Configuration file¶
Note
Parameter configuration is located in the sig section of the file /etc/aos/agent.conf.
Configuration file consists of sections:
| Section | Parameter | Description | Default value |
|---|---|---|---|
sig |
signature_check_interval |
Verification period for signed directories. | 60 |
sig |
verifier_config_path |
Path to the integrity monitoring system configuration file. | /etc/afick/afick.conf |
sig |
vm_configs_filepath |
Path to files with descriptions of instances. | /etc/libvirt/qemu/ |
sig |
sign_config_opts |
Templates for adding to the integrity control system. | /usr/share/qemu PARSEC, /usr/share/seabios PARSEC, /usr/share/OVMF PARSEC, /etc/libvirt/qemu/ PARSEC |
sig |
system_check_dir |
Path to directories with BIOS of instances. | /usr/share/qemu , /usr/share/seabios , /usr/share/OVMF |
sig |
destroy_vm |
Disabling instances when integrity is violated. | True |
Note
Configuration of the parameters of the periodic task of checking the service status is located in the sig_validation section of the file /etc/aos/cloud_manager.conf.
Configuration file consists of sections:
| Section | Parameter | Description | Default value |
|---|---|---|---|
sig_validation |
enabled |
Enabling the periodic task of checking the status of the sig service. | True |
sig_validation |
sync_interval |
Frequency of the scanning task launch interval in seconds. | 60 |
sig_validation |
lock_timeout |
Duration of blocking the restart of asynchronous scanning tasks in case of a system failure, in seconds. | 70 |
sig_validation |
confirm_timeout |
Timeout waiting for a response from the message broker indicating that the message has been accepted on the side of the service being checked. | 10 |
sig_validation |
timeout |
Total duration of all timeouts waiting for a response from the service being checked. | 60 |