zeek/testing at 49b8c7e3909ba0b57019285eaa07022c44f45270 - Mirror/zeek

mirror of https://github.com/zeek/zeek.git synced 2025-10-04 23:58:20 +00:00

History

Jon Siwek 49b8c7e390 Add analyzer for GSI mechanism of GSSAPI FTP AUTH method. GSI authentication involves an encoded TLS/SSL handshake over the FTP control session. Decoding the exchanged tokens and passing them to an SSL analyzer instance allows use of all the familiar script-layer events in inspecting the handshake (e.g. client/server certificats are available). For FTP sessions that attempt GSI authentication, the service field of the connection record will have both "ftp" and "ssl". One additional change is an FTP server's acceptance of an AUTH request no longer causes analysis of the connection to cease (because further analysis likely wasn't possible). This decision can be made more dynamically at the script-layer (plus there's now the fact that further analysis can be done at least on the GSSAPI AUTH method).		2012-10-05 10:43:23 -05:00
..
btest	Add analyzer for GSI mechanism of GSSAPI FTP AUTH method.	2012-10-05 10:43:23 -05:00
external	Tweaking logs-to-elasticsearch.bro so that it doesn't do anything if	2012-07-28 11:21:20 -07:00
scripts	Fix mime type diff canonifier to also skip mime_desc columns	2012-08-17 15:22:51 -05:00
.gitignore	Test coverage integration for external tests and complete suite.	2012-01-12 11:58:13 -06:00
Makefile	Make tests even quieter.	2012-05-24 17:33:02 -07:00
README	Cleaning up some testing stuff.	2011-07-05 18:47:08 -07:00

README

This directory contains suites for testing for Bro's correct
operation:

    btest/
        An ever-growing set of small unit tests testing Bro's
        functionality.

    external/
        A framework for downloading additional test sets that run more
        complex Bro configuration on larger traces files. Due to their
        size, these are not included directly. See the README for more
        information. 

    scripts/
        Helpers scripts used by some tests.