-
Notifications
You must be signed in to change notification settings - Fork 288
/
app.config
95 lines (91 loc) · 5.42 KB
/
app.config
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
<?xml version="1.0"?>
<configuration>
<configSections>
<section name="LicenseSettings" type="PingCastle.ADHealthCheckingLicenseSettings, PingCastle" />
<section name="encryptionSettings" type="PingCastle.Healthcheck.EncryptionSettings, PingCastle" />
<section name="honeyPotSettings" type="PingCastle.Healthcheck.HoneyPotSettings, PingCastle" />
<section name="infrastructureSettings" type="PingCastle.Healthcheck.InfrastructureSettings, PingCastle" />
<section name="customRulesSettings" type="PingCastle.Rules.CustomRulesSettings, PingCastle" />
</configSections>
<!-- Compatibility with all .Net version starting from 3.0 (for WCF) -->
<startup useLegacyV2RuntimeActivationPolicy="true">
<supportedRuntime version="v4.0"/>
<supportedRuntime version="v2.0.50727"/>
</startup>
<!--
For brand customization for customers having a license
<appSettings>
<add key="BrandLogo" value="base64 encoded icon"/>
<add key="BrandCss" value=".pingcastle-css {color: red;}"/>
<add key="BrandJs" value="alert('test')"/>
</appSettings>
-->
<!-- Windows XP or .Net 3.0 supports only the class RijndaelManaged which is not fips compliant -->
<runtime>
<enforceFIPSPolicy enabled="false"/>
<!--
If you enable this, you will be able to use Tlsv1.2 to push report
But you won't test SSLv3 or TLS 1.0 on your DC
Note: this settings require to have the KB3154518 installed.
See https://docs.microsoft.com/en-us/dotnet/framework/network-programming/tls for more info
If you are admin we recommend to set :
- for dotnet 2, 3, 3.5
the SystemDefaultTlsVersions registry key
see:
https://support.microsoft.com/en-us/help/3154520/support-for-tls-system-default-versions-included-in-the-net-framework
- for dotnet 4
the SchUseStrongCrypto registry key
https://docs.microsoft.com/en-us/officeonlineserver/enable-tls-1-1-and-tls-1-2-support-in-office-online-server#enable-strong-cryptography-in-net-framework-45-or-higher
So you can use both TLS 1.2 and next to upload your reports and test for old protocols too.
-->
<AppContextSwitchOverrides value="Switch.System.Net.DontEnableSystemDefaultTlsVersions=false"/>
</runtime>
<LicenseSettings
license="" />
<!-- Encryption seeting to protect the report for a loss of confidentiality -->
<!-- Change the encryption key ! -->
<!-- Use the switch -generate-key to generate keys -->
<encryptionSettings encryptionKey="default">
<RSAKeys>
<KeySettings name="default" publicKey="<RSAKeyValue><Modulus>rXQQDs1PVbp1L7o4DwM51HJIDyXpDIBCg1PEkRy6jNJxCYxwbm9vK9ma92IQiT642gYsbb7N/6VW21xgukULMizAFVCfyofkQzK7mI8CH4HsQB+XjKVGK8ONDO9zVYwyGZBcz0pRjnm9eDj6vPpYOZqeAgr1n7aqBNgZPZolYoc=</Modulus><Exponent>AQAB</Exponent></RSAKeyValue>"
privateKey="<RSAKeyValue><Modulus>rXQQDs1PVbp1L7o4DwM51HJIDyXpDIBCg1PEkRy6jNJxCYxwbm9vK9ma92IQiT642gYsbb7N/6VW21xgukULMizAFVCfyofkQzK7mI8CH4HsQB+XjKVGK8ONDO9zVYwyGZBcz0pRjnm9eDj6vPpYOZqeAgr1n7aqBNgZPZolYoc=</Modulus><Exponent>AQAB</Exponent><P>xEXa3R3dmyxV2rLlhKHOuuhJi+LvSgkO/Ddlia7BqrTnPZ72SQUFqbd/6kcYo87KKR9rL/60lb1AH3Ms5o/whw==</P><Q>4jyDCyiXmWgtY+bzZKE5v1estW/s2vwcZ3xcGoGnAkIhOLiEZnK6atQSgb32l8h06P2KCZWc01IgRk0ihvV+AQ==</Q><DP>vyhd6l+NFvWORKtZ+Nxy8P0NrG2AqvW5n5IAlaEbxDvev9hTfHiktFAhCDboW5oqsPSFu7/xd6lTi43sXD4yfw==</DP><DQ>4i5fURufHOcTYiq2saeipVLRP4ALzA97kla5emKfBtn4fs2yyP3ws/ccHYw+6hamE33PsK9cX8VesQpS95yeAQ==</DQ><InverseQ>rQiTcmkCvJHI4e8qDEQS1Efs/1j9xB9fbn3J0vNngWbPjdrY8YCOWu8SoAVzCeZ+WBR7FwOut0yL8/pAERlA0A==</InverseQ><D>DmYqqRfpJJxAezBR1Ak4BUdhbQSAJr4FB4LuN/+zCtqzcI/8i2Zry6+aWjwFVGdlEBBgItIqprTSk45FJ2Fw7tvOBso+VEOAxNYe8Rpw1RgZeN5fRGm5O685SjNawHA9potK8v2R5DzpWgLcSEqkGYg4clh1Y/s0Qb+OW2NP+gE=</D></RSAKeyValue>"/>
</RSAKeys>
</encryptionSettings>
<!-- honeypot settings -->
<honeyPotSettings>
<HoneyPots>
<HoneyPot samAccountName="HoneyPot" />
<HoneyPot distinguishedName="CN=ADIANT-VIRTUAL-,CN=Computers,DC=test,DC=mysmartlogon,DC=com"/>
<HoneyPot samAccountName="HoneyPotInexistant"/>
</HoneyPots>
</honeyPotSettings>
<!-- reserved for paid customers to describe their infrastructure and alter the rule computation to avoid false positives -->
<infrastructureSettings>
<!-- You can use this section to declare that you are using Riverbed devices.
Please look at the Microsoft documentation about the side effects that this kind of device generates:
https://docs.microsoft.com/en-us/troubleshoot/windows-server/identity/info-devices-configured-rodcs
-->
<Riverbeds>
<!-- There is no need to add a final $ in the samAccountName of the Riverbed-->
<Riverbed samAccountName="Riverbed"/>
</Riverbeds>
</infrastructureSettings>
<!-- reserved for paid customers (starting with Pro license to customize rules -->
<!-- <customRulesSettings>
<CustomRules>
<CustomRule RiskId="A-Krbtgt">
<Computations>
<Computation Type="TriggerOnThreshold" Score="50" Threshold="1464" Order="1"/>
</Computations>
</CustomRule>
</CustomRules>
</customRulesSettings>-->
<!-- Email settings -->
<system.net>
<mailSettings>
<smtp from="from@address.com" deliveryMethod="Network">
<network host="stmp.server.com" port="25" userName="username" password="password"/>
</smtp>
</mailSettings>
</system.net>
</configuration>