Version: v3.2.1+incompatible Latest Latest

This package is not in the latest version of its module.

Go to latest
Published: Mar 25, 2020 License: GPL-3.0 Imports: 12 Imported by: 36




This section is empty.


View Source
var ExactVersion = "undefined"

ExactVersion is filled at compile time with the git version of RITA ExactVersion is filled by "git describe --always --long --dirty --tags"

View Source
var Version = "undefined"

Version is filled at compile time with the git version of RITA Version is filled by "git describe --abbrev=0 --tags"


This section is empty.


type BeaconStaticCfg added in v1.0.0

type BeaconStaticCfg struct {
	Enabled                 bool `yaml:"Enabled" default:"true"`
	DefaultConnectionThresh int  `yaml:"DefaultConnectionThresh" default:"20"`

BeaconStaticCfg is used to control the beaconing analysis module

type BeaconTableCfg added in v1.0.0

type BeaconTableCfg struct {
	BeaconTable string `default:"beacon"`

BeaconTableCfg is used to control the beaconing analysis module

type BlacklistedStaticCfg added in v1.0.0

type BlacklistedStaticCfg struct {
	Enabled            bool     `yaml:"Enabled" default:"true"`
	UseIPms            bool     `yaml:"" default:"true"`
	UseDNSBH           bool     `yaml:"" default:"true"`
	UseMDL             bool     `yaml:"" default:"true"`
	BlacklistDatabase  string   `yaml:"BlacklistDatabase" default:"rita-bl"`
	IPBlacklists       []string `yaml:"CustomIPBlacklists" default:"[]"`
	HostnameBlacklists []string `yaml:"CustomHostnameBlacklists" default:"[]"`

BlacklistedStaticCfg is used to control the blacklisted analysis module

type BroStaticCfg added in v1.0.0

type BroStaticCfg struct {
	MetaDB string `yaml:"MetaDB"` // kept in for backwards compatibility

BroStaticCfg controls the file parser

type CertificateTableCfg

type CertificateTableCfg struct {
	CertificateTable string `default:"cert"`

CertificateTableCfg is used to control the useragent analysis module

type Config added in v1.0.0

type Config struct {
	R RunningCfg
	S StaticCfg
	T TableCfg

Config holds the configuration for the running system

func LoadConfig added in v1.0.2

func LoadConfig(customConfigPath string) (*Config, error)

LoadConfig initializes a Config struct with values read from a config file. It takes a string for the path to the file. If the string is empty it uses the default path.

func LoadTestingConfig added in v1.0.2

func LoadTestingConfig(mongoURI string) (*Config, error)

LoadTestingConfig loads the hard coded testing config

type DNSStaticCfg

type DNSStaticCfg struct {
	Enabled bool `yaml:"Enabled" default:"true"`

DNSStaticCfg is used to control the DNS analysis module

type DNSTableCfg added in v1.0.0

type DNSTableCfg struct {
	ExplodedDNSTable string `default:"explodedDns"`
	HostnamesTable   string `default:"hostnames"`

DNSTableCfg is used to control the dns analysis module

type FilteringStaticCfg

type FilteringStaticCfg struct {
	AlwaysInclude   []string `yaml:"AlwaysInclude" default:"[]"`
	NeverInclude    []string `` /* 166-byte string literal not displayed */
	InternalSubnets []string `yaml:"InternalSubnets" default:"[\"\", \"\", \"\"]"`

FilteringStaticCfg controls address filtering

type LogStaticCfg added in v1.0.0

type LogStaticCfg struct {
	LogLevel    int    `yaml:"LogLevel" default:"2"`
	RitaLogPath string `yaml:"RitaLogPath" default:"/var/lib/rita/logs"`
	LogToFile   bool   `yaml:"LogToFile" default:"true"`
	LogToDB     bool   `yaml:"LogToDB" default:"true"`

LogStaticCfg contains the configuration for logging

type LogTableCfg added in v1.0.0

type LogTableCfg struct {
	RitaLogTable string `default:"logs"`

LogTableCfg contains the configuration for logging

type MetaTableCfg added in v1.0.0

type MetaTableCfg struct {
	FilesTable     string `default:"files"`
	DatabasesTable string `default:"databases"`

