Using a configuration file

Introduction

The configuration file (cardrecon.cfg) allows for the user to manually edit the search configuration and to modify it to suit his/her needs.
It is most commonly used with the CLI version of Card/Data Recon.

This article shall serve as a guide to using the configuration file and document what is possible to do with it.

A basic default configuration file is also included as an attachment in this article.

 

Creating the configuration file

(If using the GUI)

You may create the configuration file using the GUI by expanding the 'Tools' menu on top-right corner of the main page and selecting 'Save search configuration'.

(If using the CLI)

You may create the configuration file manually using a text editor like Notepad and saving it as a .CFG file.

Make sure the first and last lines of your configuration file is <recon> and </recon> respectively.
Here's an example of a valid configuration file for use with the CLI version:

For more information about using the CLI version of CR & DR, as well as how to use your configuration file with it, visit this article.

 

Usage

Due to the many possibilities of modifying the configuration file, only commonly-used scenarios will be listed below.

Excluding a file from scan

Add/edit;

<policy>
<filter>
<module>ifilter_exclude</module>

<id>2</id>
<exclude>INSERT FULL PATH OF FILE TO EXCLUDE HERE</EXCLUDE>
</filter>
</policy>

Example:

Modify the no. of overwrite passes when deleting files from CR/DR

* The default value is 1 overwrite pass.

Add/edit;

<remediation>
<erase>
<passes># OF OVERWRITE PASSES</passes>
</erase>
</remediation>

Example:

Disable/enable automatic upload of search report to your Ground Labs Portal dashboard

Add/edit;

<upload>TRUE/FALSE</upload>

Example:

Set CPU priority to low/normal

* True = Low priority | False = Normal priority

Add/edit;

<priority>
<background>TRUE/FALSE</background>
</priority>

Example:

Exclude file types

Add/edit;

<policy>
<filter>
<module>ifilter_exclude</module>
<id>2</id>
<exclude>*.FILE TYPE</exclude>
</filter>
<filter>
<module>pfilter_exclude</module>
<id>3</id>
<stream>*.FILE TYPE</steam>
</filter>

Example:

Include/exclude card types

Add/edit;

<policy>
<scanner>
<module>scanner_chd</module>
<id>1</id>
<ENABLE/DISABLE>American Express</ENABLE/DISABLE>
<ENABLE/DISABLE>Diners Club</ENABLE/DISABLE>
<ENABLE/DISABLE>Discover</ENABLE/DISABLE>
<ENABLE/DISABLE>JCB</ENABLE/DISABLE>
<ENABLE/DISABLE>Mastercard</ENABLE/DISABLE>
<ENABLE/DISABLE>Visa</ENABLE/DISABLE>
<ENABLE/DISABLE>China Union Pay</ENABLE/DISABLE>
<ENABLE/DISABLE>Test Cards</ENABLE/DISABLE>
<ENABLE/DISABLE>Maestro</ENABLE/DISABLE>
<ENABLE/DISABLE>Laser</ENABLE/DISABLE>
<ENABLE/DISABLE>Private Label Card</ENABLE/DISABLE>
</scanner>
</policy>

Example:

Specify scan target/location

List of <uri> syntax:

Target Syntax
All drives file://
Specific directory file://<FULL PATH>
All shadow volumes shadow://
Specific shadow volume shadow://<SHADOW VOLUME LABEL>
Free space on all drives free://
Free space on specific drive free://<DRIVE NAME/LETTER>
Memory memory://
Specific process memory memory://<PROCESS ID>
Web page <FULL HTML PATH>
Amazon Web Services (AWS) Bucket aws://<BUCKET NAME>
(using SSL) awss://<BUCKET NAME>
Windows shared folder share://<HOSTNAME>/<SHARE NAME>/<FOLDER PATH>
Locally mounted folder mount://<MOUNT POINT/PATH>
Remote folder (via SSH) ssh://<HOSTNAME>/<FOLDER PATH>
Oracle DB oracle://<SERVER:PORT>/<CATALOG>/<TABLE>
MS SQL DB mssql://<SERVER>/<CATALOG>/<SCHEMA>/<TABLE>
DB2 DB mssql://<SERVER:PORT>/<CATALOG>/<SCHEMA>/<TABLE>
Postgre SQL DB pgsql://<SERVER>/<CATALOG>/<SCHEMA>/<TABLE>
Sybase DB pgsql://<SERVER>/<CATALOG>/<SCHEMA>/<TABLE>
MySQL DB mysql://<SERVER:PORT>/<SCHEMA>/<TABLE>
IMAP mailbox imap://<SERVER>/<MAILBOX NAME>
(using SSL) imaps://<SERVER>/<MAILBOX NAME>

Add/edit;

<policy>
<source>
<uri>REFER TO SYNTAX LIST<uri>
</source>

Example:

 

All information in this article is accurate and true as of the last edited date.

Have more questions? Submit a request

0 Comments

Please sign in to leave a comment.