# create as much services as you need and name them as you want
test_vagrant_volume:
# optional SOCKS proxy
socks_host: ""
socks_port: 9150
# SSH host, port, user
host: "localhost"
port: 2422
user: root
password: "root"
auth_method: password
# SSH options
ssh_tcp_timeout: 300
ssh_banner_timeout: 120
ssh_auth_timeout: 300
verify_ssh_fingerprint: true # use "false" ONLY for testing, never use "false" on production
# public key, and your passphrase to the public key
public_key: ""
passphrase: ""
# mattermost/slack
notifications:
type: "none" # mattermost, slack, none
url: "http://some-url-here" # (slack/mattermost only)
resend_after: 300 # (slack/mattermost only)
connection_timeout: 300 # (slack/mattermost only)
#proxy: "socks://some-socks-server:9050" # (slack/mattermost only)
proxy_retry_num: 3 # (slack/mattermost only)
# when prixy will fail all retries, then should we skip using proxy to send a notification? (slack/mattermost only)
proxy_fallback_on_failure: false
# host files integrity checking mechanism
checksum_method: "sha256sum"
# a command to execute when checksum failed, can be empty, or can be a some resuce command
on_security_violation: "echo 'Checksum failed... unmounting secure data disk, waiting for administrator intervention...'"
# files to keep eye on integrity
checksum_files:
sh: '/bin/sh'
bash: '/bin/bash'
losetup: '$(whereis losetup|awk "{print \$2}")'
# checks to perform on the host to validate additionally if everything is ok
healthchecks:
- command: "ps aux |grep SOOOMETHING"
on_failure: "echo 'Something on failure'"
# Set to false if you do not want to execute commands from "on_failure" when checksum security violation was detected
on_failure_even_if_security_violation: false
- command: "ps aux |grep ON_VIOLATION_WILL_EXECUTE"
on_failure: "echo 'Something on failure - on_failure_even_if_security_violation: true'"
on_failure_even_if_security_violation: true
- command: "ps aux |grep bash"
on_failure: "echo 'This should not show'"
on_failure_even_if_security_violation: false