diff --git a/doc/scripts/CMakeLists.txt b/doc/scripts/CMakeLists.txt index 26b413117d..7e23a68fe6 100644 --- a/doc/scripts/CMakeLists.txt +++ b/doc/scripts/CMakeLists.txt @@ -129,9 +129,15 @@ endmacro(REST_TARGET) # Schedule Bro scripts for which to generate documentation. # Note: the script may be located in a subdirectory off of one of the main # directories in BROPATH. In that case, just list the script as 'foo/bar.bro' -rest_target(${POLICY_SRC_DIR} conn.bro user) -rest_target(${POLICY_SRC_DIR} dns.bro user) -rest_target(${CMAKE_CURRENT_SOURCE_DIR} example.bro internal) +rest_target(${POLICY_SRC_DIR} conn.bro user) +rest_target(${POLICY_SRC_DIR} site.bro user) +rest_target(${POLICY_SRC_DIR} dns.bro policy/dns-index) +rest_target(${POLICY_SRC_DIR} dns/auth-addl.bro policy/dns-index) +rest_target(${POLICY_SRC_DIR} dns/base.bro policy/dns-index) +rest_target(${POLICY_SRC_DIR} dns/consts.bro policy/dns-index) +rest_target(${POLICY_SRC_DIR} dns/detect.bro policy/dns-index) +rest_target(${POLICY_SRC_DIR} dns/passive-replication.bro policy/dns-index) +rest_target(${CMAKE_CURRENT_SOURCE_DIR} example.bro internal) # Finding out what scripts bro will generate documentation for by default # can be done like: `bro --doc-scripts --exec ""` diff --git a/doc/scripts/source/index.rst b/doc/scripts/source/index.rst index ef642d70c7..166f4a2c40 100644 --- a/doc/scripts/source/index.rst +++ b/doc/scripts/source/index.rst @@ -11,11 +11,12 @@ Contents: common builtins - policy/index default bifs user + policy/dns-index internal + policy/index Indices and tables ================== diff --git a/doc/scripts/source/policy/dns-index.rst b/doc/scripts/source/policy/dns-index.rst new file mode 100644 index 0000000000..e6b32b83ff --- /dev/null +++ b/doc/scripts/source/policy/dns-index.rst @@ -0,0 +1,3 @@ +DNS Policy Scripts +================== + diff --git a/doc/scripts/source/user.rst b/doc/scripts/source/user.rst index 7a3bba29cb..dcc6c7d941 100644 --- a/doc/scripts/source/user.rst +++ b/doc/scripts/source/user.rst @@ -1,3 +1,3 @@ -User-Facing Policy Scripts -========================== +Other User-Facing Policy Scripts +================================ diff --git a/policy/dns/base.bro b/policy/dns/base.bro index efbde2f127..7efe0ab0b6 100644 --- a/policy/dns/base.bro +++ b/policy/dns/base.bro @@ -1,4 +1,5 @@ @load functions +@load dns/consts module DNS; @@ -277,4 +278,4 @@ event connection_state_remove(c: connection) &priority=-5 for ( trans_id in c$dns_state$pending ) Log::write(DNS, c$dns_state$pending[trans_id]); } - \ No newline at end of file + diff --git a/policy/dns/detect.bro b/policy/dns/detect.bro index 6dc5721ee7..8c0ab65ed9 100644 --- a/policy/dns/detect.bro +++ b/policy/dns/detect.bro @@ -1,8 +1,12 @@ ##! Script for detecting strange activity within DNS. -##! Detections: -##! * Raise a notice for responses from remote hosts that resolve to local -##! hosts but the name is not considered to be within a local zone. -##! - local_zones variable **must** be set appropriately for this detection. +##! +##! Notices raised: +##! +##! * :bro:enum:`DNS::DNS_ExternalName` +##! +##! A remote host resolves to a local host, but the name is not considered +##! to be within a local zone. :bro:id:`local_zones` variable **must** +##! be set appropriately for this detection. @load dns/base @load notice @@ -10,9 +14,9 @@ module DNS; redef enum Notice::Type += { - # Raised when a non-local name is found to be pointing at a local host. - # This only works appropriately when all of your authoritative DNS - # servers are located in your "local_nets". + ## Raised when a non-local name is found to be pointing at a local host. + ## This only works appropriately when all of your authoritative DNS + ## servers are located in your :bro:id:`local_nets`. DNS_ExternalName, }; diff --git a/policy/dns/passive-replication.bro b/policy/dns/passive-replication.bro index 0d88289d79..e4cff67a12 100644 --- a/policy/dns/passive-replication.bro +++ b/policy/dns/passive-replication.bro @@ -1,10 +1,11 @@ ##! Script for logging passive DNS replication-type data. -##! For a definition of what passive DNS repliction is, see here:: -##! https://sie.isc.org/ - -## NOTE: This is a major hack job. -## TODO: two queries within the create_expire with different results will -## cause only one to be logged. +##! For a definition of what passive DNS repliction is, see here: +##! https://sie.isc.org/ +##! +##! .. note:: NOTE: This is a major hack job. +##! +##! TODO: two queries within the create_expire with different results will +##! cause only one to be logged. @load dns/base @@ -30,4 +31,4 @@ event bro_init() }, $include=set("ts", "query", "answers") ]); - } \ No newline at end of file + } diff --git a/policy/notice-action-filters.bro b/policy/notice-action-filters.bro index 4ef9506f0d..ffeef37038 100644 --- a/policy/notice-action-filters.bro +++ b/policy/notice-action-filters.bro @@ -1,4 +1,4 @@ -## A few predefined notice_action_filters (see notice.bro). +##! A few predefined notice_action_filters (see notice.bro). @load notice @load functions