FreeBSD Manual Pages
RANONYMIZE.CONF(1) General Commands Manual RANONYMIZE.CONF(1) NAME ranonymize.conf - ranonymize(1) configuration file. SYNOPSIS ranonymize.conf DESCRIPTION This configuration file provides the ability to specify options for ar- gus data anoymization. OPTIONS The anonymization clients have a small number of options for control- ling specific aspects of the anonymization function and its output. Timestamps, Reference and Sequence Numbers Ranonymize anonymizes various fields in Argus records, such as the net- work addresses, protocol specific port numbers, timestamps, transaction reference numbers, and the sequence numbers. For some fields, specifically the timestamps, transaction reference numbers and the sequence numbers, which are generally monotonically in- creasing counters, a good anonymization technique is to shift the val- ues by a constant, so that the sequential relationships between values is preserved. The configuration provides some flexibility here, so that the user can control fixed offset shifting anonymization. The constant value can be generated by the anonymization client at "random", which is the default behavior, or the user can provide a "fixed:x", where x is the fixed offset. Of course, the keyword "none" can be used to turn off the de- fault anonymization for these values. RANON_TRANSREFNUM_OFFSET=random RANON_SEQNUM_OFFSET=random RANON_TIME_SEC_OFFSET=random RANON_TIME_USEC_OFFSET=random Ethernet Address Vendor Codes When anonymizing ethernet addresses, ranonymize has the option to pre- serve the vendor portion, if desired. This allows analytical programs to differentiate anonymized data by vendor type. This feature is turned off by default. RANON_PRESERVE_ETHERNET_VENDOR=no Broadcast Addresses Ranonymize has the option to preserve the semantic that an address is a broadcast address. This is very important when doing flow analysis for either operational or performance managment tasks, using anonymized data. RANON_PRESERVE_BROADCAST_ADDRESS=yes IPv4 Address Anonymization IPv4 address are composed of two parts, a network part and a host part. Because the addressing strategy of a site may have integrated semantics that would want to be retained in the anonymized addresses, IPv4 ad- dress anonymization involves specifying a one-to-one translation table for both the network and host address spaces in an IPv4 address. Once a new network address has been allocated, every occurence of that net- work address will be substituted in the anonymizers output stream. The host address space is anonymized in an independent but similar fashion. Ranonymize allows you to specify the type of anonymization method used in a number of categories. For network and host address conversion, ra- nonymize can support "sequential", "random" or "no" anonymization. Se- quential anonymization involves allocating new addresses in a monotoni- cally increasing fashion on a first come first serve basis. Random anonymization allocates random addresses from the working pool of ad- dresses, and "no" anonymization preserves the address type, whether its network, host or both. The default working pool of network addresses contains only non- routable addresses, and starts with 10.0.0.0. All anonymized addresses are treated as Class C network addresses, in order to conserve the anonymization allocation demands. As an example, if the first Argus record contained the addresses 128.64.2.4 and 132.243.2.87 as the source and destination, sequential anonymization would generate the addresses 10.0.0.1 and 10.0.1.1 as the new source and destination addresses. This is because, the two ad- dresses have differing network parts, 128.64.2 and 132.243.2, these would be allocated 10.0.0 and 10.0.1 respectively (sequential alloca- tion). Because these are the first hosts to be allocated, the host parts are both 1. Random anonymization could generate 10.24.31.203 and 10.1.34.18 as pos- sible addresses, as both the Class C network address would be allocated randomly from the 10 network space, and the host address part would be allocated randomly from the possible host addresses. Sequential randomization uses the least amount of memory and minimizes anonymization processing time, while random provides better address scrambling. Implemenation note: currently only supporting sequential RANON_NET_ANONYMIZATION=sequential RANON_HOST_ANONYMIZATION=sequential Address Hierarchy Ranonymize has the option to preserve the network address hierarchy at various levels of granularity. This allows you to preserve the ad- dressing relationships between addresses. The options are "cidr", "class", "subnet" and "no". Class network adddress heirarchy preservation, causes ranonymize() to allocate new network addresses base on the address class. All CLASSA network addresses will be allocated new addresses from the Class A net- work pool. Network addresses will be allocated as 24 bit CIDR ad- dresses, in that the first 24 bits will map to a unique 24 network ad- dress, and host addresses will be allocated from the 254 address pool (0 and 255 can be preserved, see below). RANON_PRESERVE_NET_ADDRESS_HIERARCHY=cidr Specific Network Address Aliasing Ranonymize can be configured to perform specific network address trans- lation. These must be specified as 24 bit CIDR addresses. RANON_PRE- SERVE_NET_ADDRESS_HIERARCHY must be set to "cidr", for this feature to work. Examples would be: RANON_SPECIFY_NET_TRANSLATION=192.168.0.0::128.2.134.0 RANON_SPECIFY_NET_TRANSLATION=64.12.0.0::134.5.0.0 RANON_SPECIFY_NET_TRANSLATION=128.2.0.0::200.200.0.0 Specific Host Address Aliasing Ranonymize can be configured to perform specific host address transla- tion. These addresses are allocated prior to reading any data, and are removed from the potential network address pool, regardless of the anonymization strategy. Feel free to list as many addresses that you would like. Examples would be: RANON_SPECIFY_HOST_TRANSLATION=192.168.0.64::128.2.34.5 Transport SAP Aliasing Ranonymize can be configured to preserve specific ranges of port num- bers. For convenience, ranonymize() can be configured to preserve the IANA well known port allocation range (0-1023), the registered ports (1024-49151) and/or the private port range (49152 - 65535). Also, ra- nonymize() can be configured to preserve specific port numbers. These numbers are independent of protocol type, so if port 23461 is to be preserved, it will be preserved for both tcp and udp based flows. RANON_PRESERVE_WELLKNOWN_PORT_NUMS=yes RANON_PRESERVE_REGISTERED_PORT_NUMS=no RANON_PRESERVE_PRIVATE_PORT_NUMS=no COPYRIGHT Copyright (c) 2000-2016 QoSient. All rights reserved. SEE ALSO ranonymize(1) ranonymize.conf 3.0.8 14 November 2001 RANONYMIZE.CONF(1)
NAME | SYNOPSIS | DESCRIPTION | OPTIONS | Timestamps, Reference and Sequence Numbers | Ethernet Address Vendor Codes | Broadcast Addresses | IPv4 Address Anonymization | Address Hierarchy | Specific Network Address Aliasing | Specific Host Address Aliasing | Transport SAP Aliasing | COPYRIGHT | SEE ALSO
Want to link to this manual page? Use this URL:
<https://man.freebsd.org/cgi/man.cgi?query=ranonymize&sektion=5&manpath=FreeBSD+Ports+14.3.quarterly>