PrivX Settings Examples

SCOPESECTIONEXAMPLE
GLOBALaudit{"data_folder":"/var/privx/audit/","timeout_when_no_connmgr":5,"trail_expiry":7}
GLOBALldapconnections{"enable_ldap_custom_root_certificates":false,"enable_ldap_system_roots_cert_pool":true,"insecure_skip_verify_tls":false,"ldap_connection_timeout":10,"ldap_retry_attempts":3,"ldap_root_ca_pem":""}
GLOBALdisclaimer{"privx_disclaimer":"[]"}
CONNECTION-MANAGERhousekeeping{"housekeeping_conn_meta_retention":-1,"housekeeping_enable_integrity_checker":true,"housekeeping_integrity_checker_use_checksum":true,"housekeeping_interval":5,"housekeeping_interval_for_trails":24}
HOST-STOREinitial-host-service-options-ssh{"exec":true,"file_transfer":true,"other":true,"shell":true,"tunnels":true,"x11":true}
HOST-STOREinitial-host-service-options-web{"audio":true,"clipboard":true,"file_transfer":true}
HOST-STOREinitial-host-service-options-rdp{"audio":true,"clipboard":true,"file_transfer":true}
HOST-STOREinitial-host-service-options-vnc{"clipboard":true,"file_transfer":true}
HOST-STOREhost-house-keeping{"host_housekeeping_run_interval":168,"hosts_deleted_age":168}
HOST-STOREhealth-check-options{"service_health_check_max_requests_per_second":1,"service_health_check_max_workers":3,"service_health_check_wait":600,"service_health_checks_enabled":true}
MONITOR-SERVICEhousekeeping{"cache_db_expiry_interval":600,"data_retention_period":180,"housekeeping_interval":12,"status_check_interval":10,"system_health_check_interval":12}
RDP-MITMrdp_mitm{"allow_role_ip_restrictions":true,"extender_enabled":true,"ffmpeg_parameters":"preset=medium","rdp_public_addresses":["rdp-mitm.local"],"reauthorization_interval_sec":300,"video_generator_temp_directory":"/tmp","video_generator_workers":2}
RDP-MITMcertificates{"renewal_period_days":0,"renewal_period_months":1,"update_automatically":true}
RDP-PROXYrdp_proxy{"allow_connect_to_local_addresses":false,"allow_connect_to_loopback":false,"connectivity_test_timeout":30,"extender_enabled":true,"reauthorization_interval_sec":300,"share_dir":"/tmp/rdp-drive/","smartcard_authentication_enabled":true,"target_blacklist":"","web_proxy_enabled":true,"ws_keepalive_interval_sec":30}
RDP-PROXYcertificates{"renewal_period_days":0,"renewal_period_months":1,"update_automatically":true}
ROLE-STOREscanning{"first_host_scanning_delay":30,"first_role_scanning_delay":10,"host_scanning_frequency":300}
ROLE-STOREauthorizedkeys{"expired_purge_interval_hours":24,"max_validity_days":730,"min_rsa_key_size":2048,"supported_key_types":["ssh-rsa","ssh-ed25519"]}
ROLE-STOREldap{"attributes":"objectClass cn dn distinguishedName whenCreated whenChanged name userPrincipalName givenName company departmentNumber mail email mobile sAMAccountName uid memberOf entryDN displayName userAccountControl groupType servicePrincipalName objectCategory objectGUID objectSID","default_cache_ttl":900,"default_user_filter":"(
ROLE-STOREdirectory{"blacklisted_host_tag_prefixes":["privx-","aws:","ssh-keys","windows-keys"]}
ROLE-STOREaws{"assume_role_default_ttl":900,"default_region":"us-east-1","enable_assume_role":true,"enable_federated_tokens":true,"enabled":true,"federated_tokens_default_ttl":900,"max_aws_roles":1000}
ROLE-STOREcaching{"enable":true,"max_entries":100000,"rule_evaluation_cache_enabled":true,"sync_interval_seconds":60,"ttl":60,"type":"local","user_cache_refresh_ttl":60}
SSH-MITMssh_mitm{"allow_connect_to_local_addresses":false,"allow_connect_to_loopback":false,"allow_role_ip_restrictions":true,"extender_enabled":true,"hostkey_algorithms":["RSA","Ed25519"],"metadata_update_interval_sec":120,"reauthorization_interval_sec":300,"ssh_listen_addresses":[":2222"],"ssh_public_addresses":["ssh-mitm.local"],"target_blacklist":"","ws_keepalive_interval_sec":30}
SSH-PROXYssh_proxy{"allow_connect_to_local_addresses":false,"allow_connect_to_loopback":false,"extender_enabled":true,"forwarder_enabled":false,"metadata_update_interval_sec":120,"reauthorization_interval_sec":300,"ssh_keepalive_interval_sec":30,"target_blacklist":"","ws_keepalive_interval_sec":30}
TRAIL-INDEXhousekeeping{"housekeeping_interval":30}
TRAIL-INDEXworkers{"no_of_workers":10}
WORKFLOW-ENGINEhousekeeping{"housekeeping_interval":24}
AUTHloginratelimit{"enable_subnet_limit":true,"enable_username_limit":true,"remoteip_white_list":"127.0.0.0/8,::1","subnet_attempts_burst_size":3000,"subnet_attempts_per_minute":3000,"username_attempts_burst_size":5,"username_attempts_per_minute":1}
VAULTsecrets{"schemas":'[]'}

Was this page helpful?