diff options
| -rw-r--r-- | testing/barnyard2/10-fix-output-fwsam-and-database_cache.patch | 21 | ||||
| -rw-r--r-- | testing/barnyard2/20-disable-outputs.patch | 45 | ||||
| -rw-r--r-- | testing/barnyard2/30-remove-warnings.patch | 86 | ||||
| -rw-r--r-- | testing/barnyard2/APKBUILD | 69 | ||||
| -rw-r--r-- | testing/barnyard2/barnyard2.confd | 36 | ||||
| -rw-r--r-- | testing/barnyard2/barnyard2.initd | 29 | ||||
| -rw-r--r-- | testing/barnyard2/barnyard2.pre-install | 7 |
7 files changed, 293 insertions, 0 deletions
diff --git a/testing/barnyard2/10-fix-output-fwsam-and-database_cache.patch b/testing/barnyard2/10-fix-output-fwsam-and-database_cache.patch new file mode 100644 index 00000000000..9e31f38566f --- /dev/null +++ b/testing/barnyard2/10-fix-output-fwsam-and-database_cache.patch @@ -0,0 +1,21 @@ +--- a/src/output-plugins/spo_alert_fwsam.c ++++ b/src/output-plugins/spo_alert_fwsam.c +@@ -115,6 +115,7 @@ + #include <sys/filio.h> + #endif + ++#undef SOCKET + typedef int SOCKET; + + #ifndef INVALID_SOCKET +--- a/src/output-plugins/spo_database_cache.c ++++ b/src/output-plugins/spo_database_cache.c +@@ -107,7 +107,7 @@ + /* Destructor */ + + /* Return largest string lenght */ +-inline u_int32_t glsl(char *a,char *b) ++static inline u_int32_t glsl(char *a,char *b) + { + u_int32_t alen = 0; + u_int32_t blen = 0; diff --git a/testing/barnyard2/20-disable-outputs.patch b/testing/barnyard2/20-disable-outputs.patch new file mode 100644 index 00000000000..76a33373f2e --- /dev/null +++ b/testing/barnyard2/20-disable-outputs.patch @@ -0,0 +1,45 @@ +--- a/src/output-plugins/Makefile.am ++++ b/src/output-plugins/Makefile.am +@@ -10,7 +10,6 @@ + spo_alert_csv.c spo_alert_csv.h \ + spo_alert_fast.c spo_alert_fast.h \ + spo_alert_full.c spo_alert_full.h \ +-spo_alert_fwsam.c spo_alert_fwsam.h \ + spo_alert_prelude.c spo_alert_prelude.h \ + spo_alert_syslog.c spo_alert_syslog.h \ + spo_alert_test.c spo_alert_test.h \ +--- a/src/plugbase.c ++++ b/src/plugbase.c +@@ -63,7 +63,6 @@ + #include "output-plugins/spo_alert_csv.h" + #include "output-plugins/spo_alert_fast.h" + #include "output-plugins/spo_alert_full.h" +-#include "output-plugins/spo_alert_fwsam.h" + #include "output-plugins/spo_alert_syslog.h" + #include "output-plugins/spo_alert_test.h" + #include "output-plugins/spo_alert_prelude.h" +@@ -335,7 +334,6 @@ + DatabaseSetup(); + AlertFastSetup(); + AlertFullSetup(); +- AlertFWsamSetup(); + #ifndef WIN32 + /* Win32 doesn't support AF_UNIX sockets */ + AlertUnixSockSetup(); +--- a/src/output-plugins/spo_alert_arubaaction.c ++++ b/src/output-plugins/spo_alert_arubaaction.c +@@ -42,6 +42,9 @@ + */ + + /* output plugin header file */ ++ ++#ifdef ARUBA ++ + #ifdef HAVE_CONFIG_H + #include "config.h" + #endif +@@ -649,3 +652,4 @@ + } + + ++#endif // ARUBA diff --git a/testing/barnyard2/30-remove-warnings.patch