summaryrefslogtreecommitdiff
path: root/conf
diff options
context:
space:
mode:
authorYves-Alexis Perez <corsac@corsac.net>2017-09-01 17:21:25 +0200
committerYves-Alexis Perez <corsac@corsac.net>2017-09-01 17:21:25 +0200
commitd35f9a428e3443c4478b3ba1b03d7f69ce43436c (patch)
treec57633158ae938ac37bac0be0564fc9360746999 /conf
parentdebb2443d93d74388b2330341a787e5ba420909d (diff)
parent11d6b62db969bdd808d0f56706cb18f113927a31 (diff)
downloadvyos-strongswan-d35f9a428e3443c4478b3ba1b03d7f69ce43436c.tar.gz
vyos-strongswan-d35f9a428e3443c4478b3ba1b03d7f69ce43436c.zip
Updated version 5.6.0 from 'upstream/5.6.0'
with Debian dir e138a03837a338ec35cc53a33de19381770a5f0c
Diffstat (limited to 'conf')
-rw-r--r--conf/Makefile.am9
-rw-r--r--conf/Makefile.in17
-rwxr-xr-xconf/format-options.py42
-rw-r--r--conf/options/charon.conf2
-rw-r--r--conf/options/charon.opt2
-rw-r--r--conf/options/imcv.conf17
-rw-r--r--conf/options/imcv.opt9
-rw-r--r--conf/options/sw-collector.conf31
-rw-r--r--conf/options/sw-collector.opt31
-rw-r--r--conf/options/swanctl.conf3
-rw-r--r--conf/options/swanctl.opt5
-rw-r--r--conf/plugins/curl.conf12
-rw-r--r--conf/plugins/curl.opt3
-rw-r--r--conf/plugins/eap-aka-3ggp2.opt1
-rw-r--r--conf/plugins/eap-aka-3gpp.conf12
-rw-r--r--conf/plugins/eap-aka-3gpp.opt3
-rw-r--r--conf/plugins/eap-aka-3gpp2.conf12
-rw-r--r--conf/plugins/eap-aka-3gpp2.opt4
-rw-r--r--conf/plugins/imc-swid.opt7
-rw-r--r--conf/plugins/imc-swima.conf (renamed from conf/plugins/eap-aka-3ggp2.conf)4
-rw-r--r--conf/plugins/imc-swima.opt21
-rw-r--r--conf/plugins/imv-swima.conf8
-rw-r--r--conf/plugins/imv-swima.opt5
-rw-r--r--conf/strongswan.conf.5.main101
24 files changed, 330 insertions, 31 deletions
diff --git a/conf/Makefile.am b/conf/Makefile.am
index eb5c9c2eb..87319db22 100644
--- a/conf/Makefile.am
+++ b/conf/Makefile.am
@@ -24,7 +24,8 @@ options = \
options/scepclient.opt \
options/starter.opt \
options/swanctl.opt \
- options/tnc.opt
+ options/tnc.opt \
+ options/sw-collector.opt
plugins = \
plugins/addrblock.opt \
@@ -35,11 +36,13 @@ plugins = \
plugins/bypass-lan.opt \
plugins/certexpire.opt \
plugins/coupling.opt \
+ plugins/curl.opt \
plugins/dhcp.opt \
plugins/dnscert.opt \
plugins/duplicheck.opt \
plugins/eap-aka.opt \
- plugins/eap-aka-3ggp2.opt \
+ plugins/eap-aka-3gpp.opt \
+ plugins/eap-aka-3gpp2.opt \
plugins/eap-dynamic.opt \
plugins/eap-gtc.opt \
plugins/eap-peap.opt \
@@ -59,11 +62,13 @@ plugins = \
plugins/imc-os.opt \
plugins/imc-scanner.opt \
plugins/imc-swid.opt \
+ plugins/imc-swima.opt \
plugins/imc-test.opt \
plugins/imv-attestation.opt \
plugins/imv-os.opt \
plugins/imv-scanner.opt \
plugins/imv-swid.opt \
+ plugins/imv-swima.opt \
