[Bro-Dev] [Bro-Commits] [git/bro] master: Allow loading policy/protocols/smb once again (57a505b0e)
Johanna Amann
johanna at icir.org
Thu Aug 30 15:05:58 PDT 2018
To pick up the idea that you mentioned before - do we also want to make
the new policy/protocols/smb/__load__.bro trigger a reporter warning
that it is deprecated?
Johanna
On 30 Aug 2018, at 14:07, Jonathan Siwek wrote:
> Repository : ssh://git@bro-ids.icir.org/bro
> On branch : master
> Link :
> https://github.com/bro/bro/commit/57a505b0e46d499644a6fb3b063cece0684240b8
>
>> ---------------------------------------------------------------
>
> commit 57a505b0e46d499644a6fb3b063cece0684240b8
> Author: Jon Siwek <jsiwek at corelight.com>
> Date: Thu Aug 30 16:05:36 2018 -0500
>
> Allow loading policy/protocols/smb once again
>
> It just redirects to base/protocols/smb
>
>
>> ---------------------------------------------------------------
>
> 57a505b0e46d499644a6fb3b063cece0684240b8
> CHANGES | 4 ++++
> NEWS | 8 ++++++--
> VERSION | 2 +-
> scripts/policy/protocols/smb/__load__.bro | 1 +
> scripts/test-all-policy.bro | 1 +
> 5 files changed, 13 insertions(+), 3 deletions(-)
>
> diff --git a/CHANGES b/CHANGES
> index af31bdea0..15184aa4a 100644
> --- a/CHANGES
> +++ b/CHANGES
> @@ -1,4 +1,8 @@
>
> +2.5-947 | 2018-08-30 16:05:36 -0500
> +
> + * Allow loading policy/protocols/smb once again (Jon Siwek,
> Corelight)
> +
> 2.5-946 | 2018-08-30 09:51:16 -0500
>
> * Update NEWS with more info about runtime options (Daniel Thayer)
> diff --git a/NEWS b/NEWS
> index 0af51ef60..86839427b 100644
> --- a/NEWS
> +++ b/NEWS
> @@ -267,8 +267,12 @@ New Functionality
>
> - Added new NFS events: nfs_proc_symlink, nfs_proc_link,
> nfs_proc_sattr.
>
> -- The SMB scripts in policy/protocols/smb are now moved into
> base/protocols/smb
> - and loaded/enabled by default.
> +- The SMB scripts in policy/protocols/smb are now moved into
> + base/protocols/smb and loaded/enabled by default. If you
> previously
> + loaded these scripts from their policy/ location (in local.bro or
> + other custom scripts) you may now remove/change those although they
> + should still work since policy/protocols/smb is simply a
> placeholder
> + script that redirects to the new base/ location.
>
> - Added new SMB events: smb1_transaction_secondary_request,
> smb1_transaction2_secondary_request, smb1_transaction_response.
> diff --git a/VERSION b/VERSION
> index d522ba4d6..ecd34e707 100644
> --- a/VERSION
> +++ b/VERSION
> @@ -1 +1 @@
> -2.5-946
> +2.5-947
> diff --git a/scripts/policy/protocols/smb/__load__.bro
> b/scripts/policy/protocols/smb/__load__.bro
> new file mode 100644
> index 000000000..8fd733d38
> --- /dev/null
> +++ b/scripts/policy/protocols/smb/__load__.bro
> @@ -0,0 +1 @@
> + at load base/protocols/smb
> diff --git a/scripts/test-all-policy.bro b/scripts/test-all-policy.bro
> index 11824c2c6..d31da6573 100644
> --- a/scripts/test-all-policy.bro
> +++ b/scripts/test-all-policy.bro
> @@ -82,6 +82,7 @@
> @load protocols/modbus/track-memmap.bro
> @load protocols/mysql/software.bro
> @load protocols/rdp/indicate_ssl.bro
> + at load protocols/smb/__load__.bro
> @load protocols/smb/log-cmds.bro
> @load protocols/smtp/blocklists.bro
> @load protocols/smtp/detect-suspicious-orig.bro
>
>
>
> _______________________________________________
> bro-commits mailing list
> bro-commits at bro.org
> http://mailman.icsi.berkeley.edu/mailman/listinfo/bro-commits
More information about the bro-dev
mailing list