-
-
-
-{% endblock %}
-
-{% block footer %}
-
-{% endblock %}
+{% if READTHEDOCS and current_version %}
+ {% if current_version == "latest" or current_version == "stable" %}
+ {% set current_version = current_version ~ " (" ~ version ~ ")" %}
+ {% endif %}
+{% endif %}
diff --git a/doc/broids/index.rst b/doc/broids/index.rst
index 96f50f8fa5..6a1850a312 100644
--- a/doc/broids/index.rst
+++ b/doc/broids/index.rst
@@ -1,9 +1,9 @@
.. _bro-ids:
-=======
-Bro IDS
-=======
+===
+IDS
+===
An Intrusion Detection System (IDS) allows you to detect suspicious
activities happening on your network as a result of a past or active
@@ -24,8 +24,26 @@ rejected usernames and passwords occurring from a single address. We
start by defining a threshold for the number of attempts, a monitoring
interval (in minutes), and a new notice type.
-.. btest-include:: ${BRO_SRC_ROOT}/scripts/policy/protocols/ftp/detect-bruteforcing.bro
- :lines: 9-25
+.. sourcecode:: bro
+ :caption: detect-bruteforcing.bro
+
+ module FTP;
+
+ export {
+ redef enum Notice::Type += {
+ ## Indicates a host bruteforcing FTP logins by watching for too
+ ## many rejected usernames or failed passwords.
+ Bruteforcing
+ };
+
+ ## How many rejected usernames or passwords are required before being
+ ## considered to be bruteforcing.
+ const bruteforce_threshold: double = 20 &redef;
+
+ ## The time period in which the threshold needs to be crossed before
+ ## being reset.
+ const bruteforce_measurement_interval = 15mins &redef;
+ }
Using the ftp_reply event, we check for error codes from the `500
series
-
-
-
-
-
-
-
-
-
- {{ relbar() }}
-
-
-
- {% block body %}
- {% endblock %}
-
-
-
-
- - - - - {% if next %} - - {% endif %} - - {% if prev %} - - {% endif %} - - {%- if pagename != "search" %} - - - {%- endif %} - -
-
- }})
-
-
- - - - - - {% if next %} - - {% endif %} - - {% if prev %} - - {% endif %} - - {%- if pagename != "search" %} - - - {%- endif %} - -
-
-
-
-
-
- Copyright {{ copyright }}.
- Last updated on {{ last_updated }}.
- Created using Sphinx {{ sphinx_version }}.
-
-
- - " + toc
-
- context["toc"] = toc
-
- # print >>sys.stderr, pagename
- # print >>sys.stderr, context["toc"]
- # print >>sys.stderr, "-----"
- # print >>sys.stderr, toc
- # print >>sys.stderr, "===="
-
-def setup(app):
- app.connect('html-page-context', process_html_toc)
-
diff --git a/doc/ext/bro_lexer/__init__.py b/doc/ext/bro_lexer/__init__.py
deleted file mode 100644
index e69de29bb2..0000000000
diff --git a/doc/ext/bro_lexer/bro.py b/doc/ext/bro_lexer/bro.py
deleted file mode 100644
index ae2566a8de..0000000000
--- a/doc/ext/bro_lexer/bro.py
+++ /dev/null
@@ -1,76 +0,0 @@
-from pygments.lexer import RegexLexer, bygroups, include
-from pygments.token import *
-
-__all__ = ["BroLexer"]
-
-class BroLexer(RegexLexer):
- name = 'Bro'
- aliases = ['bro']
- filenames = ['*.bro']
-
- _hex = r'[0-9a-fA-F_]+'
- _float = r'((\d*\.?\d+)|(\d+\.?\d*))([eE][-+]?\d+)?'