plugins/imv-test.opt \
plugins/ipseckey.opt \
plugins/led.opt \
diff --git a/conf/Makefile.in b/conf/Makefile.in
index 9a85514ed..b403c727d 100644
--- a/conf/Makefile.in
+++ b/conf/Makefile.in
@@ -265,8 +265,6 @@ RANLIB = @RANLIB@
RTLIB = @RTLIB@
RUBY = @RUBY@
RUBYGEMDIR = @RUBYGEMDIR@
-RUBYINCLUDE = @RUBYINCLUDE@
-RUBYLIB = @RUBYLIB@
SED = @SED@
SET_MAKE = @SET_MAKE@
SHELL = @SHELL@
@@ -367,6 +365,8 @@ random_device = @random_device@
resolv_conf = @resolv_conf@
routing_table = @routing_table@
routing_table_prio = @routing_table_prio@
+ruby_CFLAGS = @ruby_CFLAGS@
+ruby_LIBS = @ruby_LIBS@
runstatedir = @runstatedir@
s_plugins = @s_plugins@
sbindir = @sbindir@
@@ -395,6 +395,10 @@ top_builddir = @top_builddir@
top_srcdir = @top_srcdir@
tss2_CFLAGS = @tss2_CFLAGS@
tss2_LIBS = @tss2_LIBS@
+tss2_socket_CFLAGS = @tss2_socket_CFLAGS@
+tss2_socket_LIBS = @tss2_socket_LIBS@
+tss2_tabrmd_CFLAGS = @tss2_tabrmd_CFLAGS@
+tss2_tabrmd_LIBS = @tss2_tabrmd_LIBS@
urandom_device = @urandom_device@
xml_CFLAGS = @xml_CFLAGS@
xml_LIBS = @xml_LIBS@
@@ -424,7 +428,8 @@ options = \
options/scepclient.opt \
options/starter.opt \
options/swanctl.opt \
- options/tnc.opt
+ options/tnc.opt \
+ options/sw-collector.opt
plugins = \
plugins/addrblock.opt \
@@ -435,11 +440,13 @@ plugins = \
plugins/bypass-lan.opt \
plugins/certexpire.opt \
plugins/coupling.opt \
+ plugins/curl.opt \
plugins/dhcp.opt \
plugins/dnscert.opt \
plugins/duplicheck.opt \
plugins/eap-aka.opt \
- plugins/eap-aka-3ggp2.opt \
+ plugins/eap-aka-3gpp.opt \
+ plugins/eap-aka-3gpp2.opt \
plugins/eap-dynamic.opt \
plugins/eap-gtc.opt \
plugins/eap-peap.opt \
@@ -459,11 +466,13 @@ plugins = \
plugins/imc-os.opt \
plugins/imc-scanner.opt \
plugins/imc-swid.opt \
+ plugins/imc-swima.opt \
plugins/imc-test.opt \
plugins/imv-attestation.opt \
plugins/imv-os.opt \
plugins/imv-scanner.opt \
plugins/imv-swid.opt \
+ plugins/imv-swima.opt \
plugins/imv-test.opt \
plugins/ipseckey.opt \
plugins/led.opt \
diff --git a/conf/format-options.py b/conf/format-options.py
index 307394399..592bf6706 100755
--- a/conf/format-options.py
+++ b/conf/format-options.py
@@ -1,7 +1,7 @@
#!/usr/bin/env python
#
-# Copyright (C) 2014-2015 Tobias Brunner
-# Hochschule fuer Technik Rapperswil
+# Copyright (C) 2014-2017 Tobias Brunner
+# HSR Hochschule fuer Technik Rapperswil
#
# This program is free software; you can redistribute it and/or modify it
# under the terms of the GNU General Public License as published by the
@@ -49,6 +49,12 @@ full.section.name {[#]}
If a # is added between the curly braces the section header will be commented
out in the configuration file snippet, which is useful for example sections.
