Merge remote-tracking branch 'origin/topic/robin/listen-globally'

* origin/topic/robin/listen-globally: By default, listen on 0.0.0.0 for WebSocket. Bulk reformat.
zeek-packages · Jul 12, 2022 · db8b9e1 · db8b9e1
2 parents 5d5ad60 + 39ea015
commit db8b9e1
Show file tree

Hide file tree

Showing 10 changed files with 103 additions and 154 deletions.
diff --git a/CHANGES b/CHANGES
@@ -1,3 +1,7 @@
+2.3.0-dev.3 | 2022-07-12 10:57:09 +0200
+
+  * By default, listen on 0.0.0.0 for WebSocket. Zeek's default is 127.0.0.1.
+
 2.2.0 | 2022-07-06 10:28:27 +0200
 
   * Enable WebSocket support on Zeek >= 5.0.

diff --git a/VERSION b/VERSION
@@ -1 +1 @@
-2.2.0
+2.3.0-dev.3
diff --git a/scripts/framework/main.zeek b/scripts/framework/main.zeek
@@ -360,7 +360,11 @@ event zeek_init() &priority=100
 event zeek_init() &priority=-10
 	{
 @if ( Version::number >= 50000 )
-	Broker::listen_websocket();
+	if ( Broker::default_listen_address_websocket != "" )
+		Broker::listen_websocket();
+	else
+		# Default is 127.0.0.1, which isn't very helpful for us.
+		Broker::listen_websocket("0.0.0.0");
 @else
 	if ( listen_port != 0/tcp )
 		Broker::listen(listen_address, listen_port, listen_retry);

diff --git a/scripts/table/files.zeek b/scripts/table/files.zeek
@@ -11,9 +11,7 @@ export {
 	option subscription = ZeekAgent::Differences;
 
 	## Logging stream identifier for the tables.log.
-	redef enum Log::ID += {
-		LOG
-	};
+	redef enum Log::ID += { LOG };
 
 	## File system paths matching one of our patterns.
 	type Columns: record {
@@ -39,38 +37,31 @@ export {
 }
 
 event ZeekAgent_Files::query_result(ctx: ZeekAgent::Context, columns: Columns)
-{
-	local info = Info(
-	    $t=network_time(),
-	    $hid=ctx$agent_id,
-	    $host=ZeekAgent::hostname(ctx),
-	    $columns=columns);
+	{
+	local info = Info($t=network_time(), $hid=ctx$agent_id,
+	    $host=ZeekAgent::hostname(ctx), $columns=columns);
 
 	if ( ctx?$change )
 		info$change = ZeekAgent::change_type(ctx);
 
 	Log::write(LOG, info);
-}
+	}
 
 event zeek_init()
-{
+	{
 	if ( |paths_to_watch| == 0 )
 		return;
 
 	local field_name_map = ZeekAgent::log_column_map(Columns, "columns.");
 	Log::create_stream(LOG, [$columns=Info, $policy=log_policy]);
 	Log::remove_default_filter(LOG);
-	Log::add_filter(LOG, [
-	    $name="default",
-	    $path="zeek-agent-files",
+	Log::add_filter(LOG, [$name="default", $path="zeek-agent-files",
 	    $field_name_map=field_name_map]);
 
-	for ( p in paths_to_watch ) {
+	for ( p in paths_to_watch )
+		{
 		local stmt = fmt("SELECT * FROM files_list(\"%s\")", p);
-		ZeekAgent::query([
-		    $sql_stmt=stmt,
-		    $event_=query_result,
-		    $schedule_=query_interval,
-		    $subscription=subscription]);
+		ZeekAgent::query([$sql_stmt=stmt, $event_=query_result,
+		    $schedule_=query_interval, $subscription=subscription]);
+		}
 	}
-}
diff --git a/scripts/table/processes.zeek b/scripts/table/processes.zeek
@@ -8,9 +8,7 @@ export {
 	option subscription = ZeekAgent::Differences;
 
 	## Logging stream identifier for the tables.log.
-	redef enum Log::ID += {
-		LOG
-	};
+	redef enum Log::ID += { LOG };
 
 	type Columns: record {
 		name: string &optional &log;
@@ -36,32 +34,25 @@ export {
 
 event ZeekAgent_Processes::query_result(ctx: ZeekAgent::Context,
     columns: Columns)
-{
-	local info = Info(
-	    $t=network_time(),
-	    $hid=ctx$agent_id,
-	    $host=ZeekAgent::hostname(ctx),
-	    $columns=columns);
+	{
+	local info = Info($t=network_time(), $hid=ctx$agent_id,
+	    $host=ZeekAgent::hostname(ctx), $columns=columns);
 
 	if ( ctx?$change )
 		info$change = ZeekAgent::change_type(ctx);
 
