The highest tagged major version is
Documentation
¶
Index ¶
- Variables
- type BeaconStaticCfg
- type BeaconTableCfg
- type BlacklistedStaticCfg
- type BlacklistedTableCfg
- type BroStaticCfg
- type Config
- type DNSStaticCfg
- type DNSTableCfg
- type FilteringStaticCfg
- type LogStaticCfg
- type LogTableCfg
- type MetaTableCfg
- type MongoDBRunningCfg
- type MongoDBStaticCfg
- type RunningCfg
- type StaticCfg
- type StrobeStaticCfg
- type StrobeTableCfg
- type StructureTableCfg
- type TLSStaticCfg
- type TableCfg
- type UserAgentStaticCfg
- type UserAgentTableCfg
- type UserCfgStaticCfg
Constants ¶
This section is empty.
Variables ¶
var ExactVersion = "undefined"
ExactVersion is filled at compile time with the git version of RITA ExactVersion is filled by "git describe --always --long --dirty --tags"
var Version = "undefined"
Version is filled at compile time with the git version of RITA Version is filled by "git describe --abbrev=0 --tags"
Functions ¶
This section is empty.
Types ¶
type BeaconStaticCfg ¶
type BeaconStaticCfg struct {
Enabled bool `yaml:"Enabled" default:"true"`
DefaultConnectionThresh int `yaml:"DefaultConnectionThresh" default:"20"`
}
BeaconStaticCfg is used to control the beaconing analysis module
type BeaconTableCfg ¶
type BeaconTableCfg struct {
BeaconTable string `default:"beacon"`
}
BeaconTableCfg is used to control the beaconing analysis module
type BlacklistedStaticCfg ¶
type BlacklistedStaticCfg struct {
Enabled bool `yaml:"Enabled" default:"true"`
UseIPms bool `yaml:"myIP.ms" default:"true"`
UseDNSBH bool `yaml:"MalwareDomains.com" default:"true"`
UseMDL bool `yaml:"MalwareDomainList.com" default:"true"`
BlacklistDatabase string `yaml:"BlacklistDatabase" default:"rita-bl"`
IPBlacklists []string `yaml:"CustomIPBlacklists" default:"[]"`
HostnameBlacklists []string `yaml:"CustomHostnameBlacklists" default:"[]"`
}
BlacklistedStaticCfg is used to control the blacklisted analysis module
type BlacklistedTableCfg ¶
type BlacklistedTableCfg struct {
SourceIPsTable string `default:"blSourceIPs"`
DestIPsTable string `default:"blDestIPs"`
HostnamesTable string `default:"blHostnames"`
}
BlacklistedTableCfg is used to control the blacklisted analysis module
type BroStaticCfg ¶
type BroStaticCfg struct {
ImportDirectory string `yaml:"ImportDirectory" default:"/opt/bro/logs/"`
DBRoot string `yaml:"DBRoot" default:"RITA"`
MetaDB string `yaml:"MetaDB" default:"MetaDatabase"`
ImportBuffer int `yaml:"ImportBuffer" default:"30000"`
}
BroStaticCfg controls the file parser
type Config ¶
type Config struct {
R RunningCfg
S StaticCfg
T TableCfg
}
Config holds the configuration for the running system
func LoadConfig ¶
LoadConfig initializes a Config struct with values read from a config file. It takes a string for the path to the file. If the string is empty it uses the default path.
