Zeek Package for Bad Neighbor Detection
Detects CVE-2020-16898 and CVE-2020-16899: "Bad Neighbor"
If you already have Zeek and
zkg installed, simply run:
zkg install https://github.com/esnet-security/cve-2020-16898
If this is being installed on a cluster, install the package on the manager, then deploy it via:
Updating and Unloading
To upgrade to the latest version run:
zkg upgrade cve-2020-16898
You can modify the above command by replacing
unload, to configure Zeek to not load the package on startup.
load, to configure Zeek to load the package on startup (default after an install).
remove, to delete the package from the system.
If you're operating in a cluster, after performing any of the above changes, you'll need to re-run
To have Zeek load packages managed by
zkg, ensure that
@load packages is being loaded by Zeek.
This package is also tested with the following legacy Zeek (Bro) versions, although their use is strongly discouraged, due to security and performance issues and continued compatability is not supported.
Contributions are welcome! The easiest way to give back is to comment on issues that are important to you -- even a quick reaction (thumbs-up/heart/thumbs-down) would help us prioritize issues.
There's a more in-depth contribution guide which lays out some ways that anyone can help.
pip install -U cruft cruft update
This project is licensed under the BSD license. See the LICENSE file for details.