/
static.go
160 lines (133 loc) · 5.45 KB
/
static.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
package config
import (
"io/ioutil"
"os"
"path/filepath"
"reflect"
"time"
yaml "gopkg.in/yaml.v2"
)
type (
//StaticCfg is the container for other static config sections
StaticCfg struct {
UserConfig UserCfgStaticCfg `yaml:"UserConfig"`
MongoDB MongoDBStaticCfg `yaml:"MongoDB"`
Rolling RollingStaticCfg `yaml:"Rolling"`
Log LogStaticCfg `yaml:"LogConfig"`
Blacklisted BlacklistedStaticCfg `yaml:"BlackListed"`
Beacon BeaconStaticCfg `yaml:"Beacon"`
DNS DNSStaticCfg `yaml:"DNS"`
UserAgent UserAgentStaticCfg `yaml:"UserAgent"`
Bro BroStaticCfg `yaml:"Bro"` // kept in for MetaDB backwards compatibility
Filtering FilteringStaticCfg `yaml:"Filtering"`
Strobe StrobeStaticCfg `yaml:"Strobe"`
Version string
ExactVersion string
}
//MongoDBStaticCfg contains the means for connecting to MongoDB
MongoDBStaticCfg struct {
ConnectionString string `yaml:"ConnectionString" default:"mongodb://localhost:27017"`
AuthMechanism string `yaml:"AuthenticationMechanism" default:""`
SocketTimeout time.Duration `yaml:"SocketTimeout" default:"2"`
TLS TLSStaticCfg `yaml:"TLS"`
MetaDB string `yaml:"MetaDB" default:"MetaDatabase"`
}
//TLSStaticCfg contains the means for connecting to MongoDB over TLS
TLSStaticCfg struct {
Enabled bool `yaml:"Enable" default:"false"`
VerifyCertificate bool `yaml:"VerifyCertificate" default:"false"`
CAFile string `yaml:"CAFile" default:""`
}
//LogStaticCfg contains the configuration for logging
LogStaticCfg struct {
LogLevel int `yaml:"LogLevel" default:"2"`
RitaLogPath string `yaml:"RitaLogPath" default:"/var/lib/rita/logs"`
LogToFile bool `yaml:"LogToFile" default:"true"`
LogToDB bool `yaml:"LogToDB" default:"true"`
}
//BroStaticCfg controls the file parser
BroStaticCfg struct {
MetaDB string `yaml:"MetaDB"` // kept in for backwards compatibility
}
//RollingStaticCfg controls the rolling database settings
RollingStaticCfg struct {
DefaultChunks int `yaml:"DefaultChunks" default:"24"`
Rolling bool
CurrentChunk int
TotalChunks int
}
//UserCfgStaticCfg contains
UserCfgStaticCfg struct {
UpdateCheckFrequency int `yaml:"UpdateCheckFrequency" default:"14"`
}
//BlacklistedStaticCfg is used to control the blacklisted analysis module
BlacklistedStaticCfg struct {
Enabled bool `yaml:"Enabled" default:"true"`
UseIPms bool `yaml:"myIP.ms" default:"true"`
UseDNSBH bool `yaml:"MalwareDomains.com" default:"true"`
UseMDL bool `yaml:"MalwareDomainList.com" default:"true"`
BlacklistDatabase string `yaml:"BlacklistDatabase" default:"rita-bl"`
IPBlacklists []string `yaml:"CustomIPBlacklists" default:"[]"`
HostnameBlacklists []string `yaml:"CustomHostnameBlacklists" default:"[]"`
}
//BeaconStaticCfg is used to control the beaconing analysis module
BeaconStaticCfg struct {
Enabled bool `yaml:"Enabled" default:"true"`
DefaultConnectionThresh int `yaml:"DefaultConnectionThresh" default:"20"`
}
//DNSStaticCfg is used to control the DNS analysis module
DNSStaticCfg struct {
Enabled bool `yaml:"Enabled" default:"true"`
}
//UserAgentStaticCfg is used to control the User Agent analysis module
UserAgentStaticCfg struct {
Enabled bool `yaml:"Enabled" default:"true"`
}
//FilteringStaticCfg controls address filtering
FilteringStaticCfg struct {
AlwaysInclude []string `yaml:"AlwaysInclude" default:"[]"`
NeverInclude []string `yaml:"NeverInclude" default:"[\"0.0.0.0/32\", \"127.0.0.0/8\", \"169.254.0.0/16\", \"224.0.0.0/4\", \"255.255.255.255/32\", \"::1/128\", \"fe80::/10\", \"ff00::/8\"]"`
InternalSubnets []string `yaml:"InternalSubnets" default:"[\"10.0.0.0/8\", \"172.16.0.0/12\", \"192.168.0.0/16\"]"`
}
//StrobeStaticCfg controls the maximum number of connections between any two given hosts
StrobeStaticCfg struct {
ConnectionLimit int `yaml:"ConnectionLimit" default:"250000"`
}
)
// readStaticConfigFile attempts to read the contents of the
// given cfgPath file path (e.g. /etc/rita/config.yaml)
func readStaticConfigFile(cfgPath string) ([]byte, error) {
_, err := os.Stat(cfgPath)
if os.IsNotExist(err) {
return nil, err
}
cfgFile, err := ioutil.ReadFile(cfgPath)
if err != nil {
return nil, err
}
return cfgFile, nil
}
// parseStaticConfig loads the yaml from cfgFile into the provided config struct.
// It also fixes up misc values that need tweaking into the right format.
func parseStaticConfig(cfgFile []byte, config *StaticCfg) error {
err := yaml.Unmarshal(cfgFile, config)
if err != nil {
return err
}
// migrate MetaDB entry from old location (Bro:MetaDB) if there is a value in the
// old location and the new location (MongoDB:MetaDB) is still the default (MetaDatabase)
if config.Bro.MetaDB != "" && config.MongoDB.MetaDB == "MetaDatabase" {
config.MongoDB.MetaDB = config.Bro.MetaDB
}
// expand env variables, config is a pointer
// so we have to call elem on the reflect value
expandConfig(reflect.ValueOf(config).Elem())
// set the socket time out in hours
config.MongoDB.SocketTimeout *= time.Hour
// clean all filepaths
config.Log.RitaLogPath = filepath.Clean(config.Log.RitaLogPath)
// grab the version constants set by the build process
config.Version = Version
config.ExactVersion = ExactVersion
return nil
}