Mirror/zeek
1
0
Fork 0
mirror of https://github.com/zeek/zeek.git synced 2025-10-05 16:18:19 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 1

Change doc/ subdir into a git submodule

Browse source 
The docs now live at https://github.com/zeek/zeek-docs
This commit is contained in:
Jon Siwek 2019-01-17 14:09:29 -06:00
parent 0d685efbf5
commit 2ff746fea7
693 changed files with 26 additions and 105609 deletions
Download patch file Download diff file Expand all files Collapse all files

14
doc/scripts/base/protocols/krb/__load__.bro.rst
View file

@ -1,14 +0,0 @@
:tocdepth: 3
base/protocols/krb/__load__.bro
===============================
:Imports: :doc:`base/protocols/krb/files.bro </scripts/base/protocols/krb/files.bro>`, :doc:`base/protocols/krb/main.bro </scripts/base/protocols/krb/main.bro>`
Summary
~~~~~~~
Detailed Interface
~~~~~~~~~~~~~~~~~~

134
doc/scripts/base/protocols/krb/consts.bro.rst
View file

@ -1,134 +0,0 @@
:tocdepth: 3
base/protocols/krb/consts.bro
=============================
.. bro:namespace:: KRB
:Namespace: KRB
Summary
~~~~~~~
Constants
#########
============================================= =
:bro:id:`KRB::cipher_name`: :bro:type:`table`
:bro:id:`KRB::error_msg`: :bro:type:`table`
============================================= =
Detailed Interface
~~~~~~~~~~~~~~~~~~
Constants
#########
.. bro:id:: KRB::cipher_name
:Type: :bro:type:`table` [:bro:type:`count`] of :bro:type:`string`
:Default:
::
{
[2] = "des-cbc-md4",
[9] = "dsaWithSHA1-CmsOID",
[17] = "aes128-cts-hmac-sha1-96",
[11] = "sha1WithRSAEncryption-CmsOID",
[14] = "rsaES-OAEP-ENV-OID",
[24] = "rc4-hmac-exp",
[1] = "des-cbc-crc",
[7] = "des3-cbc-sha1",
[15] = "des-ede3-cbc-Env-OID",
[23] = "rc4-hmac",
[5] = "des3-cbc-md5",
[25] = "camellia128-cts-cmac",
[10] = "md5WithRSAEncryption-CmsOID",
[65] = "subkey-keymaterial",
[3] = "des-cbc-md5",
[12] = "rc2CBC-EnvOID",
[13] = "rsaEncryption-EnvOID",
[18] = "aes256-cts-hmac-sha1-96",
[16] = "des3-cbc-sha1-kd",
[26] = "camellia256-cts-cmac"
}
.. bro:id:: KRB::error_msg
:Type: :bro:type:`table` [:bro:type:`count`] of :bro:type:`string`
:Default:
::
{
[19] = "KDC_ERR_SERVICE_REVOKED",
[10] = "KDC_ERR_CANNOT_POSTDATE",
[3] = "KDC_ERR_BAD_PVNO",
[50] = "KRB_AP_ERR_INAPP_CKSUM",
[69] = "KRB_AP_ERR_USER_TO_USER_REQUIRED",
[47] = "KRB_AP_ERR_BADDIRECTION",
[27] = "KDC_ERR_MUST_USE_USER2USER",
[67] = "KRB_AP_ERR_NO_TGT",
[70] = "KDC_ERR_CANT_VERIFY_CERTIFICATE",
[6] = "KDC_ERR_C_PRINCIPAL_UNKNOWN",
[66] = "KDC_ERR_CERTIFICATE_MISMATCH",
[20] = "KDC_ERR_TGT_REVOKED",
[51] = "KRB_AP_PATH_NOT_ACCEPTED",
[25] = "KDC_ERR_PREAUTH_REQUIRED",
[37] = "KRB_AP_ERR_SKEW",
[31] = "KRB_AP_ERR_BAD_INTEGRITY",
[63] = "KDC_ERROR_KDC_NOT_TRUSTED",
[28] = "KDC_ERR_PATH_NOT_ACCEPTED",
[68] = "KDC_ERR_WRONG_REALM",
[9] = "KDC_ERR_NULL_KEY",
[11] = "KDC_ERR_NEVER_VALID",
[40] = "KRB_AP_ERR_MSG_TYPE",
[41] = "KRB_AP_ERR_MODIFIED",
[46] = "KRB_AP_ERR_MUT_FAIL",
[5] = "KDC_ERR_S_OLD_MAST_KVNO",
[49] = "KRB_AP_ERR_BADSEQ",
[45] = "KRB_AP_ERR_NOKEY",
[8] = "KDC_ERR_PRINCIPAL_NOT_UNIQUE",
[17] = "KDC_ERR_TRTYPE_NOSUPP",
[48] = "KRB_AP_ERR_METHOD",
[33] = "KRB_AP_ERR_TKT_NYV",
[24] = "KDC_ERR_PREAUTH_FAILED",
[23] = "KDC_ERR_KEY_EXPIRED",
[26] = "KDC_ERR_SERVER_NOMATCH",
[0] = "KDC_ERR_NONE",
[39] = "KRB_AP_ERR_BADVERSION",
[16] = "KDC_ERR_PADATA_TYPE_NOSUPP",
[34] = "KRB_AP_ERR_REPEAT",
[38] = "KRB_AP_ERR_BADADDR",
[18] = "KDC_ERR_CLIENT_REVOKED",
[35] = "KRB_AP_ERR_NOT_US",
[42] = "KRB_AP_ERR_BADORDER",
[71] = "KDC_ERR_INVALID_CERTIFICATE",
[74] = "KDC_ERR_REVOCATION_STATUS_UNAVAILABLE",
[7] = "KDC_ERR_S_PRINCIPAL_UNKNOWN",
[15] = "KDC_ERR_SUMTYPE_NOSUPP",
[36] = "KRB_AP_ERR_BADMATCH",
[62] = "KDC_ERROR_CLIENT_NOT_TRUSTED",
[4] = "KDC_ERR_C_OLD_MAST_KVNO",
[44] = "KRB_AP_ERR_BADKEYVER",
[52] = "KRB_ERR_RESPONSE_TOO_BIG",
[1] = "KDC_ERR_NAME_EXP",
[64] = "KDC_ERROR_INVALID_SIG",
[22] = "KDC_ERR_SERVICE_NOTYET",
[72] = "KDC_ERR_REVOKED_CERTIFICATE",
[14] = "KDC_ERR_ETYPE_NOSUPP",
[73] = "KDC_ERR_REVOCATION_STATUS_UNKNOWN",
[76] = "KDC_ERR_KDC_NAME_MISMATCH",
[21] = "KDC_ERR_CLIENT_NOTYET",
[29] = "KDC_ERR_SVC_UNAVAILABLE",
[13] = "KDC_ERR_BADOPTION",
[75] = "KDC_ERR_CLIENT_NAME_MISMATCH",
[2] = "KDC_ERR_SERVICE_EXP",
[32] = "KRB_AP_ERR_TKT_EXPIRED",
[60] = "KRB_ERR_GENERIC",
[12] = "KDC_ERR_POLICY",
[61] = "KRB_ERR_FIELD_TOOLONG",
[65] = "KDC_ERR_KEY_TOO_WEAK"
}

