This file is indexed.

/etc/argus.conf is in argus-server 1:2.0.6.fixes.1-16.3ubuntu1.

This file is owned by root:root, with mode 0o644.

The actual contents of the file can be viewed below.

  1
  2
  3
  4
  5
  6
  7
  8
  9
 10
 11
 12
 13
 14
 15
 16
 17
 18
 19
 20
 21
 22
 23
 24
 25
 26
 27
 28
 29
 30
 31
 32
 33
 34
 35
 36
 37
 38
 39
 40
 41
 42
 43
 44
 45
 46
 47
 48
 49
 50
 51
 52
 53
 54
 55
 56
 57
 58
 59
 60
 61
 62
 63
 64
 65
 66
 67
 68
 69
 70
 71
 72
 73
 74
 75
 76
 77
 78
 79
 80
 81
 82
 83
 84
 85
 86
 87
 88
 89
 90
 91
 92
 93
 94
 95
 96
 97
 98
 99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
# 			Main configuration file.
#-----------------------------------------------------------------------------#
#-----------------------------------------------------------------------------# 
#  Copyright (c) 2000 QoSient, LLC
#  All rights reserved.
# 
#  Permission to use, copy, modify, and distribute this software and
#  its documentation for any purpose and without fee is hereby granted, 
#  provided that the above copyright notice appear in all copies and
#  that both that copyright notice and this permission notice appear
#  in supporting documentation, and that the name of QoSient not
#  be used in advertising or publicity pertaining to distribution of
#  the software without specific, written prior permission.  
#  
#  QOSIENT, LLC DISCLAIMS ALL WARRANTIES WITH REGARD TO THIS
#  SOFTWARE, INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY AND
#  FITNESS, IN NO EVENT SHALL QOSIENT, LLC BE LIABLE FOR ANY
#  SPECIAL, INDIRECT OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER
#  RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF
#  CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN
#  CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
# 
# 
#
# Variable Syntax
# 
# Variable assignments must be of the form:
#
#   VARIABLE=
#
# with no white space between the VARIABLE and the '=' sign.
# Quotes are optional for string arguements, but if you want
# to embed comments, then quotes are required.
#
#
# Variable Explanations:
#
#-----------------------------------------------------------------------------#
# Argus is capable of running as a daemon, doing all the right things
# that daemons do.  When this configuration is used for the system
# daemon process, say for /etc/argus.conf, this variable should be
# set to "yes".
#
# The default value is to not run as a daemon.
#
# This example is to support the ./support/Startup/argus script
# which requires that this variable be set to "yes".

ARGUS_DAEMON=yes
#-----------------------------------------------------------------------------#

#-----------------------------------------------------------------------------#
# If compiled to support this option, Argus is capable of
# generating a lot of use-whatever debug information.
# The default value is zero (0).
# The default Debian binary argus packages were not compiled with debugging.

ARGUS_DEBUG_LEVEL=0
#-----------------------------------------------------------------------------#

#-----------------------------------------------------------------------------#
# Argus Monitor ID is uniquely identifiable based on the source
# identifier that is included in each output record.  This is to
# allow you to work with Argus Data from multiple monitors at the
# same time.  The ID is 32 bits long, and so legitimate values are
# 0 - 4294967296 and also IP addresses and host names are suitable
# for this ID.

ARGUS_MONITOR_ID=`hostname`
#-----------------------------------------------------------------------------#

#-----------------------------------------------------------------------------#
# By default, Argus Monitors provide a real-time remote access port
# for collecting Argus data.  This is a TCP based port service and
# the default port is tcp/561, the "experimental monitor" service.
# By setting this value to zero (0), you can turn off this support.

ARGUS_ACCESS_PORT=0
#-----------------------------------------------------------------------------#

#-----------------------------------------------------------------------------#
# By default, Argus will open the first appropriate interface on a
# system that it encounters.  For systems that have only one network
# interface, this is a reasonable thing to do.  But, when there are
# more than one interface suitable interface, you may want to specify
# which interface(s) Argus should read data from.
#
# Argus can read packets from multiple interfaces at the same time,
# although this is limited to 2 interfaces at this time.

