-
Notifications
You must be signed in to change notification settings - Fork 220
/
config.ini
90 lines (69 loc) · 2.35 KB
/
config.ini
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
# Tencent is pleased to support the open source community by making HaboMalHunter available.
# Copyright (C) 2017 THL A29 Limited, a Tencent company. All rights reserved.
# Licensed under the MIT License (the "License"); you may not use this file except in
# compliance with the License. You may obtain a copy of the License at
#
# http://opensource.org/licenses/MIT
#
# Unless required by applicable law or agreed to in writing, software distributed under the
# License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND,
# either express or implied. See the License for the specific language governing permissions
# and limitations under the License.
[main]
# Version
version = 2.0.0.3
# log
log_dir = log
file_log = system.log
static_log = output.static
dynamic_log = output.dynamic
# home dir, discard, current is the parent dir of the target
exec_home = workspace
# time limitation (seconds)
time_limit_dynamic = 10
# tag files, in log_dir
static_finished_fname = TagFile_S.txt
dynamic_finished_fname = MonitorComplete_TagFile.txt
# strings limit
strings_limit = 10
# target loader target_loader.{32|64}.elf
target_loader = /root/bin/target_loader
# sysdig plugin
sysdig_plugin_dir = /root/util/sysdig/
# LD_DEBUG
ld_debug_log = ld_debug.log
# decompress is_inplace
is_inplace = True
# decomress limit files
decompress_limit=128
# enable or disable prefix_remove
enable_prefix_remove = False
# tshark is not safe when running with root
tshark_user=remnux
# enable_inetsim
enable_inetsim = False
inetsim_data_dir = /root/util/inetsim/data
inetsim_cfg_path = /root/util/inetsim/inetsim.conf
inetsim_log_dir = /root/log/inetsim/
inetsim_log_report_dir = /root/log/inetsim/report
kernel_log_path = /var/log/kern.log
net_eth0 = 10.0.2.15
net_eth1 = 10.0.2.30
# ltrace and strace can only be used alone
trace_type = auto
# tcpdump limit number of packages
tcpdump_limit = 500
# sysdig limit number of events
sysdig_limit = 50000
# trace limit number of lines
trace_limit = 50000
# yara rules
yara_rules_data = /root/util/yara/yara.bin
# fake dns return ip for inetsim
fake_dns_ip = 216.58.203.46
# memory analysis (default turn off)
enable_mem_analysis = False
lime_src_path = /usr/share/LiME/LiME-1.7.5/src/
mem_dump_path = /root/mem.lime
update_vol_profile_path = /root/util/update_image/update_vol_profile.sh
vol_profile_name=LinuxUbuntu1404x64