From: mguevara Date: Mon, 24 Oct 2011 22:52:35 +0000 (+0000) Subject: - initial release - barnyard2 is an output processor for snort X-Git-Url: http://git.pld-linux.org/?p=packages%2Fbarnyard2.git;a=commitdiff_plain;h=65fff0cc7e445be310ce0366859ba1de1791c99c - initial release - barnyard2 is an output processor for snort Changed files: barnyard2 -> 1.1 barnyard2.config -> 1.1 barnyard2.spec -> 1.1 --- 65fff0cc7e445be310ce0366859ba1de1791c99c diff --git a/barnyard2 b/barnyard2 new file mode 100644 index 0000000..ffb721f --- /dev/null +++ b/barnyard2 @@ -0,0 +1,101 @@ +#!/bin/sh +# +# Init file for Barnyard2 +# +# +# chkconfig: 2345 40 60 +# description: Barnyard2 is an output processor for snort. +# +# processname: barnyard2 +# config: /etc/sysconfig/barnyard2 +# config: /etc/snort/barnyard.conf +# pidfile: /var/lock/subsys/barnyard2.pid + +source /etc/rc.d/init.d/functions +source /etc/sysconfig/network + +### Check that networking is up. +[ "${NETWORKING}" == "no" ] && exit 0 + +[ -x /usr/sbin/snort ] || exit 1 +[ -r /etc/snort/snort.conf ] || exit 1 + +### Default variables +SYSCONFIG="/etc/sysconfig/barnyard2" + +### Read configuration +[ -r "$SYSCONFIG" ] && source "$SYSCONFIG" + +RETVAL=0 +prog="barnyard2" +desc="Snort Output Processor" + +start() { + echo -n $"Starting $desc ($prog): " + for INT in $INTERFACES; do + PIDFILE="/var/lock/subsys/barnyard2-$INT.pid" + ARCHIVEDIR="$SNORTDIR/$INT/archive" + WALDO_FILE="$SNORTDIR/$INT/barnyard2.waldo" + BARNYARD_OPTS="-D -c $CONF -d $SNORTDIR/${INT} -w $WALDO_FILE -L $SNORTDIR/${INT} -a $ARCHIVEDIR -f $LOG_FILE -X $PIDFILE $EXTRA_ARGS" + daemon $prog $BARNYARD_OPTS + done + RETVAL=$? + echo + [ $RETVAL -eq 0 ] && touch /var/lock/subsys/$prog + return $RETVAL +} + +stop() { + echo -n $"Shutting down $desc ($prog): " + killproc $prog + RETVAL=$? + echo + [ $RETVAL -eq 0 ] && rm -f /var/lock/subsys/$prog + return $RETVAL +} + +restart() { + stop + start +} + + +reload() { + echo -n $"Reloading $desc ($prog): " + killproc $prog -HUP + RETVAL=$? + echo + return $RETVAL +} + + +case "$1" in + start) + start + ;; + stop) + stop + ;; + restart) + restart + ;; + reload) + reload + ;; + condrestart) + [ -e /var/lock/subsys/$prog ] && restart + RETVAL=$? + ;; + status) + status $prog + RETVAL=$? + ;; + dump) + dump + ;; + *) + echo $"Usage: $0 {start|stop|restart|reload|condrestart|status|dump}" + RETVAL=1 +esac + +exit $RETVAL diff --git a/barnyard2.config b/barnyard2.config new file mode 100644 index 0000000..e4c96e3 --- /dev/null +++ b/barnyard2.config @@ -0,0 +1,11 @@ +# Config file for /etc/init.d/barnyard2 +LOG_FILE="snort_unified.log" + +# You probably don't want to change this, but in case you do +SNORTDIR="/var/log/snort" +INTERFACES="eth0" + +# Probably not this either +CONF=/etc/snort/barnyard.conf + +EXTRA_ARGS="" diff --git a/barnyard2.spec b/barnyard2.spec new file mode 100644 index 0000000..602938d --- /dev/null +++ b/barnyard2.spec @@ -0,0 +1,72 @@ + +# Conditional build: +%bcond_without mysql # don't build support for MySQL +%bcond_without postgresql # don't build support for PostgreSQL + +Summary: Snort Log Backend +Name: barnyard2 +Version: 1.10beta2 +Release: 1 +License: GPL +Group: Networking +Source0: https://github.com/firnsy/barnyard2/tarball/v2-1.10-beta2 +# Source0-md5: af417a3491c5a4e5605c8fbd529f2255 +Source2: %{name}.config +Source3: %{name} +URL: https://github.com/firnsy/barnyard2 +%{?with_mysql:BuildRequires: mysql-devel} +%{?with_postgresql:BuildRequires: postgresql-devel} +BuildRoot: %{tmpdir}/%{name}-%{version}-root-%(id -u -n) + +%description +Barnyard has 3 modes of operation: +One-shot, continual, continual w/ checkpoint. In one-shot mode, +barnyard will process the specified file and exit. In continual mode, +barnyard will start with the specified file and continue to process +new data (and new spool files) as it appears. Continual mode w/ +checkpointing will also use a checkpoint file (or waldo file in the +snort world) to track where it is. In the event the barnyard process +ends while a waldo file is in use, barnyard will resume processing at +the last entry as listed in the waldo file. +%{?with_mysql:barnyard2 binary compiled with mysql support.} +%{?with_postgresql:barnyard2 binary compiled with postgresql support.} + +%prep +%setup -q -n firnsy-barnyard2-5832a85 + + +%build +./autogen.sh +%configure --sysconfdir=%{_sysconfdir}/snort \ + %{?with_postgresql:--with-postgresql} \ + %{?with_mysql:--with-mysql-libraries=/usr/%{_lib}} \ + +%{__make} + + +%install +rm -rf $RPM_BUILD_ROOT +%{__make} install \ + DESTDIR=$RPM_BUILD_ROOT + +%{__install} -d -p $RPM_BUILD_ROOT%{_sysconfdir}/{sysconfig,rc.d/init.d,snort} +%{__install} -d -p $RPM_BUILD_ROOT%{_docdir}/%{name}-%{version}/contrib +%{__install} -d -p $RPM_BUILD_ROOT%{_mandir}/man8 +%{__install} -d -p $RPM_BUILD_ROOT%{_docdir}/%{name}-%{version}/doc +%{__install} -m 644 etc/barnyard2.conf $RPM_BUILD_ROOT%{_sysconfdir}/snort/ +%{__install} -m 644 $RPM_SOURCE_DIR/barnyard2.config $RPM_BUILD_ROOT%{_sysconfdir}/sysconfig/barnyard2 +%{__install} -m 755 $RPM_SOURCE_DIR/barnyard2 $RPM_BUILD_ROOT%{_sysconfdir}/rc.d/init.d/barnyard2 +%{__install} -m 644 doc/* $RPM_BUILD_ROOT%{_docdir}/%{name}-%{version}/doc/ + +%clean +if [ -d $RPM_BUILD_ROOT ] && [ "$RPM_BUILD_ROOT" != "/" ] ; then + rm -rf $RPM_BUILD_ROOT +fi + +%files +%defattr(644,root,root,755) +%doc LICENSE doc/ +%attr(755,root,root) %{_bindir}/barnyard2 +%attr(640,root,root) %config %{_sysconfdir}/snort/barnyard2.conf +%attr(755,root,root) %config %{_sysconfdir}/rc.d/init.d/barnyard2 +%attr(644,root,root) %config %{_sysconfdir}/sysconfig/barnyard2