Vault 7: Projects

This publication series is about specific projects related to the Vault 7 main publication.

SECRET//ORCON//NOFORN
16.3 Configuration
The Gibson C2 and LP require a configuration file providing the parameters for each
subsystem. The configuration file stores key value pairs that describe the
parameters of the C2 or LP.
The configuration file stores one key-value pair per line. The key and value are
delimited by one equals sign (=). Empty lines or lines beginning with a hash (#) will
be ignored.
The C2 and LP will automatically locate the file when it is installed at /etc/the-gibson
or relative to the the_gibson Python package at ./.gibconfig. The configuration files
are generated automatically by the Assassin installation script and rarely need to be
adjusted.
Basic Configuration
There are basic configuration keys supported by both the C2 and LP. They include:
working_directory path to The Gibson's working directory
galleon_configuration path to the Galleon configuration file
logging.level logging level for The Gibson components
logging.running_directory path to directory to store running logs
logging.session_directory path to directory to store session logs
C2 Configuration
The C2 configuration supports the following keys:
user_interface path to User Interface script
user_interface.receipt_directory path to Implant receipt directory
task_generator path to Task Generator script
queue_proxy path to Queue Proxy script
queue_proxy.queue_src_label source label for Transport to Queue
queue_proxy.queue_dst_label destination label for Transport to Queue
post_processor path to Post Processor script
post_processor.receipt_directory path to Implant receipt directory
default_ingester path to Default Ingester script
default_ingester.output_directory path to Assassin output directory
log_extractor path to Log Extractor script
log_extractor.extract_to path to directory to extract logs
log_extractor.combine whether to combine extracted logs
LP Configuration
The LP configuration supports the following keys:
queue path to Queue script
queue.proxy_src_label source label for Transport to Queue Proxy
queue.proxy_dst_label destination label for Transport to Queue Proxy
beacon_server path to Beacon Server script
beacon_server.src_label source label for Transport to Post Processor
beacon_server.dst_label destination label for Transport to Post
Processor
log_collector path to Log Collector script
log_collector.src_label source label for Transport to Log Extractor
log_collector.dst_label destination label for Transport to Log Extractor
log_collector.collect_from path to directory to collect logs
135
SECRET//ORCON//NOFORN

e-Highlighter

Click to send permalink to address bar, or right-click to copy permalink.

Un-highlight all Un-highlight selectionu Highlight selectionh