Skip to content

Commit

Permalink
Revert "for idaholab#557, install zeek-iec104 parser (logging not ena…
Browse files Browse the repository at this point in the history 
…bled yet)" (decided to wait until the next release)

This reverts commit ba4a7e9.
  • Loading branch information
@mmguero
mmguero committed Sep 11, 2024
1 parent c6f66a8 commit f7f9d02
Show file tree
Hide file tree
Showing 2 changed files with 1 addition and 2 deletions.
2 changes: 1 addition & 1 deletion Dockerfiles/zeek.Dockerfile
View file
Original file line number Diff line number Diff line change
Expand Up @@ -173,7 +173,7 @@ RUN groupadd --gid ${DEFAULT_GID} ${PUSER} && \

# sanity checks to make sure the plugins installed and copied over correctly
# these ENVs should match the third party scripts/plugins installed by zeek_install_plugins.sh
ENV ZEEK_THIRD_PARTY_PLUGINS_GREP "(Zeek::Spicy|ANALYZER_SPICY_OSPF|ANALYZER_SPICY_OPENVPN_UDP\b|ANALYZER_SPICY_IPSEC_UDP\b|ANALYZER_SPICY_TFTP|ANALYZER_SPICY_WIREGUARD|ANALYZER_SYNCHROPHASOR_TCP|ANALYZER_GENISYS_TCP|ANALYZER_SPICY_GE_SRTP|ANALYZER_SPICY_PROFINET_IO_CM|ANALYZER_S7COMM_TCP|ANALYZER_SPICY_IEC104|Corelight::PE_XOR|ICSNPP::BACnet|ICSNPP::BSAP|ICSNPP::ENIP|ICSNPP::ETHERCAT|ICSNPP::OPCUA_Binary|Salesforce::GQUIC|Zeek::PROFINET|Zeek::TDS)"
ENV ZEEK_THIRD_PARTY_PLUGINS_GREP "(Zeek::Spicy|ANALYZER_SPICY_OSPF|ANALYZER_SPICY_OPENVPN_UDP\b|ANALYZER_SPICY_IPSEC_UDP\b|ANALYZER_SPICY_TFTP|ANALYZER_SPICY_WIREGUARD|ANALYZER_SYNCHROPHASOR_TCP|ANALYZER_GENISYS_TCP|ANALYZER_SPICY_GE_SRTP|ANALYZER_SPICY_PROFINET_IO_CM|ANALYZER_S7COMM_TCP|Corelight::PE_XOR|ICSNPP::BACnet|ICSNPP::BSAP|ICSNPP::ENIP|ICSNPP::ETHERCAT|ICSNPP::OPCUA_Binary|Salesforce::GQUIC|Zeek::PROFINET|Zeek::TDS)"
ENV ZEEK_THIRD_PARTY_SCRIPTS_GREP "(bro-is-darknet/main|bro-simple-scan/scan|bzar/main|callstranger-detector/callstranger|cve-2020-0601/cve-2020-0601|cve-2020-13777/cve-2020-13777|CVE-2020-16898/CVE-2020-16898|CVE-2021-38647/omigod|CVE-2021-31166/detect|CVE-2021-41773/CVE_2021_41773|CVE-2021-42292/main|cve-2021-44228/CVE_2021_44228|cve-2022-22954/main|cve-2022-26809/main|CVE-2022-3602/__load__|hassh/hassh|http-more-files-names/main|ja4/main|pingback/detect|ripple20/ripple20|SIGRed/CVE-2020-1350|zeek-EternalSafety/main|zeek-httpattacks/main|zeek-sniffpass/__load__|zerologon/main)\.(zeek|bro)"

RUN mkdir -p /tmp/logs && \
Expand Down
1 change: 0 additions & 1 deletion shared/bin/zeek_install_plugins.sh
View file
Original file line number Diff line number Diff line change
Expand Up @@ -68,7 +68,6 @@ ZKG_GITHUB_URLS=(
"https://github.com/0xxon/cve-2020-13777"
"https://github.com/amzn/zeek-plugin-profinet|master"
"https://github.com/amzn/zeek-plugin-tds|master"
"https://github.com/mmguero-dev/zeek-iec104"
"https://github.com/cisagov/icsnpp-bacnet"
"https://github.com/cisagov/icsnpp-bsap"
"https://github.com/cisagov/icsnpp-dnp3"
Expand Down

0 comments on commit f7f9d02

Please sign in to comment.