+To add include statements to generated config files (ignored when generating
+man pages) the following format can be used:
+
+full.section.name.include files/to/include
+ Description of this include statement
+
Dots in section/option names may be escaped with a backslash. For instance,
with the following section description
@@ -62,17 +68,18 @@ import sys
import re
from textwrap import TextWrapper
from optparse import OptionParser
-from operator import attrgetter
+from functools import cmp_to_key
class ConfigOption:
"""Representing a configuration option or described section in strongswan.conf"""
- def __init__(self, path, default = None, section = False, commented = False):
+ def __init__(self, path, default = None, section = False, commented = False, include = False):
self.path = path
self.name = path[-1]
self.fullname = '.'.join(path)
self.default = default
self.section = section
self.commented = commented
+ self.include = include
self.desc = []
self.options = []
@@ -99,6 +106,13 @@ class ConfigOption:
self.commented = other.commented
self.desc = other.desc
+ @staticmethod
+ def cmp(a, b):
+ # order options before sections and includes last
+ if a.include or b.include:
+ return a.include - b.include
+ return a.section - b.section
+
class Parser:
"""Parses one or more files of configuration options"""
def __init__(self, sort = True):
@@ -135,6 +149,14 @@ class Parser:
self.__current = ConfigOption(path, section = True,
commented = m.group('comment'))
return
+ # include definition
+ m = re.match(r'^(?P<name>\S+\.include|include)\s+(?P<pattern>\S+)\s*$', line)
+ if m:
+ if self.__current:
+ self.__add_option(self.__current)
+ path = self.__split_name(m.group('name'))
+ self.__current = ConfigOption(path, m.group('pattern'), include = True)
+ return
# paragraph separator
m = re.match(r'^\s*$', line)
if m and self.__current:
@@ -195,7 +217,7 @@ class TagReplacer:
return re.compile(r'''
(^|\s|(?P<brack>[(\[])) # prefix with optional opening bracket
(?P<tag>''' + tag + r''') # start tag
- (?P<text>\w|\S.*?\S) # text
+ (?P<text>\S|\S.*?\S) # text
''' + tag + r''' # end tag
(?P<punct>([.,!:)\]]|\(\d+\))*) # punctuation
(?=$|\s) # suffix (don't consume it so that subsequent tags can match)
@@ -248,7 +270,9 @@ class ConfFormatter:
"""Print a single option with description and default value"""
comment = "# " if commented or opt.commented else ""
self.__print_description(opt, indent)
- if opt.default:
+ if opt.include:
+ print('{0}{1} {2}'.format(self.__indent * indent, opt.name, opt.default))
+ elif opt.default:
print('{0}{1}{2} = {3}'.format(self.__indent * indent, comment, opt.name, opt.default))
else:
print('{0}{1}{2} ='.format(self.__indent * indent, comment, opt.name))
@@ -261,7 +285,7 @@ class ConfFormatter:
self.__print_description(section, indent)
print('{0}{1}{2} {{'.format(self.__indent * indent, comment, section.name))
print('')
- for o in sorted(section.options, key=attrgetter('section')):
+ for o in sorted(section.options, key=cmp_to_key(ConfigOption.cmp)):
if o.section:
self.__print_section(o, indent + 1, commented)
else:
@@ -273,7 +297,7 @@ class ConfFormatter:
"""Print a list of options"""
if not options:
return
- for option in sorted(options, key=attrgetter('section')):
+ for option in sorted(options, key=cmp_to_key(ConfigOption.cmp)):
if option.section:
self.__print_section(option, 0, False)
else:
@@ -297,6 +321,8 @@ class ManFormatter:
"""Print a single option"""
if option.section and not len(option.desc):
return
+ if option.include:
+ return
if option.section:
print('.TP\n.B {0}\n.br'.format(option.fullname))
else:
diff --git a/conf/options/charon.conf b/conf/options/charon.conf
index 7ccb74939..f0d084bed 100644
--- a/conf/options/charon.conf
+++ b/conf/options/charon.conf
@@ -168,7 +168,7 @@ charon {
# will be allocated.
# port_nat_t = 4500
- # Wether to prefer updating SAs to the path with the best route.
+ # Whether to prefer updating SAs to the path with the best route.
# prefer_best_path = no
# Prefer locally configured proposals for IKE/IPsec over supplied ones as
diff --git a/conf/options/charon.opt b/conf/options/charon.opt
index 3593c6a5f..900b9b46b 100644
--- a/conf/options/charon.opt
+++ b/conf/options/charon.opt
@@ -271,7 +271,7 @@ charon.port_nat_t = 4500
port will be allocated.
charon.prefer_best_path = no
- Wether to prefer updating SAs to the path with the best route.
+ Whether to prefer updating SAs to the path with the best route.
