88 lines
1.9 KiB
JSON
88 lines
1.9 KiB
JSON
{
|
|
"description": "Permission-first model configuration",
|
|
"settings": {
|
|
"allow_caching": true,
|
|
"cache_file": "data/runtime/allowed_commands.json",
|
|
"normalize_commands": true,
|
|
"split_chained": true
|
|
},
|
|
"command_categories": {
|
|
"hard_stop": {
|
|
"description": "Commands that are never executed - hard stop",
|
|
"allow_once": false,
|
|
"allow_always": false,
|
|
"commands": [
|
|
"rm -rf /",
|
|
"rm -rf /*",
|
|
"dd if=/dev/zero of=/dev/sd*",
|
|
"dd if=/dev/zero of=/dev/hd*",
|
|
"mkfs",
|
|
"> /dev/sd*",
|
|
"> /dev/hd*"
|
|
]
|
|
},
|
|
"no_always": {
|
|
"description": "Dangerous commands - allow once only",
|
|
"allow_once": true,
|
|
"allow_always": false,
|
|
"commands": [
|
|
"rm -rf *",
|
|
"rm -rf .*",
|
|
"curl |",
|
|
"wget -O- |",
|
|
":(){:|:&};:",
|
|
"fork",
|
|
"chmod -R 000",
|
|
"chmod -R 777",
|
|
"chown -R",
|
|
"shutdown",
|
|
"reboot",
|
|
"halt",
|
|
"init 0",
|
|
"init 6",
|
|
"telinit",
|
|
"systemctl stop",
|
|
"systemctl start",
|
|
"systemctl restart",
|
|
"service stop",
|
|
"service start",
|
|
"kill -9 -1",
|
|
"killall",
|
|
"pkill -9",
|
|
"reboot -f",
|
|
"shutdown -h now",
|
|
"poweroff",
|
|
"echo .* > /proc/",
|
|
"echo .* > /sys/"
|
|
]
|
|
},
|
|
"normal": {
|
|
"description": "Normal commands - allow once or always",
|
|
"allow_once": true,
|
|
"allow_always": true,
|
|
"commands": [
|
|
"shell_exec",
|
|
"file_write"
|
|
],
|
|
"file_extensions": [
|
|
".py",
|
|
".txt",
|
|
".json",
|
|
".md",
|
|
".yaml",
|
|
".yml",
|
|
".sh",
|
|
".bash"
|
|
]
|
|
}
|
|
},
|
|
"path_settings": {
|
|
"allow_read_outside": true,
|
|
"allow_write_paths": [
|
|
"/home/mirivlad/git/ducklm",
|
|
"/tmp"
|
|
],
|
|
"require_confirmation_for_write": true,
|
|
"require_confirmation_for_shell": true
|
|
}
|
|
} |