]>
Commit | Line | Data |
---|---|---|
d31e0d15 | 1 | # |
2 | # Argus Software | |
3 | # Copyright (c) 2000-2007 QoSient, LLC | |
4 | # All rights reserved. | |
5 | # | |
6 | # Permission to use, copy, modify, and distribute this software and | |
7 | # its documentation for any purpose and without fee is hereby granted, | |
8 | # provided that the above copyright notice appear in all copies and | |
9 | # that both that copyright notice and this permission notice appear | |
10 | # in supporting documentation, and that the name of QoSient not | |
11 | # be used in advertising or publicity pertaining to distribution of | |
12 | # the software without specific, written prior permission. | |
13 | # | |
14 | # QOSIENT, LLC DISCLAIMS ALL WARRANTIES WITH REGARD TO THIS | |
15 | # SOFTWARE, INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY AND | |
16 | # FITNESS, IN NO EVENT SHALL QOSIENT, LLC BE LIABLE FOR ANY | |
17 | # SPECIAL, INDIRECT OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER | |
18 | # RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF | |
19 | # CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN | |
20 | # CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. | |
21 | # | |
22 | # | |
23 | # Example ranonymize.conf | |
24 | # | |
25 | # Ranonymize will open this file and parse it to set common | |
26 | # configuration options. | |
27 | # | |
28 | # Values can be quoted to make string denotation easier, however, the | |
29 | # parser does not require that string values be quoted. To support this, | |
30 | # the parse will remove '\"' characters from input strings, so do not | |
31 | # use this character in strings themselves. | |
32 | # | |
33 | # Values specified as "" will be treated as a NULL string, and the parser | |
34 | # will ignore the variable setting. | |
35 | ||
36 | # Supported Options | |
37 | ||
38 | # Ranonymize allows you to specify the type of anonymization methods | |
39 | # used for a number of categories. The types are "sequential", "random", | |
40 | # "specific", "fixed" or "no" anonymization. Each is described below | |
41 | # as they appear in the configuration. | |
42 | # | |
43 | # ranonymize() uses various strategies to seed its random number | |
44 | # generator. If the user specifies a seed, then the srandon(seed) | |
45 | # function is used. If keyword "time" is used, then the system usec | |
46 | # value at the invocation is used. If the keyword "crypto" is used, | |
47 | # then the system call srandomdev() is used if available. If not, | |
48 | # the "time" method is used. Configuring with a specific seed value | |
49 | # in this configuration file, will generate deterministic values | |
50 | # which should result in assignments that are duplicated with | |
51 | # reach run. | |
52 | # | |
53 | ||
54 | RANON_SEED=crypto | |
55 | ||
56 | # | |
57 | # Ranonymize can anonymize any field in an Argus record. The | |
58 | # decision to anonymize a field should be guided by the sensitivity | |
59 | # of disclosure and the need to preserve a specific issue within | |
60 | # the data. By default, ranonymize will anonymize the most sensitive | |
61 | # data, time, flow identifiers, and network protocol specific data. | |
62 | # The available set of identiifers are: | |
63 | # | |
64 | # "srcid", "flow", "time", "metric", "agr", "net", "vlan", "mpls", | |
65 | # "jitter", "ipattr", "suser", "duser", "mac", "icmp", "tadj". | |
66 | # | |
67 | # Fields that are not mentioned in the anonymization strategy are | |
68 | # discarded. | |
69 | # | |
70 | ||
71 | RANON_FIELDS="time flow net" | |
72 | ||
73 | # | |
74 | # Most of the objects in argus data are composite objects, where | |
75 | # there are multiple fields and semantics, and to make matters | |
76 | # more complicated, for each object there are specific algorithms | |
77 | # that can be used to achieve the level of anonymity, desired. | |
78 | # These alogirhtms vary from preserving (no modification done), | |
79 | # constant shift, table lookup, code book and/or variou cryptographic | |
80 | # schemes that are designed to provide collaborative anonymity | |
81 | # for communicating parites. | |
82 | # | |
83 | # Ranonymize anonymizes various fields in Argus records, using a | |
84 | # set of default algorithms/strategies. The primary goal of | |
85 | # ranonymize() anonymization is to preserve the semantics of | |
86 | # common data objects, if those objects are retained in the | |
87 | # final product. | |
88 | # | |
89 | # Because ranonymize() also supports de-anonymization, the methods | |
90 | # used to obfuscate data, in some cases, must be reversible. This | |
91 | # is an important step to supporting distributed collaboration | |
92 | # through anonymization (i'll change my, and you'll change | |
93 | # your data so that the transformations generate the same values). | |
94 | # | |
95 | # | |
