ffm.conf

[General]
# The path to a file where all the input and output of the harness will be logged.
# Can also be set during runtime through the !log command.
log_file =

# If set to "yes", the harness will strip all color from the logs. This will make them
# easier to read using commands such as "less".
strip_color = yes

[AssertTorify]
# Write down the list of commands that should not be allowed to be sent out directly.
# In the example below, ssh commands not preceded with torify will be blocked.
network_commands = ssh nc rdesktop xfreerdp

# This list describes what commands are acceptable proxies for the commands listed above.
proxy_commands = torify proxychains proxychains4 torsocks

# Here you can also list some processes which do system wide anonymization.
# In the example below, the harness will not require you to torify SSH if an openvpn process is running on the local machine.
# *** NOT IMPLEMENTED YET! ***
proxy_daemons = openvpn

[SSHOptions]
# This option will automatically add the -T option to your SSH commands.
force_disable_pty_allocation = yes

# If this is true, the harness will reject ssh commands that don't contain an explicit username,
# i.e. ssh user@server.com. This prevents you from leaking your username if none is specified.
require_explicit_username = yes

# If true, SSH keys will not be submitted to the remote server unless one is explicitly given with
# the -i option. This is enforced by adding -oPubkeyAuthentication=no to SSH command lines.
prevent_ssh_key_leaks = yes

# If true, SSH will not log the remote server's public key in the known_hosts file.
disable_known_hosts = yes

# If false, SSH will not conduct strict host checking to see if remote host fingerprint has changed
strict_host_key_checking = no

[RdesktopOptions]
# If this is true, the harness will reject rdesktop commands that don't contain an explicit username,
# i.e. rdesktop -u Administrator. This prevents you from leaking your username if none is specified.
require_explicit_username = yes