# HomeAudit Configuration File # Version: 2.0 # Audit Configuration audit: version: "2.0" timeout: 900 # 15 minutes poll_interval: 30 # 30 seconds max_retries: 3 retry_delay: 10 # Security Settings security: # SSH Configuration ssh: root_login_check: true failed_attempts_threshold: 10 key_based_auth_only: true # File Permission Checks file_permissions: world_writable_max: 20 suid_max: 30 exclude_paths: - "/proc" - "/sys" - "/dev" - "/tmp" - "/var/tmp" # Shell History Analysis shell_history: sensitive_patterns: - "password" - "passwd" - "secret" - "token" - "key" - "api_key" - "private_key" - "ssh_key" - "aws_access" - "aws_secret" - "database_url" - "connection_string" - "credential" - "auth" - "login" history_files: - "/home/*/.bash_history" - "/root/.bash_history" - "/home/*/.zsh_history" - "/home/*/.fish_history" # Network Configuration network: # Interface Detection interfaces: exclude_loopback: true check_speed: true check_duplex: true # Port Analysis ports: risky_ports: 21: "FTP - Consider secure alternatives" 23: "Telnet - Insecure, use SSH instead" 53: "DNS - Ensure properly configured" 80: "HTTP - Consider HTTPS" 135: "SMB/NetBIOS - Potentially risky" 139: "SMB/NetBIOS - Potentially risky" 445: "SMB/NetBIOS - Potentially risky" 3389: "RDP - Ensure secure configuration" # Bandwidth Monitoring bandwidth: enabled: true interfaces: ["eth0", "eth1", "wlan0"] # Container Configuration containers: docker: check_socket_permissions: true check_running_containers: true check_images: true check_networks: true check_volumes: true check_compose_files: true management_tools: - "portainer" - "watchtower" - "traefik" - "nginx-proxy" - "heimdall" - "dashboard" podman: check_containers: true check_images: true # Package Management packages: # Package Managers to Check managers: - "dpkg" # Debian/Ubuntu - "rpm" # Red Hat/Fedora - "pacman" # Arch Linux - "zypper" # openSUSE # Security Updates security_updates: check_available: true max_age_days: 30 # Kernel Security kernel: # Version Checks version: critical_below: "4.0" high_below: "4.19" medium_below: "5.4" low_below: "5.10" # Known Vulnerable Versions vulnerable_patterns: - "4.9.0" - "4.9.1" - "4.9.2" - "4.9.3" - "4.9.4" - "4.9.5" - "4.9.6" - "4.9.7" - "4.9.8" - "4.9.9" - "4.14.0" - "4.14.1" - "4.14.2" - "4.14.3" - "4.14.4" - "4.14.5" - "4.14.6" - "4.14.7" - "4.14.8" - "4.14.9" - "4.19.0" - "4.19.1" - "4.19.2" - "4.19.3" - "4.19.4" - "4.19.5" - "4.19.6" - "4.19.7" - "4.19.8" - "4.19.9" # Security Features security_features: aslr: true dmesg_restrict: true # Output Configuration output: # File Formats formats: - "json" - "text" - "summary" # Compression compression: enabled: true format: "tar.gz" verify_integrity: true # Logging logging: level: "INFO" # DEBUG, INFO, WARN, ERROR include_timestamp: true include_hostname: true # Ansible Configuration ansible: # Connection Settings connection: timeout: 30 retries: 3 delay: 5 # Execution Settings execution: strategy: "free" gather_facts: true become: true # Package Installation packages: required: - "net-tools" - "lsof" - "nmap" - "curl" - "wget" - "tree" - "ethtool" - "jq" optional: - "vnstat" - "htop" - "iotop" # Tailscale Integration tailscale: enabled: true check_status: true check_ip: true check_peers: true