VERSION = version.Version()
config_lib.DEFINE_integer("Source.version_major", VERSION["major"],
"Major version number of client binary.")
config_lib.DEFINE_integer("Source.version_minor", VERSION["minor"],
"Minor version number of client binary.")
config_lib.DEFINE_integer("Source.version_revision", VERSION["revision"],
"Revision number of client binary.")
config_lib.DEFINE_integer("Source.version_release", VERSION["release"],
"Release number of client binary.")
config_lib.DEFINE_string(
"Source.version_string", "%(version_major).%(version_minor)."
"%(version_revision).%(version_release)", "Version string of the client.")
config_lib.DEFINE_integer(
"Source.version_numeric", "%(version_major)%(version_minor)"
"%(version_revision)%(version_release)",
"Version string of the client as an integer.")
# Note: Each thread adds about 8mb for stack space.
config_lib.DEFINE_integer("Threadpool.size", 50,
"Number of threads in the shared thread pool.")
config_lib.DEFINE_integer(
"Worker.queue_shards", 5, "Queue notifications will be sharded across "
"this number of datastore subjects.")
#!/usr/bin/env python
"""Configuration parameters for server output plugins."""
from __future__ import absolute_import
from __future__ import division
from __future__ import unicode_literals
from grr_response_core.lib import config_lib
from grr_response_core.lib import rdfvalue
config_lib.DEFINE_string("BigQuery.service_acct_json", None,
"The json contents of the service account file.")
config_lib.DEFINE_string("BigQuery.project_id", None,
"The BigQuery project_id.")
config_lib.DEFINE_string("BigQuery.dataset_id", "grr",
"The BigQuery project_id.")
config_lib.DEFINE_integer(
"BigQuery.max_file_post_size", 5 * 1000 * 1000,
"Max size of file to put in each POST "
"to bigquery. Note enforcement is not exact.")
config_lib.DEFINE_integer("BigQuery.retry_max_attempts", 2,
"Total number of times to retry an upload.")
config_lib.DEFINE_integer(
"BigQuery.max_upload_failures", 100,
"Total number of times to try uploading to BigQuery"
" for a given hunt or flow.")
#!/usr/bin/env python
"""Configuration parameters for the data stores."""
from __future__ import absolute_import
from __future__ import unicode_literals
from grr_response_core.lib import config_lib
from grr_response_core.lib import rdfvalue
config_lib.DEFINE_integer("Datastore.maximum_blob_size", 512 * 1024,
"Maximum blob size we may store in the datastore.")
config_lib.DEFINE_string("Datastore.implementation", "FakeDataStore",
"Storage subsystem to use.")
config_lib.DEFINE_string("Blobstore.implementation", "MemoryStreamBlobStore",
"Blob storage subsystem to use.")
config_lib.DEFINE_string("Database.implementation", "",
"Relational database system to use.")
config_lib.DEFINE_bool(
"Database.useForReads", False,
"Use relational database for reading as well as for writing.")
config_lib.DEFINE_bool(
"Database.useForReads.message_handlers", False,
"Enable message handlers using the relational database.")
config_lib.DEFINE_bool("Database.useForReads.cronjobs", False,
"Enable storing cronjobs in the relational database.")
#!/usr/bin/env python
"""Configuration parameters for the client."""
from __future__ import absolute_import
from __future__ import division
from __future__ import unicode_literals
from grr_response_core.lib import config_lib
from grr_response_core.lib.rdfvalues import crypto as rdf_crypto
# General Client options.
config_lib.DEFINE_string(
"Client.name", "GRR", "The name of the client. This will be used as a base "
"name to generate many other default parameters such "
"as binary names and service names. Note that on "
"Linux we lowercase the name to confirm with most "
"linux naming conventions.")
config_lib.DEFINE_string("Client.binary_name", "%(Client.name)",
"The name of the client binary.")
config_lib.DEFINE_list("Client.labels", [], "Labels for this client.")
config_lib.DEFINE_string("Client.company_name", "GRR Project",
"The name of the company which made the client.")
config_lib.DEFINE_string("Client.description", "%(name) %(platform) %(arch)",
"A description of this specific client build.")
config_lib.DEFINE_string("Client.platform", "windows",
"The platform we are running on.")
from __future__ import unicode_literals
from grr_response_core.lib import config_lib
from grr_response_core.lib.rdfvalues import config as rdf_config
# The Admin UI web application.
config_lib.DEFINE_integer("AdminUI.port", 8000, "port to listen on")
config_lib.DEFINE_integer(
"AdminUI.port_max", None, "If set and AdminUI.port is in use, attempt to "
"use ports between AdminUI.port and "
"AdminUI.port_max.")
