From f48b1c7c6aed10dbf4f6d6010d4aa4cbd7a48b0f Mon Sep 17 00:00:00 2001 From: alucard Date: Tue, 27 Feb 2007 13:28:14 +0000 Subject: [PATCH] - initial PLD release Changed files: argus.conf -> 1.1 argus.init -> 1.1 argus.spec -> 1.1 argus.sysconfig -> 1.1 --- argus.conf | 388 ++++++++++++++++++++++++++++++++++++++++++++++++ argus.init | 66 ++++++++ argus.spec | 94 ++++++++++++ argus.sysconfig | 5 + 4 files changed, 553 insertions(+) create mode 100755 argus.conf create mode 100644 argus.init create mode 100644 argus.spec create mode 100644 argus.sysconfig diff --git a/argus.conf b/argus.conf new file mode 100755 index 0000000..79b6b1b --- /dev/null +++ b/argus.conf @@ -0,0 +1,388 @@ +# +# Argus Software +# Copyright (c) 2000-2007 QoSient, LLC +# All rights reserved. +# +# Example argus.conf +# +# Argus will open this argus.conf if its installed as /etc/argus.conf. +# It will also search for this file as argus.conf in directories +# specified in $ARGUSPATH, or $ARGUSHOME, $ARGUSHOME/lib, +# or $HOME, $HOME/lib, and parse it to set common configuration +# options. All values in this file can be overriden by command +# line options, or other files of this format that can be read in +# using the -F option. +# +# +# Variable Syntax +# +# Variable assignments must be of the form: +# +# VARIABLE= +# +# with no white space between the VARIABLE and the '=' sign. +# Quotes are optional for string arguements, but if you want +# to embed comments, then quotes are required. +# +# +# Variable Explanations +# +# The Argus can be configured to support a large number of +# flow types. The Argus can provide either type, i.e. +# uni-directional or bi-directional flow tracking and +# the flow can be further defined by specifying the key. +# The argus supports a set of well known key strategies, +# such as 'CLASSIC_5_TUPLE', 'LAYER_3_MATRIX', 'LAYER_2_MATRIX', +# 'MPLS', and/or 'VLAN', or the argus can be configured to +# formulate key strategies from a list of the specific +# objects that the Argus understands. See the man page for +# a complete description. +# +# The default is the classic 5-tuple IP flow, CLASSIC_5_TUPLE. +# + +ARGUS_FLOW_TYPE="Bidirectional" +ARGUS_FLOW_KEY="CLASSIC_5_TUPLE" + + +# Argus is capable of running as a daemon, doing all the right things +# that daemons do. When this configuration is used for the system +# daemon process, say for /etc/argus.conf, this variable should be +# set to "yes". +# +# The default value is to not run as a daemon. +# +# This example is to support the ./support/Startup/argus script +# which requires that this variable be set to "yes". +# +# Commandline equivalent -d +# + +ARGUS_DAEMON=yes + + +# Argus Monitor Data is uniquely identifiable based on the source +# identifier that is included in each output record. This is to +# allow you to work with Argus Data from multiple monitors at the +# same time. The ID is 32 bits long, and so legitimate values are +# 0 - 4294967296 but argus also supports IP addresses as values. +# The configuration allows for you to use host names, however, do +# have some understanding how `hostname` will be resolved by the +# nameserver before commiting to this strategy completely. +# +# Commandline equivalent -e +# + +ARGUS_MONITOR_ID=`hostname` + + +# Argus monitors can provide a real-time remote access port +# for collecting Argus data. This is a TCP based port service and +# the default port number is tcp/561, the "experimental monitor" +# service. This feature is disabled by default, and can be forced +# off by setting it to zero (0). +# +# When you do want to enable this service, 561 is a good choice, +# as all ra* clients are configured to try this port by default. +# +# Commandline equivalent -P +# + +ARGUS_ACCESS_PORT=561 + + +# When remote access is enabled (see above), you can specify that Argus +# should bind only to a specific IP address. This is useful, for example, +# in restricting access to the local host, or binding to a private +# interface while capturing from another. The default is to bind to any +# IP address. +# +# Commandline equivalent -B +# + +#ARGUS_BIND_IP="127.0.0.1" + + +# By