[ARGUS] Argus 5.0 on FreeBSD 14

Carter Bullard carter at qosient.com
Thu Jan 11 14:12:50 EST 2024 

Hey Mike,
Based on this, I think we should choose machine-id … 

The purpose of the hostuuid is to have a globally (or at least organizational) unique identifier for the system that generates the argus data.  For the endpoint, the scrid will generally be extended to include the interface id so you can figure out where this record was generated ...

There are several situations where I have an argus running on a system, and an argus running in a VM hosted by that system.
We would want the hostuuid to be different for these two instances of argus … 
 
Because the hostid is normally MAC address based, it has been reported that the hostid is not guaranteed to be unique, especially in VM situations …

BUT … it seems to be complicated ... I may have to put in a configuration option to set where the hostuuid will come from … prog:/path/to/program or file:/path/to/file …

The most important part is for it to be unique without human involvement.

Carter


> On Jan 11, 2024, at 1:59 PM, mike tancsa <mike at sentex.ca> wrote:
> 
> Hmmm, I am not sure. But if ChatGPT is to trusted,
> 
> 
> In FreeBSD, machine-id and hostid are two different concepts serving distinct purposes:
> 
> Machine ID (machine-id):
> 
> The machine-id is a unique identifier assigned to a specific machine. It is often used by system services and applications to identify a particular instance of an operating system installation.
> The machine-id is typically stored in the /etc/machine-id file. This file contains a UUID (Universally Unique Identifier) that is generated during the installation of the operating system.
> The machine-id is used for various purposes, including identifying the system to systemd-based systems (like many modern Linux distributions) and some applications.
> Host ID (hostid):
> 
> The hostid is a numeric identifier assigned to the host. It is often used by networking utilities and applications to identify a system on a network.
> The hostid is usually a hexadecimal number and can be displayed using the hostid command. It is often used in conjunction with the MAC address of a system to create a unique identifier.
> Unlike the machine-id, the hostid is not stored in a file and is generated based on the system's hardware during boot.
> In summary, the primary difference is in their usage and purpose. The machine-id is a UUID used for system identification and is stored in a file, while the hostid is a numeric identifier used for networking purposes and is not stored as a file but generated based on the system's hardware.
> 
> 
> 
> 
> 
> 
> On 1/11/2024 1:49 PM, Carter Bullard wrote:
> 
>> Hey Mike,
>> I was happy with the 1 choice, and realized if you install dbus on FreeBSD, you can generate /var/lib/dbus/machine-id, which gave a reasonable 2 choices, but a third ?  ;o)
>> 
>> On my machine /etc/hostid and /etc/machine-id are the same values, but hostid has the traditional UUID format … argus doesn’t care about the format so either work fine …
>> 
>> Is /etc/hostid better than /etc/machine-id ???  Seems that the kernel install for FreeBSD now generates /etc/machine-id, but that seems to be a recent phenomenon  ???
>> 
>> Carter
>> 
>> 
>>> On Jan 11, 2024, at 1:31 PM, mike tancsa <mike at sentex.ca> wrote:
>>> 
>>> Hi Carter,
>>> 
>>>     Try the file /etc/hostid
>>> 
>>>     ---Mike
>>> 
>>> On 1/11/2024 1:27 PM, Carter Bullard wrote:
>>>> Oh and to add a little context, we use “/var/lib/dbus/machine-id” to get the hostuuid on RedHat style machines …
>>>> Carter
>>>> 
>>>>> On Jan 11, 2024, at 1:24 PM, Carter Bullard <carter at qosient.com> wrote:
>>>>> 
>>>>> I have argus-5.0 compiled and running on FreeBSD 14.0 …
>>>>> Argus 5.0 has a new feature where it can use 128-bit UUIDs for the scrid, and the zero-conf strategy for argus running on endpoints is to use the endpoints hostuuid / machine-id as the argus srcid.
>>>>> Linux, MacOS X, Windows, and BSD all have different ways of getting the hostuuid / machine-id.  For FreeBSD, there is /etc/machine-id, is this the best place to get the hostuuid ???
>>>>> I have that working, and no real way of configuring it yet … is this the best way to get the endpoints UUID  ???
>>>>> 
>>>>> Carter
>>>>> 
>>>>>> On Jan 10, 2024, at 11:59 AM, Carter Bullard <carter at qosient.com> wrote:
>>>>>> 
>>>>>> Hey Mahlon,
>>>>>> We have multiple votes for FreeBSD, so I’ll make sure it compiles cleanly and then offer it up for testing for FreeBSD, which should be in a few days.
>>>>>> I’ll make it available through GitHub as a separate branch ...
>>>>>> 
>>>>>> In testing argus-5.0, it is, by default, not compatible with argus-3.0 clients.  There is an option in argus.conf for argus-5.0 to generate 3.0 formatted data, and that will be what we’ll want to do at first.  At least its an incremental test at that point.
>>>>>> 
>>>>>> Getting ready for the general argus-5.0 release,  if you have a short list of client programs that you would like to test, I’ll make a testing distro for the clients package at the same time …
>>>>>> 
>>>>>> Thanks, and I hope that all is most excellent !!!!!!!
>>>>>> 
>>>>>> Carter
>>>>>> 
>>>>>> 
>>>>>>> On Jan 10, 2024, at 11:37 AM, Mahlon E. Smith <mahlon at martini.nu> wrote:
>>>>>>> 
>>>>>>> On Mon, Jan 08, 2024, Carter Bullard wrote:
>>>>>>> 
>>>>>>>> I’m finishing the touchup’s on argus-5.0, and I’m testing on a few
>>>>>>>> OS’s to make sure it makes and installs properly.
>>>>>>>> 
>>>>>>>> The OS’s I’ve gotten through are:
>>>>>>>> Mac OS Sonoma 14.x
>>>>>>>> Ubuntu 23.10
>>>>>>>> Windows 11 - using Cygwin
>>>>>>>> Windows 10 - using Cygwin
>>>>>>>> RedHat Server 3.10
>>>>>>>> Rocky Linux 9.3
>>>>>>>> Debian 12
>>>>>>>> Fedora
>>>>>>>> CentOS
>>>>>>>> Kali LInux 2023.4
>>>>>>>> 
>>>>>>>> Are there any other OS’s that we should test on ??? [...] If there is one
>>>>>>>> you would like tested, please send some email in the next few weeks …
>>>>>>> Hello Carter!  I'd humbly request FreeBSD to be added to the testing
>>>>>>> matrix. (cc'ed the port maintainer as well, not sure if he's on this list.)
>>>>>>> 
>>>>>>> Very much looking forward to Argus 5!
>>>>>>> 
>>>>>>> -- 
>>>>>>> Mahlon E. Smith
>>>>>>> http://www.martini.nu/

-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 1385 bytes
Desc: not available
URL: <https://pairlist1.pair.net/pipermail/argus/attachments/20240111/3f392977/attachment.bin>

More information about the argus mailing list