honeyclient.xml

Revision 776, 32.9 kB (checked in by kindlund, 1 year ago)
Re-enabled experimental DB support.
Property svn:keywords set to `Id "$file"`

Line
1	<?xml version="1.0" encoding="utf-8"?>
2	<!--
3	#######################################################################
4	HoneyClient Configuration File
5
6	This configuration file is used by the HoneyClient perl modules in
7	order to specify and use the following global configuration options.
8
9	For information about the syntax of this file format, please type
10	"perldoc XML::Simple".
11
12	CVS: $Id$
13
14	#######################################################################
15
16	Syntax Notes:
17
18	Note: During processing, if the HoneyClient expects a module-specific
19	variable to be present within this configuration file (e.g., "address")
20	but it is not listed or commented out, then the code will attempt
21	to look for the same variable within any of the module's parents.
22
23	For example, the code may expect:
24	<HoneyClient>
25	<Agent>
26	<Driver>
27	<address>localhost</address>
28	</Driver>
29	</Agent>
30	</HoneyClient>
31
32	But the following will work as well:
33	<HoneyClient>
34	<Agent>
35	<address>localhost</address>
36	</Agent>
37	</HoneyClient>
38
39	<HoneyClient>
40	<address>localhost</address>
41	</HoneyClient>
42
43	Keep in mind, though, that some variables should remain module-specific
44	(i.e., "port") in order to avoid collisions between modules.
45
46	-->
47	<HoneyClient>
48	<!-- Global Options -->
49	<!-- Note: This timeout should be long enough so that the Agent watchdog code will properly let the integrity checking code finish, before detecting a faulty timeout in processing. -->
50	<timeout description="Default timeout used for all communications between each module (in seconds)." default="900">
51	3600
52	</timeout>
53	<log_config description="The global Log4perl configuration file, used throughout all modules. This setting should not need to be changed." default="etc/honeyclient_log.conf">
54	etc/honeyclient_log.conf
55	</log_config>
56	<syslog_address description="The IP address of the syslog server that all logging messages will be sent to by both Agent and Manager processes over UDP port 514." default="10.0.0.1">
57	10.0.0.1
58	</syslog_address>
59	<!-- HoneyClient::Agent Options -->
60	<Agent>
61	<!-- TODO: Update this. -->
62	<address description="The IP or hostname that all Agent modules should use, when accepting SOAP requests." default="0.0.0.0">
63	0.0.0.0
64	</address>
65	<!-- TODO: Update this. -->
66	<!-- Note: This port should be unique and not already in use by other modules, services, or daemons running inside the VM. -->
67	<port description="The TCP port number that the SOAP server for all Agent modules will listen on for requests." default="9000">
68	9000
69	</port>
70	<allowed_drivers description="List of implemented Drivers that the Agent is allowed to run directly.">
71	<name>HoneyClient::Agent::Driver::Browser::IE</name>
72	<name>HoneyClient::Agent::Driver::Browser::FF</name>
73	</allowed_drivers>
74	<!-- HoneyClient::Agent::Driver Options -->
75	<Driver>
76	<!-- TODO: Update this. -->
77	<timeout description="How long the Driver waits during a drive operation, before timing out (in seconds)." default="60">
78	20
79	</timeout>
80	<ActiveContent>
81	<enable description="Enables active content parsing. 1 enables, 0 disables." default="1">
82	1
83	</enable>
84	<Flash>
85	<flasm_exec description="Path to the flasm executable." default="thirdparty/flasm/flasm.exe">
86	thirdparty/flasm/flasm.exe
87	</flasm_exec>
88	</Flash>
89	</ActiveContent>
90	<Browser>
91	<!-- HoneyClient::Agent::Driver::IE Options -->
92	<!-- TODO: Update this. -->
93	<ignore_links_timed_out description="If this parameter is 1, then the browser will never attempt to revisit any links that caused the browser to initially time out." default="0">