By default, charon keeps SAs on the routing path with addresses it
previously used if that path is still usable. By setting this option to
diff --git a/conf/options/imcv.conf b/conf/options/imcv.conf
index bc1f183fc..ede2d9db4 100644
--- a/conf/options/imcv.conf
+++ b/conf/options/imcv.conf
@@ -42,5 +42,22 @@ libimcv {
# Disable output to stderr with a stand-alone libimcv library.
# stderr_quiet = no
+ swid_gen {
+
+ # SWID generator command to be executed.
+ # command = /usr/local/bin/swid_generator
+
+ tag_creator {
+
+ # Name of the tagCreator entity.
+ # name = strongSwan Project
+
+ # regid of the tagCreator entity.
+ # regid = strongswan.org
+
+ }
+
+ }
+
}
diff --git a/conf/options/imcv.opt b/conf/options/imcv.opt
index 33ab74bd5..177781ff7 100644
--- a/conf/options/imcv.opt
+++ b/conf/options/imcv.opt
@@ -21,6 +21,15 @@ charon.imcv.os_info.default_password_enabled = no
charon.imcv.policy_script = ipsec _imv_policy
Script called for each TNC connection to generate IMV policies.
+libimcv.swid_gen.command = /usr/local/bin/swid_generator
+ SWID generator command to be executed.
+
+libimcv.swid_gen.tag_creator.name = strongSwan Project
+ Name of the tagCreator entity.
+
+libimcv.swid_gen.tag_creator.regid = strongswan.org
+ regid of the tagCreator entity.
+
libimcv.debug_level = 1
Debug level for a stand-alone _libimcv_ library.
diff --git a/conf/options/sw-collector.conf b/conf/options/sw-collector.conf
new file mode 100644
index 000000000..6f588b41a
--- /dev/null
+++ b/conf/options/sw-collector.conf
@@ -0,0 +1,31 @@
+# Options for the sw-collector tool.
+sw-collector {
+
+ # URI to software collector database containing event timestamps, software
+ # creation and deletion events and collected software identifiers.
+ # database =
+
+ # Path pointing to file created when the Linux OS was installed.
+ # first_file = /var/log/bootstrap.log
+
+ # Time in UTC when the Linux OS was installed.
+ # first_time = 0000-00-00T00:00:00Z
+
+ # Path pointing to apt history.log file.
+ # history =
+
+ # Plugins to load in sw-collector tool.
+ # load =
+
+ rest_api {
+
+ # Timeout of REST API HTTP POST transaction.
+ # timeout = 120
+
+ # HTTP URI of the central collector's REST API.
+ # uri =
+
+ }
+
+}
+
diff --git a/conf/options/sw-collector.opt b/conf/options/sw-collector.opt
new file mode 100644
index 000000000..976f4f497
--- /dev/null
+++ b/conf/options/sw-collector.opt
@@ -0,0 +1,31 @@
+sw-collector {}
+ Options for the sw-collector tool.
+
+ Options for the sw-collector tool.
+
+sw-collector.database =
+ URI to software collector database containing event timestamps, software
+ creation and deletion events and collected software identifiers.
+
+ URI to software collector database containing event timestamps, software
+ creation and deletion events and collected software identifiers.
+ If it contains a password, make sure to adjust the permissions of the config
+ file accordingly.
+
+sw-collector.first_file = /var/log/bootstrap.log
+ Path pointing to file created when the Linux OS was installed.
+
+sw-collector.first_time = 0000-00-00T00:00:00Z
+ Time in UTC when the Linux OS was installed.
+
+sw-collector.history =
+ Path pointing to apt history.log file.
+
+sw-collector.rest_api.uri =
+ HTTP URI of the central collector's REST API.
+
+sw-collector.rest_api.timeout = 120
+ Timeout of REST API HTTP POST transaction.
+
+sw-collector.load =
+ Plugins to load in sw-collector tool.
diff --git a/conf/options/swanctl.conf b/conf/options/swanctl.conf
index cb182396b..18cea486a 100644
--- a/conf/options/swanctl.conf
+++ b/conf/options/swanctl.conf
@@ -3,5 +3,8 @@ swanctl {
# Plugins to load in swanctl.
# load =
+ # VICI socket to connect to by default.
+ # socket = unix://${piddir}/charon.vici
+
}
diff --git a/conf/options/swanctl.opt b/conf/options/swanctl.opt
index f78b4bccc..f2a8a0ff7 100644
--- a/conf/options/swanctl.opt
+++ b/conf/options/swanctl.opt
@@ -1,2 +1,5 @@
swanctl.load =
- Plugins to load in swanctl. \ No newline at end of file
+ Plugins to load in swanctl.
