honeyclient.xml

Revision 292, 19.3 kB (checked in by kindlund, 2 years ago)
Bumped timeout values.
Property svn:keywords set to `Id "$file"`

Line
1	<?xml version="1.0" encoding="utf-8"?>
2	<!--
3	#######################################################################
4	HoneyClient Configuration File
5
6	This configuration file is used by the HoneyClient perl modules in
7	order to specify and use the following global configuration options.
8
9	For information about the syntax of this file format, please type
10	"perldoc XML::Simple".
11
12	CVS: $Id$
13
14	#######################################################################
15
16	Syntax Notes:
17
18	Note: During processing, if the HoneyClient expects a module-specific
19	variable to be present within this configuration file (e.g., "address")
20	but it is not listed or commented out, then the code will attempt
21	to look for the same variable within any of the module's parents.
22
23	For example, the code may expect:
24	<HoneyClient>
25	<Agent>
26	<Driver>
27	<address>localhost</address>
28	</Driver>
29	</Agent>
30	</HoneyClient>
31
32	But the following will work as well:
33	<HoneyClient>
34	<Agent>
35	<address>localhost</address>
36	</Agent>
37	</HoneyClient>
38
39	<HoneyClient>
40	<address>localhost</address>
41	</HoneyClient>
42
43	Keep in mind, though, that some variables should remain module-specific
44	(i.e., "port") in order to avoid collisions between modules.
45
46	-->
47	<HoneyClient>
48	<!-- Global Options -->
49	<!-- Note: This timeout should be long enough so that the Agent watchdog code will properly let the integrity checking code finish, before detecting a faulty timeout in processing. -->
50	<timeout description="Default timeout used for all communications between each module (in seconds)." default="900">
51	3600
52	</timeout>
53	<log_config description="The global Log4perl configuration file, used throughout all modules. This setting should not need to be changed." default="etc/honeyclient_log.conf">
54	etc/honeyclient_log.conf
55	</log_config>
56	<!-- HoneyClient::Agent Options -->
57	<Agent>
58	<!-- TODO: Update this. -->
59	<address description="The IP or hostname that all Agent modules should use, when accepting SOAP requests." default="0.0.0.0">
60	0.0.0.0
61	</address>
62	<!-- TODO: Update this. -->
63	<!-- Note: This port should be unique and not already in use by other modules, services, or daemons running inside the VM. -->
64	<port description="The TCP port number that the SOAP server for all Agent modules will listen on for requests." default="9000">
65	9000
66	</port>
67	<!-- HoneyClient::Agent::Driver Options -->
68	<Driver>
69	<!-- TODO: Update this. -->
70	<timeout description="How long the Driver waits during a drive operation, before timing out (in seconds)." default="60">
71	10
72	</timeout>
73	<Browser>
74	<!-- HoneyClient::Agent::Driver::IE Options -->
75	<!-- TODO: Update this. -->
76	<ignore_links_timed_out description="If this parameter is 1, then the browser will never attempt to revisit any links that caused the browser to initially time out." default="0">
77	1
78	</ignore_links_timed_out>
79	<!-- TODO: Update this. -->
80	<process_name description="The name of the Internet Explorer application process, as it appears in the Task Manager." default="iexplore.exe">
81	iexplore.exe
82	</process_name>
83	<max_relative_links_to_visit description="An integer, representing the maximum number of relative links that the browser should visit, before moving onto another website. If negative, then the browser will exhaust all possible relative links found, before moving on. This functionality is best effort; it's possible for the browser to visit new links on previously visited websites." default="-1">
84	-1
85	</max_relative_links_to_visit>
86	<goodwords description="A comma-separated list of good words which will increase the score of links within a webpage." default="">
87	news,new,big,latest,main,update,sell,free,buy
88	</goodwords>
89	<badwords description="A comma-separated list of bad words which will decrease the score of links within a webpage." default="">
90	archive,privacy,legal,disclaim,about,contact,copyright,jobs,careers
91	</badwords>
92	<IE>
93	<!-- HoneyClient::Agent::Driver::IE Options -->
