argus command-line parameter handling

Carter Bullard carter at qosient.com
Fri Jun 14 16:36:03 EDT 2002 

Hey Chris,
   How bout we do a better job with the user supplied
parameters overriding default behavior?  If you specify
an interface, we should use it (or its) instead.
One of the design goals of the current strategy was to
support a system wide configuration that could be overridden
by a user specified file.  /etc/argus.conf holds the default.
This was suggested many years ago, since few people
(or computers) remember to use "-F /etc/argus.conf" to get
system default parameters.

   Would this help?

Carter




> -----Original Message-----
> From: Chris Russel [mailto:russel at yorku.ca] 
> Sent: Friday, June 14, 2002 3:33 PM
> To: Carter Bullard
> Cc: argus-info at lists.andrew.cmu.edu
> Subject: RE: argus command-line parameter handling
> 
> 
> On Fri, 14 Jun 2002, Carter Bullard wrote:
> 
> > I think the problem is that the Argus project is
> > going to provide maximum flexibility, rather than trying to
> > keep the user from shooting themselves.
> 
> I completely agree with this philosophy and I don't think that's a
> problem.  I think this problem falls into the hidden/undocumented
> behaviours category.  Maybe my message will help with the 
> documentation
> aspect.
> 
> My vote is to not load the default config unless no -F is 
> specified. This
> is the behaviour the debian init script is expecting. BTW I 
> have filed a
> bug with them since it is clearly wrong - allowing users to shoot
> themselves is one thing, having the gun pointed at them by default is
> another.
> 
> The simplest thing would be to not load a default config at 
> all and just
> use hard-coded values unless overridden by -F's or equivalent 
> command-line
> parameters.  That would eliminate having to test for 
> duplicate interfaces
> or duplicate config files (it's still possible but it would 
> be the users
> doing). Obviously this breaks with some traditional usage.
> 
> -- 
> Chris Russel     | CNS Information Security
> russel at yorku.ca  | York University, Toronto, Canada
> 
> 
> 
> 
> 
> 
> 
>

More information about the argus mailing list