94	1
95	</ignore_links_timed_out>
96	<!-- TODO: Update this. -->
97	<process_name description="The name of the Internet Explorer application process, as it appears in the Task Manager." default="iexplore.exe">
98	iexplore.exe
99	</process_name>
100	<max_relative_links_to_visit description="An integer, representing the maximum number of relative links that the browser should visit, before moving onto another website. If negative, then the browser will exhaust all possible relative links found, before moving on. This functionality is best effort; it's possible for the browser to visit new links on previously visited websites." default="-1">
101	-1
102	</max_relative_links_to_visit>
103	<positive_words description="If a link contains any number of these words, then its probability of being visited (its score) will increase.">
104	<word>news</word>
105	<word>new</word>
106	<word>big</word>
107	<word>latest</word>
108	<word>main</word>
109	<word>update</word>
110	<word>sell</word>
111	<word>free</word>
112	<word>buy</word>
113	<word>science</word>
114	</positive_words>
115	<negative_words description="If a link contains any number of these words, then its probability of being visited (its score) will decrease.">
116	<word>archive</word>
117	<word>privacy</word>
118	<word>legal</word>
119	<word>disclaim</word>
120	<word>about</word>
121	<word>contact</word>
122	<word>copyright</word>
123	<word>jobs</word>
124	<word>careers</word>
125	</negative_words>
126	<IE>
127	<!-- HoneyClient::Agent::Driver::Browser::IE Options -->
128	<process_exec description="The absolute path to the Internet Explorer application process, as it sits in the VM filesystem." default="C:\Program Files\Internet Explorer\iexplore.exe">
129	C:\Program Files\Internet Explorer\iexplore.exe
130	</process_exec>
131	<process_name description="The name of the Internet Explorer executable, as it appears on the VM filesystem." default="iexplore.exe">
132	iexplore.exe
133	</process_name>
134	</IE>
135	<FF>
136	<!-- HoneyClient::Agent::Driver::Browser::FF Options -->
137	<process_exec description="The absolute path to the Mozilla Firefox application process, as it sits in the VM filesystem." default="C:\Program Files\Mozilla Firefox\firefox.exe">
138	C:\Program Files\Mozilla Firefox\firefox.exe
139	</process_exec>
140	<process_name description="The name of the Mozilla Firefox executable, as it appears on the VM filesystem." default="firefox.exe">
141	firefox.exe
142	</process_name>
143	</FF>
144	</Browser>
145	<EmailClient>
146	</EmailClient>
147	</Driver>
148	<perform_integrity_checks description="An integer, representing whether the Agent should perform any integrity checks. 1 enables, 0 disables." default="1">
149	1
150	</perform_integrity_checks>
151	<!-- HoneyClient::Agent::Integrity Options -->
152	<Integrity>
153	<changes_found_file description="When an integrity check fails, all changes will be written to this file within the compromized honeyclient VM's filesystem." default="/tmp/changes.txt">
154	/tmp/changes.txt
155	</changes_found_file>
156	<!-- HoneyClient::Agent::Integrity::Filesystem Options -->
157	<Filesystem>
158	<directories_to_check description="List of base directories on the filesystem to recursively analyze. Use a regular slash (/) instead of a backslash (\) as a directory separator character.">
159	<name>C:/</name>
160	</directories_to_check>
161	<exclude_list description="List of regular expressions that match files/directories to exclude from analysis. These entries match files/directories that change normally during the course of driving the target application. As such, they are excluded from analysis in order to reduce false positives. Use a regular slash (/) instead of a backslash (\) as a directory separator character. Never prefix any entry with a carat (^) before the drive letter, such as '^C:/', and never add the regex suffix ($) to the end of an expression, such as 'C:/Temp$'. All comparisons are case-insensitive.">
