Skip to main content

Configuration Toml

· 5 min read
tiCrypt Team

Business case

This blog post discusses what a configuration file is and why you, as an admin, should care about it when running your virtual machines. A configuration file can alter the internal settings of your virtual machine.

Why do we need this?

When the administrator creates a VM Image, they need two things: the tiCrypt software to manage the image, and the configuration file. tiCrypt provides users with a default configuration file. The administrator can use the tiCrypt config file, or use their own. Allowing users to upload their own configuration files allows for customization for what the researcher needs.

What types of parameters are in a config file?

Below is the default configuration file with notes on what each object and its parameters mean.

[terminal]

  • enabled = false
    Whether or not the terminal service is enabled. On windows, the terminal is powershell and on linux it will be linux.

  • #command = "/bin/bash"
    The default command to use when running terminals in linux.

  • #command = "powershell.exe"
    The default command to use when running terminals in windows.

  • scrollback = 10000
    Default number of lines of terminal scrollback history kept.

[tunnel]

  • enabled = false
    Whether or not the tunnel service is enabled.

  • serverPort = 22
    TCP port on which to bind the tunneling service.

  • allowedPorts = [] This is our default port. We use a list of ports for tunneling. The following are examples of what users can set allowedPorts to.

  • allowedPorts = 5901
    A single port can be used.

  • allowedPorts = "5901-5905"
    A range of ports can be used.

  • allowedPorts = [ 14500, 5901 ] An array of ports can be used.

  • addGroups = []
    This is our default list. addGroups is a list of additional system groups that users with tunneling permissions will be added to.

  • addGroups = [ "Remote Desktop Users" ]
    Used by Windows ONLY: allow access to RDP

  • idleTimeout = "15m"
    This is the timeout for idle tunnels. It defaults to 15 minutes. If set to positive duration, tunnels without active forwarded connections will be killed after the specified timeout. The minimum non-zero idle timeout is 1 second.

  • sftpEnabled = false
    Whether SFTP support is enabled. If enabled, an SSH daemon will be run that is configured to only allow SFTP connections. Enabling SFTP allows for one way SFTP from the local client to the virtual machine.

  • sftpPort = 2022
    The local port on which the SFTP SSH daemon runs. This will be automatically added to the allowed tunnel ports.

  • sshDirPath = ""
    An sshPath is NEEDED if SFTP is enabled. The path to the directory containing the sshd(.exe) and ssh-keygen(.exe) executables. If not set, the following will be checked for the executable:

    1. The assets archive at bin/ssh/
    2. The system path

[tunnel.services]

  • xpra = 14500

Optional names for ports, which may be referred to in the connection instructions for the VM. This is only needed for linux. This will be ignored windows. It is recommended to use the xpra information that we provide. More information can be found here

[tunnel.cert]

  • country = "US"
    If specified, country MUST be a two-letter country code.
  • organization = "unspecified"

[users]

  • changeAdminPassword = false
    If true, the VMC will attempt to change the admin password at startup to a random password. This prevents anyone from knowing the password.

  • managersAsAdmin = false
    If this is set to true, then IN WINDOWS, managers or owners of the VM can fulfill admin tasks without a password. If this is true in LINUX, then managers will be part of a group called "sudoers" and can act as admins without a password.

  • createDirs = []

  • createHiddenDirs = []
    These two parameters apply to Windows ONLY. Users can add the names of directories to be automatically created in the user's home on their encrypted drive if they do not already exist. This will allow for the directories to be automatically linked into the user's profile on the C: drive even if they did not originally exist.
    If it is left blank, everything in the home drive will be a junction. Both only pertain to Windows.

[commands]

  • commands.rootCommands
    Commands that are run by the root upon startup

  • commands.rootCommands.runOnlyOnceCommands
    Commands that are run only once

  • commands.rootCommands.runEveryTimeCommands
    Commands that are run every time event_name = {command0_name = "command0", command1_name = "command1"}

  • commands.userCommands
    Commands to be run by the user

  • commands.userCommands.runOnlyOnceCommands
    Commands that are run only once

  • commands.userCommands.runEveryTimeCommands
    Commands that are run every time

tiCrypt Default Config

[terminal]
enabled = false
command = linux = "/bin/bash" windows = "powershell.exe"
scrollback = 10000
[tunnel]
enabled = false
serverPort = 22
allowedPorts = []
addGroups = []
addGroups = [ "Remote Desktop Users" ]
idleTimeout = "15m"
sftpEnabled = false
sftpPort = 2022
sshDirPath = ""
[tunnel.services]
xpra = 14500
[tunnel.cert]
country = "US"
organization = "unspecified"
[users]
changeAdminPassword = false
managersAsAdmin = false
createDirs = []
createHiddenDirs = []
[commands]
[commands.rootCommands]
[commands.rootCommands.runOnlyOnceCommands]
[commands.rootCommands.runEveryTimeCommands]
[commands.userCommands]
[commands.userCommands.runOnlyOnceCommands]
[commands.userCommands.runEveryTimeCommands]