forked from blacktop/docker-ghidra
-
Notifications
You must be signed in to change notification settings - Fork 22
/
Copy pathserver.conf
269 lines (219 loc) · 12.5 KB
/
server.conf
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
#********************************************************************
# Service Wrapper Properties
#********************************************************************
# Initial Working Directory (i.e., absolute installation directory path)
wrapper.working.dir=${ghidra_home}
# Temporary directory (set WRAPPER_TMPDIR in ghidraSvr(.bat) script to modify this)
wrapper.tmp.path=${wrapper_tmpdir}
# Mac OS X launchd plist directory
wrapper.launchd.dir=/Library/LaunchDaemons
# Java Application
wrapper.java.command=${java}
# Establish default permissions for generated files
wrapper.java.umask=027
# Java Classpath
include=${classpath_frag}
# Java Additional Parameters
wrapper.java.additional.1=-Djava.net.preferIPv4Stack=true
# Establishes a minimum number of rolling server.log backups to be maintained
wrapper.java.additional.2=-DApplicationRollingFileAppender.maxBackupIndex=10
# Ensure that classpath_frag is defined for service startup
wrapper.java.additional.3=-Dclasspath_frag=${classpath_frag}
# Java temporary directory (set WRAPPER_TMPDIR in ghidraSvr(.bat) script to modify this)
wrapper.java.additional.4=-Djava.io.tmpdir=${wrapper_tmpdir}
# JNA temporary directory (set WRAPPER_TMPDIR in ghidraSvr(.bat) script to modify this).
# Note that YAJSW relies on jna_tmpdir (underscore). We set jna.tmpdir in case the Ghidra Server ever wants to do JNA.
wrapper.java.additional.5=-Djna.tmpdir=${wrapper_tmpdir}
# Limit server to specific TLS protocols for all secure connections.
# NOTE: multiple protocols must be separated with a semi-colon (e.g., TLSv1.2;TLSv1.3).
wrapper.java.additional.6=-Dghidra.tls.server.protocols=TLSv1.2;TLSv1.3
# Restrict server to specific TLS cipher suites for all secure communications
# NOTE: multiple ciphers must be separated using "\,". The specified list includes both TLSv1.2 and TLSv1.3 supported ciphers.
# TLSv1.3 info: https://www.packetmania.net/en/2023/08/21/TLS1-3-intro/
# See Commercial National Security Algorithm (CNSA) Suite Profile for TLS and DTLS 1.2 and 1.3
# RFC 9151 https://datatracker.ietf.org/doc/rfc9151/
wrapper.java.additional.7=-Djdk.tls.server.cipherSuites="TLS_DHE_RSA_WITH_AES_256_GCM_SHA384\,TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384\,TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384\,TLS_AES_256_GCM_SHA384"
# A suitable cacerts file must be installed when using PKI authentication
#wrapper.java.additional.8=-Dghidra.cacerts=./Ghidra/cacerts
# If Ghidra clients must authenticate the server, the server will need to install
# a server key/certificate in a secure location (e.g., /etc/pki/...)
# and specify the location and password via the properties below.
# Be sure to properly set permissions on the Ghidra installation and this file
# if using these settings.
#wrapper.java.additional.9=-Dghidra.keystore=
#wrapper.java.additional.10=-Dghidra.password=
# Enable/Disable use of compression for DataBuffer serialization and Block Streams
wrapper.java.additional.11=-Ddb.buffers.DataBuffer.compressedOutput=true
# Uncomment to enable remote debug support
# The debug address will listen on all network interfaces, if desired the '*' may be
# set to a specific interface IP address (e.g., 127.0.0.1) if you wish to restrict.
# During debug it will be necessary to increase timeout values to prevent the wrapper
# from restarting the server due to unresponsiveness.
#wrapper.java.additional.12=-Xdebug
#wrapper.java.additional.13=-Xnoagent
#wrapper.java.additional.14=-Djava.compiler=NONE
#wrapper.java.additional.15=-Xrunjdwp:transport=dt_socket\,server=y\,suspend=n\,address=*:18200
