From 58f4dd70291c9ea85c8fe7c0bb04a3cd0e5a7a5a Mon Sep 17 00:00:00 2001
From: pharook <ph@rook.cz>
Date: Tue, 14 Aug 2012 13:47:52 +0200
Subject: [PATCH] pridan typ incidentu 'probe'

---
 src/warden-client/doc/README             | 2 ++
 src/warden-client/doc/README.cesnet      | 2 ++
 src/warden-server/etc/warden-server.conf | 2 +-
 src/warden-server/sh/install.sh          | 2 +-
 4 files changed, 6 insertions(+), 2 deletions(-)

diff --git a/src/warden-client/doc/README b/src/warden-client/doc/README
index 6477e13..2000239 100644
--- a/src/warden-client/doc/README
+++ b/src/warden-client/doc/README
@@ -345,6 +345,8 @@ I. Functions, Arguments and Calls
     # portscan    - scannig of TCP/UDP ports
     # bruteforce  - bruteforce/dictionary attack against authentication
     #               service(s)
+    # probe       - other connection attempts (for example ICMP) or
+    #               unrecognized/undecided portscan or bruteforce
     # spam        - unsolicited e-mail that does not have phishing-like
     #               character
     # phishing    - e-mail attempting to gather sensitive data
diff --git a/src/warden-client/doc/README.cesnet b/src/warden-client/doc/README.cesnet
index c32f38d..d49a045 100644
--- a/src/warden-client/doc/README.cesnet
+++ b/src/warden-client/doc/README.cesnet
@@ -128,6 +128,8 @@ D. Types of events
 
    * portscan - TCP/UDP port scanning/sweeping
    * bruteforce - dictionary/bruteforce attack to services authentication
+   * probe - other connection attempts (for example ICMP) or
+             unrecognized/undecided portscan or bruteforce
    * spam - unsolicited commercial email (except phishing)
    * phishing - email, trying to scam user to revealing personal information
      (possibly by some other channel)
diff --git a/src/warden-server/etc/warden-server.conf b/src/warden-server/etc/warden-server.conf
index 78d29a0..acb9eb9 100644
--- a/src/warden-server/etc/warden-server.conf
+++ b/src/warden-server/etc/warden-server.conf
@@ -42,5 +42,5 @@ $MAX_EVENTS_LIMIT = "1000000";
 # VALID_STRINGS - validation hash containing allowed event attributes
 #-------------------------------------------------------------------------------
 %VALID_STRINGS = (
-"type" => ["portscan", "bruteforce", "spam", "phishing", "botnet_c_c", "dos", "malware", "copyright", "webattack", "test", "other", "_any_"],
+"type" => ["portscan", "bruteforce", "probe", "spam", "phishing", "botnet_c_c", "dos", "malware", "copyright", "webattack", "test", "other", "_any_"],
 );
diff --git a/src/warden-server/sh/install.sh b/src/warden-server/sh/install.sh
index 0485dab..52d2170 100755
--- a/src/warden-server/sh/install.sh
+++ b/src/warden-server/sh/install.sh
@@ -232,7 +232,7 @@ make_server_conf()
 # VALID_STRINGS - validation hash containing allowed event attributes
 #-------------------------------------------------------------------------------
 %VALID_STRINGS = ( 
-\"type\" => [\"portscan\", \"bruteforce\", \"spam\", \"phishing\", \"botnet_c_c\", \"dos\", \"malware\", \"copyright\", \"webattack\", \"test\", \"other\", \"_any_\"],
+\"type\" => [\"portscan\", \"bruteforce\", \"probe\", \"spam\", \"phishing\", \"botnet_c_c\", \"dos\", \"malware\", \"copyright\", \"webattack\", \"test\", \"other\", \"_any_\"],
 );
 " > $server_conf 2> $err; ret_val=`echo $?`
 
-- 
GitLab