Skip site navigation (1)Skip section navigation (2)

FreeBSD Manual Pages

  
 
  

home | help
RANONYMIZE.CONF(1)	    General Commands Manual	    RANONYMIZE.CONF(1)

NAME
       ranonymize.conf - ranonymize(1) configuration file.

SYNOPSIS
       ranonymize.conf

DESCRIPTION
       This configuration file provides	the ability to specify options for ar-
       gus data	anoymization.

OPTIONS
       The anonymization clients have a	small number of	options	 for  control-
       ling specific aspects of	the anonymization function and its output.

Timestamps, Reference and Sequence Numbers
       Ranonymize anonymizes various fields in Argus records, such as the net-
       work addresses, protocol	specific port numbers, timestamps, transaction
       reference numbers, and the sequence numbers.

       For  some  fields,  specifically	 the timestamps, transaction reference
       numbers and the sequence	numbers, which are generally monotonically in-
       creasing	 counters, a good anonymization	technique is to	shift the val-
       ues by a	constant, so that the sequential relationships between	values
       is preserved.

       The  configuration provides some	flexibility here, so that the user can
       control fixed offset shifting anonymization.  The constant value	can be
       generated by the	anonymization client at	"random", which	is the default
       behavior, or the	user can provide a "fixed:x", where  x	is  the	 fixed
       offset.	 Of course, the	keyword	"none" can be used to turn off the de-
       fault anonymization for these values.

       RANON_TRANSREFNUM_OFFSET=random
       RANON_SEQNUM_OFFSET=random
       RANON_TIME_SEC_OFFSET=random
       RANON_TIME_USEC_OFFSET=random

Ethernet Address Vendor	Codes
       When anonymizing	ethernet addresses, ranonymize has the option to  pre-
       serve  the vendor portion, if desired.  This allows analytical programs
       to differentiate	anonymized data	 by  vendor  type.   This  feature  is
       turned off by default.

       RANON_PRESERVE_ETHERNET_VENDOR=no

Broadcast Addresses
       Ranonymize has the option to preserve the semantic that an address is a
       broadcast address.  This	is very	important when doing flow analysis for
       either  operational  or	performance  managment tasks, using anonymized
       data.

       RANON_PRESERVE_BROADCAST_ADDRESS=yes

IPv4 Address Anonymization
       IPv4 address are	composed of two	parts, a network part and a host part.
       Because the addressing strategy of a site may have integrated semantics
       that would want to be retained in the anonymized	 addresses,  IPv4  ad-
       dress  anonymization involves specifying	a one-to-one translation table
       for both	the network and	host address spaces in an IPv4 address.	  Once
       a  new network address has been allocated, every	occurence of that net-
       work address will be substituted	in the anonymizers output stream.  The
       host address space is anonymized	in an independent but similar fashion.

       Ranonymize  allows you to specify the type of anonymization method used
       in a number of categories. For network and host address conversion, ra-
       nonymize	can support "sequential", "random" or "no" anonymization.  Se-
       quential	anonymization involves allocating new addresses	in a monotoni-
       cally  increasing  fashion  on  a first come first serve	basis.	Random
       anonymization allocates random addresses	from the working pool  of  ad-
       dresses,	and "no" anonymization preserves the address type, whether its
       network,	host or	both.

       The default working  pool  of  network  addresses  contains  only  non-
       routable	addresses, and starts with 10.0.0.0.  All anonymized addresses
       are treated as Class C network addresses,  in  order  to	 conserve  the
       anonymization allocation	demands.

       As  an  example,	 if  the  first	 Argus	record contained the addresses
       128.64.2.4 and 132.243.2.87 as the source and  destination,  sequential
       anonymization would generate the	addresses 10.0.0.1 and 10.0.1.1	as the
       new source and destination addresses.  This is  because,	 the  two  ad-
       dresses	have  differing	 network  parts, 128.64.2 and 132.243.2, these
       would be	allocated 10.0.0 and 10.0.1 respectively  (sequential  alloca-
       tion).	Because	 these	are  the first hosts to	be allocated, the host
       parts are both 1.