default, Argus will open the first appropriate interface on a +# system that it encounters. For systems that have only one network +# interface, this is a reasonable thing to do. But, when there are +# more than one suitable interface, you should specify which +# interface(s) Argus should read data from. +# +# Argus can read packets from multiple interfaces at the same time, +# although this is limited to 2 interfaces at this time. Specify +# this in this file with multiple ARGUS_INTERFACE directives. +# +# Commandline equivalent -i +# + +#ARGUS_INTERFACE= + + +# By default, Argus will put its interface in promiscuous mode +# in order to monitor all the traffic that can be collected. +# This can put an undo load on systems. + +# If the intent is to monitor only the network activity of +# the specific system, say to measure the performance of +# an HTTP service or DNS service, you'll want to turn +# promiscuous mode off. +# +# The default value is go into prmiscuous mode. +# +# Commandline equivalent -p +# + +#ARGUS_GO_PROMISCUOUS=yes + + +# By default, Argus will provide its own reliable output collection +# functions, which include writing out to multiple files, supporting +# multiple concurrent remote clients, independent output filtering and +# strong authentication and encryption. The support for each of these +# functions increases the CPU requirements of argus, and as such, in +# high load environments, may not be desireable. +# +# When argus's collection functions are disabled, the only way to access +# data is through a socket, and as a result the ARGUS_ACCESS_PORT +# and ARGUS_BIND_ADDRESS mechanisms may need to be used. +# +# Commandline equivalent -c +# + +#ARGUS_COLLECTOR=yes + + +# Argus supports chroot(2) in order to control the file system that +# argus exists in and can access. Generally used when argus is running +# with privileges, this limits the negative impacts that argus could +# inflict on its host machine. +# +# This option will cause the output file names to be relative to this +# directory, and so consider this when trying to find your output files. +# +# Commandline equivalent -C +# + +#ARGUS_CHROOT_DIR=/chroot_dir + + +# Argus can be directed to change its user id using the setuid() system +# call. This is can used when argus is started as root, in order to +# access privileged resources, but then after the resources are opened, +# this directive will cause argus to change its user id value to +# a 'lesser' capable account. Recommended when argus is running as +# daemon. +# +# Commandline equivalent -u +# + +#ARGUS_SETUSER_ID=user + + +# Argus can be directed to change its group id using the setgid() system +# call. This is can used when argus is started as root, in order to +# access privileged resources, but then after the resources are opened, +# this directive can be used to change argu's group id value to +# a 'lesser' capable account. Recommended when argus is running as +# daemon. +# +# Commandline equivalent -g +# + +#ARGUS_SETGROUP_ID=group + + +# Argus can write its output to one or a number of files. +# The default limit is 5 concurrent files, each with their +# own independant filters. +# +# The format is: +# ARGUS_OUTPUT_FILE=/full/path/file/name +# ARGUS_OUTPUT_FILE="/full/path/file/name filter" +# +# Most sites will have argus write to a file, for reliablity. +# The example file name is used here as supporting programs, +# such as ./support/Archive/argusarchive are configured to use +# this file (with any chroot'd directory prepended). +# +# Commandline equivalent -w +# + +#ARGUS_OUTPUT_FILE=/var/log/argus/argus.out + + +# When Argus is configured to run as a daemon, with the -d +# option, Argus can store its pid in a file, to aid in +# managing the running daemon. However, creating a system +# pid file requires priviledges that may not be appropriate +# for all cases. +# +# When configured to generate a pid file, if Argus cannot +# create the pid file, it will fail to run. This variable +# is available to override the default, in case this gets +# in your way. +# +# The default value is to generate