96 | # Objects such as the timestamps, transaction reference numbers, | |
97 | # sequence numbers, IP attributes are, by default, transposed by | |
98 | # a constant value, usually a negative constant value. This value | |
99 | # is specified either as a random number or explicitly in this | |
100 | # configuration, using the keyword "fixed", for fixed offset. | |
101 | # This general strategy preserves 1st, 2nd, xth order differentials | |
102 | # of the data. Values such as transaction duration are preserved, | |
103 | # distance or hop count (in the case of TTL), and derived measures | |
104 | # like loss. | |
105 | ||
106 | # In order to preserve relative time in the data, to support duration | |
107 | # one-way delay, and time based correlation strategies within the | |
108 | # data, anonymization of time involves subtracting a constant | |
109 | # value from the field in every argus record seen. | |
110 | # These values, if needed, can be defined by ranonymize or the user. | |
111 | # The anonymization method is "fixed" offset, and the constant | |
112 | # value can be specified by the user, "fixed:x", where x is a numerical | |
113 | # value, +/- 2^31, or chosen by ranonymize at random, "fixed:random", | |
114 | # where the random value is choosen from the same range as above. | |
115 | # | |
116 | ||
117 | RANON_TIME_SEC_OFFSET=random | |
118 | RANON_TIME_USEC_OFFSET=random | |
119 | ||
120 | ||
121 | RANON_TRANSREFNUM_OFFSET=fixed:82736487 | |
122 | RANON_TRANSREFNUM_OFFSET=fixed:82736487 | |
123 | RANON_SEQNUM_OFFSET=fixed:10234 | |
124 | ||
125 | # Ranonymize allows you to specify the type of anonymization methods | |
126 | # used in a number of categories. For ethernet network and host | |
127 | # address conversion, ranonymize can support "sequential", "random", | |
128 | # "specific", "fixed" or "no" anonymization. | |
129 | ||
130 | # Sequential anonymization involves allocating new addresses in a | |
131 | # monotonically increasing fashion on a first come first serve basis. | |
132 | # For ethernet addresses this starts with the address xx:xx:xx:00:00:01, | |
133 | # where the xx:xx:xx is the vendor identification part, which could be | |
134 | # preserved, based on configuration (see below) or anonymized starting | |
135 | # with the value 00:00:00. For IP v4 addresses, the sequential address | |
136 | # range starts with the non-routable address space 10.0.0, by default. | |
137 | # Sequential randomization uses the least amount of memory and minimizes | |
138 | # anonymization processing time, however it does not offer the best | |
139 | # object scrambling method. | |
140 | # | |
141 | # As an example, if the first Argus record contained the addresses | |
142 | # 128.64.2.4 and 132.243.2.87 as source and destination, sequential | |
143 | # anonymization would generate the addresses 10.0.0.1 and 10.0.1.1 | |
144 | # as the new source and destination addresses, because there are two | |
145 | # unique network parts, 128.64.2 -> 10.0.0, and 132.243.2 -> 10.0.1. | |
146 | # Host parts are sequentially allocated within the new network address | |
147 | # space, and because both addresses are first, they come up as 1. | |
148 | # | |
149 | # Random anonymization involves choosing a value from a pool | |
150 | # of random values. The type of anonymization, net, host, | |
151 | # ethernet, dictates the size of the pool of values. | |
152 | # | |
153 | # Random anonymization could generate 10.24.31.203 and 10.1.34.18 | |
154 | # as examples, as both the 24 bit network parts would be allocated | |
155 | # randomly from the 10 network space, and the host address part | |
156 | # would be allocated randomly from the possible host addresses for | |
157 | # each allocated network space. Random anonymization provides better | |
158 | # address scrambling, as it is not dependant on address ordering, but | |
159 | # it is significantly more computationaly complex. | |
160 | ||
161 | # Ranonymize has the option to preserve specific aspects of ethernet | |
162 | # address semantics, such as vendor identification, and broadcast/ | |
163 | # multicast use. These can be selected independantly. | |
164 | ||
165 | RANON_ETHERNET_ANONYMIZATION=sequential | |
166 | RANON_PRESERVE_ETHERNET_VENDOR=no | |
167 | RANON_PRESERVE_ETHERNET_BROADCAST=yes | |
168 | RANON_PRESERVE_ETHERNET_MULTICAST=yes | |
169 | ||
170 | RANON_NET_ANONYMIZATION=sequential | |
171 | RANON_HOST_ANONYMIZATION=sequential | |
172 | ||
173 | # The length of the network address part of IPv4 addresses is by | |
174 | # default 24 bits, but it can be set to any value < 32. | |
175 | ||
176 | RANON_NETWORK_ADDRESS_LENGTH=24 | |
177 | ||
178 | # Ranonymize can be configured to perform specific network | |
179 | # address translation, regardless of the types of anonymization | |
180 | # that are being employed. These must be specified using the | |
