Package: argus-server
Version: 2:3.0.8.2-2+b1
Severity: important
Dear Maintainer,
Argus server generates network traffic flow metadata, producing an
output file (/var/log/argus/argus.out) that is corrupted, having
sometimes the wrong byte order in certain fields.
Parsing such an output file (with ra -r /var/log/argus/argus.out)
leads to incorrect data interpretation, segfault, or to ARGUS_DATA_DSR
len is zero error due to corrupted data.
This can be easily reproduced running the argus server for a couple
of minutes and then examining the output file with ra.
To solve the issue I had to rebuild the debian package from source
removing the default gcc -O2 optimization -- stripping it from CFLAGS
and CXXFLAGS.
-- System Information:
Debian Release: 11.6
APT prefers stable-updates
APT policy: (500, 'stable-updates'), (500, 'stable-security'), (500,
'stable')
Architecture: amd64 (x86_64)
Kernel: Linux 5.10.0-20-amd64 (SMP w/4 CPU threads)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8),
LANGUAGE=en_US:en
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled
Versions of packages argus-server depends on:
ii libc6 2.31-13+deb11u5
ii libpcap0.8 1.10.0-2
ii libwrap0 7.6.q-31
ii logrotate 3.18.0-2+deb11u1
ii net-tools 1.60+git20181103.0eebece-1
ii zlib1g 1:1.2.11.dfsg-2+deb11u2
Versions of packages argus-server recommends:
ii argus-client 1:3.0.8.2-6+b1
argus-server suggests no packages.
