89 lines
3.0 KiB
Plaintext
89 lines
3.0 KiB
Plaintext
##################################################
|
|
## ____ ___ ____ _____ _ _ _____ _____ ##
|
|
## / ___/ _ \| _ \| ____| | \ | | ____|_ _| ##
|
|
## | | | | | | |_) | _| | \| | _| | | ##
|
|
## | |__| |_| | _ <| |___ _| |\ | |___ | | ##
|
|
## \____\__\_\_| \_\_____(_)_| \_|_____| |_| ##
|
|
## Move fast and fix things. ##
|
|
##################################################
|
|
## Project: Elysium ##
|
|
## File: ElysiumSettings.txt ##
|
|
## Version: 1.3.0 ##
|
|
## Support: support@cqre.net ##
|
|
##################################################
|
|
|
|
# Storage Settings
|
|
##################
|
|
# Select storage provider: Azure or S3 (S3 = S3-compatible like IDrive e2)
|
|
# Default is Azure when not set.
|
|
StorageProvider = Azure
|
|
|
|
# Azure (if StorageProvider=Azure)
|
|
storageAccountName =
|
|
containerName =
|
|
sasToken =
|
|
|
|
# S3-compatible (if StorageProvider=S3)
|
|
# Example for IDrive e2: set endpoint URL to the region endpoint you were given.
|
|
# Access key/secret correspond to your S3-compatible credentials.
|
|
s3EndpointUrl =
|
|
s3Region = us-east-1
|
|
s3BucketName =
|
|
s3AccessKeyId =
|
|
s3SecretAccessKey =
|
|
# Many S3-compatible providers require path-style addressing
|
|
# (true recommended for MinIO/IDrive e2/Wasabi). Set to true/false.
|
|
s3ForcePathStyle = true
|
|
s3UseAwsTools = false
|
|
|
|
# KHDB Shard Settings
|
|
#####################
|
|
# The KHDB update script downloads a manifest plus per-prefix shards (default shard size 2).
|
|
# These values control the remote object names and local storage directory.
|
|
KhdbManifestPath=khdb/manifest.json
|
|
KhdbShardPrefix=khdb/shards
|
|
KhdbLocalShardDir=khdb-shards
|
|
|
|
# Application Settings
|
|
######################
|
|
InstallationPath=
|
|
ReportPathBase=Reports
|
|
WeakPasswordsDatabase=khdb.txt
|
|
# CheckOnlyEnabledUsers=true
|
|
|
|
# Lithnet Password Protection Settings
|
|
######################################
|
|
LithnetStorePath=
|
|
LithnetSyncHibp=false
|
|
LithnetHashSources=khdb.txt
|
|
LithnetPlaintextSources=
|
|
LithnetBannedWordSources=
|
|
|
|
# Telemetry (optional)
|
|
######################
|
|
# These values are empty by default so no telemetry is sent.
|
|
# Provide a pre-signed URL (for example, an S3 PUT) to receive a single beacon
|
|
# when the weak-password test starts. Only script name, version, and timestamp
|
|
# are transmitted; you can set UsageBeaconInstanceId to differentiate deployments.
|
|
UsageBeaconUrl=
|
|
UsageBeaconMethod=GET # GET, POST, or PUT
|
|
UsageBeaconInstanceId=
|
|
UsageBeaconTimeoutSeconds=5
|
|
|
|
# Notes:
|
|
# - Required PowerShell modules: DSInternals, ActiveDirectory
|
|
# For Azure uploads: Az.Storage
|
|
# For S3-compatible uploads: AWS.Tools.S3 or AWSPowerShell.NetCore
|
|
# - AD account permissions: Replication Directory Changes and Replication Directory Changes All
|
|
# on the domain (DCSync-equivalent) are sufficient; full Domain Admin not required.
|
|
|
|
# Domain Settings
|
|
#################
|
|
# Domain 1 (domain1.local)
|
|
Domain1Name=domain1.local
|
|
Domain1DC=xxx.rdm.cz
|
|
|
|
# Domain 2 (domain2.com)
|
|
Domain2Name=domain2.com
|
|
Domain2DC=yyy.st.sk
|