a pid. The default +# path for the pid file, is '/var/run'. +# +# No Commandline equivalent +# + +ARGUS_SET_PID=yes +ARGUS_PID_PATH="/var/run" + + +# Argus will periodically report on a flow's activity every +# ARGUS_FLOW_STATUS_INTERVAL seconds, as long as there is +# new activity on the flow. This is so that you can get a +# multiple status reports into the activity of a flow. The +# default is 5 seconds, but this number may be too low or +# too high depending on your uses. Argus does suppport +# a minimum value of 0.000001 seconds. Values under 1 sec +# are very useful for doing measurements in a controlled +# experimental environment where the number of flows is small. +# +# Because the status interval affects the memory utilization +# of the monitor, find the minimum acceptable value is +# recommended. +# +# Commandline equivalent -S +# + +ARGUS_FLOW_STATUS_INTERVAL=5 + + +# Argus will periodically report on a its own health, providing +# interface status, total packet and bytes counts, packet drop +# rates, and flow oriented statistics. +# +# These records can be used as "keep alives" for periods when +# there is no network traffic to be monitored. +# +# The default value is 300 seconds, but a value of 60 seconds is +# very common. +# +# Commandline equivalent -M +# + +ARGUS_MAR_STATUS_INTERVAL=60 + + +# If compiled to support this option, Argus is capable of +# generating a lot of debug information. +# +# The default value is zero (0). +# +# Commandline equivalent -D +# + +ARGUS_DEBUG_LEVEL=0 + + +# Argus can be configured to report on flows in a manner than +# provides the best information for calculating application +# reponse times and network round trip times. +# +# The default value is to not generate this data. +# +# Commandline equivalent -R +# + +ARGUS_GENERATE_RESPONSE_TIME_DATA=no + + +# Argus can be configured to generate packet jitter information +# on a per flow basis. The default value is to not generate +# this data. +# +# Commandline equivalent -J +# + +ARGUS_GENERATE_JITTER_DATA=no + + +# Argus can be configured to provide MAC addresses in +# it audit data. The default value is to not generate +# this data. +# +# Commandline equivalent -m +# + +ARGUS_GENERATE_MAC_DATA=yes + + +# Argus can be configured to generate metrics that include +# the application byte counts as well as the packet count +# and byte counters. +# +# No commandline equivalent +# + +ARGUS_GENERATE_APPBYTE_METRIC=no + + +# Argus by default, generates extended metrics for TCP +# that include the connection setup time, window sizes, +# base sequence numbers, and retransmission counters. +# You can suppress this detailed information using this +# variable. +# +# No commandline equivalent +# + +#ARGUS_GENERATE_TCP_PERF_METRIC=yes + + +# Argus can be configured to capture a number of user data +# bytes from the packet stream. +# +# The default value is to not generate this data. +# +# Commandline equivalent -U +# + +ARGUS_CAPTURE_DATA_LEN=32 + + +# Argus uses the packet filter capabilities of libpcap. If +# there is a need to not use the libpcap filter optimizer, +# you can turn it off here. The default is to leave it on. +# +# Commandline equivalent -O +# + +ARGUS_FILTER_OPTIMIZER=yes + + +# You can provide a filter expression here, if you like. +# It should be limited to 2K in length. The default is to +# not filter. +# +# No Commandline equivalent +# + +ARGUS_FILTER="" + + +# Argus allows you to capture packets in tcpdump() format +# if the source of the packets is a tcpdump() formatted +# file or live packet source. +# +# Specify the path to the packet capture file here. +# + +#ARGUS_PACKET_CAPTURE_FILE="/var/log/argus/packet.out" + + +# Argus supports the use of SASL to provide strong +# authentication and confidentiality protection. +# +# The policy that argus uses is controlled through +# the use of a minimum and maximum allowable protection +# strength. Set these variable to control this policy. +# + +#ARGUS_MIN_SSF=40 +#ARGUS_MAX_SSF=128 + diff --git a/argus.init b/argus.init new file mode 100644 index 0000000..308aca7 --- /dev/null +++ b/argus.init @@ -0,0 +1,66 @@ +#!