181 | # configured network address length. These addresses are allocated | |
182 | # prior to any processing, and represent a culling from the available | |
183 | # anonymization address pool. | |
184 | # | |
185 | #Examples could be: | |
186 | # | |
187 | #RANON_SPECIFY_NET_TRANSLATION=192.168.0/24::128.2.134/24 | |
188 | #RANON_SPECIFY_NET_TRANSLATION=64.12.0/24::134.5.0/24 | |
189 | #RANON_SPECIFY_NET_TRANSLATION=128.2/24.0::200.200.0/24 | |
190 | # | |
191 | # | |
192 | # Ranonymize can also be configured to perform specific host | |
193 | # address translation. Feel free to list as many addresses | |
194 | # that you would like. | |
195 | # | |
196 | #Examples would be: | |
197 | # | |
198 | #RANON_SPECIFY_HOST_TRANSLATION=192.168.0.64::128.2.34.5 | |
199 | # | |
200 | ||
201 | # Ranonymize has the option to preserve the network address | |
202 | # hierarchy at various levels of granularity. This allows you to | |
203 | # preserve the addressing relationships between addresses. | |
204 | # The options are "cidr", "class" and "no". | |
205 | # | |
206 | # CIDR network address anoyminization specifies the length of | |
207 | # the network part for all address allocations. The default is | |
208 | # 24 bits. | |
209 | ||
210 | RANON_PRESERVE_NET_ADDRESS_HIERARCHY=cidr/24 | |
211 | ||
212 | ||
213 | # Class network adddress heirarchy preservation, causes ranonymize() | |
214 | # to allocate new network addresses base on the address class. All | |
215 | # CLASSA network addresses will be allocated new addresses from the | |
216 | # Class A network pool. The Class option sets the NETWORK_ADDRESS_LENGTH | |
217 | # value to 24. Specifing "specific" network translations is allowed, | |
218 | # however these address will not be hierarchy preserving. | |
219 | ||
220 | #RANON_PRESERVE_NET_ADDRESS_HIERARCHY=class | |
221 | ||
222 | # Ranonymize has the option to preserve the broadcast address | |
223 | # relationship by not modifying host addresses of 0 and 255. | |
224 | ||
225 | RANON_PRESERVE_BROADCAST_ADDRESS=yes | |
226 | ||
227 | # Preserving Multicast addresses means mapping any IANA defined | |
228 | # IPv4 multicast address to another multicast address. While there | |
229 | # is no inherient semantic of network and host values for mulitcast | |
230 | # addresses, ranonymize treats multicast addresses as normal addresses | |
231 | # but allocated from a separate pool. | |
232 | # Semantics for network and host parts still apply as above. | |
233 | ||
234 | RANON_PRESERVE_MULTICAST_ADDRESS=yes | |
235 | ||
236 | ||
237 | # Ranonymize anonymizes the IP_ID value in IPv4 records, by adding | |
238 | # a constant value to the existing ip_id and wrapping where appropriate. | |
239 | # The constant value can be generated by ranonymize as "fixed:random", | |
240 | # or the user can provid a "fixed:x", where x is the fixed offset, | |
241 | # or the keyword "none" can be used to turn off the default | |
242 | # | |
243 | RANON_PRESERVE_IP_ID=fixed:random | |
244 | ||
245 | # Ranonymize can be configured to preserve specific ranges | |
246 | # of port numbers. For convenience, ranonymize() can be | |
247 | # configured to preserve the IANA well known port allocation | |
248 | # range (0-1023), the registered ports (1024-49151) and/or | |
249 | # the private port range (49152 - 65535). Also, ranonymize() | |
250 | # can be configured to preserve specific port numbers. These | |
251 | # numbers are independent of protocol type, so if port 23461 | |
252 | # is to be preserved, it will be for both tcp and udp based | |
253 | # flows. | |
254 | # | |
255 | RANON_PRESERVE_WELLKNOWN_PORT_NUMS=yes | |
256 | RANON_PRESERVE_REGISTERED_PORT_NUMS=no | |
257 | RANON_PRESERVE_PRIVATE_PORT_NUMS=no | |
258 | ||
259 | ||
260 | # Ranonymize can be configured to use several methods for | |
261 | # anonymizing port values. "random", "fixed:random", "fixed:x" | |
262 | # and "no" anonymization. Random ensures that every port value | |
263 | # is allocated from a random pool, where the offset: methods | |
264 | # shift the port number by either a "random" amount, changing | |
265 | # on each invocation, or with a fixed offset of 'x', specified by the user. | |
266 | ||
267 | RANON_PORT_METHOD="offset:random" | |
268 | ||
269 | ||
270 | # There are a number of fields that are not subject to anonymization, | |
271 | # such as protocol types. These values, if not needed, can be zeroed | |
272 | # out, but upper protocol information, such as TCP base sequence numbers, | |
273 | # window performance etc.... need to be removed as needed. | |
274 | ||
275 | # By default, ranonymize() removes or zeroizes all other fields, in | |
276 | # the record, including TTL, TOS. Whole DSR's that are not anonymizable, | |
277 | # such as jitter values, user data contents, etc... are removed from the | |
278 | # record at anonymization time. | |
279 | ||
280 |