Customize barnyard.conf for use ONLY with sguil 0.6.0.

PR:		107965
Submitted by:	Paul Schmehl <pauls at utdallas.edu> (maintainer)

1 files changed, 150 insertions, 0 deletions

diff --git a/security/barnyard-sguil/files/patch-barnyard.conf b/security/barnyard-sguil/files/patch-barnyard.conf
new file mode 100644
index 000000000000..cd1038bdd608
--- /dev/null
+++ b/security/barnyard-sguil/files/patch-barnyard.conf
@@ -0,0 +1,150 @@
+--- etc/barnyard.conf.orig	Sat May  1 11:43:29 2004
++++ etc/barnyard.conf	Mon Jan 15 15:16:57 2007
+@@ -1,139 +1,22 @@
+ #-------------------------------------------------------------
+-#   http://www.snort.org    Barnyard 0.1.0 configuration file
++#   http://www.snort.org    Barnyard 0.2.0 configuration file
+ #          Contact: snort-barnyard@lists.sourceforge.net
+ #-------------------------------------------------------------
+ # $Id: barnyard.conf,v 1.9 2004/05/01 16:43:29 andrewbaker Exp $
+ ########################################################
+-# Currently you want to do two things in here: turn on 
+-# available data processors and turn on output plugins.
+-# The data processors (dp's) and output plugin's (op's)
+-# automatically associate with each other by type and
+-# are automatically selected at run time depending on 
+-# the type of file you try to load.
++# This config is to be used ONLY for barnyard-sguil6 and
++# will not work for other uses of barnyard such as base
++# because it is missing many of the configuration options
++# that are required for other uses.  The requirements for
++# barnyard use with sguil 0.6.0 and above are minimal.
+ ########################################################
+ 
+ # Step 1: configuration declarations
+-# To keep from having a commandline that uses every letter in the alphabet
+-# most configuration options are set here
+-
+-# enable daemon mode
+-# config daemon
+-
+ # use localtime instead of UTC (*not* recommended because of timewarps)
+-#config localtime
+-
+-# set the hostname (currently only used for the acid db output plugin)
+-config hostname: snorthost
+-
+-# set the interface name (currently only used for the acid db output plugin)
+-config interface: fxp0
+-
+-# set the filter (currently only used for the acid db output plugin)
+-config filter: not port 22
+-
+-# Step 2: setup the output plugins
+-
+-# alert_fast
+-#-----------------------------
+-# Converts data from the dp_alert plugin into an approximation of Snort's 
+-# "fast alert" mode.  Argument: <filename>
+-
+-output alert_fast
+-
+-# log_dump
+-#-----------------------------
+-# Converts data from the dp_log plugin into an approximation of Snort's 
+-# "ASCII packet dump" mode.  Argument: <filename>
+-
+-output log_dump
+-
+-# alert_csv (experimental)
+-#---------------------------
+-# Creates a CSV output file of alerts (optionally using a user specified format)
+-# Arguments:  filepath [format]
+-#
+-# The format is a comma-seperated list of fields to output (no spaces allowed)
+-# The available fields are:
+-#   sig_gen         - signature generator
+-#   sig_id          - signature id
+-#   sig_rev         - signatrue revision
+-#   sid             - SID triplet
+-#   class           - class id
+-#   classname       - textual name of class
+-#   priority        - priority id
+-#   event_id        - event id
+-#   event_reference - event reference
+-#   ref_tv_sec      - reference seconds
+-#   ref_tv_usec     - reference microseconds
+-#   tv_sec          - event seconds
+-#   tv_usec         - event microseconds
+-#   timestamp       - prettified timestamp (2001-01-01 01:02:03) in UTC
+-#   src             - src address as a u_int32_t
+-#   srcip           - src address as a dotted quad
+-#   dst             - dst address as a u_int32_t
+-#   dstip           - dst address as a dotted quad
+-#   sport_itype     - source port or ICMP type (or 0)
+-#   sport           - source port (if UDP or TCP)
+-#   itype           - ICMP type (if ICMP)
+-#   dport_icode     - dest port or ICMP code (or 0)
+-#   dport           - dest port
+-#   icode           - ICMP code (if ICMP)
+-#   proto           - protocol number
+-#   protoname       - protocol name
+-#   flags           - flags from UnifiedAlertRecord
+-#   msg             - message text
+-#   hostname        - hostname (from barnyard.conf)
+-#   interface       - interface (from barnyard.conf)
+-#
+-# Examples:
+-#   output alert_csv: /var/log/snort/csv.out
+-#   output alert_csv: /var/log/snort/csv.out  timestamp,msg,srcip,sport,dstip,dport,protoname,itype,icode
+-#   output alert_csv: csv.out  timestamp,msg,srcip,sport,dstip,dport,protoname,itype,icode
+-
+-
+-# alert_syslog
+-#-----------------------------
+-# Converts data from the alert stream into an approximation of Snort's 
+-# syslog alert output plugin.  Same arguments as the output plugin in snort.
+-
+-#output alert_syslog
+-
+-# alert_syslog2
+-#-------------------------------
+-# Generates a syslog alert.  This supports considerably more features than
+-# the original syslog output plugin.
+-# 
+-# output alert_syslog2
++# config localtime
+ 
+-# log_pcap
+-#-----------------------------
+-# Converts data from the dp_log plugin into standard pcap format 
+-# Argument: <filename>
+-
+-#output log_pcap
+-
+-# acid_db
+-#-------------------------------
+-# Available as both a log and alert output plugin.  Used to output data into
+-# the db schema used by ACID
+-# Arguments: 
+-#      $db_flavor           - what flavor of database (ie, mysql)
+-#      sensor_id $sensor_id - integer sensor id to insert data as
+-#      database $database   - name of the database
+-#      server $server       - server the database is located on
+-#      user $user           - username to connect to the database as
+-#      password $password   - password for database authentication
+-# output alert_acid_db: mysql, sensor_id 1, database snort, server localhost, user root
+-# output log_acid_db: mysql, database snort, server localhost, user root, detail full
+-        
+ # sguil
+-#----
+ # This output plug-in is used to generate output for use with the SGUIL user
+ # interface.  To learn more about SGUIL, go to http://sguil.sourceforge.net
+ #
+-#output sguil: mysql, sensor_id 0, database sguildb, server syn, user root,\
+-#    password dbpasswd, sguild_host syn, sguild_port 7736
+-
+-
+-    
+-
++output sguil