cqrenet/elysium
4
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
Files
v2.2.2
elysium/ElysiumSettings.txt.sample
T
tomas.kracmar 27a682a968 Release v2.2.2: fix replication permission check for nested groups 
Test-ReplicationPermissions now uses the tokenGroups constructed
attribute to resolve all effective SIDs in the caller's Kerberos
token, including nested group memberships. This replaces the
previous MemberOf walk which missed indirect entitlement and
could produce false-positive missing-permission errors.

All versions bumped to unified v2.2.2.
2026-06-09 11:41:14 +02:00

89 lines
3.0 KiB
Plaintext
Raw Permalink Blame History

##################################################
## ____ ___ ____ _____ _ _ _____ _____ ##
## / ___/ _ \| _ \| ____| | \ | | ____|_ _| ##
## | | | | | | |_) | _| | \| | _| | | ##
## | |__| |_| | _ <| |___ _| |\ | |___ | | ##
## \____\__\_\_| \_\_____(_)_| \_|_____| |_| ##
## Move fast and fix things. ##
##################################################
## Project: Elysium ##
## File: ElysiumSettings.txt ##
## Version: 2.2.2 ##
## Support: support@cqre.net ##
##################################################
# Storage Settings
##################
# Select storage provider: Azure or S3 (S3 = S3-compatible like IDrive e2)
# Default is Azure when not set.
StorageProvider = Azure
# Azure (if StorageProvider=Azure)
storageAccountName =
containerName =
sasToken =
# S3-compatible (if StorageProvider=S3)
# Example for IDrive e2: set endpoint URL to the region endpoint you were given.
# Access key/secret correspond to your S3-compatible credentials.
s3EndpointUrl =
s3Region = us-east-1
s3BucketName =
s3AccessKeyId =
s3SecretAccessKey =
# Many S3-compatible providers require path-style addressing
# (true recommended for MinIO/IDrive e2/Wasabi). Set to true/false.
s3ForcePathStyle = true
s3UseAwsTools = false
# KHDB Shard Settings
#####################
# The KHDB update script downloads a manifest plus per-prefix shards (default shard size 2).
# These values control the remote object names and local storage directory.
KhdbManifestPath=khdb/manifest.json
KhdbShardPrefix=khdb/shards
KhdbLocalShardDir=khdb-shards
# Application Settings
######################
InstallationPath=
ReportPathBase=Reports
WeakPasswordsDatabase=khdb.txt
# CheckOnlyEnabledUsers=true
# Lithnet Password Protection Settings
######################################
LithnetStorePath=
LithnetSyncHibp=false
LithnetHashSources=khdb.txt
LithnetPlaintextSources=
LithnetBannedWordSources=
# Telemetry (optional)
######################
# These values are empty by default so no telemetry is sent.
# Provide a pre-signed URL (for example, an S3 PUT) to receive a single beacon
# when the weak-password test starts. Only script name, version, and timestamp
# are transmitted; you can set UsageBeaconInstanceId to differentiate deployments.
UsageBeaconUrl=
UsageBeaconMethod=GET # GET, POST, or PUT
UsageBeaconInstanceId=
UsageBeaconTimeoutSeconds=5
# Notes:
# - Required PowerShell modules: DSInternals, ActiveDirectory
# For Azure uploads: Az.Storage
# For S3-compatible uploads: AWS.Tools.S3 or AWSPowerShell.NetCore
# - AD account permissions: Replication Directory Changes and Replication Directory Changes All
# on the domain (DCSync-equivalent) are sufficient; full Domain Admin not required.
# Domain Settings
#################
# Domain 1 (domain1.local)
Domain1Name=domain1.local
Domain1DC=xxx.rdm.cz
# Domain 2 (domain2.com)
Domain2Name=domain2.com
Domain2DC=yyy.st.sk
Reference in New Issue View Git Blame Copy Permalink