ARGUS_INTERFACE=eth0
#-----------------------------------------------------------------------------#

#-----------------------------------------------------------------------------#
# Argus when not read packet data from a file, will run
# as a persistant process, or daemon.  When doing this,
# Argus can store its pid in a file, to aid in managing
# the running daemon.
#
# When configured to generate a pid file, if Argus cannot
# create the pid file, it will fail to run.  So this
# variable is available to control whether Argus should
# or should not attempt to create a pid file.

ARGUS_SET_PID=no
#-----------------------------------------------------------------------------#

#-----------------------------------------------------------------------------#
# By default, Argus will put its interface in promiscuous mode
# in order to monitor all the traffic that can be collected.
# This can put an undo load on systems, if the intent is to
# monitor only the network activity of the specific system.
# In this case, you'll want to turn this off.

ARGUS_GO_PROMISCUOUS=yes
#-----------------------------------------------------------------------------#

#-----------------------------------------------------------------------------#
# Argus will periodically report on a flow's activity every
# ARGUS_FLOW_STATUS_INTERVAL seconds, as long as there is
# new activity on the flow.  This is so that you can get a
# view into the activity of very long lived flows.  The default
# is 60 seconds, but this number may be too low or too high
# depending on the intent.
#
# If Argus is not configured to generate flow start indications,
# which is the default setting, the status report interval is
# the time that will expire before you are notified that a
# flow exists in the network.

ARGUS_FLOW_STATUS_INTERVAL=60
#-----------------------------------------------------------------------------#

#-----------------------------------------------------------------------------#
# Argus will periodically report on a its own health, providing
# interface status, total packet and bytes counts, packet drop
# rates, and flow oriented statistics.
#
# These records can be used as "keep alives" for periods when
# there is no network traffic to be monitored.

ARGUS_GENERATE_START_RECORDS=no
#-----------------------------------------------------------------------------#

#-----------------------------------------------------------------------------#
# Argus is designed to report network flow activity when the
# network transaction/flow is completed, and to periodically
# report on flow activity when the flows are long lived, > 60
# sec.  For applications that require immediate notification of
# the beginning of a network flow, Argus can be configured to
# generate flow start records.  The default is to not generate
# these records.

ARGUS_GENERATE_RESPONSE_TIME_DATA=no
#-----------------------------------------------------------------------------#

#-----------------------------------------------------------------------------#
# Argus can be configured to generate packet jitter information
# on a per flow basis.  The default value is to not generate
# this data.

ARGUS_GENERATE_JITTER_DATA=yes
#-----------------------------------------------------------------------------#

#-----------------------------------------------------------------------------#
# Argus can be configured to not provide MAC addresses in
# it audit data.  This is available if MAC address tracking
# and audit is not a requirement.

ARGUS_GENERATE_MAC_DATA=yes
#-----------------------------------------------------------------------------#

#-----------------------------------------------------------------------------#
# Argus uses the packet filter capabilities of libpcap.  If
# there is a need to not use the libpcap filter optimizer,
# you can turn it off here.  The default is to leave it on.

ARGUS_FILTER_OPTIMIZER=no
#-----------------------------------------------------------------------------#

#-----------------------------------------------------------------------------#
# You can provide a filter expression here, if you like.
# It should be limited to 2K in length.  The default is to
# not filter.

#ARGUS_FILTER=""
#-----------------------------------------------------------------------------#
# Argus can be configured to capture a number of user data bytes from the packet
# stream. The default value is to not generate this data.

ARGUS_CAPTURE_DATA_LEN=0
#-----------------------------------------------------------------------------#
# Argus allows you to capture packets in tcpdump() format if the source of 
# of the packets if a tcpdump() formatted file or a live packet source.
# Specify the path to the packet capture file here.

#ARGUS_PACKET_CAPTURE_FILE=""
#-----------------------------------------------------------------------------#
# When remote access is enabled (see above), you can specify that Argus 
# should bind only to a specific IP address. This is useful, for example, 
# in restricting access to the local host, or binding to a private 
# interface while capturing from another. The default is to bind to any 
# IP address.
# 

#ARGUS_BIND_IP="127.0.0.1"
#------------------------------------------------------------------------------#