162	<regex>C:/Documents and Settings/All Users/Application Data/Microsoft/Network/Downloader.*</regex>
163	<regex>C:/Documents and Settings/Administrator/Application Data/Mozilla/Firefox/Profiles.*</regex>
164	<regex>C:/Documents and Settings/Administrator/Cookies.*</regex>
165	<regex>C:/Documents and Settings/Administrator/Local Settings/Application Data/Macromedia/Flash Player.*</regex>
166	<regex>C:/Documents and Settings/Administrator/Local Settings/Application Data/Microsoft/Windows Media.*</regex>
167	<regex>C:/Documents and Settings/Administrator/Local Settings/Application Data/Mozilla/Firefox/Profiles.*</regex>
168	<regex>C:/Documents and Settings/Administrator/Local Settings/History/History.IE5.*</regex>
169	<regex>C:/Documents and Settings/Administrator/Local Settings/Temporary Internet Files/Content.IE5.*</regex>
170	<regex>C:/Documents and Settings/Administrator/Local Settings/Temp</regex>
171	<regex>C:/Documents and Settings/Administrator/Recent.*</regex>
172	<regex>C:/Documents and Settings/Administrator/ntuser.dat.LOG</regex>
173	<regex>C:/Program Files/Mozilla Firefox/active-update.xml</regex>
174	<regex>C:/Program Files/Mozilla Firefox/updates</regex>
175	<regex>C:/WINDOWS/PCHEALTH/HELPCTR/DataColl.*</regex>
176	<regex>C:/WINDOWS/Prefetch.*</regex>
177	<regex>C:/WINDOWS/Debug/UserMode/userenv.log</regex>
178	<regex>C:/WINDOWS/SchedLgU.txt</regex>
179	<regex>C:/WINDOWS/SoftwareDistribution/DataStore.*</regex>
180	<regex>C:/WINDOWS/SoftwareDistribution/ReportingEvents.log</regex>
181	<regex>C:/WINDOWS/SoftwareDistribution/WuRedir.*</regex>
182	<regex>C:/WINDOWS/SYSTEM32</regex>
183	<regex>C:/WINDOWS/SYSTEM32/config/SecEvent.evt</regex>
184	<regex>C:/WINDOWS/SYSTEM32/config/SysEvent.evt</regex>
185	<regex>C:/WINDOWS/SYSTEM32/config/software</regex>
186	<regex>C:/WINDOWS/SYSTEM32/config/software.log</regex>
187	<regex>C:/WINDOWS/SYSTEM32/config/system.LOG</regex>
188	<regex>C:/WINDOWS/SYSTEM32/Macromed/Flash.*</regex>
189	<regex>C:/WINDOWS/SYSTEM32/perfc009.dat</regex>
190	<regex>C:/WINDOWS/SYSTEM32/perfd009.dat</regex>
191	<regex>C:/WINDOWS/SYSTEM32/perfh009.dat</regex>
192	<regex>C:/WINDOWS/SYSTEM32/perfi009.dat</regex>
193	<regex>C:/WINDOWS/SYSTEM32/PerfStringBackup.INI</regex>
194	<regex>C:/WINDOWS/SYSTEM32/wbem.*</regex>
195	<regex>C:/WINDOWS/WindowsUpdate.log</regex>
196	<regex>C:/WINDOWS/wmsetup.log</regex>
197	<!-- To exclude entries inside cygwin, use the following format. -->
198	<regex>/cygdrive/c/cygwin/tmp.*</regex>
199	<regex>/cygdrive/c/cygwin/home/Administrator/honeyclient.*</regex>
200	</exclude_list>
201	<!-- HoneyClient::Agent::Integrity::Filesystem::Test Options -->
202	<Test>
203	<!--
204	Note: you should never need to change any values
205	within this section of the configuration. All contents
206	are only used for unit testing.
207	-->
208	<monitor_dir description="The relative path to the test directory, that's used during unit testing." default="t/test_filesystem">
209	t/test_filesystem
210	</monitor_dir>
211	</Test>
212	</Filesystem>
213	<!-- HoneyClient::Agent::Integrity::Registry Options -->
214	<Registry>
215	<hives_to_check description="List of registry hives to analyze.">
216	<name>HKEY_LOCAL_MACHINE</name>
217	<name>HKEY_CLASSES_ROOT</name>
218	<name>HKEY_CURRENT_USER</name>
219	<name>HKEY_USERS</name>
220	<name>HKEY_CURRENT_CONFIG</name>
221	</hives_to_check>
222	<exclude_list description="List of perl regular expressions, each matching one or more registry key directory names to exclude from analysis. These entries match registry key directories that change normally during the course of driving the target application. As such, they are excluded from analysis in order to reduce false positives. As in normal regular expressions, each backslash (\) must be escaped (\\) and each regex must not end with any backslash character.">
