config_lib.DEFINE_string(
name="ClientBuilder.output_extension",
default=None,
help="The file extension for the client (OS dependent).")
config_lib.DEFINE_string(
name="ClientBuilder.package_dir", default=None, help="OSX package name.")
config_lib.DEFINE_string(
"ClientBuilder.private_config_validator_class",
default=None,
help="Set this to a class name that sanity checks your client "
"config at repacking time.")
config_lib.DEFINE_bool("Client.fleetspeak_enabled", False,
"Whether the client uses Fleetspeak to communicate "
"with the server.")
config_lib.DEFINE_bool("ClientBuilder.fleetspeak_enabled", False,
"Whether the client will use Fleetspeak to communicate "
"with the server.")
config_lib.DEFINE_string(
"ClientBuilder.client_path",
default="grr_response_client.client",
help="Full module path for GRR client's main file.")
config_lib.DEFINE_string(
"ClientBuilder.fleetspeak_service_dir", "/etc/fleetspeak/services",
"Directory where Fleetspeak expects service configs to be. Only applies "
"if ClientBuilder.fleetspeak_enabled is true.")
help="Pyinstaller working directory.")
config_lib.DEFINE_string(
name="Client.prefix",
default="",
help="A prefix for the client name, usually dbg_ for debug builds.")
config_lib.DEFINE_string(name="ClientBuilder.output_basename",
default=("%(Client.prefix)%(Client.name)_"
"%(Source.version_string)_%(Client.arch)"),
help="The base name of the output package.")
# Windows client specific options.
config_lib.DEFINE_bool(
"ClientBuilder.console",
default=False,
help="Should the application be built as a console program. "
"This aids debugging in windows.")
config_lib.DEFINE_option(
PathTypeInfo(name="ClientBuilder.nanny_source_dir",
must_exist=True,
default="%(grr.client|module_path)/nanny/",
help="Path to the windows nanny VS solution file."))
config_lib.DEFINE_option(
PathTypeInfo(
name="ClientBuilder.nanny_prebuilt_binaries",
must_exist=False,
default="%(ClientBuilder.executables_dir)/%(Client.platform)/",
help="Path to the pre-build GRRNanny executables (This will be used "
"Number of threads in the shared thread pool.")
config_lib.DEFINE_integer("Worker.flow_lease_time", 600,
"Duration of a flow lease time in seconds.")
config_lib.DEFINE_integer("Worker.well_known_flow_lease_time", 600,
"Duration of a well known flow lease time in "
"seconds.")
config_lib.DEFINE_integer("Worker.compaction_lease_time", 3600,
"Duration of collections lease time for compaction "
"in seconds.")
config_lib.DEFINE_bool("Worker.enable_packed_versioned_collection_journaling",
False, "If True, all Add*() operations and all "
"compactions of PackedVersionedCollections will be "
"journaled so that these collections can be later "
"checked for integrity.")
config_lib.DEFINE_integer("Worker.queue_shards", 5,
"Queue notifications will be sharded across "
"this number of datastore subjects.")
config_lib.DEFINE_integer("Worker.notification_expiry_time", 600,
"The queue manager expires stale notifications "
"after this many seconds.")
config_lib.DEFINE_integer("Worker.notification_retry_interval", 30,
"The queue manager retries to work on requests it "
"could not complete after this many seconds.")
config_lib.DEFINE_integer("Worker.flow_lease_time", 7200,
"Duration of a flow lease time in seconds.")
config_lib.DEFINE_integer(
"Worker.well_known_flow_lease_time", 600,
"Duration of a well known flow lease time in "
"seconds.")
config_lib.DEFINE_integer(
"Worker.compaction_lease_time", 3600,
"Duration of collections lease time for compaction "
"in seconds.")
config_lib.DEFINE_bool(
"Worker.enable_packed_versioned_collection_journaling", False,
"If True, all Add*() operations and all "
"compactions of PackedVersionedCollections will be "
"journaled so that these collections can be later "
"checked for integrity.")
config_lib.DEFINE_integer(
"Worker.queue_shards", 5, "Queue notifications will be sharded across "
"this number of datastore subjects.")
config_lib.DEFINE_integer(
"Worker.notification_expiry_time", 600,
"The queue manager expires stale notifications "
"after this many seconds.")
config_lib.DEFINE_integer(
"Worker.notification_retry_interval", 30,
"The queue manager retries to work on requests it "
config_lib.DEFINE_string("AdminUI.document_root", "%(grr/gui/static|resource)",
"The main path to the static HTML pages.")
config_lib.DEFINE_string("AdminUI.local_document_root",
"%(grr/gui/local/static|resource)",
"The main path to the localized static HTML pages.")
config_lib.DEFINE_string("AdminUI.help_root", "%(docs|resource)",
"The main path to the locally cached documentation.")
config_lib.DEFINE_string(
"AdminUI.webauth_manager", "NullWebAuthManager",
"The web auth manager for controlling access to the UI.")
config_lib.DEFINE_bool("AdminUI.django_debug", True,
"Turn on to add django debugging")
config_lib.DEFINE_string(
"AdminUI.django_secret_key", "CHANGE_ME",
"This is a secret key that should be set in the server "
"config. It is used in XSRF and session protection.")
config_lib.DEFINE_list(
"AdminUI.django_allowed_hosts", ["*"],
"Set the django ALLOWED_HOSTS parameter. "
"See https://docs.djangoproject.com/en/1.5/ref/settings/#allowed-hosts")
config_lib.DEFINE_bool("AdminUI.enable_ssl", False,
"Turn on SSL. This needs AdminUI.ssl_cert to be set.")
config_lib.DEFINE_string("AdminUI.ssl_cert_file", "",
from grr.lib import rdfvalue
config_lib.DEFINE_integer("Datastore.maximum_blob_size", 512 * 1024,
"Maximum blob size we may store in the datastore.")
config_lib.DEFINE_string("Datastore.implementation", "FakeDataStore",
"Storage subsystem to use.")
config_lib.DEFINE_string("Blobstore.implementation", "MemoryStreamBlobstore",
"Blob storage subsystem to use.")
config_lib.DEFINE_string("Database.implementation", "",
"Relational database system to use.")
config_lib.DEFINE_bool(
"Database.useForReads", False,
"Use relational database for reading as well as for writing.")
DATASTORE_PATHING = [
r"%{(?P<path>files/hash/generic/sha256/...).*}",
r"%{(?P<path>files/hash/generic/sha1/...).*}",
r"%{(?P<path>files/hash/generic/md5/...).*}",
r"%{(?P<path>files/hash/pecoff/md5/...).*}",
r"%{(?P<path>files/hash/pecoff/sha1/...).*}",
r"%{(?P<path>files/nsrl/...).*}", r"%{(?P<path>W/[^/]+).*}",
r"%{(?P<path>CA/[^/]+).*}", r"%{(?P<path>C\..\{1,16\}?)($|/.*)}",
r"%{(?P<path>hunts/[^/]+).*}", r"%{(?P<path>blobs/[^/]+).*}",
r"%{(?P<path>[^/]+).*}"
]
config_lib.DEFINE_list("Datastore.pathing", DATASTORE_PATHING,
"Allow these well known flows to run directly on the "
"frontend. Other flows are scheduled as normal.")
config_lib.DEFINE_list(
"Frontend.DEBUG_well_known_flows_blacklist", [],
"Drop these well known flows requests without "
"processing. Useful as an emergency tool to reduce "
"the load on the system.")
# Smtp settings.
config_lib.DEFINE_string("Worker.smtp_server", "localhost",
"The smtp server for sending email alerts.")
config_lib.DEFINE_integer("Worker.smtp_port", 25, "The smtp server port.")
config_lib.DEFINE_bool("Worker.smtp_starttls", False,
"Enable TLS for the smtp connection.")
config_lib.DEFINE_string("Worker.smtp_user", None,
"Username for the smtp connection.")
config_lib.DEFINE_string("Worker.smtp_password", None,
"Password for the smtp connection.")
# Server Cryptographic settings.
config_lib.DEFINE_semantic_value(
rdf_crypto.RSAPrivateKey,
"PrivateKeys.ca_key",
description="CA private key. Used to sign for client enrollment.",
)
config_lib.DEFINE_semantic_value(
"""Configuration parameters for logging and error reporting subsystems."""
from grr.lib import config_lib
from grr.lib import rdfvalue
from grr.lib import type_info
config_lib.DEFINE_string("Logging.domain", "localhost",
"The email domain belonging to this installation. "
"Leave blank to not restrict email to this domain")
config_lib.DEFINE_list("Logging.engines", ["stderr"],
"Enabled logging engines. Valid values are "
"combinations of stderr,file,syslog,event_log.")
config_lib.DEFINE_bool("Logging.verbose", False,
help="If true log more verbosely.")
config_lib.DEFINE_string("Logging.path", "%(TEMP|env)/tmp/",
help="Path to log file directory.")
config_lib.DEFINE_string("Logging.syslog_path", "localhost:514",
help="Path to syslog socket. This can be a unix "
"domain socket or in a UDP host:port notation.")
config_lib.DEFINE_string("Logging.filename", "%(Logging.path)/GRRlog.txt",
help="Filename of the grr log file.")
config_lib.DEFINE_string(
"Logging.format",
# Use a literal block here to prevent config system expansion as this should
# be a python format string.
config_lib.DEFINE_string("AdminUI.document_root", "%(grr/gui/static|resource)",
"The main path to the static HTML pages.")
config_lib.DEFINE_string("AdminUI.local_document_root",
"%(grr/gui/local/static|resource)",
"The main path to the localized static HTML pages.")
config_lib.DEFINE_string("AdminUI.help_root", "%(docs|resource)",
"The main path to the locally cached documentation.")
config_lib.DEFINE_string(
"AdminUI.webauth_manager", "NullWebAuthManager",
"The web auth manager for controlling access to the UI.")
config_lib.DEFINE_bool("AdminUI.django_debug", True,
"Turn on to add django debugging")
config_lib.DEFINE_string(
"AdminUI.django_secret_key", "CHANGE_ME",
"This is a secret key that should be set in the server "
"config. It is used in XSRF and session protection.")
config_lib.DEFINE_list(
"AdminUI.django_allowed_hosts", ["*"],
"Set the django ALLOWED_HOSTS parameter. "
"See https://docs.djangoproject.com/en/1.5/ref/settings/#allowed-hosts")
config_lib.DEFINE_bool("AdminUI.enable_ssl", False,
"Turn on SSL. This needs AdminUI.ssl_cert to be set.")
config_lib.DEFINE_string("AdminUI.ssl_cert_file", "",
config_lib.DEFINE_integer("Worker.flow_lease_time", 7200,
"Duration of a flow lease time in seconds.")
config_lib.DEFINE_integer(
"Worker.well_known_flow_lease_time", 600,
"Duration of a well known flow lease time in "
"seconds.")
config_lib.DEFINE_integer(
"Worker.compaction_lease_time", 3600,
"Duration of collections lease time for compaction "
"in seconds.")
config_lib.DEFINE_bool(
"Worker.enable_packed_versioned_collection_journaling", False,
"If True, all Add*() operations and all "
"compactions of PackedVersionedCollections will be "
"journaled so that these collections can be later "
"checked for integrity.")
config_lib.DEFINE_integer(
"Worker.queue_shards", 5, "Queue notifications will be sharded across "
"this number of datastore subjects.")
config_lib.DEFINE_integer(
"Worker.notification_expiry_time", 600,
"The queue manager expires stale notifications "
"after this many seconds.")
config_lib.DEFINE_integer(
"Worker.notification_retry_interval", 30,
"The queue manager retries to work on requests it "
"Number of threads in the shared thread pool.")
config_lib.DEFINE_integer("Worker.flow_lease_time", 7200,
"Duration of a flow lease time in seconds.")
config_lib.DEFINE_integer("Worker.well_known_flow_lease_time", 600,
"Duration of a well known flow lease time in "
"seconds.")
config_lib.DEFINE_integer("Worker.compaction_lease_time", 3600,
"Duration of collections lease time for compaction "
"in seconds.")
config_lib.DEFINE_bool("Worker.enable_packed_versioned_collection_journaling",
False, "If True, all Add*() operations and all "
"compactions of PackedVersionedCollections will be "
"journaled so that these collections can be later "
"checked for integrity.")
config_lib.DEFINE_integer("Worker.queue_shards", 5,
"Queue notifications will be sharded across "
"this number of datastore subjects.")
config_lib.DEFINE_integer("Worker.notification_expiry_time", 600,
"The queue manager expires stale notifications "
"after this many seconds.")
config_lib.DEFINE_integer("Worker.notification_retry_interval", 30,
"The queue manager retries to work on requests it "
"could not complete after this many seconds.")
"Time interval over which average request rate is "
"calculated when throttling is enabled.")
config_lib.DEFINE_list(
"Frontend.well_known_flows",
["aff4:/flows/W:TransferStore", "aff4:/flows/W:Stats"],
"Allow these well known flows to run directly on the "
"frontend. Other flows are scheduled as normal.")
# Smtp settings.
config_lib.DEFINE_string("Worker.smtp_server", "localhost",
"The smtp server for sending email alerts.")
config_lib.DEFINE_integer("Worker.smtp_port", 25, "The smtp server port.")
config_lib.DEFINE_bool("Worker.smtp_starttls", False,
"Enable TLS for the smtp connection.")
config_lib.DEFINE_string("Worker.smtp_user", None,
"Username for the smtp connection.")
config_lib.DEFINE_string("Worker.smtp_password", None,
"Password for the smtp connection.")
# Server Cryptographic settings.
config_lib.DEFINE_semantic(
rdfvalue.PEMPrivateKey,
"PrivateKeys.ca_key",
description="CA private key. Used to sign for client enrollment.",
)
config_lib.DEFINE_semantic(rdfvalue.PEMPrivateKey,
type_info.RDFValueType(
rdfclass=rdfvalue.RDFURN,
name="Executables.aff4_path",
description="The aff4 path to signed executables.",
default="%(Config.aff4_root)/executables/%(Client.platform)"))
config_lib.DEFINE_string(
name="Executables.installer",
default=("%(Executables.aff4_path)/installers/"
"%(ClientRepacker.output_basename)"
"%(ClientBuilder.output_extension)"),
help="The location of the generated installer in the config directory.")
config_lib.DEFINE_bool(
"Client.build_service",
True,
help="Used to disable service installation in the client installer. If "
"False, GRR will not run automatically after installation and on boot.")
config_lib.DEFINE_string(
name="ClientBuilder.output_extension",
default=None,
help="The file extension for the client (OS dependent).")
config_lib.DEFINE_string(
name="ClientBuilder.package_dir", default=None, help="OSX package name.")
config_lib.DEFINE_string(
"ClientBuilder.private_config_validator_class",
default=None,
help="Set this to a class name that sanity checks your client "
from grr.lib import rdfvalue
config_lib.DEFINE_integer("Datastore.maximum_blob_size", 512 * 1024,
"Maximum blob size we may store in the datastore.")
config_lib.DEFINE_string("Datastore.implementation", "FakeDataStore",
"Storage subsystem to use.")
config_lib.DEFINE_string("Blobstore.implementation", "MemoryStreamBlobstore",
"Blob storage subsystem to use.")
config_lib.DEFINE_string("Database.implementation", "",
"Relational database system to use.")
config_lib.DEFINE_bool(
"Database.useForReads", False,
"Use relational database for reading as well as for writing.")
config_lib.DEFINE_bool(
"Database.useForReads.message_handlers", False,
"Enable message handlers using the relational database.")
config_lib.DEFINE_bool("Database.useForReads.foreman", False,
"Enable the foreman using the relational database.")
DATASTORE_PATHING = [
r"%{(?P<path>files/hash/generic/sha256/...).*}",
r"%{(?P<path>files/hash/generic/sha1/...).*}",
r"%{(?P<path>files/hash/generic/md5/...).*}",
r"%{(?P<path>files/hash/pecoff/md5/...).*}",
r"%{(?P<path>files/hash/pecoff/sha1/...).*}",
default="grr",
help="Name of the database to use.")
config_lib.DEFINE_string("Mysql.table_name",
default="aff4",
help="Name of the table to use.")
config_lib.DEFINE_string("Mysql.database_username",
default="root",
help="The user to connect to the database.")
config_lib.DEFINE_string("Mysql.database_password",
default="",
help="The password to connect to the database.")
config_lib.DEFINE_bool("Cron.active", False,
"Set to true to run a cron thread on this binary.")
config_lib.DEFINE_integer("ACL.approvers_required", 2,
"The number of approvers required for access.")
config_lib.DEFINE_string("AdminUI.url", "http://localhost:8000/",
"The direct external URL for the user interface.")
config_lib.DEFINE_string("Frontend.bind_address", "::",
"The ip address to bind.")
config_lib.DEFINE_integer("Frontend.bind_port", 8080, "The port to bind.")
config_lib.DEFINE_integer("Frontend.processes", 1,
"Number of processes to use for the HTTP server")