# Override this if you want to access admin ui extenally. Make sure it is
# secured (i.e. AdminUI.webauth_manager is not NullWebAuthManager)!
config_lib.DEFINE_string("AdminUI.bind", "127.0.0.1", "interface to bind to.")
config_lib.DEFINE_string(
"AdminUI.document_root",
"%(grr_response_server/gui/static@grr-response-server|resource)",
"The main path to the static HTML pages.")
config_lib.DEFINE_string(
"AdminUI.template_root",
"%(grr_response_server/gui/templates@grr-response-server|resource)",
"The main path to the templates.")
config_lib.DEFINE_string(
"AdminUI.webauth_manager", "NullWebAuthManager",
"The web auth manager for controlling access to the UI.")
config_lib.DEFINE_constant_string(
"Test.srcdir", "%(grr_response_core|module_path)/../../../",
"The directory containing the source code.")
config_lib.DEFINE_constant_string(
"Test.data_dir",
default="%(grr_response_test/test_data@grr-response-test|resource)",
help="The directory where test data exist.")
config_lib.DEFINE_constant_string(
"Test.additional_test_config",
default="%(Test.data_dir)/localtest.yaml",
help="The path to a test config with local customizations.")
config_lib.DEFINE_string("Test.tmpdir",
"/tmp/",
help="Somewhere to write temporary files.")
config_lib.DEFINE_string("Test.data_store", "FakeDataStore",
"The data store to run the tests against.")
config_lib.DEFINE_integer("Test.remote_pdb_port", 2525,
"Remote debugger port.")
config_lib.DEFINE_string("PrivateKeys.ca_key_raw_data", "",
"For testing purposes.")
config_lib.DEFINE_integer(
"SharedFakeDataStore.port", 0,
"Port used to connect to SharedFakeDataStore server.")
name="Config.python_hack_root",
default="%(Config.aff4_root)/python_hacks",
description=("The path where python hacks are stored in the aff4 "
"namespace.")))
# Executables must be signed and uploaded to their dedicated AFF4 namespace.
config_lib.DEFINE_option(
type_info.RDFValueType(
rdfclass=rdfvalue.RDFURN,
name="Executables.aff4_path",
description="The aff4 path to signed executables.",
default="%(Config.aff4_root)/executables/%(Client.platform)"))
config_lib.DEFINE_string(
name="Executables.installer",
default=("%(Executables.aff4_path)/installers/"
"%(ClientRepacker.output_basename)"
"%(ClientBuilder.output_extension)"),
help="The location of the generated installer in the config directory.")
config_lib.DEFINE_string(
name="ClientBuilder.output_extension",
default=None,
help="The file extension for the client (OS dependent).")
config_lib.DEFINE_string(name="ClientBuilder.package_dir",
default=None,
help="OSX package name.")
config_lib.DEFINE_string(
"ClientBuilder.private_config_validator_class",
default=None,
#!/usr/bin/env python
"""Configuration parameters for server output plugins."""
from __future__ import unicode_literals
from grr_response_core.lib import config_lib
from grr_response_core.lib import rdfvalue
config_lib.DEFINE_string("BigQuery.service_acct_json", None,
"The json contents of the service account file.")
config_lib.DEFINE_string("BigQuery.project_id", None,
"The BigQuery project_id.")
config_lib.DEFINE_string("BigQuery.dataset_id", "grr",
"The BigQuery project_id.")
config_lib.DEFINE_integer(
"BigQuery.max_file_post_size", 5 * 1000 * 1000,
"Max size of file to put in each POST "
"to bigquery. Note enforcement is not exact.")