223	<regex>^HKEY_CURRENT_USER\\SessionInformation.*$</regex>
224	<regex>^HKEY_CURRENT_USER\\Software\\Microsoft\\ActiveMovie\\devenum.*$</regex>
225	<regex>^HKEY_CURRENT_USER\\Software\\Microsoft\\Internet Explorer\\IntelliForms$</regex>
226	<regex>^HKEY_CURRENT_USER\\Software\\Microsoft\\Internet Explorer\\International$</regex>
227	<regex>^HKEY_CURRENT_USER\\Software\\Microsoft\\Internet Explorer\\International\\CpMRU$</regex>
228	<regex>^HKEY_CURRENT_USER\\Software\\Microsoft\\Internet Explorer\\Main$</regex>
229	<regex>^HKEY_CURRENT_USER\\Software\\Microsoft\\Internet Explorer\\Security\\AntiPhishing.*$</regex>
230	<regex>^HKEY_CURRENT_USER\\Software\\Microsoft\\Internet Explorer\\TypedURLs$</regex>
231	<regex>^HKEY_CURRENT_USER\\Software\\Microsoft\\MediaPlayer.*$</regex>
232	<regex>^HKEY_CURRENT_USER\\Software\\Microsoft\\Multimedia.*$</regex>
233	<regex>^HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\MenuOrder\\Favorites\\Links.*$</regex>
234	<regex>^HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\MenuOrder\\Start Menu2\\Programs.*$</regex>
235	<regex>^HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\MountPoints2.*$</regex>
236	<regex>^HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\RunMRU.*$</regex>
237	<regex>^HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\UserAssist\\.+\\Count.*$</regex>
238	<regex>^HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Ext\\Stats\\.*$</regex>
239	<regex>^HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Connections.*$</regex>
240	<regex>^HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\5.0\\Cache.*$</regex>
241	<regex>^HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\ShellNoRoam\\DUIBags\\ShellFolders\\.*$</regex>
242	<regex>^HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\ShellNoRoam\\BagMRU.*$</regex>
243	<regex>^HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\ShellNoRoam\\MUICache.*$</regex>
244	<regex>^HKEY_CURRENT_USER\\Software\\Microsoft\\Windows Media\\WMSDK\\General.*$</regex>
245	<regex>^HKEY_CURRENT_USER\\Volatile Environment$</regex>
246	<regex>^HKEY_LOCAL_MACHINE\\SOFTWARE\\Macromedia$</regex>
247	<regex>^HKEY_LOCAL_MACHINE\\SOFTWARE\\Macromedia\\FlashPlayer$</regex>
248	<regex>^HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Cryptography\\RNG$</regex>
249	<regex>^HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Dfrg\\BootOptimizeFunction$</regex>
250	<regex>^HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Direct3D\\MostRecentApplication$</regex>
251	<regex>^HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\PCHealth\\PchSvc$</regex>
252	<regex>^HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\SystemCertificates\\.*$</regex>
253	<regex>^HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WBEM.*$</regex>
254	<regex>^HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\BITS$</regex>
255	<regex>^HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Group Policy\\State\\Machine\\Extension-List\\.*$</regex>
256	<regex>^HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Group Policy\\State\\S.+\\Extension-List\\.*$</regex>
257	<regex>^HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\WindowsUpdate\\.*$</regex>
258	<regex>^HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\WindowsUpdate\\Auto Update.*$</regex>
259	<regex>^HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Prefetcher$</regex>
260	<regex>^HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Winlogon\\Notify\\WgaLogon\\Settings$</regex>
261	<regex>^HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet.+\\Services\\.+\\Parameters\\Tcpip.*$</regex>
262	<regex>^HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet.+\\Services\\Dhcp\\Parameters.*$</regex>
263	<regex>^HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet.+\\Services\\Eventlog\\Application\\ESENT.*$</regex>
