Get Gentoo!
gentoo.org sites
gentoo.org Wiki Bugs Forums Packages
Planet Archives Sources
Infra Status
summaryrefslogtreecommitdiff
path: root/net-analyzer/barnyard
diff options
context:
space:
mode:
Diffstat (limited to 'net-analyzer/barnyard')
-rw-r--r--net-analyzer/barnyard/Manifest2
-rw-r--r--net-analyzer/barnyard/barnyard-0.2.0-r3.ebuild100
-rw-r--r--net-analyzer/barnyard/files/barnyard.64bit.diff81
-rw-r--r--net-analyzer/barnyard/files/barnyard.confd19
-rw-r--r--net-analyzer/barnyard/files/barnyard.rc630
-rw-r--r--net-analyzer/barnyard/metadata.xml13
6 files changed, 245 insertions, 0 deletions
diff --git a/net-analyzer/barnyard/Manifest b/net-analyzer/barnyard/Manifest
new file mode 100644
index 000000000000..aadd121b29c7
--- /dev/null
+++ b/net-analyzer/barnyard/Manifest
@@ -0,0 +1,2 @@
+DIST barnyard-0.2.0-patches.tar.bz2 12911 SHA256 cecc0c983899d12ae217232e2cd34d86e780b4be34ac36ccb3f73a1b954ea6f0
+DIST barnyard-0.2.0.tar.gz 161543 SHA256 09e0f8e095e79cfe70ea069d13e7d02521a504a1f400a45556a634dccfd31a3a
diff --git a/net-analyzer/barnyard/barnyard-0.2.0-r3.ebuild b/net-analyzer/barnyard/barnyard-0.2.0-r3.ebuild
new file mode 100644
index 000000000000..922d8fe65e74
--- /dev/null
+++ b/net-analyzer/barnyard/barnyard-0.2.0-r3.ebuild
@@ -0,0 +1,100 @@
+# Copyright 1999-2015 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Id$
+
+EAPI=2
+
+inherit eutils autotools
+
+DESCRIPTION="Fast output system for Snort"
+HOMEPAGE="http://sourceforge.net/projects/barnyard"
+SRC_URI="
+ mirror://sourceforge/barnyard/barnyard-${PV/_/-}.tar.gz
+ mirror://gentoo/${P}-patches.tar.bz2"
+
+SLOT="0"
+LICENSE="QPL GPL-2"
+KEYWORDS="~amd64 -sparc ~x86"
+IUSE="mysql postgres sguil"
+
+DEPEND="
+ net-libs/libpcap
+ postgres? ( dev-db/postgresql[server] )
+ mysql? ( virtual/mysql )
+ sguil? ( dev-lang/tcl:0 )"
+RDEPEND="${DEPEND}
+ net-analyzer/snort"
+
+S="${WORKDIR}/${P/_/-}"
+
+src_prepare() {
+ epatch "${FILESDIR}/barnyard.64bit.diff"
+ if use sguil ; then
+ epatch "${WORKDIR}/${PV}-sguil_files.patch"
+ epatch "${WORKDIR}/${PV}-configure-in.patch"
+ cd "${S}/src/output-plugins"
+ epatch "${WORKDIR}/${PV}-op_plugbase.c.patch"
+ cd "${S}"
+ fi
+ eautoreconf
+}
+
+src_configure() {
+ local myconf
+ if use sguil ; then
+ myconf="--enable-tcl"
+ fi
+
+ econf \
+ ${myconf} \
+ --sysconfdir=/etc/snort \
+ $(use_enable postgres) \
+ $(use_enable mysql)
+}
+src_compile() {
+ emake || die "compile problem"
+}
+
+src_install () {
+
+ make DESTDIR="${D}" install || die
+
+ dodoc docs/*
+ dodoc AUTHORS README
+
+ keepdir /var/log/snort
+ keepdir /var/log/snort/archive
+
+ insinto /etc/snort
+ newins etc/barnyard.conf barnyard.conf
+ if use sguil ; then
+ sed -i -e "/config hostname:/s%snorthost%$(hostname)%" \
+ -e "/config interface/s:fxp0:eth0:" \
+ -e "s:output alert_fast:#output alert_fast:" \
+ -e "s:output log_dump:#output log_dump:" \
+ "${D}/etc/snort/barnyard.conf" || die "sed failed"
+ fi
+
+ newconfd "${FILESDIR}"/barnyard.confd barnyard
+ if use sguil ; then
+ sed -i -e s:/var/log/snort:/var/lib/sguil/$(hostname): \
+ -e s:/var/run/barnyard.pid:/var/run/sguil/barnyard.pid: \
+ "${D}/etc/conf.d/barnyard" || die "sed failed"
+ fi
+
+ newinitd "${FILESDIR}"/barnyard.rc6 barnyard
+ if use sguil ; then
+ sed -i -e "/start-stop-daemon --start/s:--exec:-c sguil --exec:" \
+ "${D}/etc/init.d/barnyard" || die "sed failed"
+ fi
+}
+
+pkg_postinst() {
+ if use sguil ; then
+ elog
+ elog "Make sure to edit /etc/snort/barnyard.conf and uncomment the"
+ elog "sguil section along with supplying the appropriate database"
+ elog "information."
