centos rpm for argus requires sasl?
James A. Robinson
jim.robinson at gmail.com
Fri Jan 15 17:22:56 EST 2021
I saw that CentOS EPEL offers an rpm for argus:
https://centos.pkgs.org/7/epel-x86_64/argus-3.0.8.2-1.el7.x86_64.rpm.html
Using a minimal argus.conf:
ARGUS_FLOW_TYPE="Bidirectional"
ARGUS_FLOW_KEY="CLASSIC_5_TUPLE"
ARGUS_DAEMON=no
ARGUS_ACCESS_PORT=561
ARGUS_FLOW_STATUS_INTERVAL=5
ARGUS_MAR_STATUS_INTERVAL=60
I ran argus and it found and monitored the eth0 interface on a machine.
I found that when I tried to connect to it on port 561 ra would
complain about sasl:
ra[493305]: 13:56:34.063345 RaSaslNegotiate: error starting SASL
negotiation SASL(-4): no mechanism available: No worthy mechs found
the manual page for argus.conf seems to imply that the default
configuration of argus is to disable sasl:
----
ARGUS_SSF
Argus supports the use of SASL to provide strong authentication and
confidentiality protection.
The policy that argus uses is controlled through the use of a minimum
and maximum allowable protection strength, which is standard for SASL
based appliations. Set these variable to control this policy. The
default is no security policy.
ARGUS_MIN_SSF=0
ARGUS_MAX_SSF=0
----
I tried adding the ARGUS_MIN_SSF=0 and ARGUS_MAX_SSF=0 values to
/etc/argus.conf to see if that changed the behavior, but it did not.
I finally pulled down the argus source code and compiled and ran it,
and that daemon responded just fine to the ra client.
This makes me wonder if somehow the default argus available in the
CentOS rpm requires SASL and doesn't offer a way to disable it?
Anyone know if there are other knobs I should have been twisting in
/etc/argus.conf to get it to behave more like stock?
Jim
More information about the argus
mailing list