94	<!-- TODO: Update this. -->
95	<ignore_links_timed_out description="If this parameter is 1, then the browser will never attempt to revisit any links that caused the browser to initially time out." default="0">
96	1
97	</ignore_links_timed_out>
98	<!-- TODO: Update this. -->
99	<process_name description="The name of the Internet Explorer application process, as it appears in the Task Manager." default="iexplore.exe">
100	iexplore.exe
101	</process_name>
102	<max_relative_links_to_visit description="An integer, representing the maximum number of relative links that the browser should visit, before moving onto another website. If negative, then the browser will exhaust all possible relative links found, before moving on. This functionality is best effort; it's possible for the browser to visit new links on previously visited websites." default="-1">
103	-1
104	</max_relative_links_to_visit>
105	</IE>
106	<FF>
107	<max_relative_links_to_visit description="An integer, representing the maximum number of relative links that the browser should visit, before moving onto another website. If negative, then the browser will exhaust all possible relative links found, before moving on. This functionality is best effort; it's possible for the browser to visit new links on previously visited websites." default="-1">
108	5
109	</max_relative_links_to_visit>
110	<!-- http://gatekeeper-w.mitre.org:80 -->
111	<http_proxy description="Set to your HTTP Proxy if you have one, otherwise set to 'none'">
112	none
113	</http_proxy>
114	<ff_exec description="path to the firefox executable (default install path is C:\Program Files\Mozilla Firefox\firefox.exe)">
115	C:\Program Files\Mozilla Firefox\firefox.exe
116	</ff_exec>
117	</FF>
118	</Browser>
119	<EmailClient>
120	</EmailClient>
121	</Driver>
122	<perform_integrity_checks description="An integer, representing whether the Agent should perform any integrity checks. 1 enables, 0 disables." default="1">
123	1
124	</perform_integrity_checks>
125	<!-- HoneyClient::Agent::Integrity Options -->
126	<Integrity>
127	<!-- Files which are read in only. -->
128	<!-- TODO: Update this. -->
129	<file_checklist description="The file containing the list of files and directories to check during filesystem checking." default="none">
130	etc/file_checklist.txt
131	</file_checklist>
132	<!-- TODO: Update this. -->
133	<file_exclude description="The file containing the list of files or directories to exclude if found in subdirectories during filesystem checking." default="none">
134	../../../etc/file_exclude.txt
135	</file_exclude>
136	<!-- Files which are written out only. -->
137	<!-- TODO: Update this. -->
138	<clean_file description="File to store hashes for files selected during baseline process.">
139	/tmp/cleanfile.txt
140	</clean_file>
141	<!-- TODO: Update this. -->
142	<change_file description="File to write any found changes to.">
143	/tmp/changes.txt
144	</change_file>
145	<!-- Files to read and write. -->
146	<!-- TODO: Update this. -->
147	<test_dir description="If you're testing integrity checks, this is the directory that you can specify to minimize testing time. Only the files in this directory will be part of the integrity check.">
148	../t/testintegrity
149	</test_dir>
150	<Registry>
151	<!-- HoneyClient::Agent::Integrity::Registry::Test Options -->
152	<Test>
153	<!--
154	Note: you should never need to change any values
155	within this section of the configuration. All contents
156	are only used for unit testing.
157	-->
158	<before_registry_file description="The relative path to a (before) sample registry dump, that's used during unit testing." default="t/test_registry/before.reg">
159	t/test_registry/before.reg
160	</before_registry_file>
161	<after_registry_file description="The relative path to an (after) sample registry dump, that's used during unit testing." default="t/test_registry/after.reg">
162	t/test_registry/after.reg
163	</after_registry_file>
164	</Test>
165	<Parser>
166	<!-- HoneyClient::Agent::Integrity::Registry::Parser::Test Options -->
167	<Test>
168	<!--
169	Note: you should never need to change any values
170	within this section of the configuration. All contents
171	are only used for unit testing.