#wrapper.startup.timeout=0
#wrapper.ping.timeout=0
# Optional debug enablement instead of using the wrapper.java.additional arguments above
# This will cause application to start in a suspended state in debug mode and increase
# timeouts to their maximum values.
#wrapper.java.debug.port=18200
# Uncomment to allow VisualVM Profiling to avoid "Rejected class serialization..." errors
# NOTE: A Java class serialization filter is added for RMI security assurance and should remain
# enabled during normal use.
#wrapper.java.additional.16=-Dghidra.server.serialization.filter.disabled=true
# Uncomment to enable remote use of VisualVM for profiling
# See JMX documentation for more information: http://docs.oracle.com/javase/8/docs/technotes/guides/management/agent.html
#wrapper.java.additional.17=-Dcom.sun.management.jmxremote.port=9010
#wrapper.java.additional.18=-Dcom.sun.management.jmxremote.local.only=false
#wrapper.java.additional.19=-Dcom.sun.management.jmxremote.authenticate=false
#wrapper.java.additional.20=-Dcom.sun.management.jmxremote.ssl=false
# YAJSW will by default assume a POSIX spawn for Linux and Mac OS X systems, unfortunately it has
# not yet been implemented for Mac OS X. The default process support within YAJSW for Mac OS X is
# broken so we must force the use of BSD process support which appears to work properly. To enable
# this mode of operation the wrapper.fork_hack option must be enabled and the wrapper.posix_spawn
# option explicitly disabled. The ghidraSvr script will attempt to make these changes automatically
# for Mac OS X.
#wrapper.fork_hack=true
# Pipe server output to console/log
#wrapper.console.pipestreams=true
# Monitor for Deadlock
wrapper.java.monitor.deadlock = true
# Main server application class
wrapper.java.app.mainclass=ghidra.server.remote.GhidraServer
# Initial Java Heap Size (in MB)
wrapper.java.initmemory=396
# Maximum Java Heap Size (in MB)
# See svrREADME.txt file for advice (Server Memory Considerations)
wrapper.java.maxmemory=768
# Specify the directory used to store repositories. This directory must be dedicated to this
# Ghidra Server instance and may not contain files or folders not produced by the
# Ghidra Server or its administrative scripts. Relative paths originate from the
# Ghidra installation directory, although an absolute path is preferred if not using default.
# This variable is also used by the svrAdmin script.
ghidra.repositories.dir=/repos
# Ghidra server startup parameters.
#
# Command line parameters: (Add command line parameters as needed and renumber each starting from .1)
# [-ip <hostname>] [-i #.#.#.#] [-p#] [-n]
# [-a#] [-d<ad_domain>] [-e<days>] [-jaas <config_file>] [-u] [-autoProvision] [-anonymous] [-ssh]
# <repository_path>
#
# -ip <hostname> : identifies the remote access IPv4 address or hostname (FQDN) which should be
# used by remote clients to access the server.
#
# -i #.#.#.# : server interface IPv4 address to listen on (default will listen on all interfaces).
#
# -p# : base TCP port to be used (default: 13100) [see Note 1]
#
# -n : enable reverse name lookup for IP addresses when logging (requires proper configuration
# of reverse lookup by your DNS server)
#
# -a# : an optional authentication mode where # is a value of 0, 1, 2, or 4
# 0 - Private user password
# 1 - Active Directory via Kerberos. Requires -d<your.ad_domainname.tld>
# 2 - PKI Authentication
# 4 - JAAS Authentication. See also -jaas <config_file>
#
# -d<ad_domain> : the Active Directory domain name. Example: "-dmydomain.com"
#
# -e<days> : specifies initial/reset password expiration time in days (-a0 mode only, default is 1-day, 0 = no expiration)