config_lib.DEFINE_integer("BigQuery.retry_max_attempts", 2,
"Total number of times to retry an upload.")
config_lib.DEFINE_integer(
"BigQuery.max_upload_failures", 100,
"Total number of times to try uploading to BigQuery"
" for a given hunt or flow.")
config_lib.DEFINE_semantic_value(rdfvalue.Duration, "BigQuery.retry_interval",
#!/usr/bin/env python
"""Configuration parameters for logging and error reporting subsystems."""
from grr_response_core.lib import config_lib
from grr_response_core.lib import type_info
from grr_response_core.lib.rdfvalues import standard as rdf_standard
config_lib.DEFINE_string(
"Logging.domain", "localhost",
"The email domain belonging to this installation. "
"Leave blank to not restrict email to this domain")
config_lib.DEFINE_list(
"Logging.engines", ["stderr"], "Enabled logging engines. Valid values are "
"combinations of stderr,file,syslog,event_log.")
config_lib.DEFINE_bool("Logging.verbose",
False,
help="If true log more verbosely.")
config_lib.DEFINE_string("Logging.path",
"%(Config.prefix)/var/log/",
help="Path to log file directory.")
config_lib.DEFINE_string("Logging.syslog_path",
"/dev/log",
help="Path to syslog socket. This can be a unix "
"domain socket or in a UDP host:port notation.")
config_lib.DEFINE_string("Logging.filename",
"%(Logging.path)/GRRlog.txt",
from __future__ import division
from __future__ import unicode_literals
from grr_response_core.lib import config_lib
from grr_response_core.lib import rdfvalue
config_lib.DEFINE_integer(
"API.DailyFlowRequestLimit", "10",
"Number of flows a user can run on a single client "
"per day before being blocked by throttling. Set to "
"0 to disable checking.")
config_lib.DEFINE_semantic_value(
rdfvalue.DurationSeconds,
"API.FlowDuplicateInterval",
default="1200s",
help="Amount of time "
"that needs to pass before the throttler will allow "
"an identical flow to run on the same client. Set "
"to 0s to disable checking.")
config_lib.DEFINE_string(
"API.RouterACLConfigFile", "", "The file containing API acls, see "
"grr/config/api_acls.yaml for an example.")
config_lib.DEFINE_string(
"API.DefaultRouter", "DisabledApiCallRouter",
"The default router used by the API if there are no "
"rules defined in API.RouterACLConfigFile or if none "
"of these rules matches.")
VERSION = version.Version()
config_lib.DEFINE_integer("Source.version_major", VERSION["major"],
"Major version number of client binary.")
config_lib.DEFINE_integer("Source.version_minor", VERSION["minor"],
"Minor version number of client binary.")
config_lib.DEFINE_integer("Source.version_revision", VERSION["revision"],
"Revision number of client binary.")
config_lib.DEFINE_integer("Source.version_release", VERSION["release"],
"Release number of client binary.")
config_lib.DEFINE_string(
"Source.version_string", "%(version_major).%(version_minor)."
"%(version_revision).%(version_release)", "Version string of the client.")
config_lib.DEFINE_integer(
"Source.version_numeric", "%(version_major)%(version_minor)"
"%(version_revision)%(version_release)",
"Version string of the client as an integer.")
# Note: Each thread adds about 8mb for stack space.
config_lib.DEFINE_integer("Threadpool.size", 50,
"Number of threads in the shared thread pool.")
config_lib.DEFINE_integer(
"Worker.queue_shards", 5, "Queue notifications will be sharded across "
"this number of datastore subjects.")
#!/usr/bin/env python
"""Configuration parameters for the data stores."""
from grr_response_core.lib import config_lib
config_lib.DEFINE_integer("Datastore.maximum_blob_size", 512 * 1024,
"Maximum blob size we may store in the datastore.")
config_lib.DEFINE_string("Datastore.implementation", "", "Deprecated")
config_lib.DEFINE_string("Blobstore.implementation", "DbBlobStore",
"Blob storage subsystem to use.")
config_lib.DEFINE_string("Database.implementation", "",
"Relational database system to use.")
