admin/HomeAudit
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
main
HomeAudit/audit_config.yml
admin fb869f1131 Initial commit
2025-08-24 11:13:39 -04:00

218 lines
3.9 KiB
YAML
Raw Permalink Blame History

# HomeAudit Configuration File
# Version: 2.0
# Audit Configuration
audit:
version: "2.0"
timeout: 900 # 15 minutes
poll_interval: 30 # 30 seconds
max_retries: 3
retry_delay: 10
# Security Settings
security:
# SSH Configuration
ssh:
root_login_check: true
failed_attempts_threshold: 10
key_based_auth_only: true
# File Permission Checks
file_permissions:
world_writable_max: 20
suid_max: 30
exclude_paths:
- "/proc"
- "/sys"
- "/dev"
- "/tmp"
- "/var/tmp"
# Shell History Analysis
shell_history:
sensitive_patterns:
- "password"
- "passwd"
- "secret"
- "token"
- "key"
- "api_key"
- "private_key"
- "ssh_key"
- "aws_access"
- "aws_secret"
- "database_url"
- "connection_string"
- "credential"
- "auth"
- "login"
history_files:
- "/home/*/.bash_history"
- "/root/.bash_history"
- "/home/*/.zsh_history"
- "/home/*/.fish_history"
# Network Configuration
network:
# Interface Detection
interfaces:
exclude_loopback: true
check_speed: true
check_duplex: true
# Port Analysis
ports:
risky_ports:
21: "FTP - Consider secure alternatives"
23: "Telnet - Insecure, use SSH instead"
53: "DNS - Ensure properly configured"
80: "HTTP - Consider HTTPS"
135: "SMB/NetBIOS - Potentially risky"
139: "SMB/NetBIOS - Potentially risky"
445: "SMB/NetBIOS - Potentially risky"
3389: "RDP - Ensure secure configuration"
# Bandwidth Monitoring
bandwidth:
enabled: true
interfaces: ["eth0", "eth1", "wlan0"]
# Container Configuration
containers:
docker:
check_socket_permissions: true
check_running_containers: true
check_images: true
check_networks: true
check_volumes: true
check_compose_files: true
management_tools:
- "portainer"
- "watchtower"
- "traefik"
- "nginx-proxy"
- "heimdall"
- "dashboard"
podman:
check_containers: true
check_images: true
# Package Management
packages:
# Package Managers to Check
managers:
- "dpkg" # Debian/Ubuntu
- "rpm" # Red Hat/Fedora
- "pacman" # Arch Linux
- "zypper" # openSUSE
# Security Updates
security_updates:
check_available: true
max_age_days: 30
# Kernel Security
kernel:
# Version Checks
version:
critical_below: "4.0"
high_below: "4.19"
medium_below: "5.4"
low_below: "5.10"
# Known Vulnerable Versions
vulnerable_patterns:
- "4.9.0"
- "4.9.1"
- "4.9.2"
- "4.9.3"
- "4.9.4"
- "4.9.5"
- "4.9.6"
- "4.9.7"
- "4.9.8"
- "4.9.9"
- "4.14.0"
- "4.14.1"
- "4.14.2"
- "4.14.3"
- "4.14.4"
- "4.14.5"
- "4.14.6"
- "4.14.7"
- "4.14.8"
- "4.14.9"
- "4.19.0"
- "4.19.1"
- "4.19.2"
- "4.19.3"
- "4.19.4"
- "4.19.5"
- "4.19.6"
- "4.19.7"
- "4.19.8"
- "4.19.9"
# Security Features
security_features:
aslr: true
dmesg_restrict: true
# Output Configuration
output:
# File Formats
formats:
- "json"
- "text"
- "summary"
# Compression
compression:
enabled: true
format: "tar.gz"
verify_integrity: true
# Logging
logging:
level: "INFO" # DEBUG, INFO, WARN, ERROR
include_timestamp: true
include_hostname: true
# Ansible Configuration
ansible:
# Connection Settings
connection:
timeout: 30
retries: 3
delay: 5
# Execution Settings
execution:
strategy: "free"
gather_facts: true
become: true
# Package Installation
packages:
required:
- "net-tools"
- "lsof"
- "nmap"
- "curl"
- "wget"
- "tree"
- "ethtool"
- "jq"
optional:
- "vnstat"
- "htop"
- "iotop"
# Tailscale Integration
tailscale:
enabled: true
check_status: true
check_ip: true
check_peers: true
Reference in New Issue View Git Blame Copy Permalink