/bin/sh +# Startup script for argus +# +# chkconfig: 2345 97 01 +# description: Run argus + +# Source function library. +. /etc/rc.d/init.d/functions + +# Get service config +if [ -f /etc/sysconfig/argus ]; then + . /etc/sysconfig/argus +else + nls "Error: %s not found" /etc/sysconfig/argus + nls "argus daemon can't be run." + exit 1 +fi + +case "$1" in + start) + if [ ! -f /var/lock/subsys/argus ]; then + msg_starting "argus" + daemon --user argus argus -d -w /var/log/argus/argus.log + RETVAL=$? + [ $RETVAL -eq 0 ] && touch /var/lock/subsys/argus + else + msg_already_running "argus" + fi + ;; + + stop) + if [ -f /var/lock/subsys/argus ]; then + msg_stopping "argus" + killproc argus + rm -f /var/lock/subsys/argus + fi + ;; + + restart) + $0 stop + $0 start + exit $? + ;; + + reload|force-reload) + if [ -f /var/lock/subsys/argus ]; then + msg_reloading "argus" + killproc argus -HUP + RETVAL=$? + else + msg_not_running argus >&2 + exit 7 + fi + ;; + + status) + status argus + ;; + + *) + echo $"Usage: $0 {start|stop|reload|force-reload|status}" + exit 1 + +esac + +exit 0 diff --git a/argus.spec b/argus.spec new file mode 100644 index 0000000..6eb375f --- /dev/null +++ b/argus.spec @@ -0,0 +1,94 @@ +# +# TODO +# - logrotate (or argusrotate) +# - configure without options not working +# +# Conditional build: +%bcond_without tcp_wrappers # build with tcp_wrappers support +%bcond_without sasl # build with sasl support +# +Summary: Real time network flow monitor +Summary(pl.UTF-8): Monitor obciążenia sieci czasu rzeczywistego +Name: argus +%define _ver_major 3.0 +%define _ver_minor .0 +%define _rc .rc.40 +Version: %{_ver_major}%{_ver_minor}%{_rc} +Release: 0.1 +License: GPL v2 +Group: Applications/Networking +Source0: ftp://qosient.com/dev/%{name}-%{_ver_major}/%{name}-%{version}.tar.gz +# Source0-md5: 49047be6450c6255cceb3fb9bfe3caed +Source1: %{name}.conf +Source2: %{name}.init +Source3: %{name}.sysconfig +URL: http://www.qosient.com/argus/ +BuildRequires: rpmbuild(macros) >= 1.228 +Requires(post,preun): /sbin/chkconfig +BuildRequires: libpcap-devel +BuildRequires: bison +%{?with_tcp_wrappers:BuildRequires: libwrap-devel} +%{?with_tcp_wrappers:BuildRequires: cyrus-sasl-devel} +Provides: group(argus) +Provides: user(argus) +BuildRoot: %{tmpdir}/%{name}-%{version}-root-%(id -u -n) + +%description + +%description -l pl.UTF-8 + +%prep +%setup -q + +%build +%configure \ + --with%{!?with_tcp_wrappers:out}-libwrap \ + --with%{!?with_sasl:out}-sasl +%{__make} + +%install +rm -rf $RPM_BUILD_ROOT + +install -d $RPM_BUILD_ROOT%{_sysconfdir}/%{name} +install -d $RPM_BUILD_ROOT/etc/{rc.d/init.d,sysconfig} +install -d $RPM_BUILD_ROOT%{_var}/log/%{name} + +install %{SOURCE1} $RPM_BUILD_ROOT%{_sysconfdir}/%{name}/%{name}.conf +install %{SOURCE2} $RPM_BUILD_ROOT/etc/rc.d/init.d/%{name} +install %{SOURCE3} $RPM_BUILD_ROOT/etc/sysconfig/%{name} + +touch $RPM_BUILD_ROOT%{_var}/log/%{name}/%{name}.log + +%{__make} install \ + DESTDIR=$RPM_BUILD_ROOT + +%clean +rm -rf $RPM_BUILD_ROOT + +%pre +%groupadd -g 214 -r argus +%useradd -M -o -r -u 214 -d /home/services/argus -s /bin/sh -g argus -c "argus daemon" argus + +%post +/sbin/chkconfig --add %{name} +%service %{name} restart + +%preun +if [ "$1" = "0" ]; then + %service -q %{name} stop + /sbin/chkconfig --del %{name} +fi + +%files +%defattr(644,root,root,755) +%doc CREDITS ChangeLog README doc/{CHANGES,FAQ,HOW-TO} +%attr(755,root,root) %{_bindir}/argusbug +%attr(755,root,root) %{_sbindir}/argus +%attr(754,root,root) /etc/rc.d/init.d/%{name} +%dir /etc/%{name} +%config(noreplace) %verify(not md5 mtime size) /etc/%{name}/%{name}.conf +%config(noreplace) %verify(not md5 mtime size) /etc/sysconfig/%{name} +%dir %{_var}/log/%{name} +%attr(640,argus,root,) %ghost %{_var}/log/%{name}/%{name}.log +%{_mandir}/man5/argus.conf.5.gz +%{_mandir}/man8/argus.8.gz diff --git a/argus.sysconfig b/argus.sysconfig new file mode 100644 index 0000000..444d99c --- /dev/null +++ b/argus.sysconfig @@ -0,0 +1,5 @@ +# argus daemon startup configuration file + +# Try to define nice-level for running argus +SERVICE_RUN_NICE_LEVEL="+0" + -- 2.44.0