 	Log::write(LOG, info);
-}
+	}
 
 event zeek_init()
-{
+	{
 	local field_name_map = ZeekAgent::log_column_map(Columns, "columns.");
 	Log::create_stream(LOG, [$columns=Info, $policy=log_policy]);
 	Log::remove_default_filter(LOG);
-	Log::add_filter(LOG, [
-	    $name="default",
-	    $path="zeek-agent-processes",
+	Log::add_filter(LOG, [$name="default", $path="zeek-agent-processes",
 	    $field_name_map=field_name_map]);
 
-	ZeekAgent::query([
-	    $sql_stmt="SELECT name,pid,uid,gid,ppid,priority,startup FROM processes",
-	    $event_=query_result,
-	    $schedule_=query_interval,
+	ZeekAgent::query([$sql_stmt="SELECT name,pid,uid,gid,ppid,priority,startup FROM processes",
+	    $event_=query_result, $schedule_=query_interval,
 	    $subscription=subscription]);
-}
+	}
diff --git a/scripts/table/sockets.zeek b/scripts/table/sockets.zeek
@@ -8,9 +8,7 @@ export {
 	option subscription = ZeekAgent::Differences;
 
 	## Logging stream identifier for the tables.log.
-	redef enum Log::ID += {
-		LOG
-	};
+	redef enum Log::ID += { LOG };
 
 	## Open network sockets.
 	type Columns: record {
@@ -38,32 +36,24 @@ export {
 }
 
 event ZeekAgent_Sockets::query_result(ctx: ZeekAgent::Context, columns: Columns)
-{
-	local info = Info(
-	    $t=network_time(),
-	    $hid=ctx$agent_id,
-	    $host=ZeekAgent::hostname(ctx),
-	    $columns=columns);
+	{
+	local info = Info($t=network_time(), $hid=ctx$agent_id,
+	    $host=ZeekAgent::hostname(ctx), $columns=columns);
 
 	if ( ctx?$change )
 		info$change = ZeekAgent::change_type(ctx);
 
 	Log::write(LOG, info);
-}
+	}
 
 event zeek_init()
-{
+	{
 	local field_name_map = ZeekAgent::log_column_map(Columns, "columns.");
 	Log::create_stream(LOG, [$columns=Info, $policy=log_policy]);
 	Log::remove_default_filter(LOG);
-	Log::add_filter(LOG, [
-	    $name="default",
-	    $path="zeek-agent-sockets",
+	Log::add_filter(LOG, [$name="default", $path="zeek-agent-sockets",
 	    $field_name_map=field_name_map]);
 
-	ZeekAgent::query([
-	    $sql_stmt="SELECT * FROM sockets",
-	    $event_=query_result,
-	    $schedule_=query_interval,
-	    $subscription=subscription]);
-}
+	ZeekAgent::query([$sql_stmt="SELECT * FROM sockets", $event_=query_result,
+	    $schedule_=query_interval, $subscription=subscription]);
+	}
diff --git a/scripts/table/ssh.zeek b/scripts/table/ssh.zeek
@@ -16,10 +16,7 @@ export {
 	option subscription = ZeekAgent::Differences;
 
 	## Logging stream identifier for the tables.log.
-	redef enum Log::ID += {
-		LOG_CONFIGS,
-		LOG_KEYS
-	};
+	redef enum Log::ID += { LOG_CONFIGS, LOG_KEYS };
 
 	## Configuration option extracgt from a configuratin file.
 	type ConfigOption: record {
@@ -68,75 +65,66 @@ export {
 
 event ZeekAgent_SSH::query_result_configs(ctx: ZeekAgent::Context,
     columns: ColumnsConfigs)
-{
-	local info = InfoConfigs(
-	    $t=network_time(),
-	    $hid=ctx$agent_id,
-	    $host=ZeekAgent::hostname(ctx),
-	    $columns=columns);
+	{
+	local info = InfoConfigs($t=network_time(), $hid=ctx$agent_id,
+	    $host=ZeekAgent::hostname(ctx), $columns=columns);
 
 	if ( ctx?$change )
 		info$change = ZeekAgent::change_type(ctx);
 
 	Log::write(LOG_CONFIGS, info);
-}
+	}
 
 event ZeekAgent_SSH::query_result_keys(ctx: ZeekAgent::Context,
     columns: ColumnsKeys)
-{
-	local info = InfoKeys(
-	    $t=network_time(),
-	    $hid=ctx$agent_id,
-	    $host=ZeekAgent::hostname(ctx),
-	    $columns=columns);
+	{
+	local info = InfoKeys($t=network_time(), $hid=ctx$agent_id,
+	    $host=ZeekAgent::hostname(ctx), $columns=columns);
 
 	if ( ctx?$change )
 		info$change = ZeekAgent::change_type(ctx);
 
