Zeek Package for Bad Neighbor Detection
Detects CVE-2020-16898 and CVE-2020-16899: "Bad Neighbor"
Quick Start
If you already have Zeek and zkg
installed, simply run:
zkg install https://github.com/esnet-security/cve-2020-16898
If this is being installed on a cluster, install the package on the manager, then deploy it via:
zeekctl deploy
Updating and Unloading
We use SemVer for versioning. For the versions
available, see the tags on this repository. You can
pass an additional argument to the install
command with the desired
version.
To upgrade to the latest version run:
zkg upgrade cve-2020-16898
You can modify the above command by replacing upgrade
with:
unload
, to configure Zeek to not load the package on startup.load
, to configure Zeek to load the package on startup (default after an install).remove
, to delete the package from the system.
If you're operating in a cluster, after performing any of the above changes, you'll need to re-run zeekctl deploy
.
Installation
This is a package designed to run with the Zeek Network Security Monitor. First, get Zeek. We strive to support both the current feature and LTS releases.
The recommended installation method is via the Zeek package manager, zkg. Follow the Quickstart guide.
To have Zeek load packages managed by zkg
, ensure that @load packages
is being loaded by Zeek.
This package is also tested with the following legacy Zeek (Bro) versions, although their use is strongly discouraged, due to security and performance issues and continued compatability is not supported.
Contributing
Contributions are welcome! The easiest way to give back is to comment on issues that are important to you -- even a quick reaction (thumbs-up/heart/thumbs-down) would help us prioritize issues.
There's a more in-depth contribution guide which lays out some ways that anyone can help.
Package Template
This package was created with a template, using Cruft. A CI job checks for updates to the template. To update the package, simply run:
pip install -U cruft
cruft update
License
This project is licensed under the BSD license. See the LICENSE file for details.