172	-->
173	<registry_file description="The relative path to a sample registry dump, that's used during unit testing." default="t/test_registry/dump.reg">
174	t/test_registry/dump.reg
175	</registry_file>
176	</Test>
177	</Parser>
178	</Registry>
179	</Integrity>
180	</Agent>
181	<Manager>
182	<!-- TODO: Update this. -->
183	<manager_state description="Upon termination, the Manager will attempt to save a complete copy of its state into this file, if specified." default="">
184	Manager.dump
185	</manager_state>
186	<!-- TODO: Update this. -->
187	<address description="The IP or hostname that all Manager modules should use, when accepting SOAP requests." default="localhost">
188	localhost
189	</address>
190	<!-- TODO: Update this. -->
191	<!-- Note: This port should be unique and not already in use by other modules, services, or daemons running on the host system. -->
192	<port description="The TCP port number that the SOAP server for all Manager modules will listen on for requests." default="8089">
193	8089
194	</port>
195	<vmnet_nat_router_address description="The IP address assigned to the VMware NAT interface (usually called vmnet8)." default="192.168.0.1">
196	192.168.0.1
197	</vmnet_nat_router_address>
198	<!-- TODO: Update this. -->
199	<conffile description="Logging options that can be applied to specify the layout of the logging messages.">
200	etc/honeyclient_log.conf
201	</conffile>
202	<!-- HoneyClient::Manager::FW Options -->
203	<FW>
204	<!-- TODO: Update this. -->
205	<address description="eth0 interface static IP">
206	192.168.0.128
207	</address>
208	<!-- TODO: Update this. -->
209	<port description="Default FW port number" default="8083">
210	8083
211	</port>
212	<!-- TODO: Update this. -->
213	<primaryDns description="Primary DNS IP Address">
214	128.29.154.150
215	</primaryDns>
216	<!-- TODO: Update this. -->
217	<secondaryDns description="Secondary DNS IP address">
218	128.29.40.1
219	</secondaryDns>
220	<!-- TODO: Update this. -->
221	<gsx_gateway description="IP address of GSX or VMware Server">
222	10.0.0.1/32
223	</gsx_gateway>
224	<!-- TODO: Update this. -->
225	<fwGateway description="Gateway IP address of the Firewall">
226	10.0.0.254/32
227	</fwGateway>
228	<!-- TODO: Update this. -->
229	<honeyclientnet description="CIDR notation for honeyclient netblock">
230	10.0.0.0/24
231	</honeyclientnet>
232	<!-- TODO: Update this. -->
233	<fwconfig description="Location of Firewall VM configuration file">
234	/vm/honeywall-test/honeywall.vmx
235	</fwconfig>
236	<!-- TODO: Update this. -->
237	<outputdir description="Output directory where logs will go on Firewall">
238	fw-output
239	</outputdir>
240	<!-- TODO: Update this. -->
241	<argus description="Argus binary location">
242	/usr/local/sbin/argus
243	</argus>
244	<!-- TODO: Update this. -->
245	<argusconfig description="Argus configuration file.">
246	/etc/argus.conf
247	</argusconfig>
248	<!-- TODO: Update this. -->
249	<argusoutput description="Argus logging directory">
250	/var/log/argus
251	</argusoutput>
252	<!-- TODO: Update this. -->
253	<arguspid description="Argus Process ID">
254	/var/run/argus.pid
255	</arguspid>
256	<!-- TODO: Update this. -->
257	<tcpdumplog description="Tcpdump log location directory">
258	/var/log/tcpdump
259	</tcpdumplog>
260	<!-- TODO: Update this. -->
261	<tcpdump description="Tcpdump binary">
262	/usr/sbin/tcpdump
263	</tcpdump>
264	<!-- TODO: Update this. -->
265	<dnspath description="DNS nameserver file">
266	/etc/resolv.conf
267	</dnspath>
268	<!-- TODO: Update this. -->
269	<dnsport description="DNS port number">
270	53
271	</dnsport>
272	<!-- TODO: Update this. -->
273	<LOCALHOST description="localhost address">
274	127.0.0.1
275	</LOCALHOST>
276	<!-- TODO: Update this. -->
277	<sshport description="SSH port number listening on">
278	22
279	</sshport>
280	<!-- TODO: Update this. -->
281	<debug description="Debug value (0 for no debugging, 1 for debugging output)">
282	0
283	</debug>
284	<!-- TODO: Update this. -->
285	<fwprocess description="Name of external SOAP listener.">
286	startFWListener.pl
287	</fwprocess>
288	<!-- TODO: Update this. -->
289	<config_file description="Location of config_file">
