PF ring support in argus
Carter Bullard
carter at qosient.com
Fri Oct 12 17:15:18 EDT 2007
OK, well I have the environment support now in argus
and should have a copy up by Sunday, with client updates.
Carter
On Oct 12, 2007, at 3:28 PM, Russell Fulton wrote:
>
>
> Carter Bullard wrote:
>> Gentle people,
>> So, we don't really need to do anything in argus, as it seems
>> to be driven by environment variables (assuming your using
>> the shared library strategy). But that doesn't sound very
>> elegant.
>>
>> So I can add to argus.conf:
>>
>> ARGUS_ENV="name=value"
>>
>> And we can allow for any environment variable to be set?
>> Is this dangerous? I'm thinking that its pretty benign, as long
>> as we're careful on buffer overflow etc...., but it also would be
>> trivial to allow only specific environment variables? I'm sure
>> that someone will think that its dangerous, but in the
>> Bell-Lapadula scheme of things, it probably is not a real issue.
> Seems pretty benign to me (assuming sensible programming practice are
> followed and we all trust Carter in that department ;).
>
> Having everything in the config file is certainly much tidier. I
> have
> had occasions where I have installed the modified pcap and bungled
> setting the environment variable and discovered it months later.
> Mind you if I ever get bcfg2 properly set up to manage my sensors all
> the things like /etc/bashrc will be centrally managed too. For those
> who have not come across it bcfg2 is a rather nice configuration
> management tool from ANL: http://trac.mcs.anl.gov/projects/bcfg2
>
> BTW the reason I have gone with this method and not the kernel mods
> like
> Peter is that I don't have anyone to build custom kernels for me and I
> don't have time to do it myself.
>
> And, lastly, thanks to Jason for pointing out the README.ring file in
> the distro. I had missed that. sigh...
>
> Russell
>
>
More information about the argus
mailing list