+
+swanctl.socket = unix://${piddir}/charon.vici
+ VICI socket to connect to by default.
diff --git a/conf/plugins/curl.conf b/conf/plugins/curl.conf
new file mode 100644
index 000000000..9ba042097
--- /dev/null
+++ b/conf/plugins/curl.conf
@@ -0,0 +1,12 @@
+curl {
+
+ # Whether to load the plugin. Can also be an integer to increase the
+ # priority of this plugin.
+ load = yes
+
+ # Maximum number of redirects followed by the plugin, set to 0 to disable
+ # following redirects, set to -1 for no limit.
+ # redir = -1
+
+}
+
diff --git a/conf/plugins/curl.opt b/conf/plugins/curl.opt
new file mode 100644
index 000000000..90efa12f4
--- /dev/null
+++ b/conf/plugins/curl.opt
@@ -0,0 +1,3 @@
+charon.plugins.curl.redir = -1
+ Maximum number of redirects followed by the plugin, set to 0 to disable
+ following redirects, set to -1 for no limit.
diff --git a/conf/plugins/eap-aka-3ggp2.opt b/conf/plugins/eap-aka-3ggp2.opt
deleted file mode 100644
index 9e2a42b3f..000000000
--- a/conf/plugins/eap-aka-3ggp2.opt
+++ /dev/null
@@ -1 +0,0 @@
-charon.plugins.eap-aka-3ggp2.seq_check =
diff --git a/conf/plugins/eap-aka-3gpp.conf b/conf/plugins/eap-aka-3gpp.conf
new file mode 100644
index 000000000..4164535c4
--- /dev/null
+++ b/conf/plugins/eap-aka-3gpp.conf
@@ -0,0 +1,12 @@
+eap-aka-3gpp {
+
+ # Whether to load the plugin. Can also be an integer to increase the
+ # priority of this plugin.
+ load = yes
+
+ # Enable to activate sequence check of the AKA SQN values in order to
+ # trigger resync cycles.
+ # seq_check =
+
+}
+
diff --git a/conf/plugins/eap-aka-3gpp.opt b/conf/plugins/eap-aka-3gpp.opt
new file mode 100644
index 000000000..1bc733ab1
--- /dev/null
+++ b/conf/plugins/eap-aka-3gpp.opt
@@ -0,0 +1,3 @@
+charon.plugins.eap-aka-3gpp.seq_check =
+ Enable to activate sequence check of the AKA SQN values in order to trigger
+ resync cycles.
diff --git a/conf/plugins/eap-aka-3gpp2.conf b/conf/plugins/eap-aka-3gpp2.conf
new file mode 100644
index 000000000..3f329aec5
--- /dev/null
+++ b/conf/plugins/eap-aka-3gpp2.conf
@@ -0,0 +1,12 @@
+eap-aka-3gpp2 {
+
+ # Whether to load the plugin. Can also be an integer to increase the
+ # priority of this plugin.
+ load = yes
+
+ # Enable to activate sequence check of the AKA SQN values in order to
+ # trigger resync cycles.
+ # seq_check =
+
+}
+
diff --git a/conf/plugins/eap-aka-3gpp2.opt b/conf/plugins/eap-aka-3gpp2.opt
new file mode 100644
index 000000000..679c386b8
--- /dev/null
+++ b/conf/plugins/eap-aka-3gpp2.opt
@@ -0,0 +1,4 @@
+charon.plugins.eap-aka-3gpp2.seq_check =
+ Enable to activate sequence check of the AKA SQN values in order to trigger
+ resync cycles.
+
diff --git a/conf/plugins/imc-swid.opt b/conf/plugins/imc-swid.opt
index 74490c179..e622aa683 100644
--- a/conf/plugins/imc-swid.opt
+++ b/conf/plugins/imc-swid.opt
@@ -1,11 +1,8 @@
libimcv.plugins.imc-swid.swid_directory = ${prefix}/share
Directory where SWID tags are located.
-libimcv.plugins.imc-swid.swid_generator = /usr/local/bin/swid_generator
- SWID generator command to be executed.