290	etc/honeyclient_log.conf
291	</config_file>
292	</FW>
293	<!-- HoneyClient::Manager::DB Options -->
294	<DB>
295	<!-- TODO: Update this. -->
296	<address description="eth0 interface static IP">
297	192.168.0.128
298	</address>
299	<!-- TODO: Update this. -->
300	<port description="Default FW port number" default="8083">
301	8089
302	</port>
303	</DB>
304	<!-- HoneyClient::Manager::VM Options -->
305	<VM>
306	<!-- TODO: Update this. -->
307	<!-- Note: This port should be unique and not already in use by other modules, services, or daemons running on the host system. -->
308	<port description="The TCP port number that the SOAP server for all Manager modules will listen on for requests." default="8089">
309	8089
310	</port>
311	<!-- TODO: Update this. -->
312	<datastore_path description="The absolute path to the parent directory, where all HoneyClient VM data is stored on the host server. It is assumed that individual VM data is stored in separate subdirectories within this parent directory." default="/vm">
313	/vm
314	</datastore_path>
315	<!-- TODO: Update this. -->
316	<snapshot_path description="The absolute path to the directory that contains all snapshot data, associated with every HoneyClient VM." default="/vm/snapshots">
317	/vm/snapshots
318	</snapshot_path>
319	<!-- TODO: Update this. -->
320	<vmware_port description="The TCP port that VMware Server / GSX uses for console communication. By default, this TCP port is 902. Unless you've explicitly changes this port during the vmware-config.pl setup process, leave this setting as the default." default="902">
321	902
322	</vmware_port>
323	<!-- TODO: Update this. -->
324	<bin_tar description="The absolute path to the 'tar' executable, accessible on the host filesystem." default="/bin/tar">
325	/bin/tar
326	</bin_tar>
327	<!-- TODO: Update this. -->
328	<vm_id_length description="The length of each corresponding VM identifier (VMID). This value can be any integer between 1 and 32, inclusive. The VMID is a hexadecimal string that represents the VM's name. It is designed to be generated once per clone and remain for the life of the VM (regardless of where it runs). The VMID is used externally by HoneyClient::Manager and HoneyClient::Manager::FW. The HoneyClient::Manager::FW package uses IPTables and binds each rule to a specific VMID. However, IPTable's firewall rule labels can only be a maximum of 30 characters in length. Thus, 26 is specified here, to account for 'VMID-OUT' as a possible chain name." default="26">
329	26
330	</vm_id_length>
331	<!-- TODO: Update this. -->
332	<dhcp_log description="The absolute path to the file that contains the DHCP logs, when a new VM gets a DHCP lease from the VMware Server / GSX server." default="/var/log/messages">
333	/var/log/messages
334	</dhcp_log>
335	<!-- HoneyClient::Manager::VM::Test Options -->
336	<Test>
337	<!--
338	Note: you should never need to change any values
339	within this section of the configuration. All contents
340	are only used for unit testing.
341	-->
342	<test_vm_config description="The relative path to the (empty) test VM, that's used during unit testing." default="t/testVM/winXPPro.vmx">
343	t/testVM/winXPPro.vmx
344	</test_vm_config>
345	</Test>
346	</VM>
347	</Manager>
348	<!-- HoneyClient::Util Options -->
349	<Util>
350	<!-- HoneyClient::Util::Config Options -->
351	<Config>
352	<!-- HoneyClient::Util::Config::Test Options -->
353	<Test>
354	<!--
355	Note: you should never need to change any values
356	within this section of the configuration. All contents
357	are only used for unit testing.
358	-->
359	<address description="The IP or hostname that this module should use, when performing unit tests." default="localhost" zing="foobar">localhost</address>
360	<zingers>foobar</zingers>
361	<Foo>
362	<Bar>
363	<address>baz</address>
364	</Bar>
365	</Foo>
366	<Yok>
367	<childA>12345678</childA>
368	<childA>ABCDEFGH</childA>
369	<childB>09876543</childB>
370	<childB>ZYXVTUWG</childB>
371	</Yok>
372	</Test>
373	</Config>
374	</Util>
375	</HoneyClient>

Note: See TracBrowser for help on using the browser.

root/honeyclient/tags/exp/UP2-kindlund-filesystem/etc/honeyclient.xml

Download in other formats: