#!/usr/bin/env python """Configuration parameters for logging and error reporting subsystems.""" from grr.core.grr_response_core.lib import config_lib from grr.core.grr_response_core.lib import type_info from grr.core.grr_response_core.lib.rdfvalues import standard as rdf_standard config_lib.DEFINE_string( "Logging.domain", "localhost", "The email domain belonging to this installation. " "Leave blank to not restrict email to this domain") config_lib.DEFINE_list( "Logging.engines", ["stderr"], "Enabled logging engines. Valid values are " "combinations of stderr,file,syslog,event_log.") config_lib.DEFINE_bool("Logging.verbose", False, help="If true log more verbosely.") config_lib.DEFINE_string("Logging.path", "%(Config.prefix)/var/log/", help="Path to log file directory.") config_lib.DEFINE_string("Logging.syslog_path", "/dev/log", help="Path to syslog socket. This can be a unix " "domain socket or in a UDP host:port notation.") config_lib.DEFINE_string("Logging.filename", "%(Logging.path)/GRRlog.txt",
name="Config.python_hack_root", default="%(Config.aff4_root)/python_hacks", description=("The path where python hacks are stored in the aff4 " "namespace."))) # Executables must be signed and uploaded to their dedicated AFF4 namespace. config_lib.DEFINE_option( type_info.RDFValueType( rdfclass=rdfvalue.RDFURN, name="Executables.aff4_path", description="The aff4 path to signed executables.", default="%(Config.aff4_root)/executables/%(Client.platform)")) config_lib.DEFINE_string( name="Executables.installer", default=("%(Executables.aff4_path)/installers/" "%(ClientRepacker.output_basename)" "%(ClientBuilder.output_extension)"), help="The location of the generated installer in the config directory.") config_lib.DEFINE_string( name="ClientBuilder.output_extension", default=None, help="The file extension for the client (OS dependent).") config_lib.DEFINE_string(name="ClientBuilder.package_dir", default=None, help="OSX package name.") config_lib.DEFINE_string( "ClientBuilder.private_config_validator_class", default=None,
#!/usr/bin/env python """Configuration parameters for the test subsystem.""" from grr.core.grr_response_core.lib import config_lib # Default for running in the current directory config_lib.DEFINE_constant_string("Test.srcdir", "%(grr|module_path)/../", "The directory containing the source code.") config_lib.DEFINE_constant_string( "Test.data_dir", default="%(grr_response_test/test_data@grr-response-test|resource)", help="The directory where test data exist.") config_lib.DEFINE_constant_string( "Test.additional_test_config", default="%(Test.data_dir)/localtest.yaml", help="The path to a test config with local customizations.") config_lib.DEFINE_string("Test.tmpdir", "/tmp/", help="Somewhere to write temporary files.") config_lib.DEFINE_string("Test.data_store", "FakeDataStore", "The data store to run the tests against.") config_lib.DEFINE_integer("Test.remote_pdb_port", 2525, "Remote debugger port.") config_lib.DEFINE_string("PrivateKeys.ca_key_raw_data", "", "For testing purposes.")
#!/usr/bin/env python """Configuration parameters for the configuration subsystem.""" from grr.core.grr_response_core.lib import config_lib config_lib.DEFINE_string("Config.prefix", "%(grr|resource)", "Prefix directory for general file storage.") config_lib.DEFINE_string("Config.directory", "%(install_data/etc|resource)", "Directory for grr server config files.") config_lib.DEFINE_string("Config.writeback", "%(Config.directory)/server.local.yaml", "Location for writing back the configuration.") config_lib.DEFINE_string( "ConfigUpdater.old_config", None, "Path to a previous config file, imported during" " config_updater.Initialize.")
#!/usr/bin/env python """Configuration parameters for the client.""" from grr.core.grr_response_core.lib import config_lib from grr.core.grr_response_core.lib.rdfvalues import crypto as rdf_crypto # General Client options. config_lib.DEFINE_string( "Client.name", "GRR", "The name of the client. This will be used as a base " "name to generate many other default parameters such " "as binary names and service names. Note that on " "Linux we lowercase the name to confirm with most " "linux naming conventions.") config_lib.DEFINE_string("Client.binary_name", "%(Client.name)", "The name of the client binary.") config_lib.DEFINE_list("Client.labels", [], "Labels for this client.") config_lib.DEFINE_string("Client.company_name", "GRR Project", "The name of the company which made the client.") config_lib.DEFINE_string("Client.description", "%(name) %(platform) %(arch)", "A description of this specific client build.") config_lib.DEFINE_string("Client.platform", "windows", "The platform we are running on.") config_lib.DEFINE_string("Client.arch", "amd64", "The architecture we are running on.")
