-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy path.env.example
More file actions
59 lines (55 loc) · 3.08 KB
/
.env.example
File metadata and controls
59 lines (55 loc) · 3.08 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
# Master .env.example. Copy to <host>/.env and fill in. See shared/auth.md for the per-host subset.
#
# Generate the shared token once on any host:
# python -c "import secrets; print(secrets.token_hex(32))"
# Paste the same value into INOCULA_TOKEN on all three hosts. Never commit
# a real .env file.
# ─── Shared (every host) ──────────────────────────────────────────────
# 64-hex-char secret sent in the `X-Inocula-Token` header on every inter-node POST.
INOCULA_TOKEN=CHANGE_ME_64_HEX_CHARS
# ─── Sentinel — Laptop A (victim defense, port 8787) ──────────────────
# Bind address for the Jac walker server.
INOCULA_SENTINEL_HOST=0.0.0.0
# HTTP port the Sentinel walker REST + cl{} UI listen on.
INOCULA_SENTINEL_PORT=8787
# Full base URL of the C2 peer; used for optional sentinel_alert webhooks.
INOCULA_C2_URL=http://<laptop_b_ip>:8788
# Source IP that is allowed to call /walker/trigger_payload (the one risky endpoint).
INOCULA_ALLOW_REMOTE_TRIGGER_FROM=<laptop_b_ip>
# Seconds of OS idle before the Sentinel considers the user away (OODA tuning).
INOCULA_IDLE_THRESHOLD=10
# Seconds between successive payload fires (shared with C2 cooldown UI).
INOCULA_COOLDOWN=90
# Optional LLM model for `classify_attack` — falls back to rule backend if unset.
INOCULA_LLM_MODEL=anthropic/claude-3-5-sonnet-latest
# Optional: path to the read-only upstream doppelganger/ clone for WinRT BT helpers.
INOCULA_DOPPEL_DIR=<PATH_TO_DOPPELGANGER_DIR>
# Optional: Anthropic API key. Unset = rule-based classifier (Phase 3 parity).
ANTHROPIC_API_KEY=
# ─── C2 — Laptop B (attacker orchestrator, port 8788) ─────────────────
# Bind address for the Jac walker server.
INOCULA_C2_HOST=0.0.0.0
# HTTP port the C2 walker REST + cl{} operator console listen on.
INOCULA_C2_PORT=8788
# Full base URL of the Sentinel peer; used by the STEALTH track adapter.
INOCULA_SENTINEL_URL=http://<laptop_a_ip>:8787
# `user@host` for the Scout Pi; used by the NOISY track SSH step.
INOCULA_PI_SSH_HOST=inocula@<pi_ip>
# Optional path to an SSH private key. Falls back to the ssh-agent if empty.
INOCULA_SSH_IDENTITY=
# SSH connect timeout in seconds (default 6) applied to the noisy track.
INOCULA_SSH_TIMEOUT=6
# Total HTTP timeout in seconds for C2 → Sentinel trigger_payload calls (default 8).
INOCULA_C2_OP_TIMEOUT=8
# Default track selected in the operator console dropdown: stealth|noisy|both.
INOCULA_DEFAULT_TRACK=stealth
# ─── Scout — Raspberry Pi (outbound-only BLE sensor) ──────────────────
# INOCULA_TOKEN and INOCULA_C2_URL above are also required here.
# Seconds between BLE scan cycles (adaptive: C2 may override via next_poll_seconds).
INOCULA_SCAN_INTERVAL=10
# Minimum RSSI (dBm) for a device to be reported to C2; filters distant noise.
INOCULA_RSSI_MIN=-75
# Seconds each BLE scan runs before aggregation and POST.
INOCULA_SCAN_DURATION=8
# Pi identifier sent with each scan report; defaults to the hostname.
INOCULA_PI_ID=