- _h = r'[A-Za-z0-9][-A-Za-z0-9]*'
-
- tokens = {
- 'root': [
- # Whitespace
- ('^@.*?\n', Comment.Preproc),
- (r'#.*?\n', Comment.Single),
- (r'\n', Text),
- (r'\s+', Text),
- (r'\\\n', Text),
- # Keywords
- (r'(add|alarm|break|case|const|continue|delete|do|else|enum|event'
- r'|export|for|function|if|global|local|module|next'
- r'|of|print|redef|return|schedule|when|while)\b', Keyword),
- (r'(addr|any|bool|count|counter|double|file|int|interval|net'
- r'|pattern|port|record|set|string|subnet|table|time|timer'
- r'|vector)\b', Keyword.Type),
- (r'(T|F)\b', Keyword.Constant),
- (r'(&)((?:add|delete|expire)_func|attr|(create|read|write)_expire'
- r'|default|raw_output|encrypt|group|log'
- r'|mergeable|optional|persistent|priority|redef'
- r'|rotate_(?:interval|size)|synchronized)\b', bygroups(Punctuation,
- Keyword)),
- (r'\s+module\b', Keyword.Namespace),
- # Addresses, ports and networks
- (r'\d+/(tcp|udp|icmp|unknown)\b', Number),
- (r'(\d+\.){3}\d+', Number),
- (r'(' + _hex + r'){7}' + _hex, Number),
- (r'0x' + _hex + r'(' + _hex + r'|:)*::(' + _hex + r'|:)*', Number),
- (r'((\d+|:)(' + _hex + r'|:)*)?::(' + _hex + r'|:)*', Number),
- (r'(\d+\.\d+\.|(\d+\.){2}\d+)', Number),
- # Hostnames
- (_h + r'(\.' + _h + r')+', String),
- # Numeric
- (_float + r'\s+(day|hr|min|sec|msec|usec)s?\b', Literal.Date),
- (r'0[xX]' + _hex, Number.Hex),
- (_float, Number.Float),
- (r'\d+', Number.Integer),
- (r'/', String.Regex, 'regex'),
- (r'"', String, 'string'),
- # Operators
- (r'[!%*/+-:<=>?~|]', Operator),
- (r'([-+=&|]{2}|[+-=!><]=)', Operator),
- (r'(in|match)\b', Operator.Word),
- (r'[{}()\[\]$.,;]', Punctuation),
- # Identfier
- (r'([_a-zA-Z]\w*)(::)', bygroups(Name, Name.Namespace)),
- (r'[a-zA-Z_][a-zA-Z_0-9]*', Name)
- ],
- 'string': [
- (r'"', String, '#pop'),
- (r'\\([\\abfnrtv"\']|x[a-fA-F0-9]{2,4}|[0-7]{1,3})', String.Escape),
- (r'[^\\"\n]+', String),
- (r'\\\n', String),
- (r'\\', String)
- ],
- 'regex': [
- (r'/', String.Regex, '#pop'),
- (r'\\[\\nt/]', String.Regex), # String.Escape is too intense.
- (r'[^\\/\n]+', String.Regex),
- (r'\\\n', String.Regex),
- (r'\\', String.Regex)
- ]
- }
diff --git a/doc/ext/broxygen.py b/doc/ext/broxygen.py
deleted file mode 100644
index b6b47bb82b..0000000000
--- a/doc/ext/broxygen.py
+++ /dev/null
@@ -1,317 +0,0 @@
-"""
-Broxygen domain for Sphinx.
-
-Adds directives that allow Sphinx to invoke Bro in order to generate script
-reference documentation on the fly. The directives are:
-
-broxygen:package
- - Shows links to all scripts contained within matching package(s).
-broxygen:package_index
- - An index with links to matching package document(s).
-broxygen:script
- - Reference for matching script(s) (i.e. everything declared by the script).
-broxygen:script_summary
- - Shows link to matching script(s) with it's summary-section comments.
-broxygen:script_index
- - An index with links to all matching scrips.
-broxygen:proto_analyzer
- - All protocol analyzers and their components (events/bifs, etc.)
-broxygen:file_analyzer
- - All file analyzers and their components (events/bifs, etc.)
-"""
-
-
-from sphinx.domains import Domain, ObjType
-from sphinx.locale import l_
-from docutils.parsers.rst.directives.misc import Include
-
-
-App = None
-
-
-def info(msg):
- """Use Sphinx builder to output a console message."""
- global App
- from sphinx.util.console import blue
- App.builder.info(blue(msg))
-
-
-def pattern_to_filename_component(pattern):
- """Replace certain characters in Broxygen config file target pattern.
-
- Such that it can be used as part of a (sane) filename.
-
- """
- return pattern.replace("/", ".").replace("*", "star")
-
-
-def ensure_dir(path):
- """Should act like ``mkdir -p``."""
- import os
- import errno
-
- try:
- os.makedirs(path)
- except OSError as e:
- if e.errno != errno.EEXIST:
- raise
-
-
-def generate_config(env, type, pattern):
- """Create a Broxygen config file for a particular target.
-
- It can be used by Bro to generate reST docs for that target.