"""Configuration parameters for the admin UI.""" from grr.core.grr_response_core.lib import config_lib from grr.core.grr_response_core.lib.rdfvalues import config as rdf_config # The Admin UI web application. config_lib.DEFINE_integer("AdminUI.port", 8000, "port to listen on") config_lib.DEFINE_integer( "AdminUI.port_max", None, "If set and AdminUI.port is in use, attempt to " "use ports between AdminUI.port and " "AdminUI.port_max.") # Override this if you want to access admin ui extenally. Make sure it is # secured (i.e. AdminUI.webauth_manager is not NullWebAuthManager)! config_lib.DEFINE_string("AdminUI.bind", "127.0.0.1", "interface to bind to.") config_lib.DEFINE_string( "AdminUI.document_root", "%(grr/server/grr_response_server/gui/static|resource)", "The main path to the static HTML pages.") config_lib.DEFINE_string( "AdminUI.template_root", "%(grr/server/grr_response_server/gui/templates|resource)", "The main path to the templates.") config_lib.DEFINE_string( "AdminUI.webauth_manager", "NullWebAuthManager", "The web auth manager for controlling access to the UI.")
#!/usr/bin/env python """Configuration parameters for server output plugins.""" from grr.core.grr_response_core.lib import config_lib from grr.core.grr_response_core.lib import rdfvalue config_lib.DEFINE_string("BigQuery.service_acct_json", None, "The json contents of the service account file.") config_lib.DEFINE_string("BigQuery.project_id", None, "The BigQuery project_id.") config_lib.DEFINE_string("BigQuery.dataset_id", "grr", "The BigQuery project_id.") config_lib.DEFINE_integer( "BigQuery.max_file_post_size", 5 * 1000 * 1000, "Max size of file to put in each POST " "to bigquery. Note enforcement is not exact.") config_lib.DEFINE_integer("BigQuery.retry_max_attempts", 2, "Total number of times to retry an upload.") config_lib.DEFINE_integer( "BigQuery.max_upload_failures", 100, "Total number of times to try uploading to BigQuery" " for a given hunt or flow.") config_lib.DEFINE_semantic_value(rdfvalue.Duration, "BigQuery.retry_interval", "2s", "Time to wait before first retry.")
#!/usr/bin/env python """Configuration parameters for the data stores.""" from grr.core.grr_response_core.lib import config_lib from grr.core.grr_response_core.lib import rdfvalue config_lib.DEFINE_integer("Datastore.maximum_blob_size", 512 * 1024, "Maximum blob size we may store in the datastore.") config_lib.DEFINE_string("Datastore.implementation", "FakeDataStore", "Storage subsystem to use.") config_lib.DEFINE_string("Blobstore.implementation", "MemoryStreamBlobstore", "Blob storage subsystem to use.") config_lib.DEFINE_string("Database.implementation", "", "Relational database system to use.") config_lib.DEFINE_bool( "Database.useForReads", False, "Use relational database for reading as well as for writing.") config_lib.DEFINE_bool( "Database.useForReads.message_handlers", False, "Enable message handlers using the relational database.") config_lib.DEFINE_bool("Database.useForReads.cronjobs", False, "Enable storing cronjobs in the relational database.") config_lib.DEFINE_bool( "Database.useForReads.client_messages", False,
#!/usr/bin/env python """Settings for ACLs/approvals system.""" from grr.core.grr_response_core.lib import config_lib config_lib.DEFINE_string( "ACL.approvers_config_file", "%(Config.directory)/approvers.yaml", "File that defines who can approve access to " "clients with certain labels.") config_lib.DEFINE_integer("ACL.approvers_required", 2, "The number of approvers required for access.") config_lib.DEFINE_string( "ACL.group_access_manager_class", "NoGroupAccess", "This class handles interfacing with corporate group" "directories for granting access. Override with a " "class that understands your LDAP/AD/whatever setup.") config_lib.DEFINE_integer( "ACL.token_expiry", 7 * 24 * 60 * 60, "The duration in seconds of a valid approval token. " "Default of one week.")
#!/usr/bin/env python """API config options.""" from grr.core.grr_response_core.lib import config_lib from grr.core.grr_response_core.lib import rdfvalue config_lib.DEFINE_integer("API.DailyFlowRequestLimit", "10", "Number of flows a user can run on a single client " "per day before being blocked by throttling. Set to " "0 to disable checking.") config_lib.DEFINE_semantic_value( rdfvalue.Duration, "API.FlowDuplicateInterval", default="1200s", description="Amount of time " "that needs to pass before the throttler will allow " "an identical flow to run on the same client. Set " "to 0s to disable checking.") config_lib.DEFINE_string("API.RouterACLConfigFile", "", "The file containing API acls, see " "grr/config/api_acls.yaml for an example.") config_lib.DEFINE_string("API.DefaultRouter", "DisabledApiCallRouter", "The default router used by the API if there are no " "rules defined in API.RouterACLConfigFile or if none " "of these rules matches.")