+ elog
+ fi
+}
diff --git a/net-analyzer/barnyard/files/barnyard.64bit.diff b/net-analyzer/barnyard/files/barnyard.64bit.diff
new file mode 100644
index 000000000000..f338d291ff1c
--- /dev/null
+++ b/net-analyzer/barnyard/files/barnyard.64bit.diff
@@ -0,0 +1,81 @@
+diff -ur barnyard-0.2.0/src/barnyard.h barnyard-0.2.0.64bit/src/barnyard.h
+--- barnyard-0.2.0/src/barnyard.h 2004-05-01 12:43:29.000000000 -0400
++++ barnyard-0.2.0.64bit/src/barnyard.h 2007-08-11 23:22:53.000000000 -0400
+@@ -34,7 +34,8 @@
+
+ typedef struct _SnortPktHeader
+ {
+- struct timeval ts; /* packet timestamp */
++ // struct timeval ts; /* packet timestamp */
++ struct pcap_timeval ts; /* packet timestamp */
+ u_int32_t caplen; /* packet capture length */
+ u_int32_t pktlen; /* packet "real" length */
+ } SnortPktHeader;
+Only in barnyard-0.2.0.64bit/src: barnyard.h~
+diff -ur barnyard-0.2.0/src/event.h barnyard-0.2.0.64bit/src/event.h
+--- barnyard-0.2.0/src/event.h 2003-05-02 22:44:12.000000000 -0400
++++ barnyard-0.2.0.64bit/src/event.h 2007-08-12 00:13:44.000000000 -0400
+@@ -19,6 +19,11 @@
+ #include <sys/types.h>
+ #include <sys/time.h>
+
++struct pcap_timeval {
++ u_int32_t tv_sec; /* seconds */
++ u_int32_t tv_usec; /* microseconds */
++};
++
+ typedef struct _Event
+ {
+ u_int32_t sig_generator; /* which part of snort generated the alert? */
+@@ -30,6 +35,7 @@
+ u_int32_t event_reference; /* reference to other events that have gone off,
+ * such as in the case of tagged packets...
+ */
+- struct timeval ref_time; /* reference time for the event reference */
++ // struct timeval ref_time; /* reference time for the event reference */
++ struct pcap_timeval ref_time; /* reference time for the event reference */
+ } Event;
+ #endif /* __EVENT_H__ */
+Only in barnyard-0.2.0.64bit/src: event.h~
+diff -ur barnyard-0.2.0/src/input-plugins/dp_alert.h barnyard-0.2.0.64bit/src/input-plugins/dp_alert.h
+--- barnyard-0.2.0/src/input-plugins/dp_alert.h 2004-02-19 20:59:48.000000000 -0500
++++ barnyard-0.2.0.64bit/src/input-plugins/dp_alert.h 2007-08-11 23:24:25.000000000 -0400
+@@ -34,7 +34,8 @@
+ typedef struct _UnifiedAlertRecord
+ {
+ Event event;
+- struct timeval ts; /* event timestamp */
++ // struct timeval ts; /* event timestamp */
++ struct pcap_timeval ts; /* event timestamp */
+ u_int32_t sip; /* src ip */
+ u_int32_t dip; /* dest ip */
+ u_int16_t sp; /* src port */
+Only in barnyard-0.2.0.64bit/src/input-plugins: dp_alert.h~
+diff -ur barnyard-0.2.0/src/util.c barnyard-0.2.0.64bit/src/util.c
+--- barnyard-0.2.0/src/util.c 2004-03-06 17:30:15.000000000 -0500
++++ barnyard-0.2.0.64bit/src/util.c 2007-08-12 00:14:52.000000000 -0400
+@@ -514,7 +514,8 @@
+
+ static char tmpbuf[256];
+
+-int RenderTimeval(struct timeval *tv, char *timebuf, size_t len)
++// int RenderTimeval(struct timeval *tv, char *timebuf, size_t len)
++int RenderTimeval(struct pcap_timeval *tv, char *timebuf, size_t len)
+ {
+ struct tm *lt;
+ time_t timet;
+Only in barnyard-0.2.0.64bit/src: util.c~
+diff -ur barnyard-0.2.0/src/util.h barnyard-0.2.0.64bit/src/util.h