264	<regex>^HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet.+\\Services\\SharedAccess\\Epoch.*$</regex>
265	<regex>^HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet.+\\Services\\Tcpip\\Parameters\\Interfaces\\.*$</regex>
266	<regex>^HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\Dhcp\\Parameters.*$</regex>
267	<regex>^HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\Eventlog\\Application\\ESENT.*$</regex>
268	<regex>^HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\SharedAccess\\Epoch$</regex>
269	<regex>^HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\Tcpip\\Parameters\\Interfaces\\.*$</regex>
270	<regex>^HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\.+\\Parameters\\Tcpip.*$</regex>
271	<regex>^HKEY_USERS\\.+\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\UserAssist\\.+\\Count.*$</regex>
272	<regex>^HKEY_USERS\\.+\\Software\\Microsoft\\Windows\\ShellNoRoam\\BagMRU.*$</regex>
273	<regex>^HKEY_USERS\\.+\\UNICODE Program Groups.*$</regex>
274	<regex>^HKEY_USERS\\S.+\\SessionInformation$</regex>
275	<regex>^HKEY_USERS\\S.+\\Software\\Microsoft\\ActiveMovie\\devenum.*$</regex>
276	<regex>^HKEY_USERS\\S.+\\Software\\Microsoft\\Internet Explorer\\IntelliForms$</regex>
277	<regex>^HKEY_USERS\\S.+\\Software\\Microsoft\\Internet Explorer\\International$</regex>
278	<regex>^HKEY_USERS\\S.+\\Software\\Microsoft\\Internet Explorer\\International\\CpMRU$</regex>
279	<regex>^HKEY_USERS\\S.+\\Software\\Microsoft\\Internet Explorer\\Main$</regex>
280	<regex>^HKEY_USERS\\S.+\\Software\\Microsoft\\Internet Explorer\\Security\\AntiPhishing.*$</regex>
281	<regex>^HKEY_USERS\\S.+\\Software\\Microsoft\\Internet Explorer\\TypedURLs$</regex>
282	<regex>^HKEY_USERS\\S.+\\Software\\Microsoft\\MediaPlayer.*$</regex>
283	<regex>^HKEY_USERS\\S.+\\Software\\Microsoft\\Multimedia.*$</regex>
284	<regex>^HKEY_USERS\\S.+\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\MenuOrder\\Favorites\\Links.*$</regex>
285	<regex>^HKEY_USERS\\S.+\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\MenuOrder\\Start Menu2\\Programs.*$</regex>
286	<regex>^HKEY_USERS\\S.+\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\MountPoints2.*$</regex>
287	<regex>^HKEY_USERS\\S.+\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\RunMRU.*$</regex>
288	<regex>^HKEY_USERS\\S.+\\Software\\Microsoft\\Windows\\CurrentVersion\\Ext\\Stats\\.*$</regex>
289	<regex>^HKEY_USERS\\S.+\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Connections.*$</regex>
290	<regex>^HKEY_USERS\\S.+\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\5.0\\Cache.*$</regex>
291	<regex>^HKEY_USERS\\S.+\\Software\\Microsoft\\Windows\\ShellNoRoam\\DUIBags\\ShellFolders\\.*$</regex>
292	<regex>^HKEY_USERS\\S.+\\Software\\Microsoft\\Windows\\ShellNoRoam\\MUICache.*$</regex>
293	<regex>^HKEY_USERS\\S.+\\Software\\Microsoft\\Windows Media\\WMSDK\\General.*$</regex>
294	</exclude_list>
295	<!-- HoneyClient::Agent::Integrity::Registry::Test Options -->
296	<Test>
297	<!--
298	Note: you should never need to change any values
299	within this section of the configuration. All contents
300	are only used for unit testing.
301	-->
302	<before_registry_file description="The relative path to a (before) sample registry dump, that's used during unit testing." default="t/test_registry/before.reg">
303	t/test_registry/before.reg
304	</before_registry_file>
305	<after_registry_file description="The relative path to an (after) sample registry dump, that's used during unit testing." default="t/test_registry/after.reg">
306	t/test_registry/after.reg
307	</after_registry_file>
308	</Test>
309	<Parser>
310	<!-- HoneyClient::Agent::Integrity::Registry::Parser::Test Options -->
311	<Test>
312	<!--
313	Note: you should never need to change any values
314	within this section of the configuration. All contents
315	are only used for unit testing.
