Configuration
Topics to cover:
Ridgeback is configured using the docker-compose.yml and .env files for the docker containers, and using the command line arguments for the Rcore.
- Using the browser-based installer for the service containers.
- Using the browser-based installer for the Rcore.
- Configuring the service containers with the .env file.
- Configuring the service containers with the docker-compose.yml file.
- Rcore configuraton settings.
- Configuring the Rcore using a wrapper script.
There are two main parts to Ridgeback: the service containers that run in Docker, and the Rcores that run as separate executables. The configuration for the service containers is stored in the docker-compose.yml file and in the .env file. (This is why we use docker compose to control the service containers.)
Service Container Configuration
Each container hosts a separate service, and each service has its own section in the docker-compose.yml file. The docker compose command will first read the docker-compose.yml file and then read the .env file to fill in any configuration variables. Most of the time you will only need to change the .env file to make changes to the service containers. However, in more advanced scenarios you may need to change the docker-compose.yml file itself.
If you installed Ridgeback using the browser-based quickstart utility, then that utility generated an executable script that automatically created the docker-compose.yml and .env files for you. The configuration values saved would be based on how you filled in the fields in the installer.
Rcore Configuration
By default, the Rcore reads its configuration from the command line. Each configuration item is either a key/value pair or a simple option. While you could type in all the configuration items each time you run the Rcore, it is best practice to create a script that starts the Rcore for you. This script can then contain all the Rcore parameters.
If you installed the Rcore using the browser-based quickstart utility, then you may have had the option to save scripts called run-active and run-passive. The run-active script turns on phantoms, and the run-passive script does not turn on the phantoms. Best practice is to run the Rcore in a passive mode until you have a good idea of how your network is operating. This gives you a chance to identify any endpoints that are critical to the network (like gateways, firewalls, routers, etc.) and any endpoints that need to perform reconnaissance (like vulnerability scanners and some routers and DHCP servers).