xref: /dports/net-mgmt/argus3-clients/argus-clients-3.0.8.3/support/Config/ranonymize.conf

#
#  Argus Software
#  Copyright (c) 2000-2016 QoSient, LLC
#  All rights reserved.
#
#  Permission to use, copy, modify, and distribute this software and
#  its documentation for any purpose and without fee is hereby granted,
#  provided that the above copyright notice appear in all copies and
#  that both that copyright notice and this permission notice appear
#  in supporting documentation, and that the name of QoSient not
#  be used in advertising or publicity pertaining to distribution of
#  the software without specific, written prior permission.
#
#  QOSIENT, LLC DISCLAIMS ALL WARRANTIES WITH REGARD TO THIS
#  SOFTWARE, INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY AND
#  FITNESS, IN NO EVENT SHALL QOSIENT, LLC BE LIABLE FOR ANY
#  SPECIAL, INDIRECT OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER
#  RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF
#  CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN
#  CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
#
#
# Example ranonymize.conf
#
# Ranonymize will open this file and parse it to set common
# configuration options.
#
# Values can be quoted to make string denotation easier, however, the
# parser does not require that string values be quoted.  To support this,
# the parse will remove '\"' characters from input strings, so do not
# use this character in strings themselves.
#
# Values specified as "" will be treated as a NULL string, and the parser
# will ignore the variable setting.

# Supported Options

# Ranonymize allows you to specify the type of anonymization methods
# used for a number of categories.  The types are "sequential", "random",
# "specific", "fixed" or "no" anonymization.  Each is described below
# as they appear in the configuration.
#
# ranonymize() uses various strategies to seed its random number
# generator.  If the user specifies a seed, then the srandon(seed)
# function is used.  If keyword "time" is used, then the system usec
# value at the invocation is used.  If the keyword "crypto" is used,
# then the system call srandomdev() is used if available.  If not,
# the "time" method is used.  Configuring with a specific seed value
# in this configuration file, will generate deterministic values
# which should result in assignments that are duplicated with
# reach run.
#

RANON_SEED=29384938

#
# Ranonymize automatcially anonymizes various fields in Argus
# records, such as the timestamps, transaction reference numbers,
# and the sequence numbers.  In order to preserve relative
# values of these numbers, anonymization involves subtracting
# a constant value from the field in every argus record seen.
# These values, if needed, can be defined by ranonymize or the user.
# The anonymization method is "fixed" offset, and the constant
# value can be specified by the user, "fixed:x", where x is a numerical
# value, +/- 2^31, or chosen by ranonymize at random, "fixed:random",
# where the random value is choosen from the same range as above.
#
# where the random value is choosen from the same range as above.

RANON_TRANSREFNUM_OFFSET=fixed:82736487
RANON_SEQNUM_OFFSET=fixed:10234
RANON_TIME_SEC_OFFSET=random
RANON_TIME_USEC_OFFSET=random

# Ranonymize allows you to specify the type of anonymization methods
# used in a number of categories. For ethernet network and host
# address conversion, ranonymize can support "sequential", "random",
# "specific", "fixed" or "no" anonymization.

# Sequential anonymization involves allocating new addresses in a
# monotonically increasing fashion on a first come first serve basis.
# For ethernet addresses this starts with the address xx:xx:xx:00:00:01,
# where the xx:xx:xx is the vendor identification part, which could be
# preserved, based on configuration (see below) or anonymized starting
# with the value 00:00:00.  For IP v4 addresses, the sequential address
# range starts with the non-routable address space 10.0.0, by default.
# Sequential randomization uses the least amount of memory and minimizes
# anonymization processing time, however it does not offer the best
# object scrambling method.
#
# As an example, if the first Argus record contained the addresses
# 128.64.2.4 and 132.243.2.87 as source and destination, sequential
# anonymization would generate the addresses 10.0.0.1 and 10.0.1.1
# as the new source and destination addresses, because there are two
# unique network parts, 128.64.2 -> 10.0.0, and 132.243.2 -> 10.0.1.
# Host parts are sequentially allocated within the new network address
# space, and because both addresses are first, they come up as 1.
#
# Random anonymization involves choosing a value from a pool
# of random values.  The type of anonymization, net, host,
# ethernet, dictates the size of the pool of values.
#
# Random anonymization could generate 10.24.31.203 and 10.1.34.18
# as examples, as both the 24 bit network parts would be allocated
# randomly from the 10 network space, and the host address part
# would be allocated randomly from the possible host addresses for
# each allocated network space.  Random anonymization provides better
# address scrambling, as it is not dependant on address ordering, but
# it is significantly more computationaly complex.

# Ranonymize has the option to preserve specific aspects of ethernet
# address semantics, such as vendor identification, and broadcast/
# multicast use.  These can be selected independantly.

RANON_ETHERNET_ANONYMIZATION=sequential
RANON_PRESERVE_ETHERNET_VENDOR=no
RANON_PRESERVE_ETHERNET_BROADCAST=yes
RANON_PRESERVE_ETHERNET_MULTICAST=yes

RANON_NET_ANONYMIZATION=sequential
RANON_HOST_ANONYMIZATION=sequential
RANON_AS_ANONYMIZATION=sequential

# The length of the network address part of IPv4 addresses is by
# default 24 bits, but it can be set to any value < 32.

RANON_NETWORK_ADDRESS_LENGTH=24

# Ranonymize can be configured to perform specific network
# address translation, regardless of the types of anonymization
# that are being employed.  These must be specified using the
# configured network address length.   These addresses are allocated
# prior to any processing, and represent a culling from the available
# anonymization address pool.
#
#Examples could be:
#
#RANON_SPECIFY_NET_TRANSLATION=192.168.0/24::128.2.134/24
#RANON_SPECIFY_NET_TRANSLATION=64.12.0/24::134.5.0/24
#RANON_SPECIFY_NET_TRANSLATION=128.2/24.0::200.200.0/24
#
#
# Ranonymize can also be configured to perform specific host
# address translation.  Feel free to list as many addresses
# that you would like.
#
#Examples would be:
#
#RANON_SPECIFY_HOST_TRANSLATION=192.168.0.64::128.2.34.5
#

# Ranonymize has the option to preserve the network address
# hierarchy at various levels of granularity.  This allows you to
# preserve the addressing relationships between addresses.
# The options are "cidr", "class" and "no".
#
# CIDR network address anoyminization specifies the length of
# the network part for all address allocations.  The default is
# 24 bits.

