-
Notifications
You must be signed in to change notification settings - Fork 1.2k
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Merge remote-tracking branch 'origin/topic/jsiwek/gh-1264-ssh-host-ke…
…y-fingerprints' into master * origin/topic/jsiwek/gh-1264-ssh-host-key-fingerprints: Simply ssh/main.zeek by using "ssh_server_host_key" for fingerprinting Deprecate "ssh1_server_host_key" parameters *e* and *p* GH-1264: Implement "ssh_server_host_key" event
- Loading branch information
Showing
12 changed files
with
140 additions
and
43 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1 +1 @@ | ||
3.3.0-dev.537 | ||
3.3.0-dev.541 |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
9 changes: 5 additions & 4 deletions
9
testing/btest/Baseline/scripts.base.frameworks.intel.remove-non-existing/output
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,11 +1,12 @@ | ||
### BTest baseline data generated by btest-diff. Do not edit. Use "btest -U/-u" to update. Requires BTest >= 0.63. | ||
#separator \x09 | ||
#set_separator , | ||
#empty_field (empty) | ||
#unset_field - | ||
#path reporter | ||
#open 2020-09-24-00-19-13 | ||
#open XXXX-XX-XX-XX-XX-XX | ||
#fields ts level message location | ||
#types time enum string string | ||
1600906753.185591 Reporter::INFO Tried to remove non-existing item '192.168.1.1' (Intel::ADDR). /home/christian/devel/zeek/zeek/scripts/base/frameworks/intel/./main.zeek, lines 565-566 | ||
1600906753.185591 Reporter::INFO received termination signal (empty) | ||
#close 2020-09-24-00-19-13 | ||
XXXXXXXXXX.XXXXXX Reporter::INFO Tried to remove non-existing item '192.168.1.1' (Intel::ADDR). <...>/main.zeek, lines 566-567 | ||
XXXXXXXXXX.XXXXXX Reporter::INFO received termination signal (empty) | ||
#close XXXX-XX-XX-XX-XX-XX |
5 changes: 5 additions & 0 deletions
5
testing/btest/Baseline/scripts.base.protocols.ssh.fingerprints/out
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,5 @@ | ||
### BTest baseline data generated by btest-diff. Do not edit. Use "btest -U/-u" to update. Requires BTest >= 0.63. | ||
ssh server host key fingerprint, c7:eb:77:5d:d1:64:31:d6:1b:e8:99:5f:a7:09:a1:d7 | ||
ssh2 server host key fingerprint, c7eb775dd16431d61be8995fa709a1d7 | ||
ssh server host key fingerprint, 55:17:eb:fa:2e:7f:b3:7b:33:42:7c:9d:44:85:56:da | ||
ssh1 server host key fingerprint, 5517ebfa2e7fb37b33427c9d448556da |
Binary file not shown.
19 changes: 19 additions & 0 deletions
19
testing/btest/scripts/base/protocols/ssh/fingerprints.zeek
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,19 @@ | ||
# @TEST-EXEC: zeek -r $TRACES/ssh/ssh1-ssh2-fingerprints.pcap %INPUT >out | ||
# @TEST-EXEC: btest-diff out | ||
|
||
@load base/protocols/ssh | ||
|
||
event ssh2_server_host_key(c: connection, key: string) | ||
{ | ||
print "ssh2 server host key fingerprint", md5_hash(key); | ||
} | ||
|
||
event ssh1_server_host_key(c: connection, modulus: string, exponent: string) | ||
{ | ||
print "ssh1 server host key fingerprint", md5_hash(modulus + exponent); | ||
} | ||
|
||
event ssh_server_host_key(c: connection, hash: string) | ||
{ | ||
print "ssh server host key fingerprint", hash; | ||
} |