MetaTableCfg contains the meta db collection names

type MongoDBRunningCfg added in v1.0.0

type MongoDBRunningCfg struct {
	AuthMechanismParsed mgosec.AuthMechanism
	TLS                 struct {
		TLSConfig *tls.Config

MongoDBRunningCfg holds parsed information for connecting to MongoDB

type MongoDBStaticCfg added in v1.0.0

type MongoDBStaticCfg struct {
	ConnectionString string        `yaml:"ConnectionString" default:"mongodb://localhost:27017"`
	AuthMechanism    string        `yaml:"AuthenticationMechanism" default:""`
	SocketTimeout    time.Duration `yaml:"SocketTimeout" default:"2"`
	TLS              TLSStaticCfg  `yaml:"TLS"`
	MetaDB           string        `yaml:"MetaDB" default:"MetaDatabase"`

MongoDBStaticCfg contains the means for connecting to MongoDB

type RollingStaticCfg

type RollingStaticCfg struct {
	DefaultChunks int `yaml:"DefaultChunks" default:"24"`
	Rolling       bool
	CurrentChunk  int
	TotalChunks   int

RollingStaticCfg controls the rolling database settings

type RunningCfg added in v1.0.0

type RunningCfg struct {
	MongoDB MongoDBRunningCfg
	Version semver.Version

RunningCfg holds configuration options that are parsed at run time

type StaticCfg added in v1.0.0

type StaticCfg struct {
	UserConfig   UserCfgStaticCfg     `yaml:"UserConfig"`
	MongoDB      MongoDBStaticCfg     `yaml:"MongoDB"`
	Rolling      RollingStaticCfg     `yaml:"Rolling"`
	Log          LogStaticCfg         `yaml:"LogConfig"`
	Blacklisted  BlacklistedStaticCfg `yaml:"BlackListed"`
	Beacon       BeaconStaticCfg      `yaml:"Beacon"`
	DNS          DNSStaticCfg         `yaml:"DNS"`
	UserAgent    UserAgentStaticCfg   `yaml:"UserAgent"`
	Bro          BroStaticCfg         `yaml:"Bro"` // kept in for MetaDB backwards compatibility
	Filtering    FilteringStaticCfg   `yaml:"Filtering"`
	Strobe       StrobeStaticCfg      `yaml:"Strobe"`
	Version      string
	ExactVersion string

StaticCfg is the container for other static config sections

type StrobeStaticCfg

type StrobeStaticCfg struct {
	ConnectionLimit int `yaml:"ConnectionLimit" default:"250000"`

StrobeStaticCfg controls the maximum number of connections between any two given hosts

type StructureTableCfg added in v1.0.0

type StructureTableCfg struct {
	ConnTable       string `default:"conn"`
	HTTPTable       string `default:"http"`
	DNSTable        string `default:"dns"`
	SSLTable        string `default:"ssl"`
	UniqueConnTable string `default:"uconn"`
	HostTable       string `default:"host"`

StructureTableCfg contains the names of the base level collections

type TLSStaticCfg added in v1.0.0

type TLSStaticCfg struct {
	Enabled           bool   `yaml:"Enable" default:"false"`
	VerifyCertificate bool   `yaml:"VerifyCertificate" default:"false"`
	CAFile            string `yaml:"CAFile" default:""`

TLSStaticCfg contains the means for connecting to MongoDB over TLS

type TableCfg added in v1.0.0

type TableCfg struct {
	Log       LogTableCfg
	DNS       DNSTableCfg
	Structure StructureTableCfg
	Beacon    BeaconTableCfg
	UserAgent UserAgentTableCfg
	Cert      CertificateTableCfg
	Meta      MetaTableCfg

TableCfg is the container for other table config sections

type UserAgentStaticCfg

type UserAgentStaticCfg struct {
	Enabled bool `yaml:"Enabled" default:"true"`

UserAgentStaticCfg is used to control the User Agent analysis module

type UserAgentTableCfg added in v1.0.0

type UserAgentTableCfg struct {
	UserAgentTable string `default:"useragent"`

UserAgentTableCfg is used to control the useragent analysis module

type UserCfgStaticCfg added in v1.1.1

type UserCfgStaticCfg struct {
	UpdateCheckFrequency int `yaml:"UpdateCheckFrequency" default:"14"`

UserCfgStaticCfg contains

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL