Argus

How Do I Start/Stop/Customize Argus?

You can use the Network Security Toolkit Web based User Interface (WUI) to setup, edit the configuration, start, stop and access argusd. This is easiest way to manage argusd on a NST.

Once setup via the NST WUI, argusd can also be managed via the command line. Starting and stopping argus is done via a standard service script /etc/rc.d/init.d/argusd. The following is all that is required to start it up:

[root@probe root]# /etc/rc.d/init.d/argusd start
Starting argusd:                                           [  OK  ]
[root@probe root]# 

The Network Security Toolkit preconfigures argus to use /var/argus as the location for its data and configuration files. If this directory is not found when you first start argus, it will be created and initialized with the Network Security Toolkit default configuration from /usr/local/argus/data.tar.bz2. You will most likely want to customize the /var/argus/config file for the systems you want argus to monitor (refer to the documentation at the argus site for details on configuration).

Once you've customized your argus config file, you'll want to signal argusd to reload its config. You can either restart the argusd service, or you can use the /usr/local/argus/sbin/argusctl command in the following manner:

[root@probe root]# /usr/local/argus/sbin/argusctl hup
ARGUS/2.0 200 OK
[root@probe root]# 

There are many things you can do with the /usr/local/argus/sbin/argusctl command, try invoking it the help option for additional details.

What is the Argus URL?

After configuring and starting argus, you'll probably want to make use of its web based user interface. If you used the Network Security Toolkit WUI to start argus, you can just click on the link provided. Alternatively, you can point your browser at https://HOST/argus/argus.cgi.

Why Do I Have to Login to Argus?

Since you can do so much through the Network Security Toolkit web based user interface, you must always authorize yourself prior to gaining access. The argus package has its own web based user interface and also requires authorization prior to allowing one to access the service. Unfortunately, Paul's Perl skills are lacking, and he could not quickly determine what was required in order to disable the argus login screen. He was able to figure out how to set the default configuration such that if you login with the user ID set to root you should be able to gain access to argus regardless of the password you specify.

If you are a Perl developer and can offer Paul a suggestion on what needs to be done to the /usr/local/argus/html/argus.cgi script (Paul thinks its somewhere in the web_login subroutine), then please drop a note in the NST Forum.

Why Aren't There Graphs In Argus?

While argus supports nice graphs, this feature hasn't made it into a release of the Network Security Toolkit yet. Hopefully we will be able to remedy this in the future.

How Do I Get Argus To Send Email Notifications?

The argus service is capable of sending out email notifications when systems that it has been configured to monitor go down or up (have a state transition). In order to accomplish this, the following things need to be done:

  • You must have the sendmail service running on your Network Security Toolkit probe. This is accomplished via the setup_sendmail script.

  • You must specify yes to one or more sendnotify parameters in your /var/argus/config file.

  • You must specify a valid email address in one or more notify parameters in your /var/argus/config file.

Take a look the file /var/argus/config. It has comments around the lines that need to be changed to enable email.

How Do I Simplify My Argus Setup?

Note:

This tip is intended for those who have already read through the Using the Network Security Toolkit document (in particular, the Getting Started and File Systems section).

You can extend your lnstcustom setup.sh script to automate the configuration and starting of the argus service. There are several ways to accomplish this, the following outlines a method to make a permanent setup. It assumes the following:

  • You already understand how to use the lnstcustom command AND have a pre-existing setup you wish to extend.

  • The file system mounted under $NSTHOME is writable and fully supports the concept of permissions and ownership. If you are using a FAT file system on a thumb drive - you will need to adjust these steps as a FAT file system does not allow one to specify ownership of files.

Initializing the $NSTHOME/var/argus Directory.

First we will need to initialize our customized argus area. We will use the following set of commands:

[root@probe root]# lnstcustom nst hda5 ext3 1
[root@probe root]# mkdir -p $NSTHOME/var/argus 2
[root@probe root]# (cd $NSTHOME/var/argus; tar xjf /usr/local/argus/data.tar.bz2) 3
[root@probe root]# chown -R apache.apache $NSTHOME/var/argus 4
[root@probe root]# 

1

This loads an existing Network Security Toolkit customization setup assuming that its located in the directory nst under a ext3 file system found on the 5th partition of the first IDE hard drive (hda5). The parameters you supply to this command will depend upon your setup.

2

Creates a directory for our permanent argus configuration and statistics.

3

Initializes our permanent argus directory with the default setup for the Network Security Toolkit probe. You will want to replace or edit the $NSTHOME/var/argus/config file for the systems you want to monitor.

4

This sets the ownership of the argus files to apache.apache which is necessary in order to make use of the argus web based user interface. This is also the reason a FAT based file system can't be directly used for this setup.

Updating $NSTHOME/setup.sh.

We now need to add the following to our existing $NSTHOME/setup.sh script:

# Startup sendmail (assuming we configured argus for email notifications)
/usr/local/bin/setup_sendmail 1

# Only setup argus if it isn't yet running
if ! /etc/rc.d/init.d/argusd status > /dev/null; then

  # If /var/argus hasn't been setup yet, use our area
  if [ ! -d /var/argus ]; then

    # Create symbolic link under /var so NST will use our argus config
    /bin/ln -s $NSTHOME/var/argus /var 2
  fi

  # Start up the argus service
  if [ -d /var/argus ]; then
    /etc/rc.d/init.d/argusd start 3
  fi
fi

1

This starts up the sendmail service using the default settings so that argus will be able to send out email notifications. You may need to specify arguments to this command depending upon your situation (use setup_sendmail --help for details - or read the Using the Network Security Toolkit document).

2

This symbolic link will prevent the Network Security Toolkit from installing its default configuration and will cause argus to use the configuration we prepared under $NSTHOME/var/argus.

3

Finally, this command starts up the argus service with our customized environment.

Note:

The above script assumes that the argus service has not been previously started on the Network Security Toolkit. If the /var/argus directory already exists, it will fail (as the creation of the symbolic link will fail).