[Bro] FTP password saving
Seth Hall
seth at icir.org
Sat Apr 21 18:55:46 PDT 2012
On Apr 21, 2012, at 9:36 PM, Patrik Lundin wrote:
> I'm not sure i'm mentally parsing this right... Wouldn't this change
> actually make the code log all passwords (as i expected in the first
> place) if capture_password is true? Wasn't your intention to always keep
> the passwords out of the logs unless specifically anonymous/guest?
You've got it right. Anonymous users always have their passwords logged. You can also specify that any arbitrary FTP session should have it's password logged by setting the $capture_password field to T.
.Seth
--
Seth Hall
International Computer Science Institute
(Bro) because everyone has a network
http://www.bro-ids.org/
More information about the Bro
mailing list