PrivX Settings Examples
| SCOPE | SECTION | EXAMPLE |
|---|---|---|
| GLOBAL | audit | {"data_folder":"/var/privx/audit/","timeout_when_no_connmgr":5,"trail_expiry":7} |
| GLOBAL | ldapconnections | {"enable_ldap_custom_root_certificates":false,"enable_ldap_system_roots_cert_pool":true,"insecure_skip_verify_tls":false,"ldap_connection_timeout":10,"ldap_retry_attempts":3,"ldap_root_ca_pem":""} |
| GLOBAL | disclaimer | {"privx_disclaimer":"[]"} |
| CONNECTION-MANAGER | housekeeping | {"housekeeping_conn_meta_retention":-1,"housekeeping_enable_integrity_checker":true,"housekeeping_integrity_checker_use_checksum":true,"housekeeping_interval":5,"housekeeping_interval_for_trails":24} |
| HOST-STORE | initial-host-service-options-ssh | {"exec":true,"file_transfer":true,"other":true,"shell":true,"tunnels":true,"x11":true} |
| HOST-STORE | initial-host-service-options-web | {"audio":true,"clipboard":true,"file_transfer":true} |
| HOST-STORE | initial-host-service-options-rdp | {"audio":true,"clipboard":true,"file_transfer":true} |
| HOST-STORE | initial-host-service-options-vnc | {"clipboard":true,"file_transfer":true} |
| HOST-STORE | host-house-keeping | {"host_housekeeping_run_interval":168,"hosts_deleted_age":168} |
| HOST-STORE | health-check-options | {"service_health_check_max_requests_per_second":1,"service_health_check_max_workers":3,"service_health_check_wait":600,"service_health_checks_enabled":true} |
| MONITOR-SERVICE | housekeeping | {"cache_db_expiry_interval":600,"data_retention_period":180,"housekeeping_interval":12,"status_check_interval":10,"system_health_check_interval":12} |
| RDP-MITM | rdp_mitm | {"allow_role_ip_restrictions":true,"extender_enabled":true,"ffmpeg_parameters":"preset=medium","rdp_public_addresses":["rdp-mitm.local"],"reauthorization_interval_sec":300,"video_generator_temp_directory":"/tmp","video_generator_workers":2} |
| RDP-MITM | certificates | {"renewal_period_days":0,"renewal_period_months":1,"update_automatically":true} |
| RDP-PROXY | rdp_proxy | {"allow_connect_to_local_addresses":false,"allow_connect_to_loopback":false,"connectivity_test_timeout":30,"extender_enabled":true,"reauthorization_interval_sec":300,"share_dir":"/tmp/rdp-drive/","smartcard_authentication_enabled":true,"target_blacklist":"","web_proxy_enabled":true,"ws_keepalive_interval_sec":30} |
| RDP-PROXY | certificates | {"renewal_period_days":0,"renewal_period_months":1,"update_automatically":true} |
| ROLE-STORE | scanning | {"first_host_scanning_delay":30,"first_role_scanning_delay":10,"host_scanning_frequency":300} |
| ROLE-STORE | authorizedkeys | {"expired_purge_interval_hours":24,"max_validity_days":730,"min_rsa_key_size":2048,"supported_key_types":["ssh-rsa","ssh-ed25519"]} |
| ROLE-STORE | ldap | {"attributes":"objectClass cn dn distinguishedName whenCreated whenChanged name userPrincipalName givenName company departmentNumber mail email mobile sAMAccountName uid memberOf entryDN displayName userAccountControl groupType servicePrincipalName objectCategory objectGUID objectSID","default_cache_ttl":900,"default_user_filter":"( |
| ROLE-STORE | directory | {"blacklisted_host_tag_prefixes":["privx-","aws:","ssh-keys","windows-keys"]} |
| ROLE-STORE | aws | {"assume_role_default_ttl":900,"default_region":"us-east-1","enable_assume_role":true,"enable_federated_tokens":true,"enabled":true,"federated_tokens_default_ttl":900,"max_aws_roles":1000} |
| ROLE-STORE | caching | {"enable":true,"max_entries":100000,"rule_evaluation_cache_enabled":true,"sync_interval_seconds":60,"ttl":60,"type":"local","user_cache_refresh_ttl":60} |
| SSH-MITM | ssh_mitm | {"allow_connect_to_local_addresses":false,"allow_connect_to_loopback":false,"allow_role_ip_restrictions":true,"extender_enabled":true,"hostkey_algorithms":["RSA","Ed25519"],"metadata_update_interval_sec":120,"reauthorization_interval_sec":300,"ssh_listen_addresses":[":2222"],"ssh_public_addresses":["ssh-mitm.local"],"target_blacklist":"","ws_keepalive_interval_sec":30} |
| SSH-PROXY | ssh_proxy | {"allow_connect_to_local_addresses":false,"allow_connect_to_loopback":false,"extender_enabled":true,"forwarder_enabled":false,"metadata_update_interval_sec":120,"reauthorization_interval_sec":300,"ssh_keepalive_interval_sec":30,"target_blacklist":"","ws_keepalive_interval_sec":30} |
| TRAIL-INDEX | housekeeping | {"housekeeping_interval":30} |
| TRAIL-INDEX | workers | {"no_of_workers":10} |
| WORKFLOW-ENGINE | housekeeping | {"housekeeping_interval":24} |
| AUTH | loginratelimit | {"enable_subnet_limit":true,"enable_username_limit":true,"remoteip_white_list":"127.0.0.0/8,::1","subnet_attempts_burst_size":3000,"subnet_attempts_per_minute":3000,"username_attempts_burst_size":5,"username_attempts_per_minute":1} |
| VAULT | secrets | {"schemas":'[]'} |
Was this page helpful?