-
-libimcv.plugins.imc-swid.swid_pretty = FALSE
+libimcv.plugins.imc-swid.swid_pretty = no
Generate XML-encoded SWID tags with pretty indentation.
-libimcv.plugins.imc-swid.swid_full = FALSE
+libimcv.plugins.imc-swid.swid_full = no
Include file information in the XML-encoded SWID tags.
diff --git a/conf/plugins/eap-aka-3ggp2.conf b/conf/plugins/imc-swima.conf
index c52c99609..0d1e88a5d 100644
--- a/conf/plugins/eap-aka-3ggp2.conf
+++ b/conf/plugins/imc-swima.conf
@@ -1,10 +1,8 @@
-eap-aka-3ggp2 {
+imc-swima {
# Whether to load the plugin. Can also be an integer to increase the
# priority of this plugin.
load = yes
- # seq_check =
-
}
diff --git a/conf/plugins/imc-swima.opt b/conf/plugins/imc-swima.opt
new file mode 100644
index 000000000..099a3c80f
--- /dev/null
+++ b/conf/plugins/imc-swima.opt
@@ -0,0 +1,21 @@
+libimcv.plugins.imc-swima.eid_epoch = 0x11223344
+ Set 32 bit epoch value for event IDs manually if software collector database
+ is not available.
+
+libimcv.plugins.imc-swima.swid_database =
+ URI to software collector database containing event timestamps, software
+ creation and deletion events and collected software identifiers.
+
+ URI to software collector database containing event timestamps, software
+ creation and deletion events and collected software identifiers.
+ If it contains a password, make sure to adjust the permissions of the config
+ file accordingly.
+
+libimcv.plugins.imc-swima.swid_directory = ${prefix}/share
+ Directory where SWID tags are located.
+
+libimcv.plugins.imc-swima.swid_pretty = no
+ Generate XML-encoded SWID tags with pretty indentation.
+
+libimcv.plugins.imc-swima.swid_full = no
+ Include file information in the XML-encoded SWID tags.
diff --git a/conf/plugins/imv-swima.conf b/conf/plugins/imv-swima.conf
new file mode 100644
index 000000000..cde4e1a88
--- /dev/null
+++ b/conf/plugins/imv-swima.conf
@@ -0,0 +1,8 @@
+imv-swima {
+
+ # Whether to load the plugin. Can also be an integer to increase the
+ # priority of this plugin.
+ load = yes
+
+}
+
diff --git a/conf/plugins/imv-swima.opt b/conf/plugins/imv-swima.opt
new file mode 100644
index 000000000..a9ba96c21
--- /dev/null
+++ b/conf/plugins/imv-swima.opt
@@ -0,0 +1,5 @@
+libimcv.plugins.imv-swima.rest_api.uri =
+ HTTP URI of the SWID REST API.
+
+libimcv.plugins.imv-swima.rest_api.timeout = 120
+ Timeout of SWID REST API HTTP POST transaction.
diff --git a/conf/strongswan.conf.5.main b/conf/strongswan.conf.5.main
index 4df7ce42d..4f38c9b03 100644
--- a/conf/strongswan.conf.5.main
+++ b/conf/strongswan.conf.5.main
@@ -519,6 +519,11 @@ Hashing algorithm to fingerprint coupled certificates.
Maximum number of coupling entries to create.
.TP
+.BR charon.plugins.curl.redir " [-1]"
+Maximum number of redirects followed by the plugin, set to 0 to disable
+following redirects, set to \-1 for no limit.
+
+.TP
.BR charon.plugins.dhcp.force_server_address " [no]"
Always use the configured server address. This might be helpful if the DHCP
server runs on the same host as strongSwan, and the DHCP daemon does not listen
@@ -556,7 +561,15 @@ Socket provided by the duplicheck plugin.
.TP
.BR charon.plugins.eap-aka.request_identity " [yes]"
.TP
-.BR charon.plugins.eap-aka-3ggp2.seq_check " []"
+.BR charon.plugins.eap-aka-3gpp.seq_check " []"
+Enable to activate sequence check of the AKA SQN values in order to trigger
+resync cycles.
+
+.TP
+.BR charon.plugins.eap-aka-3gpp2.seq_check " []"
+Enable to activate sequence check of the AKA SQN values in order to trigger
+resync cycles.