-
- """
- import os
- import tempfile
- from sphinx.errors import SphinxError
-
- work_dir = env.config.broxygen_cache
-
- if not work_dir:
- raise SphinxError("broxygen_cache not set in sphinx config file")
-
- ensure_dir(work_dir)
- prefix = "{0}-{1}-".format(type, pattern_to_filename_component(pattern))
- (fd, cfg) = tempfile.mkstemp(suffix=".cfg", prefix=prefix, dir=work_dir)
- generated_file = "{0}.rst".format(cfg)
- config = "{0}\t{1}\t{2}".format(type, pattern, generated_file)
- f = os.fdopen(fd, "w")
- f.write(config)
- f.close()
- return (cfg, generated_file)
-
-
-def generate_target(env, type, pattern):
- """Create a Broxygen target and build it.
-
- For a target which hasn't been referenced by any other script, this function
- creates an associated config file then uses Bro w/ it to build the target
- and stores the target information in the build environment.
-
- If a script references a target that's already found in the build
- environment the results of the previous built are re-used.
-
- """
- app_data = env.domaindata["broxygen"]
-
- if (type, pattern) in app_data["targets"]:
- info("Broxygen has cached doc for target '{0} {1}'".format(
- type, pattern))
- return app_data["targets"]
-
- (cfg, gend_file) = generate_config(env, type, pattern)
- target = BroxygenTarget(type, pattern, cfg, gend_file)
- app_data["targets"][(type, pattern)] = target
- build_target(env, target)
- info("Broxygen built target '{0} {1}'".format(type, pattern))
- return target
-
-
-def build_target(env, target):
- """Invoke a Bro process to build a Broxygen target."""
- import os
- import subprocess
-
- path_to_bro = env.config.bro_binary
-
- if not path_to_bro:
- raise SphinxError("'bro' not set in sphinx config file (path to bro)")
-
- bro_cmd = "{0} -X {1} broxygen".format(path_to_bro, target.config_file)
- cwd = os.getcwd()
- os.chdir(os.path.dirname(target.config_file))
-
- try:
- subprocess.check_output(bro_cmd, stderr=subprocess.STDOUT, shell=True)
- except subprocess.CalledProcessError as e:
- from sphinx.errors import SphinxError
- raise SphinxError(
- "Command '{0}' returned non-zero exit status {1}: {2}".format(
- e.cmd, e.returncode, e.output))
- finally:
- os.chdir(cwd)
-
-
-class BroxygenTarget(object):
-
- """Some portion of reST documentation that Bro knows how to generate.
-
- A target is identified by its type and pattern. E.g. type "script" and
- pattern "broxygen/example.bro".
-
- """
-
- def __init__(self, type, pattern, config_file, generated_file):
- self.type = type
- self.pattern = pattern
- self.config_file = config_file
- self.generated_file = generated_file
- self.used_in_docs = set()
-
-
-class BroxygenDirective(Include):
-
- """Base class for Broxygen directives.
-
- It can use Bro to generate reST documentation on the fly and embed it in
- the document at the location of the directive just like the ``.. include::``
- directive. The only argument is a pattern to identify to Bro which
- pieces of documentation it needs to create.
- """
-
- required_arguments = 1
- has_content = False
-
- target_type = None
-
- def run(self):
- env = self.state.document.settings.env
- info("Broxygen running .. {0}:: {1} in {2}".format(
- self.name, self.arguments[0], env.docname))
- target = generate_target(env, self.target_type, self.arguments[0])
- target.used_in_docs.add(env.docname)
- self.arguments = [target.generated_file]
- return super(BroxygenDirective, self).run()
-
-
-class PackageDirective(BroxygenDirective):
-
- target_type = "package"
-
-
-class PackageIndexDirective(BroxygenDirective):
-
- target_type = "package_index"
-
-
-class ScriptDirective(BroxygenDirective):
-
- target_type = "script"
-
-
-class ScriptSummaryDirective(BroxygenDirective):
-
- target_type = "script_summary"
-
-
-class ScriptIndexDirective(BroxygenDirective):
-
- target_type = "script_index"
-
-
-class ProtoAnalyzerDirective(BroxygenDirective):
-
- target_type = "proto_analyzer"
-
-
-class FileAnalyzerDirective(BroxygenDirective):
-
- target_type = "file_analyzer"
-
-
-class IdentifierDirective(BroxygenDirective):
-
- target_type = "identifier"
-
-
-class BroxygenDomain(Domain):
-
- name = "broxygen"
- label = "Broxygen"
-
- object_types = {
- "package": ObjType(l_("package")),
- "package_index": ObjType(l_("package_index")),
- "script": ObjType(l_("script")),
- "script_summary": ObjType(l_("script_summary")),
- "script_index": ObjType(l_("script_index")),
- "proto_analyzer": ObjType(l_("proto_analyzer")),
- "file_analyzer": ObjType(l_("file_analyzer")),
- "identifier": ObjType(l_("identifier")),
- }
-
- directives = {
- "package": PackageDirective,
- "package_index": PackageIndexDirective,
- "script": ScriptDirective,
- "script_summary": ScriptSummaryDirective,
- "script_index": ScriptIndexDirective,
- "proto_analyzer": ProtoAnalyzerDirective,
- "file_analyzer": FileAnalyzerDirective,
- "identifier": IdentifierDirective,
- }
-
- roles = {}
-
- initial_data = {
- "targets": {}
- }
-
- def clear_doc(self, docname):
- """Update Broxygen targets referenced in docname.