+--- barnyard-0.2.0/src/util.h 2004-03-06 19:23:50.000000000 -0500
++++ barnyard-0.2.0.64bit/src/util.h 2007-08-11 23:23:46.000000000 -0400
+@@ -39,7 +39,8 @@
+ void ClearDumpBuf();
+ void GoDaemon();
+ size_t RenderTimestamp(time_t timet, char *timebuf, size_t len);
+-int RenderTimeval(struct timeval *tv, char *timebuf, size_t len);
++// int RenderTimeval(struct timeval *tv, char *timebuf, size_t len);
++int RenderTimeval(struct pcap_timeval *tv, char *timebuf, size_t len);
+ int CreatePidFile(char *filename);
+ int String2Long(char *string, long *result);
+ int String2ULong(char *string, unsigned long *result);
+Only in barnyard-0.2.0.64bit/src: util.h~
diff --git a/net-analyzer/barnyard/files/barnyard.confd b/net-analyzer/barnyard/files/barnyard.confd
new file mode 100644
index 000000000000..be0013cb1fe9
--- /dev/null
+++ b/net-analyzer/barnyard/files/barnyard.confd
@@ -0,0 +1,19 @@
+# Config file for /etc/init.d/barnyard
+# Copyright 1999-2012 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+
+PIDFILE="/var/run/barnyard.pid"
+LOG_FILE="snort_unified.log"
+
+# You probably don't want to change this, but in case you do
+LOGDIR="/var/log/snort"
+ARCHIVEDIR="$LOGDIR/archive"
+GENMSG_FILE="/etc/snort/gen-msg.map"
+SIDMSG_FILE="/etc/snort/sid-msg.map"
+WALDO_FILE="$LOGDIR/barnyard.waldo"
+
+# Probably not this either
+CONF=/etc/snort/barnyard.conf
+
+# This pulls in the options above
+BARNYARD_OPTS="-D -c $CONF -d $LOGDIR -g $GENMSG_FILE -s $SIDMSG_FILE -w $WALDO_FILE -L $LOGDIR -a $ARCHIVEDIR -f $LOG_FILE -X $PIDFILE"
diff --git a/net-analyzer/barnyard/files/barnyard.rc6 b/net-analyzer/barnyard/files/barnyard.rc6
new file mode 100644
index 000000000000..15471aa62021
--- /dev/null
+++ b/net-analyzer/barnyard/files/barnyard.rc6
@@ -0,0 +1,30 @@
+#!/sbin/runscript
+# Copyright 1999-2004 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Id$
+
+depend() {
+ need net
+}
+
+checkconfig() {
+ if [ ! -e $CONF ] ; then
+ eerror "You need a configuration file to run barnyard"
+ eerror "There is an example config in /etc/snort/barnyard.conf.distrib"
+ return 1
+ fi
+}
+
+start() {
+ checkconfig || return 1
+ ebegin "Starting barnyard"
+ start-stop-daemon --start --quiet --exec /usr/bin/barnyard \
+ -- ${BARNYARD_OPTS} >/dev/null 2>&1
+ eend $?
+}
+
+stop() {
+ ebegin "Stopping barnyard"
+ start-stop-daemon --stop --quiet --pidfile ${PIDFILE}
+ eend $?
+}
diff --git a/net-analyzer/barnyard/metadata.xml b/net-analyzer/barnyard/metadata.xml
new file mode 100644
index 000000000000..c2407e4f2026
--- /dev/null
+++ b/net-analyzer/barnyard/metadata.xml
@@ -0,0 +1,13 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE pkgmetadata SYSTEM "http://www.gentoo.org/dtd/metadata.dtd">
+<pkgmetadata>
+ <herd>netmon</herd>
+ <longdescription>Fast output system for Snort</longdescription>
+ <use>
+ <flag name="sguil">Enable sguil (The Analyst Console for Network Security
+Monitoring) support</flag>
+ </use>
+ <upstream>
+ <remote-id type="sourceforge">barnyard</remote-id>
+ </upstream>
+</pkgmetadata>