Configuration referenceΒΆ

# create as much services as you need and name them as you want
test_vagrant_volume:

    # optional SOCKS proxy
    socks_host: ""
    socks_port: 9150

    # SSH host, port, user
    host: "localhost"
    port: 2422
    user: root
    password: "root"
    auth_method: password

    # SSH options
    ssh_tcp_timeout: 300
    ssh_banner_timeout: 120
    ssh_auth_timeout: 300
    verify_ssh_fingerprint: true # use "false" ONLY for testing, never use "false" on production

    # public key, and your passphrase to the public key
    public_key: ""
    passphrase: ""

    # mattermost/slack
    notifications:
        type: "none" # mattermost, slack, none
        url: "http://some-url-here" # (slack/mattermost only)
        resend_after: 300 # (slack/mattermost only)
        connection_timeout: 300 # (slack/mattermost only)
        #proxy: "socks://some-socks-server:9050" # (slack/mattermost only)
        proxy_retry_num: 3 # (slack/mattermost only)
        # when prixy will fail all retries, then should we skip using proxy to send a notification? (slack/mattermost only)
        proxy_fallback_on_failure: false

    # host files integrity checking mechanism
    checksum_method: "sha256sum"

    # a command to execute when checksum failed, can be empty, or can be a some resuce command
    on_security_violation: "echo 'Checksum failed... unmounting secure data disk, waiting for administrator intervention...'"

    # files to keep eye on integrity
    checksum_files:
        sh: '/bin/sh'
        bash: '/bin/bash'
        losetup: '$(whereis losetup|awk "{print \$2}")'

    # checks to perform on the host to validate additionally if everything is ok
    healthchecks:
        - command: "ps aux |grep SOOOMETHING"
          on_failure: "echo 'Something on failure'"

          # Set to false if you do not want to execute commands from "on_failure" when checksum security violation was detected
          on_failure_even_if_security_violation: false

        - command: "ps aux |grep ON_VIOLATION_WILL_EXECUTE"
          on_failure: "echo 'Something on failure - on_failure_even_if_security_violation: true'"
          on_failure_even_if_security_violation: true

        - command: "ps aux |grep bash"
          on_failure: "echo 'This should not show'"
          on_failure_even_if_security_violation: false