Firewall setup

You can use a firewall to restrict access to Argus services.

A simple setup is to open only the Argus PEP port.

Edit the iptables configuration file /etc/sysconfig/iptables to open the PEP port 8154 in the INPUT chain and drop network traffic on all other ports (except SSH):

*filter
:INPUT DROP [0:0]
:FORWARD DROP [0:0]
:OUTPUT ACCEPT [0:0]
-A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
-A INPUT -p icmp -j ACCEPT
-A INPUT -i lo -j ACCEPT
-A INPUT -p tcp -m state --state NEW -m tcp --dport 22 -j ACCEPT
-A INPUT -p tcp -m state --state NEW -m tcp --dport 8154 -j ACCEPT
COMMIT

Save the changes and restart iptables. On EL7 platforms:

$ systemctl restart iptables

On EL6 platforms:

$ service iptables restart

Validation

From another host, scan the Argus ports:

$ nmap -Pn -p8150-8155 argus.cnaf.test

Starting Nmap 7.60 ( https://nmap.org ) at 2017-12-04 15:07 CET
Nmap scan report for argus.cnaf.test (10.0.0.173)
Host is up (0.00015s latency).
rDNS record for 10.0.0.173: argus

PORT     STATE    SERVICE
8150/tcp filtered unknown
8151/tcp filtered unknown
8152/tcp filtered unknown
8153/tcp filtered quantastor
8154/tcp open     unknown
8155/tcp filtered unknown

Nmap done: 1 IP address (1 host up) scanned in 2.14 seconds