316	-->
317	<registry_file description="The relative path to a sample registry dump, that's used during unit testing." default="t/test_registry/dump.reg">
318	t/test_registry/dump.reg
319	</registry_file>
320	</Test>
321	</Parser>
322	</Registry>
323	</Integrity>
324	</Agent>
325	<!-- HoneyClient::DB Options -->
326	<DB>
327	<enable description="Enables database operations. 1 enables, 0 disables." default="0">
328	1
329	</enable>
330	<host description="The system providing the HoneyClient database. If the database is installed on the same host system as the Manager, then localhost should be used." default="127.0.0.1">
331	172.16.164.1
332	</host>
333	<dbname description="The name of the HoneyClient database." default="HoneyClient">
334	HoneyClient
335	</dbname>
336	<user description="The username to use, when connecting to the HoneyClient database.">
337	honeyclient_user
338	</user>
339	<pass description="The password to use, when connecting to the HoneyClient database.">
340	honeyclient_password
341	</pass>
342	<port description="The default TCP port number used to communicate with the database." default="3306">
343	3306
344	</port>
345	</DB>
346	<Manager>
347	<!-- TODO: Update this. -->
348	<manager_state description="Upon termination, the Manager will attempt to save a complete copy of its state into this file, if specified." default="">
349	Manager.dump
350	</manager_state>
351	<!-- TODO: Update this. -->
352	<address description="The IP or hostname that all Manager modules should use, when accepting SOAP requests." default="localhost">
353	localhost
354	</address>
355	<!-- TODO: Update this. -->
356	<!-- Note: This port should be unique and not already in use by other modules, services, or daemons running on the host system. -->
357	<port description="The TCP port number that the SOAP server for all Manager modules will listen on for requests." default="8089">
358	8089
359	</port>
360	<vmnet_nat_router_address description="The IP address assigned to the VMware NAT interface (usually called vmnet8)." default="192.168.0.1">
361	192.168.0.1
362	</vmnet_nat_router_address>
363	<!-- TODO: Update this. -->
364	<conffile description="Logging options that can be applied to specify the layout of the logging messages.">
365	etc/honeyclient_log.conf
366	</conffile>
367	<!-- HoneyClient::Manager::FW Options -->
368	<FW>
369	<!-- TODO: Update this. -->
370	<address description="eth0 interface static IP">
371	192.168.0.128
372	</address>
373	<!-- TODO: Update this. -->
374	<port description="Default FW port number" default="8083">
375	8083
376	</port>
377	<!-- TODO: Update this. -->
378	<primaryDns description="Primary DNS IP Address">
379	128.29.154.150
380	</primaryDns>
381	<!-- TODO: Update this. -->
382	<secondaryDns description="Secondary DNS IP address">
383	128.29.40.1
384	</secondaryDns>
385	<!-- TODO: Update this. -->
386	<gsx_gateway description="IP address of GSX or VMware Server">
387	10.0.0.1/32
388	</gsx_gateway>
389	<!-- TODO: Update this. -->
390	<fwGateway description="Gateway IP address of the Firewall">
391	10.0.0.254/32
392	</fwGateway>
393	<!-- TODO: Update this. -->
394	<honeyclientnet description="CIDR notation for honeyclient netblock">
395	10.0.0.0/24
396	</honeyclientnet>
397	<!-- TODO: Update this. -->
398	<fwconfig description="Location of Firewall VM configuration file">
399	/vm/honeywall-test/honeywall.vmx
400	</fwconfig>
401	<!-- TODO: Update this. -->
402	<outputdir description="Output directory where logs will go on Firewall">
403	fw-output
404	</outputdir>
405	<!-- TODO: Update this. -->
406	<argus description="Argus binary location">
407	/usr/local/sbin/argus
408	</argus>
409	<!-- TODO: Update this. -->
410	<argusconfig description="Argus configuration file.">
411	/etc/argus.conf
412	</argusconfig>
413	<!-- TODO: Update this. -->
414	<argusoutput description="Argus logging directory">
415	/var/log/argus
416	</argusoutput>
417	<!-- TODO: Update this. -->
418	<arguspid description="Argus Process ID">
419	/var/run/argus.pid
420	</arguspid>
421	<!-- TODO: Update this. -->
422	<tcpdumplog description="Tcpdump log location directory">
423	/var/log/tcpdump
424	</tcpdumplog>
425	<!-- TODO: Update this. -->
426	<tcpdump description="Tcpdump binary">
427	/usr/sbin/tcpdump
428	</tcpdump>
429	<!-- TODO: Update this. -->
430	<dnspath description="DNS nameserver file">
431	/etc/resolv.conf
432	</dnspath>
433	<!-- TODO: Update this. -->
434	<dnsport description="DNS port number">
435	53
