config

Documentation

Index

• Variables
• type BeaconStaticCfg
• type BeaconTableCfg
• type BlacklistedStaticCfg
• type BlacklistedTableCfg
• type BroStaticCfg
• type Config
  • func LoadConfig(userConfig string) (*Config, error)
  • func LoadTestingConfig(mongoURI string) (*Config, error)
• type DNSTableCfg
• type FilteringStaticCfg
• type LogStaticCfg
• type LogTableCfg
• type MetaTableCfg
• type MongoDBRunningCfg
• type MongoDBStaticCfg
• type RunningCfg
• type StaticCfg
• type StructureTableCfg
• type TLSStaticCfg
• type TableCfg
• type UserAgentTableCfg
• type UserCfgStaticCfg

Variables

var ExactVersion = "undefined"

ExactVersion is filled at compile time with the git version of RITA ExactVersion is filled by "git describe --always --long --dirty --tags"

var Version = "undefined"

Version is filled at compile time with the git version of RITA Version is filled by "git describe --abbrev=0 --tags"

Types

type BeaconStaticCfg

type BeaconStaticCfg struct {
	DefaultConnectionThresh int `yaml:"DefaultConnectionThresh"`
}

BeaconStaticCfg is used to control the beaconing analysis module

type BeaconTableCfg

type BeaconTableCfg struct {
	BeaconTable string
}

BeaconTableCfg is used to control the beaconing analysis module

type BlacklistedStaticCfg

type BlacklistedStaticCfg struct {
	UseIPms            bool     `yaml:"myIP.ms"`
	UseDNSBH           bool     `yaml:"MalwareDomains.com"`
	UseMDL             bool     `yaml:"MalwareDomainList.com"`
	IPBlacklists       []string `yaml:"CustomIPBlacklists"`
	HostnameBlacklists []string `yaml:"CustomHostnameBlacklists"`
}

BlacklistedStaticCfg is used to control the blacklisted analysis module

type BlacklistedTableCfg

type BlacklistedTableCfg struct {
	BlacklistDatabase string
	SourceIPsTable    string
	DestIPsTable      string
	HostnamesTable    string
}

BlacklistedTableCfg is used to control the blacklisted analysis module

type BroStaticCfg

type BroStaticCfg struct {
	ImportDirectory string `yaml:"ImportDirectory"`
	DBRoot          string `yaml:"DBRoot"`
	MetaDB          string `yaml:"MetaDB"`
	ImportBuffer    int    `yaml:"ImportBuffer"`
}

BroStaticCfg controls the file parser

type Config

type Config struct {
	R RunningCfg
	S StaticCfg
	T TableCfg
}

Config holds the configuration for the running system

func LoadConfig

func LoadConfig(userConfig string) (*Config, error)

LoadConfig attempts to parse a config file

func LoadTestingConfig

func LoadTestingConfig(mongoURI string) (*Config, error)

LoadTestingConfig loads the hard coded testing config

type DNSTableCfg

type DNSTableCfg struct {
	ExplodedDNSTable string
	HostnamesTable   string
}

DNSTableCfg is used to control the dns analysis module

type FilteringStaticCfg

type FilteringStaticCfg struct {
	AlwaysInclude   []string `yaml:"AlwaysInclude"`
	InternalSubnets []string `yaml:"InternalSubnets"`
}

FilteringStaticCfg controls address filtering

type LogStaticCfg

type LogStaticCfg struct {
	LogLevel    int    `yaml:"LogLevel"`
	RitaLogPath string `yaml:"RitaLogPath"`
	LogToFile   bool   `yaml:"LogToFile"`
	LogToDB     bool   `yaml:"LogToDB"`
}

LogStaticCfg contains the configuration for logging

type LogTableCfg

type LogTableCfg struct {
	RitaLogTable string
}

LogTableCfg contains the configuration for logging

type MetaTableCfg

type MetaTableCfg struct {
	FilesTable     string
	DatabasesTable string
}

MetaTableCfg contains the meta db collection names

type MongoDBRunningCfg

type MongoDBRunningCfg struct {
	AuthMechanismParsed mgosec.AuthMechanism
	TLS                 struct {
		TLSConfig *tls.Config
	}
}

MongoDBRunningCfg holds parsed information for connecting to MongoDB

type MongoDBStaticCfg

type MongoDBStaticCfg struct {
	ConnectionString string        `yaml:"ConnectionString"`
	AuthMechanism    string        `yaml:"AuthenticationMechanism"`
	SocketTimeout    time.Duration `yaml:"SocketTimeout"`
	TLS              TLSStaticCfg  `yaml:"TLS"`
}

MongoDBStaticCfg contains the means for connecting to MongoDB

type RunningCfg

type RunningCfg struct {
	MongoDB MongoDBRunningCfg
	Version semver.Version
}

RunningCfg holds configuration options that are parsed at run time

type StaticCfg

type StaticCfg struct {
	UserConfig   UserCfgStaticCfg     `yaml:"UserConfig"`
	MongoDB      MongoDBStaticCfg     `yaml:"MongoDB"`
	Log          LogStaticCfg         `yaml:"LogConfig"`
	Blacklisted  BlacklistedStaticCfg `yaml:"BlackListed"`
	Beacon       BeaconStaticCfg      `yaml:"Beacon"`
	Bro          BroStaticCfg         `yaml:"Bro"`
	Filtering    FilteringStaticCfg   `yaml:"Filtering"`
	Version      string
	ExactVersion string
}

StaticCfg is the container for other static config sections

type StructureTableCfg

type StructureTableCfg struct {
	ConnTable         string
	HTTPTable         string
	DNSTable          string
	UniqueConnTable   string
	HostTable         string
	IPv4Table         string
	IPv6Table         string
	FrequentConnTable string
}

StructureTableCfg contains the names of the base level collections

type TLSStaticCfg

type TLSStaticCfg struct {
	Enabled           bool   `yaml:"Enable"`
	VerifyCertificate bool   `yaml:"VerifyCertificate"`
	CAFile            string `yaml:"CAFile"`
}

TLSStaticCfg contains the means for connecting to MongoDB over TLS

type TableCfg

type TableCfg struct {
	Log         LogTableCfg
	Blacklisted BlacklistedTableCfg
	DNS         DNSTableCfg
	Structure   StructureTableCfg
	Beacon      BeaconTableCfg
	UserAgent   UserAgentTableCfg
	Meta        MetaTableCfg
}

TableCfg is the container for other table config sections

type UserAgentTableCfg

type UserAgentTableCfg struct {
	UserAgentTable string
}

UserAgentTableCfg is used to control the useragent analysis module

type UserCfgStaticCfg

type UserCfgStaticCfg struct {
	UpdateCheckFrequency *int `yaml:"UpdateCheckFrequency,omitempty"`
}

UserCfgStaticCfg contains