43
doc/scripts/base/protocols/krb/files.bro.rst
View file

@ -1,43 +0,0 @@
:tocdepth: 3
base/protocols/krb/files.bro
============================
.. bro:namespace:: KRB
:Namespace: KRB
:Imports: :doc:`base/files/x509 </scripts/base/files/x509/index>`, :doc:`base/frameworks/files </scripts/base/frameworks/files/index>`, :doc:`base/protocols/krb/main.bro </scripts/base/protocols/krb/main.bro>`, :doc:`base/utils/conn-ids.bro </scripts/base/utils/conn-ids.bro>`
Summary
~~~~~~~
Redefinitions
#############
========================================= =
:bro:type:`KRB::Info`: :bro:type:`record`
========================================= =
Functions
#########
==================================================== =====================================
:bro:id:`KRB::describe_file`: :bro:type:`function` Default file describer for KRB.
:bro:id:`KRB::get_file_handle`: :bro:type:`function` Default file handle provider for KRB.
==================================================== =====================================
Detailed Interface
~~~~~~~~~~~~~~~~~~
Functions
#########
.. bro:id:: KRB::describe_file
:Type: :bro:type:`function` (f: :bro:type:`fa_file`) : :bro:type:`string`
Default file describer for KRB.
.. bro:id:: KRB::get_file_handle
:Type: :bro:type:`function` (c: :bro:type:`connection`, is_orig: :bro:type:`bool`) : :bro:type:`string`
Default file handle provider for KRB.

21
doc/scripts/base/protocols/krb/index.rst
View file

@ -1,21 +0,0 @@
:orphan:
Package: base/protocols/krb
===========================
Support for Kerberos protocol analysis.
:doc:`/scripts/base/protocols/krb/__load__.bro`
:doc:`/scripts/base/protocols/krb/main.bro`
Implements base functionality for KRB analysis. Generates the kerberos.log
file.
:doc:`/scripts/base/protocols/krb/consts.bro`
:doc:`/scripts/base/protocols/krb/files.bro`