436	</dnsport>
437	<!-- TODO: Update this. -->
438	<LOCALHOST description="localhost address">
439	127.0.0.1
440	</LOCALHOST>
441	<!-- TODO: Update this. -->
442	<sshport description="SSH port number listening on">
443	22
444	</sshport>
445	<!-- TODO: Update this. -->
446	<debug description="Debug value (0 for no debugging, 1 for debugging output)">
447	0
448	</debug>
449	<!-- TODO: Update this. -->
450	<fwprocess description="Name of external SOAP listener.">
451	startFWListener.pl
452	</fwprocess>
453	<!-- TODO: Update this. -->
454	<config_file description="Location of config_file">
455	etc/honeyclient_log.conf
456	</config_file>
457	</FW>
458	<!-- HoneyClient::Manager::VM Options -->
459	<VM>
460	<master_vm_config description="The full absolute path to the VM configuration file on the host system that will be used by all subsequent cloned VMs.">
461	/vm/master-vms/Agent.Master-23/winXPPro.cfg
462	</master_vm_config>
463	<port description="The TCP port number that the SOAP server of the VM daemon will listen on for requests. Note: This port should be unique and not already be used by other modules, services, or daemons running on the host system." default="8089">
464	8089
465	</port>
466	<datastore_path description="The absolute path to the parent directory, where all HoneyClient VM data is stored on the host server. It is assumed that individual VM data is stored in separate subdirectories within this parent directory." default="/vm">
467	/vm/clones
468	</datastore_path>
469	<snapshot_path description="The absolute path to the directory that contains all snapshot data, associated with every HoneyClient VM." default="/vm/snapshots">
470	/vm/snapshots
471	</snapshot_path>
472	<vmware_port description="The TCP port that VMware Server / GSX uses for console communication. By default, this TCP port is 902. Unless you've explicitly changes this port during the vmware-config.pl setup process, leave this setting as the default." default="902">
473	902
474	</vmware_port>
475	<bin_tar description="The absolute path to the 'tar' executable, accessible on the host filesystem." default="/bin/tar">
476	/bin/tar
477	</bin_tar>
478	<vm_id_length description="The length of each corresponding VM identifier (VMID). This value can be any integer between 1 and 32, inclusive. The VMID is a hexadecimal string that represents the VM's name. It is designed to be generated once per clone and remain for the life of the VM (regardless of where it runs). The VMID is used externally by HoneyClient::Manager and HoneyClient::Manager::FW. The HoneyClient::Manager::FW package uses IPTables and binds each rule to a specific VMID. However, IPTable's firewall rule labels can only be a maximum of 30 characters in length. Thus, 26 is specified here, to account for 'VMID-OUT' as a possible chain name." default="26">
479	26
480	</vm_id_length>
481	<dhcp_log description="The absolute path to the file that contains the DHCP logs, when a new VM gets a DHCP lease from the VMware Server / GSX server." default="/var/log/messages">
482	/var/log/messages
483	</dhcp_log>
484	<!-- HoneyClient::Manager::VM::Test Options -->
485	<Test>
486	<!--
487	Note: you should never need to change any values
488	within this section of the configuration. All contents
489	are only used for unit testing.
490	-->
491	<test_vm_config description="The relative path to the (empty) test VM, that's used during unit testing." default="t/test_vm/winXPPro.vmx">
492	t/test_vm/winXPPro.vmx
493	</test_vm_config>
494	</Test>
495	</VM>
496	</Manager>
497	<!-- HoneyClient::Util Options -->
498	<Util>
499	<!-- HoneyClient::Util::Config Options -->
500	<Config>
501	<!-- HoneyClient::Util::Config::Test Options -->
502	<Test>
503	<!--
504	Note: you should never need to change any values
505	within this section of the configuration. All contents
506	are only used for unit testing.
507	-->
508	<address description="The IP or hostname that this module should use, when performing unit tests." default="localhost" zing="foobar">localhost</address>
509	<zingers>foobar</zingers>
510	<Foo>
511	<Bar>
512	<address>baz</address>
513	</Bar>
514	</Foo>
515	<Yok>
516	<childA>12345678</childA>
517	<childA>ABCDEFGH</childA>
518	<childB>09876543</childB>
519	<childB>ZYXVTUWG</childB>
520	</Yok>
521	</Test>
522	</Config>
523	</Util>
524	</HoneyClient>

Note: See TracBrowser for help on using the browser.

root/honeyclient/tags/exp/UP2-kindlund-dynamic_updates/etc/honeyclient.xml

Download in other formats: