base/utils/site.bro

Site

Definitions describing a site - which networks and DNS zones are “local” and “neighbors”, and servers running particular services.

Namespace:Site
Imports:base/utils/patterns.bro
Source File:/scripts/base/utils/site.bro

Summary

Options

Site::local_admins: table &redef If local network administrators are known and they have responsibility for defined address space, then a mapping can be defined here between networks for which they have responsibility and a set of email addresses.
Site::local_nets: set &redef Networks that are considered “local”.
Site::local_zones: set &redef DNS zones that are considered “local”.
Site::neighbor_nets: set &redef Networks that are considered “neighbors”.
Site::neighbor_zones: set &redef DNS zones that are considered “neighbors”.
Site::private_address_space: set &redef Address space that is considered private and unrouted.

State Variables

Site::local_nets_table: table This is used for retrieving the subnet when using multiple entries in Site::local_nets.

Functions

Site::get_emails: function Function that returns a comma-separated list of email addresses that are considered administrators for the IP address provided as an argument.
Site::is_local_addr: function Function that returns true if an address corresponds to one of the local networks, false if not.
Site::is_local_name: function Function that returns true if a host name is within a local DNS zone.
Site::is_neighbor_addr: function Function that returns true if an address corresponds to one of the neighbor networks, false if not.
Site::is_neighbor_name: function Function that returns true if a host name is within a neighbor DNS zone.
Site::is_private_addr: function Function that returns true if an address corresponds to one of the private/unrouted networks, false if not.

Detailed Interface

Options

Site::local_admins
Type:table [subnet] of set [string]
Attributes:&redef
Default:{}

If local network administrators are known and they have responsibility for defined address space, then a mapping can be defined here between networks for which they have responsibility and a set of email addresses.

Site::local_nets
Type:set [subnet]
Attributes:&redef
Default:{}

Networks that are considered “local”. Note that BroControl sets this automatically.

Site::local_zones
Type:set [string]
Attributes:&redef
Default:{}

DNS zones that are considered “local”.

Site::neighbor_nets
Type:set [subnet]
Attributes:&redef
Default:{}

Networks that are considered “neighbors”.

Site::neighbor_zones
Type:set [string]
Attributes:&redef
Default:{}

DNS zones that are considered “neighbors”.

Site::private_address_space
Type:set [subnet]
Attributes:&redef
Default:
{
   172.16.0.0/12,
   fe80::/10,
   192.168.0.0/16,
   100.64.0.0/10,
   ::1/128,
   127.0.0.0/8,
   10.0.0.0/8
}

Address space that is considered private and unrouted. By default it has RFC defined non-routable IPv4 address space.

State Variables

Site::local_nets_table
Type:table [subnet] of subnet
Default:{}

This is used for retrieving the subnet when using multiple entries in Site::local_nets. It’s populated automatically from there. A membership query can be done with an addr and the table will yield the subnet it was found within.

Functions

Site::get_emails
Type:function (a: addr) : string

Function that returns a comma-separated list of email addresses that are considered administrators for the IP address provided as an argument. The function inspects Site::local_admins.

Site::is_local_addr
Type:function (a: addr) : bool

Function that returns true if an address corresponds to one of the local networks, false if not. The function inspects Site::local_nets.

Site::is_local_name
Type:function (name: string) : bool

Function that returns true if a host name is within a local DNS zone. The function inspects Site::local_zones.

Site::is_neighbor_addr
Type:function (a: addr) : bool

Function that returns true if an address corresponds to one of the neighbor networks, false if not. The function inspects Site::neighbor_nets.

Site::is_neighbor_name
Type:function (name: string) : bool

Function that returns true if a host name is within a neighbor DNS zone. The function inspects Site::neighbor_zones.

Site::is_private_addr
Type:function (a: addr) : bool

Function that returns true if an address corresponds to one of the private/unrouted networks, false if not. The function inspects Site::private_address_space.

Copyright 2016, The Bro Project. Last updated on April 25, 2017. Created using Sphinx 1.4.8.