Provided by: argus-client_2.0.6.fixes.1-3_amd64 bug

NAME
       rapolicy - compare a argus(8) data file/stream against a Cisco Access Control List.


COPYRIGHT
       Copyright (c) 2000-2003 QoSient. All rights reserved.


SYNOPSIS
       rapolicy -r argus-file [ra options]


DESCRIPTION
       Rapolicy  reads  argus  data  from  an  argus-file  list,  and tests the argus data stream
       against a Cisco  access  control  list  configuration  file,  printing  out  records  that
       represent activity that would violate the policy.  Rapolicy can be used to indicate access
       control violations, as well as test new access control  definitions  prior  to  installing
       them in a router.


OPTIONS
       Rapolicy,  like  all  ra  based clients, supports a large number of options.  Options that
       have specific meaning to rapolicy are:

          -f <Cisco ACL file> Print records that violate the policy.
          -D 0 (default)      Print records that violate the policy.
          -D 1                Print records and the violated ruleset.
          -D 2                Print all records and the ruleset that matched.

       See ra(1) for a complete description of ra options.


EXAMPLE INVOCATION
       rapolicy -r argus.file


CISCO ACL SYNTAX
       There  does  not  seem  to  be  authoritative  Cisco-ACL-Documentation,  nor  ACL   syntax
       standardization.  Because Cisco has been know to improve its ACL rules syntax, rapolicy is
       known to work with Cisco ACL router defintions up to July, 2002.

       A Cisco ACL configuration file consists of a collection of any number of  ACL  statements,
       each on a separte line.  The syntax of an ACL statement is:

          ACL        = "access-list" ID ACTION PROTOCOL SRC DST NOTIFICATION

          ID         = Number
          ACTION     = permit | deny
          PROTO      = protocol name | protocol number

          SRC | DST  = ADDRESS [PORTMATCH]

          ADDRESS    = any | host HOSTADDR | HOSTADDR HOSTMASK
          HOSTADDR   = ipV4 address
          HOSTMASK   = matching-mask

          PORTMATCH  = PORTOP PORTNUM | range PORTRANGE
          PORTOP     = eq | lt | gt | neq | established

          PORTRANGE  =  PORTNUM PORTNUM
          PORTNUM    =  TCP or UDP port value (unsigned decimal from 0 to 65535)


EXAMPLE CONFIGURATION
       This  example  Cisco Access Control List configuration is provided as an example only.  No
       effort has been made to verify that this example Access Control  List  enforces  a  useful
       access control policy of any kind.

       #allow www-traffic to webserver
       access-list 102 permit tcp any 193.174.13.99 0.0.0.0 eq 80

       #allow ftp control connection to server
       access-list 102 permit tcp any 193.174.13.99 0.0.0.0 eq 21

       #allow normal ftp
       access-list 102 permit tcp any 193.174.13.99 0.0.0.0 eq 20

       #allow ftp passive conncetions in portrange 10000 to 10500
       access-list 102 permit tcp any host 193.174.13.99 range 10000 10500

       #dummy example
       access-list 102 permit tcp host 193.174.13.1 eq 12345 host 193.174.13.2 range 12345 23456

       #deny the rest
       access-list 102 deny tcp any any

       #same thing in other words:
       access-list 102 deny tcp 0.0.0.0 255.255.255.255 0.0.0.0 255.255.255.255


AUTHORS
       Carter Bullard (carter@qosient.com).
       Olaf Gellert (gellert@pca.dfn.de).


SEE ALSO
       ra(1), rarc(5), argus(8)

                                           22 July 2002                               RAPOLICY(1)