zeek/scripts/base/protocols/ssh at 7aa219758c1a8faccac75ff1f429f4f7073ecf2a - Mirror/zeek

mirror of https://github.com/zeek/zeek.git synced 2025-10-02 14:48:21 +00:00

History

Johanna Amann 8ce746cc25 Merge remote-tracking branch 'origin/topic/vladg/bit-1641' * origin/topic/vladg/bit-1641: Logic fix for ssh/main.bro when the auth status is indeterminate, and fix a test. Addresses BIT-1641. Clean up the logic for ssh_auth_failed. Addresses BIT-1641 Update baselines for adding a field to ssh.log as part of BIT-1641 Script-land changes for BIT-1641. Change SSH.cc to use ssh_auth_attempted instead of ssh_auth_failed. Addresses BIT-1641. Revert "Fixing duplicate SSH authentication failure events." Create new SSH events ssh_auth_attempt and ssh_auth_result. Add auth_attempts to SSH::Info. Address BIT-1641. I extended the tests a bit and did some small cleanups. I also moved the SSH events back to the global namespace for backwards compatibility and for consistency (the way it was at the moment, some of them were global some SSH::). Furthermore, I fixed the ssh_auth_result result event, it was only raised in the success case. ssh_auth_result is now also checked in the testcases. I also have a suspicion that the intel integration never really worked before. BIT-1641 #merged		2016-10-18 21:57:27 -04:00
..
__load__.bro	Merge remote-tracking branch 'origin/topic/vladg/ssh'	2015-03-25 11:04:26 -07:00
dpd.sig	Refactored the SSH analyzer. Added supported for algorithm detection and more key exchange message types.	2015-01-13 12:02:31 -05:00
main.bro	Merge remote-tracking branch 'origin/topic/vladg/bit-1641'	2016-10-18 21:57:27 -04:00
README	Add missing documentation on the "Bro Package Index" page	2015-06-02 10:00:00 -05:00

README

Support for SSH protocol analysis.