+
.TP
.BR charon.plugins.eap-dynamic.prefer_user " [no]"
If enabled the EAP methods proposed in an EAP\-Nak message sent by the peer are
@@ -2115,15 +2128,34 @@ Send open listening ports without being prompted.
Directory where SWID tags are located.
.TP
-.BR libimcv.plugins.imc-swid.swid_full " [FALSE]"
+.BR libimcv.plugins.imc-swid.swid_full " [no]"
Include file information in the XML\-encoded SWID tags.
.TP
-.BR libimcv.plugins.imc-swid.swid_generator " [/usr/local/bin/swid_generator]"
-SWID generator command to be executed.
+.BR libimcv.plugins.imc-swid.swid_pretty " [no]"
+Generate XML\-encoded SWID tags with pretty indentation.
.TP
-.BR libimcv.plugins.imc-swid.swid_pretty " [FALSE]"
+.BR libimcv.plugins.imc-swima.eid_epoch " [0x11223344]"
+Set 32 bit epoch value for event IDs manually if software collector database is
+not available.
+
+.TP
+.BR libimcv.plugins.imc-swima.swid_database " []"
+URI to software collector database containing event timestamps, software
+creation and deletion events and collected software identifiers. If it contains
+a password, make sure to adjust the permissions of the config file accordingly.
+
+.TP
+.BR libimcv.plugins.imc-swima.swid_directory " [${prefix}/share]"
+Directory where SWID tags are located.
+
+.TP
+.BR libimcv.plugins.imc-swima.swid_full " [no]"
+Include file information in the XML\-encoded SWID tags.
+
+.TP
+.BR libimcv.plugins.imc-swima.swid_pretty " [no]"
Generate XML\-encoded SWID tags with pretty indentation.
.TP
@@ -2183,6 +2215,14 @@ Timeout of SWID REST API HTTP POST transaction.
HTTP URI of the SWID REST API.
.TP
+.BR libimcv.plugins.imv-swima.rest_api.timeout " [120]"
+Timeout of SWID REST API HTTP POST transaction.
+
+.TP
+.BR libimcv.plugins.imv-swima.rest_api.uri " []"
+HTTP URI of the SWID REST API.
+
+.TP
.BR libimcv.plugins.imv-test.rounds " [0]"
Number of IMC\-IMV retry rounds.
@@ -2193,6 +2233,18 @@ Disable output to stderr with a stand\-alone
library.
.TP
+.BR libimcv.swid_gen.command " [/usr/local/bin/swid_generator]"
+SWID generator command to be executed.
+
+.TP
+.BR libimcv.swid_gen.tag_creator.name " [strongSwan Project]"
+Name of the tagCreator entity.
+
+.TP
+.BR libimcv.swid_gen.tag_creator.regid " [strongswan.org]"
+regid of the tagCreator entity.
+
+.TP
.BR manager.database " []"
Credential database URI for manager. If it contains a password, make sure to
adjust the permissions of the config file accordingly.
@@ -2291,6 +2343,45 @@ Location of the ipsec.conf file
Disable charon plugin load option warning.
.TP
+.B sw-collector
+.br
+Options for the sw\-collector tool.
+
+.TP
+.BR sw-collector.database " []"
+URI to software collector database containing event timestamps, software
+creation and deletion events and collected software identifiers. If it contains
+a password, make sure to adjust the permissions of the config file accordingly.
+
+.TP
+.BR sw-collector.first_file " [/var/log/bootstrap.log]"
+Path pointing to file created when the Linux OS was installed.
+
+.TP
+.BR sw-collector.first_time " [0000-00-00T00:00:00Z]"
+Time in UTC when the Linux OS was installed.
+
+.TP
+.BR sw-collector.history " []"
+Path pointing to apt history.log file.
+
+.TP
+.BR sw-collector.load " []"
+Plugins to load in sw\-collector tool.
+
+.TP
+.BR sw-collector.rest_api.timeout " [120]"
+Timeout of REST API HTTP POST transaction.
+
+.TP
+.BR sw-collector.rest_api.uri " []"
+HTTP URI of the central collector's REST API.
+
+.TP
.BR swanctl.load " []"
Plugins to load in swanctl.
+.TP
+.BR swanctl.socket " [unix://${piddir}/charon.vici]"
+VICI socket to connect to by default.
+