
/*
 * Copyright (c) 1995 Carnegie Mellon University.
 * All rights reserved.
 *
 * Permission to use, copy, modify, and distribute this software and
 * its documentation for any purpose and without fee is hereby granted, 
 * provided that the above copyright notice appear in all copies and
 * that both that copyright notice and this permission notice appear
 * in supporting documentation, and that the name of CMU not be
 * used in advertising or publicity pertaining to distribution of the
 * software without specific, written prior permission.  
 * 
 * CMU DISCLAIMS ALL WARRANTIES WITH REGARD TO THIS SOFTWARE, INCLUDING
 * ALL IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS, IN NO EVENT SHALL
 * CMU BE LIABLE FOR ANY SPECIAL, INDIRECT OR CONSEQUENTIAL DAMAGES OR
 * ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS,
 * WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION,
 * ARISING OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS
 * SOFTWARE.
 *
 */

Argus examples directory

This directory includes shell scripts and configuration files that
perform simple network administrative tasks, and are offered as a 
demonstration of how Argus data can be used in your network management.

They are demonstrations of:

   1. Network activity summary report generation.
   2. Specific network intrusion attack detection.


If you would like to make contributions to this directory and have
them included in possible future releases, please send your candidates
to argus@sei.cmu.edu.

MANIFEST
./examples
-r-xr-xr-x   1 root     root           73 Nov  2  1996 CA-95.01
-r-xr-xr-x   1 root     root         5688 Nov  2  1996 CA-95.01.scan.sh
-r--r--r--   1 root     root         3763 Oct  8 09:02 README
-rw-r--r--   1 root     root         4096 Oct  8 09:02 README.swp
-r--r--r--   1 root     root         3218 Nov  2  1996 configs
-r-xr-xr-x   1 root     root         1636 Nov  2  1996 dailyscan.sh
-r--r--r--   1 root     root         1744 Nov  2  1996 policy.conf
-r--r--r--   1 root     root          255 Nov  2  1996 policy.test
-r--r--r--   1 root     root         2826 Nov  2  1996 ra.conf
-r--r--r--   1 root     root          215 Nov  2  1996 services


CA-95.01      - a one line Argus filter that will aid in detecting if
                there has been an IP spoof attack of the nature
                described in CERT advisory CA-95:01.


CA-95.01.scan.sh -
                An example of a shell to examine Argus data, looking
                for a specific type of network activity.  In this
                example, the scan uses the file, 'CA-95:01', which
                tests for the occurrence of an IP spoofing attack of
                the form described in CERT advisory CA-95:01.
                This is included as a demonstration of how Argus data
                can be used in local intrusion detection, and is offered
                as an exercise.


configs       - A description of 2 Argus deployment strategies.


dailyscan.sh  - An example of a shell script that can be used
                to examine Argus data.  A shell of this type might
                be run as a daily cron job and used to generate
                daily network activity reports.


policy.conf   - An configuration example for a feature of Argus clients,
                where you can use Cisco access control lists to define your
                selection criteria.  Argus data entries that "violate" the
                access control list will be selected.  This feature can be
                used to validate network access control policies.


ra.conf       - A sample firewall policy filter file used by dailyscan.sh.
                This is an example firewall policy.  The actual policy
                used should be the policy installed your actual router.
