PrivX Settings
| SCOPE | SECTION | PROPERTY | DESCRIPTION |
|---|---|---|---|
| GLOBAL | audit | data_folder | Folder for audit trail data. |
| timeout_when_no_connmgr | Timeout for connections when no connection manager, in seconds. | ||
| trail_expiry | Number of days a trail is available before removed from storage. | ||
| GLOBAL | ldapconnections | enable_ldap_custom_root_certificates | Specifies if PrivX should use custom root certificates. |
| enable_ldap_system_roots_cert_pool | Specifies if PrivX should use the system certificates pool | ||
| insecure_skip_verify_tls | Specifies whether the client should accept any certificate presented by the server. It makes TLS susceptible to man-in-the-middle attacks. | ||
| ldap_retry_attempts | LDAP query connection timeout, in seconds. | ||
| ldap_root_ca_pem | Custom root certificate in PEM format, which will be added to cert pool for LDAP connections. | ||
| GLOBAL | disclaimer | privx_disclaimer | Specify disclaimers in JSON format as an array of disclaimer objects. |
| HOST-STORE | health-check-options | service_health_check_max_requests_per_second | Maximum service health check requests per second per worker. |
| service_health_check_max_workers | Maximum concurrent health check workers. | ||
| service_health_check_wait | Interval between health check runs, in seconds. | ||
| service_health_checks_enabled | Specifies whether PrivX should perform network connectivity health checks for services. | ||
| HOST-STORE | host-house-keeping | host_housekeeping_run_interval | Interval between housekeeping runs, in hours. |
| hosts_deleted_age | The delay (in hours) between when a host has been deleted to when it will be permanently removed. | ||
| HOST-STORE | initial-host-service-options-ssh | exec | Set true to enable exec as default for all the hosts. |
| file_transfer | Set true to enable file_transfer as default for all the hosts. | ||
| shell | Set true to enable shell operations as default for all the hosts. | ||
| tunnels | Set true to enable tunnels as default for all the hosts. | ||
| x11 | Set true to enable x11 as default for all the hosts. | ||
| other | Set true to enable all the other ssh operations as default for all the hosts. | ||
| HOST-STORE | initial-host-service-options-rdp | audio | Set true to enable audio as default for all the hosts. |
| clipboard | Set true to enable clipboard as default for all the hosts. | ||
| file_transfer | Set true to enable file_transfer as default for all the hosts. | ||
| HOST-STORE | initial-host-service-options-web | audio | Set true to enable audio as default for all the hosts. |
| clipboard | Set true to enable clipboard as default for all the hosts. | ||
| file_transfer | Set true to enable file_transfer as default for all the hosts. | ||
| ROLE-STORE | authorizedkeys | expired_purge_interval_hours | Expired authorized keys purge interval, in hours. |
| max_validity_days | Authorized key maximum validity period length in days | ||
| min_rsa_key_size | Minimum key size in bits for ssh-rsa keys. | ||
| supported_key_types | Specifies the supported authorized key types for logging in to PrivX with user specific authorized keys. | ||
| ROLE-STORE | aws | enabled | Specifies whether AWS support is enabled. |
| default_region | Default AWS region to use for fetching access tokens. | ||
| enable_assume_role | Enable assume-role temporary session credentials. | ||
| assume_role_default_ttl | Expiration time in seconds for assume-role temporary credentials. | ||
| enable_federated_tokens | Enable federation token access. | ||
| federated_tokens_default_ttl | Expiration time in seconds for federation token | ||
| force_mfa | Force Multi Factor Authentication. MFA is supported by default with assume-role level access. But, federated tokens do not support MFA. | ||
| max_aws_roles | Maximum number of AWS roles to fetch for role federation | ||
| ROLE-STORE | caching | enable | Specifies whether caching of user role memberships, rule evaluation results, user settings and AWS role descriptions is enabled |
| max_entries | Maximum entries in the local LRU cache. If cache exceeds this size, the least recently used entries are purged | ||
| rule_evaluation_cache_enabled | Specifies whether role rule evaluation results should be cached. | ||
| sync_interval_seconds | Internal in-mem cache periodic synchronization interval in seconds | ||
| ttl | Cache TTL in seconds. | ||
| type | Cache type | ||
| user_cache_refresh_ttl | Cache TTL for user caching, in seconds. | ||
| ROLE-STORE | directory | blacklisted_host_tag_prefixes | Blacklisted host tag prefixes |
| ROLE-STORE | ldap | enable_cache | Enable LDAP query cache |
| default_cache_ttl | Default LDAP cache TTL (in seconds). | ||
| attributes | LDAP attributes filter | ||
| default_user_filter | Default pre-filter to use when searching users. | ||
| enable_nested_groups | Enable nested groups for role mappings. | ||
| global_ad_user_filter | filter to AD users or mapping roles | ||
| paging_size | LDAP query paging size | ||
| ROLE-STORE | scanning | first_host_scanning_delay | Host scanning delay after starting the service in seconds. |
| first_role_scanning_delay | AWS role scanning delay after starting the service | ||
| host_scanning_frequency | Host scanning frequency default value in seconds. | ||
| MONITOR-SERVICE | housekeeping | housekeeping_interval | Interval between audit events housekeeping runs, in hours |
| data_retention_period | Number of days that audit events must be kept in the database. | ||
| status_check_interval | Interval between status checks, in seconds. | ||
| system_health_check_interval | Interval between system health check, in hours. | ||
| cache_db_expiry_interval | Interval for removing expired keys from the database cache, in seconds. | ||
| TRAIL-INDEX | housekeeping | housekeeping_interval | Interval between housekeeping runs, in minutes, for clearing up expired audit trail files. |
| TRAIL-INDEX | workers | no_of_workers | Maximum audit trail indexing concurrency. |
Updated over 3 years ago