RANON_PRESERVE_NET_ADDRESS_HIERARCHY=cidr/24


# Class network adddress heirarchy preservation, causes ranonymize()
# to allocate new network addresses base on the address class.  All
# CLASSA network addresses will be allocated new addresses from the
# Class A network pool.  The Class option sets the NETWORK_ADDRESS_LENGTH
# value to 24. Specifing "specific" network translations is allowed,
# however these address will not be hierarchy preserving.

#RANON_PRESERVE_NET_ADDRESS_HIERARCHY=class

# Ranonymize has the option to preserve the broadcast address
# relationship by not modifying host addresses of 0 and 255.

RANON_PRESERVE_BROADCAST_ADDRESS=yes

# Preserving Multicast addresses means mapping any IANA defined
# IPv4 multicast address to another multicast address.  While there
# is no inherient semantic of network and host values for mulitcast
# addresses, ranonymize treats multicast addresses as normal addresses
# but allocated from a separate pool.
# Semantics for network and host parts still apply as above.

RANON_PRESERVE_MULTICAST_ADDRESS=yes


# Ranonymize anonymizes the IP_ID value in IPv4 records, by adding
# a constant value to the existing ip_id and wrapping where appropriate.
# The constant value can be generated by ranonymize as "fixed:random",
# or the user can provid a "fixed:x", where x is the fixed offset,
# or the keyword "none" can be used to turn off the default
#
RANON_PRESERVE_IP_ID=fixed:random


# Ranonymize anonymizes the IP TTL value in IPv4 records, by shortening
# or lengthing the distance from a specific IP address/network by a
# constant value to the existing src and dst ttls.  This functionally
# moves the observation point of the probe relative to the set of
# observed addresses.  In order to achieve this, ranonymize tracks
# the ttl offset by translated IP address.
#
# When hierarchy perservation is specified, the ttl changes will
# be adjusted based on the network part of the address.
#
# Three values that are significant and can be preserved independantly
# are 0, 255 and 254.  255 and 254 function in many distance contraint
# mechanisms and are used by network equipment itself, and they have
# network relivance that is significant.
#
# The constant value can be generated by ranonymize as "fixed:random",
# or the user can provid a "fixed:x", where x is the fixed offset,
# or the keyword "none" can be used to turn off the default
#
RANON_PRESERVE_ICMPMAPPED_TTL=yes
RANON_PRESERVE_IP_TTL=fixed:random


# Ranonymize anonymizes the IP TOS value in IPv4 records, by adding
# a constant value to the existing src and dst ttl and wrapping where
# appropriate.  While there are significant DSByte and TOS encodings
# the value to treatment is functionally arbitrary, allowing for
# random or fixed offset preservation to provide some semantics.
#
# The constant value can be generated by ranonymize as "fixed:random",
# or the user can provid a "fixed:x", where x is the fixed offset,
# or the keyword "none" can be used to turn off the default
#
RANON_PRESERVE_IP_TOS=fixed:random


# Ranonymize anonymizes the IP Options value in IPv4 records, by
# a constant value to the existing src and dst ttl and wrapping where
# appropriate.  While there are significant DSByte and TOS encodings
# the value to treatment is functionally arbitrary, allowing for
# random or fixed offset preservation to provide some semantics.
#
# The constant value can be generated by ranonymize as "fixed:random",
# or the user can provid a "fixed:x", where x is the fixed offset,
# or the keyword "none" can be used to turn off the default
#
RANON_PRESERVE_IP_TOS=fixed:random



# Ranonymize can be configured to preserve specific ranges
# of port numbers.  For convenience, ranonymize() can be
# configured to preserve the IANA well known port allocation
# range (0-1023), the registered ports (1024-49151) and/or
# the private port range (49152 - 65535).  Also, ranonymize()
# can be configured to preserve specific port numbers. These
# numbers are independent of protocol type, so if port 23461
# is to be preserved, it will be for both tcp and udp based
# flows.
#
RANON_PRESERVE_WELLKNOWN_PORT_NUMS=yes
RANON_PRESERVE_REGISTERED_PORT_NUMS=no
RANON_PRESERVE_PRIVATE_PORT_NUMS=no


# Ranonymize can be configured to use several methods for
# anonymizing port values.  "random", "fixed:random", "fixed:x"
# and "no" anonymization.  Random ensures that every port value
# is allocated from a random pool, where the offset: methods
# shift the port number by either a "random" amount, changing
# on each invocation, or with a fixed offset of 'x', specified by the user.

RANON_PORT_METHOD="offset:random"


# There are a number of fields that are not subject to anonymization,
# such as protocol types.  These values, if not needed, can be zeroed
# out, but upper protocol information, such as TCP base sequence numbers,
# window performance etc.... need to be removed as needed.

# By default, ranonymize() removes or zeroizes all other fields, in
# the record, including TTL, TOS.  Whole DSR's that are not anonymizable,
# such as jitter values, user data contents, etc... are removed from the
# record at anonymization time.