b/testing/barnyard2/30-remove-warnings.patch new file mode 100644 index 00000000000..0d5257f53a9 --- /dev/null +++ b/testing/barnyard2/30-remove-warnings.patch @@ -0,0 +1,86 @@ +--- a/configure.ac ++++ b/configure.ac +@@ -1109,7 +1109,7 @@ + fi + + if test -n "$GCC"; then +- CFLAGS="$CFLAGS -Wall" ++ CFLAGS="$CFLAGS -Wall -Wno-unused-but-set-variable" + fi + + echo $CFLAGS > cflags.out +--- a/src/spooler.c ++++ b/src/spooler.c +@@ -41,7 +41,10 @@ + #include "unified2.h" + #include "util.h" + +- ++/** ++ * Missing signature for function defined in decider.c ++ */ ++int DecodePacket(int linktype, Packet *p, const struct pcap_pkthdr *pkthdr, const uint8_t *pkt); + + /* + ** PRIVATE FUNCTIONS +--- a/src/decode.c ++++ b/src/decode.c +@@ -81,8 +81,10 @@ + } + } + +-int DecodePacket(int linktype, Packet *p, const struct DAQ_PktHdr_t *pkthdr, const uint8_t *pkt) ++int DecodePacket(int linktype, Packet *p, const struct pcap_pkthdr *_pkthdr, const uint8_t *pkt) + { ++ // valid cast as below code only references fields in 'struct pcap_pkthdr' ++ const DAQ_PktHdr_t* pkthdr = (const DAQ_PktHdr_t*)_pkthdr; + DEBUG_WRAP(DebugMessage(DEBUG_DECODE,"Decoding linktype %d\n",linktype);); + switch(linktype) + { +--- a/src/output-plugins/spo_log_tcpdump.c ++++ b/src/output-plugins/spo_log_tcpdump.c +@@ -358,10 +357,7 @@ + } + } + +-static INLINE size_t SizeOf (const struct pcap_pkthdr *pkth) +-{ +- return PCAP_PKT_HDR_SZ + pkth->caplen; +-} ++#define SizeOf(pkth) (PCAP_PKT_HDR_SZ + pkth->caplen) + + static void LogTcpdumpSingle(Packet *p, void *event, uint32_t event_type, void *arg) + { +@@ -388,7 +384,7 @@ + // else if ( data->size + dumpSize > data->limit ) + // TcpdumpRollLogFile(data); + +- pcap_dump((u_char *)data->dumpd, p->pkth, p->pkt); ++ pcap_dump((u_char *)data->dumpd, (const struct pcap_pkthdr *)p->pkth, p->pkt); + data->size += dumpSize; + + if (!BcLineBufferedLogging()) +--- a/src/output-plugins/spo_database_cache.c ++++ b/src/output-plugins/spo_database_cache.c +@@ -5298,7 +5298,7 @@ + { + sigSeq = cacheLookup->obj.db_sig_id; + databasemaxSeq = 0; +- memset(sigRefArr,'\0',MAX_REF_OBJ); ++ memset(sigRefArr,'\0',MAX_REF_OBJ * sizeof(u_int32_t)); + } + + if(dbSignatureReferenceLookup(&cacheLookup->obj,tempCache,&rNode,1)) +--- a/src/output-plugins/spo_alert_unixsock.c ++++ b/src/output-plugins/spo_alert_unixsock.c +@@ -251,8 +251,9 @@ + alertpkt.pkth.caplen > PKT_SNAPLEN ? PKT_SNAPLEN : alertpkt.pkth.caplen); + } + else ++ { + alertpkt.val|=NOPACKET_STRUCT; +- ++ } + sn = GetSigByGidSid(ntohl(((Unified2EventCommon *)event)->generator_id), + ntohl(((Unified2EventCommon *)event)->signature_id), + ntohl(((Unified2EventCommon *)event)->signature_revision)); diff --git a/testing/barnyard2/APKBUILD b/testing/barnyard2/APKBUILD new file mode 100644 index 00000000000..7ad8291c5bd --- /dev/null +++ b/testing/barnyard2/APKBUILD @@ -0,0 +1,69 @@ +# Contributor: Karim Kanso <kaz.kanso@gmail.com> +# Maintainer: Karim Kanso <kaz.kanso@gmail.com> +pkgname=barnyard2 +pkgver=2.1.14_git20160413 +_gitrev=f9186f2478bfb096c5a43bdb0c91985c3ef3e20d +pkgrel=0 +pkgdesc="Parser for Snort unified/unified2 files" +url="https://github.com/firnsy/barnyard2" +arch="all" +license="GPL-2.0-only" +depends="snort" +install="$pkgname.pre-install" +makedepends="libtool autoconf automake make libpcap-dev libdnet-dev daq-dev + mariadb-connector-c-dev postgresql-dev" +subpackages="$pkgname-openrc" +source="$pkgname-$pkgver.zip::https://github.com/firnsy/barnyard2/archive/$_gitrev.zip + 10-fix-output-fwsam-and-database_cache.patch + 20-disable-outputs.patch + 30-remove-warnings.patch + barnyard2.confd + barnyard2.initd" +builddir="$srcdir/"$pkgname-$_gitrev +pkgusers="barnyard2" +pkggroups="barnyard2" + +prepare() { + default_prepare + sed -i -e 's|^output alert_fast:|# &|' etc/barnyard2.conf + sed -i -E 's|^#(config interface:)|\1|' etc/barnyard2.conf + ./autogen.sh +} + +build() { + ./configure \ + --build=$CBUILD \ + --host=$CHOST \ + --prefix=/usr \ + --sysconfdir=/etc \ + --mandir=/usr/share/man \ + --localstatedir=/var \ + --with-mysql \ + --with-postgresql \ + --disable-ipv6 \ + --disable-prelude \ + --disable-mysql-ssl-support \ + --disable-aruba \ + --without-tcl \ + --without-oracle + make +} + +check() { + make check +} + +package() { + make DESTDIR="$pkgdir" install + install -D -m 755 ../barnyard2.initd "$pkgdir"/etc/init.d/barnyard2 + install -D -m 644 ../barnyard2.confd "$pkgdir"/etc/conf.d/barnyard2 + mkdir -m 770 -p "$pkgdir"/var/log/barnyard2 + chown barnyard2:barnyard2 "$pkgdir"/var/log/barnyard2 +} + +sha512sums="6b9a4b87287f6386f1df65a9138e243a69ab1b59f2a30c2cbb5d52630a64ed71b56293d26e1672b494cfe4b0b48ab50038b356c8f95ef22a19628847634ffd7d barnyard2-2.1.14_git20160413.zip +2a5c8b44ecc4b6377d2d045271f2ca22ed4643eee3777ca7aaf522c72fb928367633256f00a4673201434b57f3c02ae6f8e8320a40ec3e2720a6925dc2b30162 10-fix-output-fwsam-and-database_cache.patch +b1348f9c8132899faef8e60fc81efd8f6477a268ed69e2d55b623c13e303ca681fde842f23ed15fd5c61836467e571e8fa8f2a39948653d54955927b3e306783 20-disable-outputs.patch +7dccc629d7fb6c3f98c7f3cff6acfb27dea88a2f3c756c37cafb3a42a727c61ec8f853c044a8358bb3223eb5078dc508d63d721cdb37c6deb7b87cfb52bb1773 30-remove-warnings.patch +20b6a0bb7f72f252d8d7547831aae7a79b7dd3dd327fd211c28013e7928f10480bf7d7114adf8baae2cf979fb5b65e5f001f9597a8df53569437e2396de67d05 barnyard2.confd +60a6cf49a268d41253057af99839e68f3b69a156f56318e687e0cbf96e521f7b99051748163c4f02ca952e481b66b01acbb06d1af243d646125e9d0a6b32da3b barnyard2.initd" diff --git a/testing/barnyard2/barnyard2.confd b/testing/barnyard2/barnyard2.confd new file mode 100644 index 00000000000..feaf0fd2168 --- /dev/null +++ b/testing/barnyard2/barnyard2.confd @@ -0,0 +1,36 @@ +# Config file for /etc/init.d/barnyard2 + +# This file only contains variables needed by the init.d script. +# All other configuration options are located in the barnyard2.conf file + +# This should be the first part of the unified/unified2 log file name (without the time stamp) +# Ex. If you log files look like this 'snort.unified2.1239801645' then you would use 'snort.unified2' +SPOOL_FILE="snort.unified2" + +# Location of your unified/unified2 log files +SPOOL_DIR="/var/log/snort" + +# Directory to log to +LOG_DIR="/var/log/barnyard2" + +# This MUST match what you set for "config interface:" in your barnyard2.conf +# If you do not set this correctly then Barnyard2 will not stop when you do a +# "/etc/init.d/barnyard2 stop" +INTERFACE="eth0" + +# You probably don't want to change this, but in case you do +PID_FILE="barnyard2_${INTERFACE}.pid" +PID_PATH="/var/run" + +# The waldo file is located in the SPOOL_DIR to support multipule instances of barnyard2 +WALDO_FILE="${SPOOL_DIR}/barnyard2.waldo" +CONF="/etc/barnyard2.conf" + +# Location of the archive directory if you choose to use it. +# The ARCHIVE_DIR is located in the SPOOL_DIR to support multipule instances of barnyard2 +#ARCHIVE_DIR="${SPOOL_DIR}/archive" + +# This pulls in the options above +BARNYARD_OPTS="-u barnyard2 -g barnyard2 -D -c ${CONF} -d ${SPOOL_DIR} -w ${WALDO_FILE} -f ${SPOOL_FILE} -l ${LOG_DIR}" +# Or with an archive directory +#BARNYARD_OPTS="-u barnyard2 -g barnyard2 -D -c ${CONF} -d ${SPOOL_DIR} -w ${WALDO_FILE} -f ${SPOOL_FILE} -l ${LOG_DIR} -a ${ARCHIVE_DIR}" diff --git a/testing/barnyard2/barnyard2.initd b/testing/barnyard2/barnyard2.initd new file mode 100644 index 00000000000..d35db31f787 --- /dev/null +++ b/testing/barnyard2/barnyard2.initd @@ -0,0 +1,29 @@ +#!/sbin/openrc-run +# Copyright 1999-2004 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 + +depend() { + need net +} + +checkconfig() { + if [ ! -e ${CONF} ] ; then + eerror "You need a configuration file to run barnyard2" + eerror "Download an example from: https://raw.githubusercontent.com/firnsy/barnyard2/master/etc/barnyard2.conf" + return 1 + fi +} + +start() { + checkconfig || return 1 + ebegin "Starting barnyard2" + start-stop-daemon --start --quiet --exec /usr/bin/barnyard2 \ + -- --pid-path ${PID_PATH} --nolock-pidfile ${BARNYARD_OPTS} >/dev/null 2>&1 + eend $? +} + +stop() { + ebegin "Stopping barnyard2" + start-stop-daemon --stop --quiet --pidfile ${PID_PATH}/${PID_FILE} + eend $? +} diff --git a/testing/barnyard2/barnyard2.pre-install b/testing/barnyard2/barnyard2.pre-install new file mode 100644 index 00000000000..acaecbffe52 --- /dev/null +++ b/testing/barnyard2/barnyard2.pre-install @@ -0,0 +1,7 @@ +#!/bin/sh + +addgroup -S barnyard2 2>/dev/null +adduser -S -D -h /var/log/barnyard2 -s /sbin/nologin -G barnyard2 -g barnyard2 barnyard2 2>/dev/null +adduser barnyard2 snort 2>/dev/null + +exit 0 |