-
Notifications
You must be signed in to change notification settings - Fork 0
/
static.go
151 lines (126 loc) · 4.92 KB
/
static.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
package config
import (
"io/ioutil"
"os"
"path/filepath"
"reflect"
"time"
yaml "gopkg.in/yaml.v2"
)
type (
//StaticCfg is the container for other static config sections
StaticCfg struct {
UserConfig UserCfgStaticCfg `yaml:"UserConfig"`
MongoDB MongoDBStaticCfg `yaml:"MongoDB"`
Log LogStaticCfg `yaml:"LogConfig"`
Blacklisted BlacklistedStaticCfg `yaml:"BlackListed"`
Beacon BeaconStaticCfg `yaml:"Beacon"`
DNS DNSStaticCfg `yaml:"DNS"`
UserAgent UserAgentStaticCfg `yaml:"UserAgent"`
Bro BroStaticCfg `yaml:"Bro"`
Filtering FilteringStaticCfg `yaml:"Filtering"`
Strobe StrobeStaticCfg `yaml:"Strobe"`
Version string
ExactVersion string
}
//MongoDBStaticCfg contains the means for connecting to MongoDB
MongoDBStaticCfg struct {
ConnectionString string `yaml:"ConnectionString" default:"mongodb://localhost:27017"`
AuthMechanism string `yaml:"AuthenticationMechanism" default:""`
SocketTimeout time.Duration `yaml:"SocketTimeout" default:"2"`
TLS TLSStaticCfg `yaml:"TLS"`
}
//TLSStaticCfg contains the means for connecting to MongoDB over TLS
TLSStaticCfg struct {
Enabled bool `yaml:"Enable" default:"false"`
VerifyCertificate bool `yaml:"VerifyCertificate" default:"false"`
CAFile string `yaml:"CAFile" default:""`
}
//LogStaticCfg contains the configuration for logging
LogStaticCfg struct {
LogLevel int `yaml:"LogLevel" default:"2"`
RitaLogPath string `yaml:"RitaLogPath" default:"/var/lib/rita/logs"`
LogToFile bool `yaml:"LogToFile" default:"true"`
LogToDB bool `yaml:"LogToDB" default:"true"`
}
//BroStaticCfg controls the file parser
BroStaticCfg struct {
ImportDirectory string `yaml:"ImportDirectory" default:"/opt/bro/logs/"`
DBName string `yaml:"DBName" default:"RITA"`
MetaDB string `yaml:"MetaDB" default:"MetaDatabase"`
ImportBuffer int `yaml:"ImportBuffer" default:"30000"`
Rolling bool
TotalChunks int
CurrentChunk int
}
//UserCfgStaticCfg contains
UserCfgStaticCfg struct {
UpdateCheckFrequency int `yaml:"UpdateCheckFrequency" default:"14"`
}
//BlacklistedStaticCfg is used to control the blacklisted analysis module
BlacklistedStaticCfg struct {
Enabled bool `yaml:"Enabled" default:"true"`
UseIPms bool `yaml:"myIP.ms" default:"true"`
UseDNSBH bool `yaml:"MalwareDomains.com" default:"true"`
UseMDL bool `yaml:"MalwareDomainList.com" default:"true"`
BlacklistDatabase string `yaml:"BlacklistDatabase" default:"rita-bl"`
IPBlacklists []string `yaml:"CustomIPBlacklists" default:"[]"`
HostnameBlacklists []string `yaml:"CustomHostnameBlacklists" default:"[]"`
}
//BeaconStaticCfg is used to control the beaconing analysis module
BeaconStaticCfg struct {
Enabled bool `yaml:"Enabled" default:"true"`
DefaultConnectionThresh int `yaml:"DefaultConnectionThresh" default:"20"`
}
//DNSStaticCfg is used to control the DNS analysis module
DNSStaticCfg struct {
Enabled bool `yaml:"Enabled" default:"true"`
}
//UserAgentStaticCfg is used to control the User Agent analysis module
UserAgentStaticCfg struct {
Enabled bool `yaml:"Enabled" default:"true"`
}
//FilteringStaticCfg controls address filtering
FilteringStaticCfg struct {
AlwaysInclude []string `yaml:"AlwaysInclude" default:"[]"`
NeverInclude []string `yaml:"NeverInclude" default:"[]"`
InternalSubnets []string `yaml:"InternalSubnets" default:"[]"`
}
//StrobeStaticCfg controls the maximum number of connections between any two given hosts
StrobeStaticCfg struct {
ConnectionLimit int `yaml:"ConnectionLimit" default:"250000"`
}
)
// readStaticConfigFile attempts to read the contents of the
// given cfgPath file path (e.g. /etc/rita/config.yaml)
func readStaticConfigFile(cfgPath string) ([]byte, error) {
_, err := os.Stat(cfgPath)
if os.IsNotExist(err) {
return nil, err
}
cfgFile, err := ioutil.ReadFile(cfgPath)
if err != nil {
return nil, err
}
return cfgFile, nil
}
// parseStaticConfig loads the yaml from cfgFile into the provided config struct.
// It also fixes up misc values that need tweaking into the right format.
func parseStaticConfig(cfgFile []byte, config *StaticCfg) error {
err := yaml.Unmarshal(cfgFile, config)
if err != nil {
return err
}
// expand env variables, config is a pointer
// so we have to call elem on the reflect value
expandConfig(reflect.ValueOf(config).Elem())
// set the socket time out in hours
config.MongoDB.SocketTimeout *= time.Hour
// clean all filepaths
config.Log.RitaLogPath = filepath.Clean(config.Log.RitaLogPath)
config.Bro.ImportDirectory = filepath.Clean(config.Bro.ImportDirectory)
// grab the version constants set by the build process
config.Version = Version
config.ExactVersion = ExactVersion
return nil
}