tomas.kracmar
09c30f97e9
Consolidated duplicated helpers into Elysium.Common.ps1: - Settings parsing (Read-KeyValueSettingsFile, Read-ElysiumSettings, Get-SettingsValue) - Azure Blob URI builder (Build-BlobUri) - S3 SigV4 signing helpers and AWS module bootstrap - AD credential validation and replication permission pre-check - Parallel execution helper (Get-FunctionDefinitionText) Test-WeakADPasswords.ps1 and Extract-NTHashes.ps1 now import Elysium.Common.ps1 for the first time. Update-KHDB.ps1 and Prepare-KHDBStorage.ps1 removed their local duplicates. Deleted legacy Settings.ps1 (superseded by ElysiumSettings.txt). Removed stray placeholder comment in Elysium.ps1. All versions bumped to unified v2.2.1.
89 lines
3.0 KiB
Plaintext
89 lines
3.0 KiB
Plaintext
##################################################
|
|
## ____ ___ ____ _____ _ _ _____ _____ ##
|
|
## / ___/ _ \| _ \| ____| | \ | | ____|_ _| ##
|
|
## | | | | | | |_) | _| | \| | _| | | ##
|
|
## | |__| |_| | _ <| |___ _| |\ | |___ | | ##
|
|
## \____\__\_\_| \_\_____(_)_| \_|_____| |_| ##
|
|
## Move fast and fix things. ##
|
|
##################################################
|
|
## Project: Elysium ##
|
|
## File: ElysiumSettings.txt ##
|
|
## Version: 2.2.1 ##
|
|
## Support: support@cqre.net ##
|
|
##################################################
|
|
|
|
# Storage Settings
|
|
##################
|
|
# Select storage provider: Azure or S3 (S3 = S3-compatible like IDrive e2)
|
|
# Default is Azure when not set.
|
|
StorageProvider = Azure
|
|
|
|
# Azure (if StorageProvider=Azure)
|
|
storageAccountName =
|
|
containerName =
|
|
sasToken =
|
|
|
|
# S3-compatible (if StorageProvider=S3)
|
|
# Example for IDrive e2: set endpoint URL to the region endpoint you were given.
|
|
# Access key/secret correspond to your S3-compatible credentials.
|
|
s3EndpointUrl =
|
|
s3Region = us-east-1
|
|
s3BucketName =
|
|
s3AccessKeyId =
|
|
s3SecretAccessKey =
|
|
# Many S3-compatible providers require path-style addressing
|
|
# (true recommended for MinIO/IDrive e2/Wasabi). Set to true/false.
|
|
s3ForcePathStyle = true
|
|
s3UseAwsTools = false
|
|
|
|
# KHDB Shard Settings
|
|
#####################
|
|
# The KHDB update script downloads a manifest plus per-prefix shards (default shard size 2).
|
|
# These values control the remote object names and local storage directory.
|
|
KhdbManifestPath=khdb/manifest.json
|
|
KhdbShardPrefix=khdb/shards
|
|
KhdbLocalShardDir=khdb-shards
|
|
|
|
# Application Settings
|
|
######################
|
|
InstallationPath=
|
|
ReportPathBase=Reports
|
|
WeakPasswordsDatabase=khdb.txt
|
|
# CheckOnlyEnabledUsers=true
|
|
|
|
# Lithnet Password Protection Settings
|
|
######################################
|
|
LithnetStorePath=
|
|
LithnetSyncHibp=false
|
|
LithnetHashSources=khdb.txt
|
|
LithnetPlaintextSources=
|
|
LithnetBannedWordSources=
|
|
|
|
# Telemetry (optional)
|
|
######################
|
|
# These values are empty by default so no telemetry is sent.
|
|
# Provide a pre-signed URL (for example, an S3 PUT) to receive a single beacon
|
|
# when the weak-password test starts. Only script name, version, and timestamp
|
|
# are transmitted; you can set UsageBeaconInstanceId to differentiate deployments.
|
|
UsageBeaconUrl=
|
|
UsageBeaconMethod=GET # GET, POST, or PUT
|
|
UsageBeaconInstanceId=
|
|
UsageBeaconTimeoutSeconds=5
|
|
|
|
# Notes:
|
|
# - Required PowerShell modules: DSInternals, ActiveDirectory
|
|
# For Azure uploads: Az.Storage
|
|
# For S3-compatible uploads: AWS.Tools.S3 or AWSPowerShell.NetCore
|
|
# - AD account permissions: Replication Directory Changes and Replication Directory Changes All
|
|
# on the domain (DCSync-equivalent) are sufficient; full Domain Admin not required.
|
|
|
|
# Domain Settings
|
|
#################
|
|
# Domain 1 (domain1.local)
|
|
Domain1Name=domain1.local
|
|
Domain1DC=xxx.rdm.cz
|
|
|
|
# Domain 2 (domain2.com)
|
|
Domain2Name=domain2.com
|
|
Domain2DC=yyy.st.sk
|