeek installation directories 2022-05-23 14:16:59 -07:00
test-all-policy.zeek Remove some deprecated ocsp/ssl base scripts 2022-06-30 19:17:08 +00:00