From e4c9c58b9e16332a83129c5426586dabacf92b71 Mon Sep 17 00:00:00 2001 From: Daniel Thayer Date: Mon, 1 Dec 2014 20:58:37 -0600 Subject: [PATCH] Add man page for Bro --- CMakeLists.txt | 6 ++ man/CMakeLists.txt | 5 ++ man/bro.8 | 160 +++++++++++++++++++++++++++++++++++++++++++++ 3 files changed, 171 insertions(+) create mode 100644 man/CMakeLists.txt create mode 100644 man/bro.8 diff --git a/CMakeLists.txt b/CMakeLists.txt index 22d63a89d5..7a287ef5b4 100644 --- a/CMakeLists.txt +++ b/CMakeLists.txt @@ -15,6 +15,11 @@ if (NOT BRO_SCRIPT_INSTALL_PATH) set(BRO_SCRIPT_INSTALL_PATH ${BRO_ROOT_DIR}/share/bro) endif () +if (NOT BRO_MAN_INSTALL_PATH) + # set the default Bro man page installation path (user did not specify one) + set(BRO_MAN_INSTALL_PATH ${BRO_ROOT_DIR}/share/man) +endif () + # sanitize the Bro script install directory into an absolute path # (CMake is confused by ~ as a representation of home directory) get_filename_component(BRO_SCRIPT_INSTALL_PATH ${BRO_SCRIPT_INSTALL_PATH} @@ -175,6 +180,7 @@ include_directories(${CMAKE_CURRENT_BINARY_DIR}) add_subdirectory(src) add_subdirectory(scripts) add_subdirectory(doc) +add_subdirectory(man) include(CheckOptionalBuildSources) diff --git a/man/CMakeLists.txt b/man/CMakeLists.txt new file mode 100644 index 0000000000..a369ee32b3 --- /dev/null +++ b/man/CMakeLists.txt @@ -0,0 +1,5 @@ + +install(DIRECTORY . DESTINATION ${BRO_MAN_INSTALL_PATH}/man8 FILES_MATCHING + PATTERN "*.8" +) + diff --git a/man/bro.8 b/man/bro.8 new file mode 100644 index 0000000000..ca8a8823fc --- /dev/null +++ b/man/bro.8 @@ -0,0 +1,160 @@ +.TH BRO "8" "November 2014" "bro" "System Administration Utilities" +.SH NAME +bro \- passive network traffic analyzer +.SH SYNOPSIS +.B bro +\/\fP [options] [file ...] +.SH DESCRIPTION +Bro is primarily a security monitor that inspects all traffic on a link in +depth for signs of suspicious activity. More generally, however, Bro +supports a wide range of traffic analysis tasks even outside of the +security domain, including performance measurements and helping with +trouble-shooting. + +Bro comes with built-in functionality for a range of analysis and detection +tasks, including detecting malware by interfacing to external registries, +reporting vulnerable versions of software seen on the network, identifying +popular web applications, detecting SSH brute-forcing, validating SSL +certificate chains, among others. +.SH OPTIONS +.TP +.B +policy file, or read stdin +.TP +\fB\-a\fR,\ \-\-parse\-only +exit immediately after parsing scripts +.TP +\fB\-b\fR,\ \-\-bare\-mode +don't load scripts from the base/ directory +.TP +\fB\-d\fR,\ \-\-debug\-policy +activate policy file debugging +.TP +\fB\-e\fR,\ \-\-exec +augment loaded policies by given code +.TP +\fB\-f\fR,\ \-\-filter +tcpdump filter +.TP +\fB\-g\fR,\ \-\-dump\-config +dump current config into .state dir +.TP +\fB\-h\fR,\ \-\-help|\-? +command line help +.TP +\fB\-i\fR,\ \-\-iface +read from given interface +.TP +\fB\-p\fR,\ \-\-prefix +add given prefix to policy file resolution +.TP +\fB\-r\fR,\ \-\-readfile +read from given tcpdump file +.TP +\fB\-y\fR,\ \-\-flowfile [=] +read from given flow file +.TP +\fB\-Y\fR,\ \-\-netflow :[=] +read flow from socket +.TP +\fB\-s\fR,\ \-\-rulefile +read rules from given file +.TP +\fB\-t\fR,\ \-\-tracefile +activate execution tracing +.TP +\fB\-w\fR,\ \-\-writefile +write to given tcpdump file +.TP +\fB\-v\fR,\ \-\-version +print version and exit +.TP +\fB\-x\fR,\ \-\-print\-state +print contents of state file +.TP +\fB\-z\fR,\ \-\-analyze +run the specified policy file analysis +.TP +\fB\-C\fR,\ \-\-no\-checksums +ignore checksums +.TP +\fB\-D\fR,\ \-\-dfa\-size +DFA state cache size +.TP +\fB\-F\fR,\ \-\-force\-dns +force DNS +.TP +\fB\-I\fR,\ \-\-print\-id +print out given ID +.TP +\fB\-K\fR,\ \-\-md5\-hashkey +set key for MD5\-keyed hashing +.TP +\fB\-L\fR,\ \-\-rule\-benchmark +benchmark for rules +.TP +\fB\-N\fR,\ \-\-print\-plugins +print available plugins and exit (\fB\-NN\fR for verbose) +.TP +\fB\-O\fR,\ \-\-optimize +optimize policy script +.TP +\fB\-P\fR,\ \-\-prime\-dns +prime DNS +.TP +\fB\-R\fR,\ \-\-replay +replay events +.TP +\fB\-S\fR,\ \-\-debug\-rules +enable rule debugging +.TP +\fB\-T\fR,\ \-\-re\-level +set 'RE_level' for rules +.TP +\fB\-U\fR,\ \-\-status\-file +Record process status in file +.TP +\fB\-W\fR,\ \-\-watchdog +activate watchdog timer +.TP +\fB\-X\fR,\ \-\-broxygen +generate documentation based on config file +.TP +\fB\-\-pseudo\-realtime[=\fR] +enable pseudo\-realtime for performance evaluation (default 1) +.TP +\fB\-\-load\-seeds\fR +load seeds from given file +.TP +\fB\-\-save\-seeds\fR +save seeds to given file +.SH ENVIRONMENTS +.TP +.B BROPATH +file search path (.:/usr/share/bro:/usr/share/bro/policy:/usr/share/bro/site) +.TP +.B BRO_PREFIXES +prefix list () +.TP +.B BRO_DNS_FAKE +disable DNS lookups (off) +.TP +.B BRO_SEED_FILE +file to load seeds from (not set) +.TP +.B BRO_LOG_SUFFIX +ASCII log file extension (.log) +.TP +.B BRO_PROFILER_FILE +Output file for script execution statistics (not set) +.TP +.B BRO_DISABLE_BROXYGEN +Disable Broxygen documentation support (not set) +.IP +Supported log formats: Ascii,SQLite +.SH AUTHOR +.B bro +was written by The Bro Project . +.PP +This manual page was written by Raúl Benencia +for the Debian project (but may be used by others).