On installation, you will see a configuration file located at “/opt/cyber-compliance/etc/vogan.conf”. The following is an example:
# Optionally include a remote configuration file. If the remote file cannot be read,
# vogan will timeout and continue reading the remaining lines of the local
# configuration file.
include https://webserver.local/vogan.conf
# List the networks or IP addresses to ALLOW.
# Anything else is DENIED.
network_addresses=127.0.0.1/8,192.168.0.0/16,172.16.0.0/12,10.0.0.0/8
# List the primary groups to apply the above
# network address restrictions to.
# Each network applied to each group.
restricted_groups=root
# Note: Groups must exist.
The above configuration states that the “root” user (being a member of the root group) can access the network resources stated by the “network_addresses” but nothing else. Other users are not impacted by these restrictions. However, if “alice” needs to be blocked as well, just add alices primary group to the the end of the “restricted_groups” option. Such as:
restricted_groups=root,alice
Generally, users have their primary group named after them. Ie, alice’s primary group is “alice”. This is not always the case.
The “network_addresses” option can include IP addresses, networks, and host names (which are resolved once at execution time). Such as:
network_addresses=127.0.0.1/8,192.168.0.0/16,172.16.0.0/12,10.0.0.0/8,8.8.8.8,au-portal.agixlinux.com
A remote configuration file can be used which bypasses all local rules. Such as:
vogan -a apply -r https://webserver.local/vogan.conf