argusd
argusd is the Linux daemon that allows Argus to function. You need to install it to allow Argus to communicate with your server.
This page is intended to provide full disclosure about argusd, so you can trust it on your machine.
argusd is Open Source
I am providing argusd under an MIT license. You can inspect the source code of argusd, see exactly what it's doing, and even make suggestions for improvement, either by filing an issue, or submitting a pull request.
You can inspect the install script
When you install argusd, Argus uses a script pulled from a remote Amazon S3 storage server. The install script is part of the argusd source code. It takes four parameters:
- An access key. This is generated by Argus at install time, and is used to authenticate communications. This key is stored at `/etc/argusd.conf`, and is kept in the Keychain on your Mac.
- The operating system. This is (currently) always "linux".
- The architecture. Argus will detect if your server is running x86 or ARM, to provide an appropriate binary for the installer.
- The user name. This is used to allow the server to (at times) operate as a non-privileged user. It will operate as the user you provide at connection-time in Argus.
If you wish to manually install argusd, you should copy these values from the command line that you're provided as you are offered automatic installation.
How Argus Communicates with argusd
Every time you open Argus, your Mac will open four SSH local tunnels to each of your configured servers (two for the socket connection; the others for more-standard HTTP queries). This is because argusd will only respond to requests made on its localhost. The SSH tunnel translates your Mac's remote network traffic to local requests on the Linux server. You can learn more about SSH tunnels here. You can see this in action when Argus is operating, by running ps aux | grep ssh
in your Terminal:
While those tunnels are open, your Mac has access to the ports that argusd makes available. So argusd also requires a token to respond to requests. That token is generated on your Mac at setup time — you may have noticed the token being sent with the install key script! This token is installed on the Linux server and is only accessible by root; argusd then checks that the token matches future requests.
Your SSH credentials are your SSH private/public key set. If you use a password for your SSH key, it's stored in your Mac's Keychain.
I Welcome Feedback
My goal is to ensure that argusd be stable, reliable and secure. If you have any feedback, suggestions, or questions, please get in touch.