       Random anonymization could generate 10.24.31.203	and 10.1.34.18 as pos-
       sible addresses,	as both	the Class C network address would be allocated
       randomly	from the 10 network space, and the host	address	part would  be
       allocated randomly from the possible host addresses.

       Sequential  randomization uses the least	amount of memory and minimizes
       anonymization processing	time, while  random  provides  better  address
       scrambling.

       Implemenation note: currently only supporting sequential

       RANON_NET_ANONYMIZATION=sequential
       RANON_HOST_ANONYMIZATION=sequential

Address	Hierarchy
       Ranonymize  has the option to preserve the network address hierarchy at
       various levels of granularity.  This allows you	to  preserve  the  ad-
       dressing	 relationships	between	 addresses.   The  options are "cidr",
       "class",	"subnet" and "no".

       Class network adddress heirarchy	preservation, causes  ranonymize()  to
       allocate	 new  network addresses	base on	the address class.  All	CLASSA
       network addresses will be allocated new addresses from the Class	A net-
       work  pool.   Network  addresses	 will  be allocated as 24 bit CIDR ad-
       dresses,	in that	the first 24 bits will map to a	unique 24 network  ad-
       dress,  and  host addresses will	be allocated from the 254 address pool
       (0 and 255 can be preserved, see	below).

       RANON_PRESERVE_NET_ADDRESS_HIERARCHY=cidr

Specific Network Address Aliasing
       Ranonymize can be configured to perform specific	network	address	trans-
       lation.	 These must be specified as 24 bit CIDR	addresses.  RANON_PRE-
       SERVE_NET_ADDRESS_HIERARCHY must	be set to "cidr", for this feature  to
       work.

       Examples	would be:

       RANON_SPECIFY_NET_TRANSLATION=192.168.0.0::128.2.134.0
       RANON_SPECIFY_NET_TRANSLATION=64.12.0.0::134.5.0.0
       RANON_SPECIFY_NET_TRANSLATION=128.2.0.0::200.200.0.0

Specific Host Address Aliasing
       Ranonymize  can be configured to	perform	specific host address transla-
       tion.  These addresses are allocated prior to reading any data, and are
       removed	from  the  potential  network  address pool, regardless	of the
       anonymization strategy.	Feel free to list as many addresses  that  you
       would like.

       Examples	would be:

       RANON_SPECIFY_HOST_TRANSLATION=192.168.0.64::128.2.34.5

Transport SAP Aliasing
       Ranonymize  can	be configured to preserve specific ranges of port num-
       bers.  For convenience, ranonymize() can	be configured to preserve  the
       IANA  well  known  port allocation range	(0-1023), the registered ports
       (1024-49151) and/or the private port range (49152 - 65535).  Also,  ra-
       nonymize()  can	be configured to preserve specific port	numbers. These
       numbers are independent of protocol type, so if port  23461  is	to  be
       preserved, it will be preserved for both	tcp and	udp based flows.

       RANON_PRESERVE_WELLKNOWN_PORT_NUMS=yes
       RANON_PRESERVE_REGISTERED_PORT_NUMS=no
       RANON_PRESERVE_PRIVATE_PORT_NUMS=no

COPYRIGHT
       Copyright (c) 2000-2016 QoSient.	All rights reserved.

SEE ALSO
       ranonymize(1)

ranonymize.conf	3.0.8	       14 November 2001		    RANONYMIZE.CONF(1)

NAME | SYNOPSIS | DESCRIPTION | OPTIONS | Timestamps, Reference and Sequence Numbers | Ethernet Address Vendor Codes | Broadcast Addresses | IPv4 Address Anonymization | Address Hierarchy | Specific Network Address Aliasing | Specific Host Address Aliasing | Transport SAP Aliasing | COPYRIGHT | SEE ALSO

Want to link to this manual page? Use this URL:
<https://www.freebsd.org/cgi/man.cgi?query=ranonymize&sektion=5&manpath=FreeBSD+12.2-RELEASE+and+Ports>

home | help