Barnyard is output spool reader for Snort! It decouples output overhead

from the Snort network intrusion detection system and allows Snort to
run at full speed. It accepts binary inputs from snort and outputs
human readable files to disc or to a database.  At present, barnyard
is designed to accept binary inputs from snort and produce either human
readable files for parsing by log parsers or feed data directly to a
database (either mysql or postgresql at present.).

PR:		ports/77044, ports/77322
Submitted by:	Paul Schmehl <pauls@utdallas.edu>

8 files changed, 159 insertions, 0 deletions

diff --git a/security/Makefile b/security/Makefile
index 118ecb763a06..41df4f2b9a7f 100644
--- a/security/Makefile
+++ b/security/Makefile
@@ -23,6 +23,7 @@
     SUBDIR += authpf
     SUBDIR += autossh
     SUBDIR += avcheck
+    SUBDIR += barnyard
     SUBDIR += bcwipe
     SUBDIR += beecrypt
     SUBDIR += bfbtester
diff --git a/security/barnyard/Makefile b/security/barnyard/Makefile
new file mode 100644
index 000000000000..ffd0b2f562f9
--- /dev/null
+++ b/security/barnyard/Makefile
@@ -0,0 +1,65 @@
+# New ports collection makefile for:	barnyard
+# Date created:				1 Feb 2005
+# Whom:					pauls
+#
+# $FreeBSD$
+#
+
+PORTNAME=	barnyard
+PORTVERSION=	0.2.0
+CATEGORIES=	security
+MASTER_SITES=	${MASTER_SITE_SOURCEFORGE}
+MASTER_SITE_SUBDIR=	barnyard
+#DISTNAME=	barnyard
+
+MAINTAINER=	pauls@utdallas.edu
+COMMENT=	An output system for Snort
+
+RUN_DEPENDS=	${LOCALBASE}/bin/snort:${PORTSDIR}/security/snort
+
+OPTIONS=	MYSQL "Enable MySQL support" off \
+		POSTGRESQL "Enable PostgreSQL support" off
+
+USE_AUTOCONF_VER=	259
+USE_AUTOHEADER_VER=	259
+USE_REINPLACE=	yes
+USE_RC_SUBR=	yes
+RC_SCRIPTS_SUB=	PREFIX=${PREFIX} RC_SUBR=${RC_SUBR}
+
+GNU_CONFIGURE=	yes
+CONFIGURE_ENV=	LDFLAGS="${LDFLAGS}"
+CONFIGURE_TARGET=	--build=${MACHINE_ARCH}-portbld-freebsd${OSREL}
+
+DOCS=		AUTHORS COPYING LICENSE.QPL README docs/BUGS docs/ChangeLog \
+		docs/FAQ docs/INSTALL docs/NEWS docs/USAGE
+
+.include <bsd.port.pre.mk>
+
+.if defined(WITH_MYSQL)
+USE_MYSQL=		yes
+CONFIGURE_ARGS+=	--enable-mysql
+.endif
+
+.if defined(WITH_POSTGRESQL)
+USE_PGSQL=		yes
+CONFIGURE_ARGS+=	--enable-postgresql
+.endif
+
+post-patch:
+	@${SED} ${RC_SCRIPTS_SUB:S/$/!g/:S/^/ -e s!%%/:S/=/%%!/} \
+		${FILESDIR}/barnyard.sh > ${WRKDIR}/barnyard.sh
+
+post-install:
+	${INSTALL_SCRIPT} -m 751 ${WRKDIR}/barnyard.sh ${PREFIX}/etc/rc.d/barnyard.sh
+.for f in barnyard.conf
+	${INSTALL_DATA} ${WRKSRC}/etc/${f} ${PREFIX}/etc/${f}-sample
+	[ -f ${PREFIX}/etc/${f} ] || \
+	${INSTALL_DATA} ${WRKSRC}/etc/${f} ${PREFIX}/etc/${f}
+.endfor
+.if !defined(NOPORTDOCS)
+	@${MKDIR} ${DOCSDIR}
+	cd ${WRKSRC} && ${INSTALL_DATA} ${DOCS} ${DOCSDIR}
+.endif
+	@${CAT} ${PKGMESSAGE}
+
+.include <bsd.port.post.mk>
diff --git a/security/barnyard/distinfo b/security/barnyard/distinfo
new file mode 100644
index 000000000000..b819beeefb07
--- /dev/null
+++ b/security/barnyard/distinfo
@@ -0,0 +1,2 @@
+MD5 (barnyard-0.2.0.tar.gz) = be3283028cf414b52b220308ceb411e9
+SIZE (barnyard-0.2.0.tar.gz) = 161543
diff --git a/security/barnyard/files/barnyard.sh b/security/barnyard/files/barnyard.sh
new file mode 100644
index 000000000000..0f295bea90e9
--- /dev/null
+++ b/security/barnyard/files/barnyard.sh
@@ -0,0 +1,33 @@
+#!/bin/sh
+# 
+
+# PROVIDE: barnyard
+# REQUIRE: DAEMON
+# BEFORE: LOGIN
+# KEYWORD: FreeBSD shutdown
+
+# Add the following lines to /etc/rc.conf to enable barnyard:
+# barnyard_enable (bool):	Set to YES to enable barnyard
+# 				Default: NO
+# barnyard_flags (str):		Extra flags passed to barnyard
+#				Default: -D
+# barnyard_conf (str):		Barnyard configuration file
+#				Default: ${PREFIX}/etc/barnyard.conf
+#
+
+. %%RC_SUBR%%
+
+name="barnyard"
+rcvar=`set_rcvar`
+
+command="%%PREFIX%%/bin/barnyard"