164
doc/scripts/base/protocols/krb/main.bro.rst
View file

@ -1,164 +0,0 @@
:tocdepth: 3
base/protocols/krb/main.bro
===========================
.. bro:namespace:: KRB
Implements base functionality for KRB analysis. Generates the kerberos.log
file.
:Namespace: KRB
:Imports: :doc:`base/protocols/krb/consts.bro </scripts/base/protocols/krb/consts.bro>`
Summary
~~~~~~~
Runtime Options
###############
================================================================= =======================================================
:bro:id:`KRB::ignored_errors`: :bro:type:`set` :bro:attr:`&redef` The server response error texts which are *not* logged.
================================================================= =======================================================
Types
#####
========================================= =
:bro:type:`KRB::Info`: :bro:type:`record`
========================================= =
Redefinitions
#############
================================================================= =
:bro:type:`Log::ID`: :bro:type:`enum`
:bro:type:`connection`: :bro:type:`record`
:bro:id:`likely_server_ports`: :bro:type:`set` :bro:attr:`&redef`
================================================================= =
Events
######
========================================= ===================================================================
:bro:id:`KRB::log_krb`: :bro:type:`event` Event that can be handled to access the KRB record as it is sent on
to the logging framework.
========================================= ===================================================================
Detailed Interface
~~~~~~~~~~~~~~~~~~
Runtime Options
###############
.. bro:id:: KRB::ignored_errors
:Type: :bro:type:`set` [:bro:type:`string`]
:Attributes: :bro:attr:`&redef`
:Default:
::
{
"Need to use PA-ENC-TIMESTAMP/PA-PK-AS-REQ",
"NEEDED_PREAUTH"
}
The server response error texts which are *not* logged.
Types
#####
.. bro:type:: KRB::Info
:Type: :bro:type:`record`
ts: :bro:type:`time` :bro:attr:`&log`
Timestamp for when the event happened.
uid: :bro:type:`string` :bro:attr:`&log`
Unique ID for the connection.
id: :bro:type:`conn_id` :bro:attr:`&log`
The connection's 4-tuple of endpoint addresses/ports.
request_type: :bro:type:`string` :bro:attr:`&log` :bro:attr:`&optional`
Request type - Authentication Service ("AS") or
Ticket Granting Service ("TGS")
client: :bro:type:`string` :bro:attr:`&log` :bro:attr:`&optional`
Client
service: :bro:type:`string` :bro:attr:`&log` :bro:attr:`&optional`
Service
success: :bro:type:`bool` :bro:attr:`&log` :bro:attr:`&optional`
Request result
error_code: :bro:type:`count` :bro:attr:`&optional`
Error code
error_msg: :bro:type:`string` :bro:attr:`&log` :bro:attr:`&optional`
Error message
from: :bro:type:`time` :bro:attr:`&log` :bro:attr:`&optional`
Ticket valid from
till: :bro:type:`time` :bro:attr:`&log` :bro:attr:`&optional`
Ticket valid till
cipher: :bro:type:`string` :bro:attr:`&log` :bro:attr:`&optional`
Ticket encryption type
forwardable: :bro:type:`bool` :bro:attr:`&log` :bro:attr:`&optional`
Forwardable ticket requested
renewable: :bro:type:`bool` :bro:attr:`&log` :bro:attr:`&optional`
Renewable ticket requested
logged: :bro:type:`bool` :bro:attr:`&default` = ``F`` :bro:attr:`&optional`
We've already logged this
client_cert: :bro:type:`Files::Info` :bro:attr:`&optional`
(present if :doc:`/scripts/base/protocols/krb/files.bro` is loaded)
Client certificate
client_cert_subject: :bro:type:`string` :bro:attr:`&log` :bro:attr:`&optional`
(present if :doc:`/scripts/base/protocols/krb/files.bro` is loaded)
Subject of client certificate, if any
client_cert_fuid: :bro:type:`string` :bro:attr:`&log` :bro:attr:`&optional`
(present if :doc:`/scripts/base/protocols/krb/files.bro` is loaded)
File unique ID of client cert, if any
server_cert: :bro:type:`Files::Info` :bro:attr:`&optional`
(present if :doc:`/scripts/base/protocols/krb/files.bro` is loaded)
Server certificate
server_cert_subject: :bro:type:`string` :bro:attr:`&log` :bro:attr:`&optional`
(present if :doc:`/scripts/base/protocols/krb/files.bro` is loaded)
Subject of server certificate, if any
server_cert_fuid: :bro:type:`string` :bro:attr:`&log` :bro:attr:`&optional`
(present if :doc:`/scripts/base/protocols/krb/files.bro` is loaded)
File unique ID of server cert, if any
auth_ticket: :bro:type:`string` :bro:attr:`&log` :bro:attr:`&optional`
(present if :doc:`/scripts/policy/protocols/krb/ticket-logging.bro` is loaded)
Hash of ticket used to authorize request/transaction
new_ticket: :bro:type:`string` :bro:attr:`&log` :bro:attr:`&optional`
(present if :doc:`/scripts/policy/protocols/krb/ticket-logging.bro` is loaded)
Hash of ticket returned by the KDC
Events
######
.. bro:id:: KRB::log_krb
:Type: :bro:type:`event` (rec: :bro:type:`KRB::Info`)
Event that can be handled to access the KRB record as it is sent on
to the logging framework.