You can use the Network Security Toolkit Web based User Interface (WUI) to setup, edit the configuration, start, stop and access argusd. This is easiest way to manage argusd on a NST.
Once setup via the NST WUI, argusd
can also be managed via the command line. Starting and stopping
argus is done via a standard service script
/etc/rc.d/init.d/argusd
. The following is
all that is required to start it up:
[root@probe root]#
/etc/rc.d/init.d/argusd start
Starting argusd: [ OK ][root@probe root]#
The Network Security Toolkit preconfigures argus to use
/var/argus
as the location for its data and
configuration files. If this directory is not found when you
first start argus, it will be created and initialized
with the Network Security Toolkit default configuration from
/usr/local/argus/data.tar.bz2
. You will
most likely want to customize the
/var/argus/config
file for the systems you
want argus to monitor (refer to the documentation at the
argus site for details on configuration).
Once you've customized your argus config file,
you'll want to signal argusd to reload
its config. You can either restart the argusd
service, or you can use the
/usr/local/argus/sbin/argusctl
command in
the following manner:
[root@probe root]#
/usr/local/argus/sbin/argusctl hup
ARGUS/2.0 200 OK[root@probe root]#
There are many things you can do with the
/usr/local/argus/sbin/argusctl command, try
invoking it the help
option for additional
details.
After configuring and starting argus, you'll
probably want to make use of its web based user interface. If
you used the Network Security Toolkit WUI to start argus,
you can just click on the link provided. Alternatively, you can
point your browser at
https://HOST/argus/argus.cgi
.
Since you can do so much through the Network Security Toolkit web based user
interface, you must always authorize yourself prior to gaining
access. The argus package has its own web based user
interface and also requires authorization prior to allowing one
to access the service. Unfortunately, Paul's
Perl
skills are lacking, and he could not
quickly determine what was required in order to disable the
argus login screen. He was able to figure out how to set
the default configuration such that if you login with the user
ID set to root
you should be able to gain
access to argus regardless of the password you
specify.
If you are a Perl
developer and can
offer Paul a suggestion on what needs to be done to the
/usr/local/argus/html/argus.cgi
script
(Paul thinks its somewhere in the web_login
subroutine), then please drop a note in the
NST Forum.
While argus supports nice graphs, this feature hasn't made it into a release of the Network Security Toolkit yet. Hopefully we will be able to remedy this in the future.
The argus service is capable of sending out email notifications when systems that it has been configured to monitor go down or up (have a state transition). In order to accomplish this, the following things need to be done:
You must have the sendmail service running on your Network Security Toolkit probe. This is accomplished via the setup_sendmail script.
You must specify yes
to one or more
sendnotify
parameters in your
/var/argus/config
file.
You must specify a valid email address in one or more
notify
parameters in your
/var/argus/config
file.
Take a look the file
/var/argus/config
. It has comments around
the lines that need to be changed to enable email.
This tip is intended for those who have already read
through the Using the Network Security Toolkit document (in particular, the
Getting Started
and File
Systems
section).
You can extend your lnstcustom
setup.sh
script to automate the
configuration and starting of the argus service. There
are several ways to accomplish this, the following outlines a
method to make a permanent setup. It assumes the
following:
You already understand how to use the lnstcustom command AND have a pre-existing setup you wish to extend.
The file system mounted under
$NSTHOME
is writable and fully supports
the concept of permissions and ownership. If you are using a
FAT file system on a thumb drive - you
will need to adjust these steps as a FAT
file system does not allow one to specify ownership of
files.
First we will need to initialize our customized argus area. We will use the following set of commands:
[root@probe root]#
lnstcustom nst hda5 ext3
[root@probe root]#
mkdir -p $NSTHOME/var/argus
[root@probe root]#
(cd $NSTHOME/var/argus; tar xjf /usr/local/argus/data.tar.bz2)
[root@probe root]#
chown -R apache.apache $NSTHOME/var/argus
[root@probe root]#
This loads an existing Network Security Toolkit customization setup
assuming that its located in the directory
| |
Creates a directory for our permanent argus configuration and statistics. | |
Initializes our permanent argus directory
with the default setup for the Network Security Toolkit probe. You will want
to replace or edit the
| |
This sets the ownership of the argus files
to |
We now need to add the following to our existing
$NSTHOME/setup.sh
script:
# Startup sendmail (assuming we configured argus for email notifications) /usr/local/bin/setup_sendmail # Only setup argus if it isn't yet running if ! /etc/rc.d/init.d/argusd status > /dev/null; then # If /var/argus hasn't been setup yet, use our area if [ ! -d /var/argus ]; then # Create symbolic link under /var so NST will use our argus config /bin/ln -s $NSTHOME/var/argus /var fi # Start up the argus service if [ -d /var/argus ]; then /etc/rc.d/init.d/argusd start fi fi
This starts up the sendmail service using the default settings so that argus will be able to send out email notifications. You may need to specify arguments to this command depending upon your situation (use setup_sendmail --help for details - or read the Using the Network Security Toolkit document). | |
This symbolic link will prevent the Network Security Toolkit from
installing its default configuration and will cause
argus to use the configuration we prepared under
| |
Finally, this command starts up the argus service with our customized environment. |
The above script assumes that the argus service
has not been previously started on the Network Security Toolkit. If the
/var/argus
directory already exists, it
will fail (as the creation of the symbolic link will
fail).