 	Log::write(LOG_KEYS, info);
-}
+	}
 
 event zeek_init()
-{
-	if ( |config_paths_to_watch| != 0 ) {
+	{
+	if ( |config_paths_to_watch| != 0 )
+		{
 		local field_name_map_configs = ZeekAgent::log_column_map(ColumnsConfigs,
 		    "columns.");
-		Log::create_stream(LOG_CONFIGS, [
-		    $columns=InfoConfigs,
+		Log::create_stream(LOG_CONFIGS, [$columns=InfoConfigs,
 		    $policy=log_policy_configs]);
 		Log::remove_default_filter(LOG_CONFIGS);
-		Log::add_filter(LOG_CONFIGS, [
-		    $name="default",
-		    $path="zeek-agent-ssh-configs",
+		Log::add_filter(LOG_CONFIGS, [$name="default", $path="zeek-agent-ssh-configs",
 		    $field_name_map=field_name_map_configs]);
 
-		for ( p in config_paths_to_watch ) {
-			local stmt_configs = fmt("SELECT * FROM files_columns(\"%s\", \"$1:text,$2:text\")", p);
-			ZeekAgent::query([
-			    $sql_stmt=stmt_configs,
-			    $event_=query_result_configs,
+		for ( p in config_paths_to_watch )
+			{
+			local stmt_configs = fmt("SELECT * FROM files_columns(\"%s\", \"$1:text,$2:text\")",
+			    p);
+			ZeekAgent::query([$sql_stmt=stmt_configs, $event_=query_result_configs,
 			    $schedule_=query_interval,
 			    $subscription=subscription]);
+			}
 		}
-	}
 
-	if ( |key_paths_to_watch| != 0 ) {
+	if ( |key_paths_to_watch| != 0 )
+		{
 		local field_name_map_keys = ZeekAgent::log_column_map(ColumnsKeys,
 		    "columns.");
 		Log::create_stream(LOG_KEYS, [$columns=InfoKeys, $policy=log_policy_keys]);
 		Log::remove_default_filter(LOG_KEYS);
-		Log::add_filter(LOG_KEYS, [
-		    $name="default",
+		Log::add_filter(LOG_KEYS, [$name="default",
 		    $path="zeek-agent-ssh-authorized-keys",
 		    $field_name_map=field_name_map_keys]);
 
-		for ( p in key_paths_to_watch ) {
+		for ( p in key_paths_to_watch )
+			{
 			local stmt_keys = fmt("SELECT * FROM files_lines(\"%s\")", p);
-			ZeekAgent::query([
-			    $sql_stmt=stmt_keys,
-			    $event_=query_result_keys,
+			ZeekAgent::query([$sql_stmt=stmt_keys, $event_=query_result_keys,
 			    $schedule_=query_interval,
 			    $subscription=subscription]);
+			}
 		}
 	}
-}
diff --git a/scripts/table/system-logs.zeek b/scripts/table/system-logs.zeek
@@ -8,9 +8,7 @@ export {
 	option subscription = ZeekAgent::Differences;
 
 	## Logging stream identifier for the tables.log.
-	redef enum Log::ID += {
-		LOG
-	};
+	redef enum Log::ID += { LOG };
 
 	## Log messages recorded by the operating systems.
 	type Columns: record {
@@ -33,29 +31,22 @@ export {
 
 event ZeekAgent_SystemLogs::query_result(ctx: ZeekAgent::Context,
     columns: Columns)
-{
-	local info = Info(
-	    $t=network_time(),
-	    $hid=ctx$agent_id,
-	    $host=ZeekAgent::hostname(ctx),
-	    $columns=columns);
+	{
+	local info = Info($t=network_time(), $hid=ctx$agent_id,
+	    $host=ZeekAgent::hostname(ctx), $columns=columns);
 	Log::write(LOG, info);
-}
+	}
 
 event zeek_init()
-{
+	{
 	local field_name_map = ZeekAgent::log_column_map(Columns, "columns.");
 	Log::create_stream(LOG, [$columns=Info, $policy=log_policy]);
 	Log::remove_default_filter(LOG);
-	Log::add_filter(LOG, [
-	    $name="default",
-	    $path="zeek-agent-system-logs",
+	Log::add_filter(LOG, [$name="default", $path="zeek-agent-system-logs",
 	    $field_name_map=field_name_map]);
 
-	ZeekAgent::query([
-	    $sql_stmt="SELECT * FROM system_logs_events",
-	    $event_=query_result,
-	    $schedule_=query_interval,
-	    $subscription=ZeekAgent::Events,
-	    $requires_tables=set("system_logs_events")]);
-}
+	ZeekAgent::query([$sql_stmt="SELECT * FROM system_logs_events",
+	    $event_=query_result, $schedule_=query_interval,
+	    $subscription=ZeekAgent::Events, $requires_tables=set(
+	    "system_logs_events")]);
+	}