mirror of
https://github.com/zeek/zeek.git
synced 2025-10-03 15:18:20 +00:00
29 lines
893 B
Text
29 lines
893 B
Text
##! Provides a variable to define vulnerable versions of software and if a
|
|
##! a version of that software as old or older than the defined version a
|
|
##! notice will be generated.
|
|
|
|
@load base/frameworks/notice
|
|
@load base/frameworks/software
|
|
|
|
module Software;
|
|
|
|
export {
|
|
redef enum Notice::Type += {
|
|
## Indicates that a vulnerable version of software was detected.
|
|
Vulnerable_Version,
|
|
};
|
|
|
|
## This is a table of software versions indexed by the name of the
|
|
## software and yielding the latest version that is vulnerable.
|
|
const vulnerable_versions: table[string] of Version &redef;
|
|
}
|
|
|
|
event log_software(rec: Info)
|
|
{
|
|
if ( rec$name in vulnerable_versions &&
|
|
cmp_versions(rec$version, vulnerable_versions[rec$name]) <= 0 )
|
|
{
|
|
NOTICE([$note=Vulnerable_Version, $src=rec$host,
|
|
$msg=fmt("A vulnerable version of software was detected: %s", software_fmt(rec))]);
|
|
}
|
|
}
|