Argus SASL2

carter at qosient.com carter at qosient.com
Tue Mar 27 05:39:43 EDT 2007 

Hmmmm, well there is this concept of a saslpath, or sasldir in argus_auth.c.  I thought it got that from ther library?
May need to set it through the ./configure.

Carter


Carter Bullard
QoSient LLC
150 E. 57th Street Suite 12D
New York, New York 10022
+1 212 588-9133 Phone
+1 212 588-9134 Fax  

-----Original Message-----
From: "CS Lee" <geek00l at gmail.com>
Date: Tue, 27 Mar 2007 12:40:52 
To:Argus <argus-info at lists.andrew.cmu.edu>
Subject: [ARGUS] Argus SASL2

Carter,

I'm trying to get argus with sasl2 working, here's my config for argus

ARGUS_FLOW_TYPE="Bidirectional"
ARGUS_FLOW_KEY="CLASSIC_5_TUPLE"

ARGUS_DAEMON=no

ARGUS_MONITOR_ID="sk0" 

ARGUS_ACCESS_PORT=561
ARGUS_BIND_IP="127.0.0.1: <http://127.0.0.1> "

ARGUS_INTERFACE=sk0

ARGUS_GO_PROMISCUOUS=yes

ARGUS_COLLECTOR=yes

#ARGUS_CHROOT_DIR=/chroot_dir 

ARGUS_SETUSER_ID=argus
ARGUS_SETGROUP_ID=argus

#ARGUS_OUTPUT_FILE=/var/log/argus/argus.out
#ARGUS_PACKET_CAPTURE_FILE="/var/log/argus/packet.out"

ARGUS_SET_PID=yes
ARGUS_PID_PATH="/var/run" 

ARGUS_FLOW_STATUS_INTERVAL=5

ARGUS_MAR_STATUS_INTERVAL=60

ARGUS_DEBUG_LEVEL=0

ARGUS_GENERATE_RESPONSE_TIME_DATA=yes
ARGUS_GENERATE_JITTER_DATA=no
ARGUS_GENERATE_MAC_DATA=yes
ARGUS_GENERATE_APPBYTE_METRIC=yes 
ARGUS_GENERATE_TCP_PERF_METRIC=yes
ARGUS_GENERATE_BIDIRECTIONAL_TIMESTAMPS=yes

ARGUS_CAPTURE_DATA_LEN=1500
ARGUS_FILTER_OPTIMIZER=yes
ARGUS_FILTER="not arp"

ARGUS_MIN_SSF=40
ARGUS_MAX_SSF=128 

pwcheck_method: saslauthd

Here's my config for /etc/pam,d/argus

 cat /etc/pam.d/argus
#
# $FreeBSD: src/etc/pam.d/sshd,v 1.15 2003/04/30 21:57:54 markm Exp $
#
# PAM configuration for the "sshd" service 
#

# auth
auth            required        pam_nologin.so          no_warn
auth            sufficient      pam_opie.so             no_warn no_fake_prompts
auth            requisite       pam_opieaccess.so       no_warn allow_local 
#auth           sufficient      pam_krb5.so             no_warn try_first_pass
#auth           sufficient      pam_ssh.so              no_warn try_first_pass
auth            required        pam_unix.so             no_warn try_first_pass 

# account
#account        required        pam_krb5.so
account         required        pam_login_access.so
account         required        pam_unix.so

# session
#session        optional        pam_ssh.so 
session         required        pam_permit.so

# password
#password       sufficient      pam_krb5.so             no_warn try_first_pass
password        required        pam_unix.so             no_warn try_first_pass 


Then I start to run argus with -

argus -F /usr/local/lib/sasl2/argus-test.conf

argus[20056]: looking for plugins in '/usr/lib/sasl2', failed to open directory, error: No such file or directory 
argus[20056]: 27 Mar 07 12:38:40.316888 started
argus[20056]: 27 Mar 07 12:38:40.317197 ArgusGetInterfaceStatus: interface sk0 is up

Why is it looking for plugins at /usr/lib/sasl2, btw I have compiled it argus with - 

./configure --prefix=/usr/local/stow/argus-3rc42 --with-sasl=/usr/local


Thanks.

-- 
Best Regards,

CS Lee<geekooL[at]gmail.com>

More information about the argus mailing list