# Deprecated. There is no choice anymore, relational db is always enabled.
config_lib.DEFINE_bool(
"Database.enabled", True,
"Use relational database for reading as well as for writing.")
config_lib.DEFINE_bool("Database.aff4_enabled", False, "Deprecated.")
config_lib.DEFINE_string("Datastore.location",
default="%(Config.prefix)/var/grr-datastore",
help=("Location of the data store (usually a "
"filesystem directory)"))
# SQLite data store.
# NOTE: The SQLite datastore was obsoleted, so these options do not get
# used. We can remove them once users have migrated to MySQL.
config_lib.DEFINE_constant_string(
"Test.srcdir", "%(grr_response_core|module_path)/../../../",
"The directory containing the source code.")
config_lib.DEFINE_constant_string(
"Test.data_dir",
default="%(grr_response_test/test_data@grr-response-test|resource)",
help="The directory where test data exist.")
config_lib.DEFINE_constant_string(
"Test.additional_test_config",
default="%(Test.data_dir)/localtest.yaml",
help="The path to a test config with local customizations.")
config_lib.DEFINE_string("Test.tmpdir",
"/tmp/",
help="Somewhere to write temporary files.")
config_lib.DEFINE_string("Test.data_store", "FakeDataStore",
"The data store to run the tests against.")
config_lib.DEFINE_integer("Test.remote_pdb_port", 2525,
"Remote debugger port.")
config_lib.DEFINE_string("PrivateKeys.ca_key_raw_data", "",
"For testing purposes.")
config_lib.DEFINE_integer("SharedMemoryDB.port", 0,
"Port used to connect to SharedMemoryDB server.")
config_lib.DEFINE_string(
#!/usr/bin/env python
"""Configuration parameters for the configuration subsystem."""
from __future__ import unicode_literals
from grr_response_core.lib import config_lib
config_lib.DEFINE_string("Config.prefix",
"%(grr_response_core@grr-response-core|resource)",
"Prefix directory for general file storage.")
config_lib.DEFINE_string("Config.directory",
"%(install_data/etc@grr-response-core|resource)",
"Directory for grr server config files.")
config_lib.DEFINE_string("Config.writeback",
"%(Config.directory)/server.local.yaml",
"Location for writing back the configuration.")
config_lib.DEFINE_string(
"ConfigUpdater.old_config", None,
"Path to a previous config file, imported during"
" config_updater.Initialize.")
#!/usr/bin/env python
"""Settings for ACLs/approvals system."""
from grr_response_core.lib import config_lib
config_lib.DEFINE_string(
"ACL.approvers_config_file", "%(Config.directory)/approvers.yaml",
"File that defines who can approve access to "
"clients with certain labels.")
config_lib.DEFINE_integer("ACL.approvers_required", 2,
"The number of approvers required for access.")
config_lib.DEFINE_string(
"ACL.group_access_manager_class", "NoGroupAccess",
"This class handles interfacing with corporate group"
"directories for granting access. Override with a "
"class that understands your LDAP/AD/whatever setup.")
config_lib.DEFINE_integer(
"ACL.token_expiry", 7 * 24 * 60 * 60,
"The duration in seconds of a valid approval token. "
"Default of one week.")
#!/usr/bin/env python
"""Configuration parameters for the data stores."""
from __future__ import absolute_import
from __future__ import division
from __future__ import unicode_literals
from grr_response_core.lib import config_lib
from grr_response_core.lib import rdfvalue
config_lib.DEFINE_integer("Datastore.maximum_blob_size", 512 * 1024,
"Maximum blob size we may store in the datastore.")
config_lib.DEFINE_string("Datastore.implementation", "FakeDataStore",
"Storage subsystem to use.")
config_lib.DEFINE_string("Blobstore.implementation", "MemoryStreamBlobStore",
"Blob storage subsystem to use.")
config_lib.DEFINE_string("Database.implementation", "",
"Relational database system to use.")
config_lib.DEFINE_bool(
"Database.enabled", False,
"Use relational database for reading as well as for writing.")
config_lib.DEFINE_bool("Database.aff4_enabled", True,
"Enables reading/writing to the legacy data store.")
DATASTORE_PATHING = [
r"%{(?P<path>files/hash/generic/sha256/...).*}",
