mirror of
https://github.com/zeek/zeek.git
synced 2025-10-07 09:08:20 +00:00
7e9d48f532
The broxygen-generated files now live in the git repo, have tests that check that they are up-to-date, and a script to re-generate them on-demand.
188 lines
7.4 KiB
ReStructuredText
188 lines
7.4 KiB
ReStructuredText
:tocdepth: 3
|
|
|
|
base/utils/site.bro
|
|
===================
|
|
.. bro:namespace:: Site
|
|
|
|
Definitions describing a site - which networks and DNS zones are "local"
|
|
and "neighbors", and servers running particular services.
|
|
|
|
:Namespace: Site
|
|
:Imports: :doc:`base/utils/patterns.bro </scripts/base/utils/patterns.bro>`
|
|
|
|
Summary
|
|
~~~~~~~
|
|
Runtime Options
|
|
###############
|
|
========================================================================= ======================================================================
|
|
:bro:id:`Site::local_admins`: :bro:type:`table` :bro:attr:`&redef` If local network administrators are known and they have responsibility
|
|
for defined address space, then a mapping can be defined here between
|
|
networks for which they have responsibility and a set of email
|
|
addresses.
|
|
:bro:id:`Site::local_nets`: :bro:type:`set` :bro:attr:`&redef` Networks that are considered "local".
|
|
:bro:id:`Site::local_zones`: :bro:type:`set` :bro:attr:`&redef` DNS zones that are considered "local".
|
|
:bro:id:`Site::neighbor_nets`: :bro:type:`set` :bro:attr:`&redef` Networks that are considered "neighbors".
|
|
:bro:id:`Site::neighbor_zones`: :bro:type:`set` :bro:attr:`&redef` DNS zones that are considered "neighbors".
|
|
:bro:id:`Site::private_address_space`: :bro:type:`set` :bro:attr:`&redef` Address space that is considered private and unrouted.
|
|
========================================================================= ======================================================================
|
|
|
|
State Variables
|
|
###############
|
|
=================================================== =====================================================================
|
|
:bro:id:`Site::local_nets_table`: :bro:type:`table` This is used for retrieving the subnet when using multiple entries in
|
|
:bro:id:`Site::local_nets`.
|
|
=================================================== =====================================================================
|
|
|
|
Functions
|
|
#########
|
|
====================================================== =================================================================
|
|
:bro:id:`Site::get_emails`: :bro:type:`function` Function that returns a comma-separated list of email addresses
|
|
that are considered administrators for the IP address provided as
|
|
an argument.
|
|
:bro:id:`Site::is_local_addr`: :bro:type:`function` Function that returns true if an address corresponds to one of
|
|
the local networks, false if not.
|
|
:bro:id:`Site::is_local_name`: :bro:type:`function` Function that returns true if a host name is within a local
|
|
DNS zone.
|
|
:bro:id:`Site::is_neighbor_addr`: :bro:type:`function` Function that returns true if an address corresponds to one of
|
|
the neighbor networks, false if not.
|
|
:bro:id:`Site::is_neighbor_name`: :bro:type:`function` Function that returns true if a host name is within a neighbor
|
|
DNS zone.
|
|
:bro:id:`Site::is_private_addr`: :bro:type:`function` Function that returns true if an address corresponds to one of
|
|
the private/unrouted networks, false if not.
|
|
====================================================== =================================================================
|
|
|
|
|
|
Detailed Interface
|
|
~~~~~~~~~~~~~~~~~~
|
|
Runtime Options
|
|
###############
|
|
.. bro:id:: Site::local_admins
|
|
|
|
:Type: :bro:type:`table` [:bro:type:`subnet`] of :bro:type:`set` [:bro:type:`string`]
|
|
:Attributes: :bro:attr:`&redef`
|
|
:Default: ``{}``
|
|
|
|
If local network administrators are known and they have responsibility
|
|
for defined address space, then a mapping can be defined here between
|
|
networks for which they have responsibility and a set of email
|
|
addresses.
|
|
|
|
.. bro:id:: Site::local_nets
|
|
|
|
:Type: :bro:type:`set` [:bro:type:`subnet`]
|
|
:Attributes: :bro:attr:`&redef`
|
|
:Default: ``{}``
|
|
|
|
Networks that are considered "local". Note that BroControl sets
|
|
this automatically.
|
|
|
|
.. bro:id:: Site::local_zones
|
|
|
|
:Type: :bro:type:`set` [:bro:type:`string`]
|
|
:Attributes: :bro:attr:`&redef`
|
|
:Default: ``{}``
|
|
|
|
DNS zones that are considered "local".
|
|
|
|
.. bro:id:: Site::neighbor_nets
|
|
|
|
:Type: :bro:type:`set` [:bro:type:`subnet`]
|
|
:Attributes: :bro:attr:`&redef`
|
|
:Default: ``{}``
|
|
|
|
Networks that are considered "neighbors".
|
|
|
|
.. bro:id:: Site::neighbor_zones
|
|
|
|
:Type: :bro:type:`set` [:bro:type:`string`]
|
|
:Attributes: :bro:attr:`&redef`
|
|
:Default: ``{}``
|
|
|
|
DNS zones that are considered "neighbors".
|
|
|
|
.. bro:id:: Site::private_address_space
|
|
|
|
:Type: :bro:type:`set` [:bro:type:`subnet`]
|
|
:Attributes: :bro:attr:`&redef`
|
|
:Default:
|
|
|
|
::
|
|
|
|
{
|
|
192.168.0.0/16,
|
|
127.0.0.0/8,
|
|
::1/128,
|
|
172.16.0.0/12,
|
|
10.0.0.0/8,
|
|
fe80::/10,
|
|
100.64.0.0/10
|
|
}
|
|
|
|
Address space that is considered private and unrouted.
|
|
By default it has RFC defined non-routable IPv4 address space.
|
|
|
|
State Variables
|
|
###############
|
|
.. bro:id:: Site::local_nets_table
|
|
|
|
:Type: :bro:type:`table` [:bro:type:`subnet`] of :bro:type:`subnet`
|
|
:Default: ``{}``
|
|
|
|
This is used for retrieving the subnet when using multiple entries in
|
|
:bro:id:`Site::local_nets`. It's populated automatically from there.
|
|
A membership query can be done with an
|
|
:bro:type:`addr` and the table will yield the subnet it was found
|
|
within.
|
|
|
|
Functions
|
|
#########
|
|
.. bro:id:: Site::get_emails
|
|
|
|
:Type: :bro:type:`function` (a: :bro:type:`addr`) : :bro:type:`string`
|
|
|
|
Function that returns a comma-separated list of email addresses
|
|
that are considered administrators for the IP address provided as
|
|
an argument.
|
|
The function inspects :bro:id:`Site::local_admins`.
|
|
|
|
.. bro:id:: Site::is_local_addr
|
|
|
|
:Type: :bro:type:`function` (a: :bro:type:`addr`) : :bro:type:`bool`
|
|
|
|
Function that returns true if an address corresponds to one of
|
|
the local networks, false if not.
|
|
The function inspects :bro:id:`Site::local_nets`.
|
|
|
|
.. bro:id:: Site::is_local_name
|
|
|
|
:Type: :bro:type:`function` (name: :bro:type:`string`) : :bro:type:`bool`
|
|
|
|
Function that returns true if a host name is within a local
|
|
DNS zone.
|
|
The function inspects :bro:id:`Site::local_zones`.
|
|
|
|
.. bro:id:: Site::is_neighbor_addr
|
|
|
|
:Type: :bro:type:`function` (a: :bro:type:`addr`) : :bro:type:`bool`
|
|
|
|
Function that returns true if an address corresponds to one of
|
|
the neighbor networks, false if not.
|
|
The function inspects :bro:id:`Site::neighbor_nets`.
|
|
|
|
.. bro:id:: Site::is_neighbor_name
|
|
|
|
:Type: :bro:type:`function` (name: :bro:type:`string`) : :bro:type:`bool`
|
|
|
|
Function that returns true if a host name is within a neighbor
|
|
DNS zone.
|
|
The function inspects :bro:id:`Site::neighbor_zones`.
|
|
|
|
.. bro:id:: Site::is_private_addr
|
|
|
|
:Type: :bro:type:`function` (a: :bro:type:`addr`) : :bro:type:`bool`
|
|
|
|
Function that returns true if an address corresponds to one of
|
|
the private/unrouted networks, false if not.
|
|
The function inspects :bro:id:`Site::private_address_space`.
|
|
|
|
|