#
# -jaas <config_file> : specifies the path to the JAAS config file (when using -a4), relative
# to the ghidra/server directory (if not absolute).
# See jaas.conf for examples and suggestions.
# It is the system administrator's responsibility to craft their own
# JAAS configuration directive when using the -a4 mode.
#
# -u : enable users to be prompted for user ID (does not apply to -a2 PKI mode)
#
# -autoProvision : enable the auto-creation of new Ghidra Server
# users when they successfully authenticate to the server (-a1 and -a4 modes only).
# Users removed from the authentication provider (e.g., Active Directory) will need to be
# deleted manually from the Ghidra Server using svrAdmin command.
#
# -anonymous : enables anonymous repository access (see svrREADME.html for details)
#
# -ssh : enables SSH authentication for headless clients
#
# <repository_path> : Required. Directory used to store repositories. This directory must be dedicated to this
# Ghidra Server instance and may not contain files or folders not produced
# by the Ghidra Server or its administrative scripts.
# Relative paths originate from the installation directory
# ${ghidra.repositories.dir} : config variable (defined above) which identifies the directory
# used to store repositories. Use of this variable to define the
# repositories directory must be retained.
wrapper.app.parameter.1=-a0
wrapper.app.parameter.2=-u
wrapper.app.parameter.3=-ip${GHIDRA_PUBLIC_HOSTNAME}
wrapper.app.parameter.4=${ghidra.repositories.dir}
# Establish server process owner
# This should only be used when installing as a service using a nologin
# local user account. Establishing a suitable account is left as a
# system administration task. NOTE: the use of this feature is not
# yet supported for Windows installations.
#wrapper.app.account=ghidra
#********************************************************************
# Service Wrapper Logging Properties
#********************************************************************
# Format of output for the console. (See docs for formats)
wrapper.console.format=PM
# Log Level for console output. (use INFO to see Ghidra Server activity)
wrapper.console.loglevel=INFO
# Provide additional wrapper debug logging info
#wrapper.debug=true
# Log file to use for wrapper output logging.
wrapper.logfile=wrapper.log
# Format of output for the log file. (See docs for formats)
wrapper.logfile.format=LPTM
# Log Level for wrapper.log file output. (See docs for log levels)
wrapper.logfile.loglevel=INFO
# Maximum size that the log file will be allowed to grow to before
# the log is rolled. Size is specified in bytes. The default value
# of 0, disables log rolling. May abbreviate with the 'k' (kb) or
# 'm' (mb) suffix. For example: 10m = 10 megabytes.
wrapper.logfile.maxsize=10m
# Maximum number of rolled log files which will be allowed before old
# files are deleted. The default value of 0 implies no limit.
wrapper.logfile.maxfiles=10
#********************************************************************
# Service Wrapper Linux Properties
#********************************************************************
# Force initd (systemd had issues during testing on Ubuntu 21.04 with yajsw-13.00)
wrapper.daemon.system = initd
#********************************************************************
# Service Wrapper Windows Properties
#********************************************************************
# Title to use when running as a console
wrapper.console.title=Ghidra Server
#********************************************************************
# Service Wrapper Windows NT/2000/XP Service Properties
#********************************************************************
# WARNING - Do not modify any of these properties when an application
# using this configuration file has been installed as a service.
# Please uninstall the service before modifying this section. The
# service can then be reinstalled.
# Name of the service
wrapper.ntservice.name=ghidraSvr
# Display name of the service
wrapper.ntservice.displayname=Ghidra Server
# Description of the service
wrapper.ntservice.description=Repository server for Ghidra data files.
# Service dependencies. Add dependencies as needed starting from 1
wrapper.ntservice.dependency.1=
# Mode in which the service is installed.
wrapper.ntservice.starttype=AUTO_START
# Linux service daemon priority for Ghidra Server (start/stop)
# It is important that the network interface has started and any file-system
# dependencies are mounted prior to the Ghidra Server starting.
# NOTE: uninstall the Ghidra Server service using svrUninstall script before changing
# the property wrapper.daemon.update_rc or wrapper.daemon.run_level_dir property.
wrapper.daemon.update_rc= 98 05
# Linux service daemon link directories
wrapper.daemon.run_level_dir=/etc/rcX.d
# Allow the service to interact with the desktop.
wrapper.ntservice.interactive=false
# Restart failed service after 1 minute delay
wrapper.ntservice.failure_actions.actions=RESTART
wrapper.ntservice.failure_actions.actions_delay=60000