-
- If it's the last place the target was referenced, remove it from
- the build environment and delete any generated config/reST files
- associated with it from the cache.
-
- """
- import os
-
- stale_targets = []
-
- for (type, pattern), target in self.data["targets"].items():
- if docname in target.used_in_docs:
- target.used_in_docs.remove(docname)
-
- if not target.used_in_docs:
- stale_targets.append(target)
-
- for target in stale_targets:
- del self.data["targets"][(target.type, target.pattern)]
- os.remove(target.config_file)
- os.remove(target.generated_file)
-
- def get_objects(self):
- """No Broxygen-generated content is itself linkable/searchable."""
- return []
-
-
-def env_get_outdated_hook(app, env, added, changed, removed):
- """Check whether to re-read any documents referencing Broxygen targets.
-
- To do that we have to ask Bro to rebuild each target and compare the
- before and after modification times of the generated reST output file.
- If Bro changed it, then the document containing the Broxygen directive
- needs to be re-read.
-
- """
- import os
-
- reread = set()
-
- for target in app.env.domaindata["broxygen"]["targets"].values():
- before_mtime = os.stat(target.generated_file)
- build_target(env, target)
- after_mtime = os.stat(target.generated_file)
-
- if after_mtime > before_mtime:
- info("Broxygen target '{0} {1}' outdated".format(
- target.type, target.pattern))
-
- for docname in target.used_in_docs:
- if docname not in removed:
- info(" in document: {0}".format(docname))
- reread.add(docname)
-
- return list(reread)
-
-
-def setup(app):
- global App
- App = app
- app.add_domain(BroxygenDomain)
- app.add_config_value("bro_binary", None, "env")
- app.add_config_value("broxygen_cache", None, "env")
- app.connect("env-get-outdated", env_get_outdated_hook)
diff --git a/doc/ext/rst_directive.py b/doc/ext/rst_directive.py
deleted file mode 100644
index 43c95abc52..0000000000
--- a/doc/ext/rst_directive.py
+++ /dev/null
@@ -1,183 +0,0 @@
-def setup(app):
- pass
-
-# -*- coding: utf-8 -*-
-"""
-
-Modified version of the the Pygments reStructuredText directive. -Robin
-
-This provides two new directives:
-
- - .. code:: [
-
@@ -332,7 +343,7 @@ Reading Packet Capture (pcap) Files
Capturing packets from an interface and writing them to a file can be done
like this:
-.. console::
+.. sourcecode:: console
sudo tcpdump -i en0 -s 0 -w mypackets.trace
@@ -343,7 +354,7 @@ whole packets; in cases where it's not supported use ``-s 65535`` instead).
After a while of capturing traffic, kill the ``tcpdump`` (with ctrl-c),
and tell Bro to perform all the default analysis on the capture which primarily includes :
-.. console::
+.. sourcecode:: console
bro -r mypackets.trace
@@ -352,7 +363,7 @@ Bro will output log files into the working directory.
If you are interested in more detection, you can again load the ``local``
script that we include as a suggested configuration:
-.. console::
+.. sourcecode:: console
bro -r mypackets.trace local
@@ -361,7 +372,7 @@ Telling Bro Which Scripts to Load
A command-line invocation of Bro typically looks like:
-.. console::
+.. sourcecode:: console
bro