EAL.config

# EAL CONF
## Extract memory (1=yes|0=no - default yes)
MEMORY=1
## Extract mem proc if all memory fail (1=yes|0=no - default yes)
MEM_PROC=1
## Scan FS and Mem with yara (spyre project)
YARA_SCAN=1
## Dump file matched by yara if size < YARA_MAXSIZE (1=yes|0=no - default yes)
DUMP_YARA_MATCH=1
## Max size of file to scan with yara rules (10MB default value)
YARA_MAXSIZE="10MB"
## Path to check yara rules (default is "/")
YARA_PATHSCAN="/"
## Yar rules to check on FS
YARA_RULES_MEM="procscan.yar"
## Yar rules to check on MEM
YARA_RULES_FS="filescan.yar"
## Max size of file to extract found by yara rules, suspect proc, package integrity fail, ... (in MB)
EXTRACT_MAXSIZE=5
## Extract PHP
EXTRACT_PHP=1
## Get info type (file cmd) on FS (file < 5MB) (1=yes|0=no - default yes)
FILE_TYPE=1
## Get info md5sum on FS (file < 5MB) (1=yes|0=no - default no)
FILE_MD5=0
## Get info deleted file on FS (1=yes|0=no - default no !! very slow !!)
FILE_DELETED=0
## Get info deleted file on FS (1=yes|0=no - default no !! very slow !!)
DUMP_NETPROC=1
## Dump Static ELF out of package (1=yes|0=no - default yes)
DUMP_ELF_STATIC=1
## Dump file of package if intergity fail (1=yes|0=no - default yes)
DUMP_PKG_INTEGRITY=1
## Dump docker container config (1=yes|0=no - default yes)
DUMP_DOCKER=1
## Dump etc directory (1=yes|0=no - default yes)
DUMP_ETC=1
## Dump logs in FS (1=yes|0=no - default yes)
DUMP_LOG=1
## Use debscan tools on package deb (1=yes|0=no - default yes)
USE_DEBSCAN=1
## Get process informations (1=yes|0=no - default yes)
PROCESS_INFO=1
## Get packages informations (1=yes|0=no - default yes)
PACKAGE_INFO=1
## Get kernel informations (1=yes|0=no - default yes)
KERNEL_INFO=1
## Get autorun informations (1=yes|0=no - default yes)
AUTORUN_INFO=1
## Get network informations (1=yes|0=no - default yes)
NETWORK_INFO=1
## Get active network informations (1=yes|0=no - default no !! make connexion to internet !!)
INFO_ACTIVE_NET=0