func LoadTestingConfig ¶
LoadTestingConfig loads the hard coded testing config
type DNSStaticCfg ¶
type DNSStaticCfg struct {
Enabled bool `yaml:"Enabled" default:"true"`
}
DNSStaticCfg is used to control the DNS analysis module
type DNSTableCfg ¶
type DNSTableCfg struct {
ExplodedDNSTable string `default:"explodedDns"`
HostnamesTable string `default:"hostnames"`
}
DNSTableCfg is used to control the dns analysis module
type FilteringStaticCfg ¶
type FilteringStaticCfg struct {
AlwaysInclude []string `yaml:"AlwaysInclude" default:"[]"`
NeverInclude []string `yaml:"NeverInclude" default:"[]"`
InternalSubnets []string `yaml:"InternalSubnets" default:"[]"`
}
FilteringStaticCfg controls address filtering
type LogStaticCfg ¶
type LogStaticCfg struct {
LogLevel int `yaml:"LogLevel" default:"2"`
RitaLogPath string `yaml:"RitaLogPath" default:"/var/lib/rita/logs"`
LogToFile bool `yaml:"LogToFile" default:"true"`
LogToDB bool `yaml:"LogToDB" default:"true"`
}
LogStaticCfg contains the configuration for logging
type LogTableCfg ¶
type LogTableCfg struct {
RitaLogTable string `default:"logs"`
}
LogTableCfg contains the configuration for logging
type MetaTableCfg ¶
type MetaTableCfg struct {
FilesTable string `default:"files"`
DatabasesTable string `default:"databases"`
}
MetaTableCfg contains the meta db collection names
type MongoDBRunningCfg ¶
type MongoDBRunningCfg struct {
AuthMechanismParsed mgosec.AuthMechanism
TLS struct {
TLSConfig *tls.Config
}
}
MongoDBRunningCfg holds parsed information for connecting to MongoDB
type MongoDBStaticCfg ¶
type MongoDBStaticCfg struct {
ConnectionString string `yaml:"ConnectionString" default:"mongodb://localhost:27017"`
AuthMechanism string `yaml:"AuthenticationMechanism" default:""`
SocketTimeout time.Duration `yaml:"SocketTimeout" default:"2"`
TLS TLSStaticCfg `yaml:"TLS"`
}
MongoDBStaticCfg contains the means for connecting to MongoDB
type RunningCfg ¶
type RunningCfg struct {
MongoDB MongoDBRunningCfg
Version semver.Version
}
RunningCfg holds configuration options that are parsed at run time
type StaticCfg ¶
type StaticCfg struct {
UserConfig UserCfgStaticCfg `yaml:"UserConfig"`
MongoDB MongoDBStaticCfg `yaml:"MongoDB"`
Log LogStaticCfg `yaml:"LogConfig"`
Blacklisted BlacklistedStaticCfg `yaml:"BlackListed"`
Beacon BeaconStaticCfg `yaml:"Beacon"`
DNS DNSStaticCfg `yaml:"DNS"`
UserAgent UserAgentStaticCfg `yaml:"UserAgent"`
Bro BroStaticCfg `yaml:"Bro"`
Filtering FilteringStaticCfg `yaml:"Filtering"`
Strobe StrobeStaticCfg `yaml:"Strobe"`
Version string
ExactVersion string
}
StaticCfg is the container for other static config sections
type StrobeStaticCfg ¶
type StrobeStaticCfg struct {
ConnectionLimit int `yaml:"ConnectionLimit" default:"250000"`
}
StrobeStaticCfg controls the maximum number of connections between any two given hosts
type StrobeTableCfg ¶
type StrobeTableCfg struct {
StrobeTable string `default:"freqConn"`
}
StrobeTableCfg is used to control the strobe analysis module
type StructureTableCfg ¶
type StructureTableCfg struct {
ConnTable string `default:"conn"`
HTTPTable string `default:"http"`
DNSTable string `default:"dns"`
UniqueConnTable string `default:"uconn"`
HostTable string `default:"host"`
IPv4Table string `default:"ipv4"`
IPv6Table string `default:"ipv6"`
FrequentConnTable string `default:"freqConn"`
}
StructureTableCfg contains the names of the base level collections
type TLSStaticCfg ¶
type TLSStaticCfg struct {
Enabled bool `yaml:"Enable" default:"false"`
VerifyCertificate bool `yaml:"VerifyCertificate" default:"false"`
CAFile string `yaml:"CAFile" default:""`
}
TLSStaticCfg contains the means for connecting to MongoDB over TLS
type TableCfg ¶
type TableCfg struct {
Log LogTableCfg
Blacklisted BlacklistedTableCfg
DNS DNSTableCfg
Structure StructureTableCfg
Beacon BeaconTableCfg
Strobe StrobeTableCfg
UserAgent UserAgentTableCfg
Meta MetaTableCfg
}
TableCfg is the container for other table config sections
type UserAgentStaticCfg ¶
type UserAgentStaticCfg struct {
Enabled bool `yaml:"Enabled" default:"true"`
}
UserAgentStaticCfg is used to control the User Agent analysis module
type UserAgentTableCfg ¶
type UserAgentTableCfg struct {
UserAgentTable string `default:"useragent"`
}
UserAgentTableCfg is used to control the useragent analysis module
type UserCfgStaticCfg ¶
type UserCfgStaticCfg struct {
UpdateCheckFrequency int `yaml:"UpdateCheckFrequency" default:"14"`
}
UserCfgStaticCfg contains
Source Files