pridan typ incidentu 'probe'

58f4dd70 · pharook · 4a2fbcab · 58f4dd70 · 58f4dd70 · 58f4dd70
Commit 58f4dd70 authored 12 years ago by pharook
--- a/src/warden-client/doc/README
+++ b/src/warden-client/doc/README
@@ -345,6 +345,8 @@ I. Functions, Arguments and Calls
    # portscan    - scannig of TCP/UDP ports
    # bruteforce  - bruteforce/dictionary attack against authentication
    #               service(s)
+    # probe       - other connection attempts (for example ICMP) or
+    #               unrecognized/undecided portscan or bruteforce
    # spam        - unsolicited e-mail that does not have phishing-like
    #               character
    # phishing    - e-mail attempting to gather sensitive data

--- a/src/warden-client/doc/README.cesnet
+++ b/src/warden-client/doc/README.cesnet
@@ -128,6 +128,8 @@ D. Types of events

   * portscan - TCP/UDP port scanning/sweeping
   * bruteforce - dictionary/bruteforce attack to services authentication
+   * probe - other connection attempts (for example ICMP) or
+             unrecognized/undecided portscan or bruteforce
   * spam - unsolicited commercial email (except phishing)
   * phishing - email, trying to scam user to revealing personal information
     (possibly by some other channel)

--- a/src/warden-server/etc/warden-server.conf
+++ b/src/warden-server/etc/warden-server.conf
@@ -42,5 +42,5 @@ $MAX_EVENTS_LIMIT = "1000000";
 # VALID_STRINGS - validation hash containing allowed event attributes
 #-------------------------------------------------------------------------------
 %VALID_STRINGS = (
-"type" => ["portscan", "bruteforce", "spam", "phishing", "botnet_c_c", "dos", "malware", "copyright", "webattack", "test", "other", "_any_"],
+"type" => ["portscan", "bruteforce", "probe", "spam", "phishing", "botnet_c_c", "dos", "malware", "copyright", "webattack", "test", "other", "_any_"],
 );
--- a/src/warden-server/sh/install.sh
+++ b/src/warden-server/sh/install.sh
@@ -232,7 +232,7 @@ make_server_conf()
 # VALID_STRINGS - validation hash containing allowed event attributes
 #-------------------------------------------------------------------------------
 %VALID_STRINGS = ( 
-\"type\" => [\"portscan\", \"bruteforce\", \"spam\", \"phishing\", \"botnet_c_c\", \"dos\", \"malware\", \"copyright\", \"webattack\", \"test\", \"other\", \"_any_\"],
+\"type\" => [\"portscan\", \"bruteforce\", \"probe\", \"spam\", \"phishing\", \"botnet_c_c\", \"dos\", \"malware\", \"copyright\", \"webattack\", \"test\", \"other\", \"_any_\"],
 );
 " > $server_conf 2> $err; ret_val=`echo $?`