+
+load_rc_config $name
+
+[ -z "$barnyard_enable" ]    && barnyard_enable="NO"
+[ -z "$barnyard_conf" ]      && barnyard_conf="%%PREFIX%%/etc/barnyard.conf"
+[ -z "$barnyard_flags" ]     && barnyard_flags="-D"
+
+[ -n "$barnyard_conf" ]      && barnyard_flags="$barnyard_flags -c $barnyard_conf"
+
+run_rc_command "$1"
diff --git a/security/barnyard/files/patch-configure.in b/security/barnyard/files/patch-configure.in
new file mode 100644
index 000000000000..4444b4960f8c
--- /dev/null
+++ b/security/barnyard/files/patch-configure.in
@@ -0,0 +1,9 @@
+--- configure.in	Sat May  1 11:43:29 2004
++++ configure.in.orig	Wed Feb  9 11:47:44 2005
+@@ -282,5 +282,5 @@
+   dnl check for the header
+   LDFLAGS="${LDFLAGS} -L${MYSQL_LIB_DIR}"
+-  LIBS="${LIBS} -lz -lssl -lmysqlclient"
++  LIBS="${LIBS} -lmysqlclient -lcrypto"
+   AC_CHECK_LIB(mysqlclient, mysql_real_connect, FOUND=yes, FOUND=no)
+ 
diff --git a/security/barnyard/pkg-descr b/security/barnyard/pkg-descr
new file mode 100644
index 000000000000..7e86cc7a2201
--- /dev/null
+++ b/security/barnyard/pkg-descr
@@ -0,0 +1,20 @@
+Barnyard is output spool reader for Snort! It decouples output overhead
+from the Snort network intrusion detection system and allows Snort to
+run at full speed. It accepts binary inputs from snort and outputs
+human readable files to disc or to a database.  At present, barnyard
+is designed to accept binary inputs from snort and produce either human
+readable files for parsing by log parsers or feed data directly to a
+database (either mysql or postgresql at present.).
+
+Barnyard has 3 modes of operation:
+
+One-shot, continual, continual w/ checkpoint.  In one-shot mode,
+barnyard will process the specified file and exit.  In continual mode,
+barnyard will start with the specified file and continue to process
+new data (and new spool files) as it appears.  Continual mode w/
+checkpointing will also use a checkpoint file (or waldo file in the
+snort world) to track where it is.  In the event the barnyard process
+ends while a waldo file is in use, barnyard will resume processing at
+the last entry as listed in the waldo file.
+
+WWW: http://sourceforge.net/projects/barnyard
diff --git a/security/barnyard/pkg-message b/security/barnyard/pkg-message
new file mode 100644
index 000000000000..7012f28c1f06
--- /dev/null
+++ b/security/barnyard/pkg-message
@@ -0,0 +1,14 @@
+************************************************************************
+ 
+Read the notes in the barnyard.conf file for how to configure 
+%%PREFIX%%/etc/barnyard.conf after installation.  For 
+further assistance, search the archives of the barnyard-users mailing 
+list at http://sourceforge.net/mailarchive/forum.php?forum=barnyard-users
+
+In order to enable barnyard to start on boot, you must edit /etc/rc.conf 
+with the appropriate flags, etc.  See the FreeBSD Handbook for syntax:
+http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/configtuning-rcng.html
+
+For the various options available, type % barnyard -h after install.
+
+************************************************************************
diff --git a/security/barnyard/pkg-plist b/security/barnyard/pkg-plist
new file mode 100644
index 000000000000..ac1d11949336
--- /dev/null
+++ b/security/barnyard/pkg-plist
@@ -0,0 +1,15 @@
+@unexec if [ -f %D/etc/barnyard.conf ] && cmp -s %D/etc/barnyard.conf %D/etc/barnyard.conf-sample; then rm -f %D/etc/barnyard.conf; fi
+bin/barnyard
+etc/barnyard.conf-sample
+etc/rc.d/barnyard.sh
+share/doc/barnyard/AUTHORS
+share/doc/barnyard/BUGS
+share/doc/barnyard/COPYING
+share/doc/barnyard/ChangeLog
+share/doc/barnyard/FAQ
+share/doc/barnyard/INSTALL
+share/doc/barnyard/LICENSE.QPL
+share/doc/barnyard/NEWS
+share/doc/barnyard/README
+share/doc/barnyard/USAGE
+@dirrm share/doc/barnyard