Changes - j0ke.net Open Build Service

Changes of Revision 8

[-] [+]	Changed	barnyard2.changes
@@ -1,4 +1,11 @@ ------------------------------------------------------------------- +Sat May 19 10:21:41 UTC 2012 - cs@linux-administrator.com + +- build git version + * source from https://github.com/binf/barnyard2/tree/pre-stable + * enable IPv6 & some other options + +------------------------------------------------------------------- Sat May 12 15:57:25 UTC 2012 - cs@linux-administrator.com - initscript fixes
[-] [+]	Changed	barnyard2.spec ^
@@ -32,6 +32,10 @@ %define oracle 0 %{?_with_oracle:%define oracle 1} +# build git version or stable release +%define git 0 +%{?_with_git:%define git 1} + %define realname barnyard2 %if 0%{?opensuse_bs} @@ -40,15 +44,24 @@ %define mysql 1 %define postgresql 1 %define release 1 + %define git 1 %endif Summary: Snort Log Backend Name: barnyard2 +%if %{git} +Version: 1.9.1.9 +%else Version: 1.9 +%endif Release: 1%{?dist} License: GPL Group: Applications/Internet +%if %{git} +Source0: %{name}-git.tar.bz2 +%else Source0: %{name}-%{version}.tar.bz2 +%endif Source2: %{name}.sysconfig %if 0%{?suse_version} Source3: %{name}-suse.init @@ -105,12 +118,19 @@ ORACLE_HOME=%{OracleHome} %prep +%if %{git} +%setup -q -n %{name} +%else %setup -q -n %{name}-%{version} +%endif %patch0 %build - +[ ! -f configure ] && ./autogen.sh %configure --sysconfdir=%{_sysconfdir}/snort \ + --enable-ipv6 \ + --enable-gre \ + --enable-mpls \ %if %{postgresql} --with-postgresql \ %endif
[-] [+]	Added	barnyard2-ipv6.patch ^
@@ -0,0 +1,268 @@ +diff -ur firnsy-barnyard2-f71a8d3/configure.in firnsy-barnyard2-f71a8d3.mod/configure.in +--- firnsy-barnyard2-f71a8d3/configure.in 2011-11-14 05:53:23.000000000 -0500 ++++ firnsy-barnyard2-f71a8d3.mod/configure.in 2011-12-15 15:51:56.588020785 -0500 +@@ -996,6 +996,13 @@ + LIBS="${LIBS} -lbroccoli" + fi + ++AC_ARG_ENABLE(acid-event, ++[ --enable-acid-event Enable acid_event (BASE schema) logging], ++ enable_acid_event="$enableval", enable_acid_event="no") ++if test "x$enable_acid_event" = "xyes"; then ++ CFLAGS="$CFLAGS -DENABLE_ACID_EVENT_LOGGING" ++fi ++ + # Checking for Tcl support (required by spo_sguil) + AC_ARG_WITH(tcl, + [ --with-tcl=DIR support for Tcl], +diff -ur firnsy-barnyard2-f71a8d3/src/output-plugins/spo_database.c firnsy-barnyard2-f71a8d3.mod/src/output-plugins/spo_database.c +--- firnsy-barnyard2-f71a8d3/src/output-plugins/spo_database.c 2011-11-14 05:53:23.000000000 -0500 ++++ firnsy-barnyard2-f71a8d3.mod/src/output-plugins/spo_database.c 2011-12-15 16:22:13.378002691 -0500 +@@ -56,6 +56,9 @@ + #include <string.h> + #include <time.h> + #include <unistd.h> ++#include <sys/types.h> ++#include <sys/stat.h> ++#include <fcntl.h> + + #include "barnyard2.h" + #include "debug.h" +@@ -1191,11 +1194,21 @@ + select0 = NULL, + select1 = NULL, + insert0 = NULL; ++ ++ char timestamp_clause[128]; ++#ifdef SUP_IP6 ++ char ip_buf[64]; ++#endif ++ char src_buf[64]; ++ char dst_buf[64]; ++ + int i, + insert_fields_len, + insert_values_len, + ok_transaction, + ref_system_id, ++ layer4_sport, ++ layer4_dport, + ret; + unsigned int sig_id, + ref_id, +@@ -1757,44 +1770,55 @@ + free(select0); select0 = NULL; + } + +- free(sig_name); sig_name = NULL; ++/ free(sig_name); sig_name = NULL; / + + if ( (data->shared->dbtype_id == DB_ORACLE) && + (data->DBschema_version >= 105) ) + { +- ret = SnortSnprintf(query->val, MAX_QUERY_LENGTH, +- "INSERT INTO " +- "event (sid,cid,signature,timestamp) " +- "VALUES (%u, %u, %u, TO_DATE('%s', 'YYYY-MM-DD HH24:MI:SS'))", +- data->shared->sid, data->shared->cid, sig_id, timestamp_string); ++ ret = SnortSnprintf(timestamp_clause, sizeof(timestamp_clause), ++ "TO_DATE('%s', 'YYYY-MM-DD HH24:MI:SS')", timestamp_string); + + if (ret != SNORT_SNPRINTF_SUCCESS) + goto bad_query; + } + else if(data->shared->dbtype_id == DB_ODBC) + { +- ret = SnortSnprintf(query->val, MAX_QUERY_LENGTH, +- "INSERT INTO " +- "event (sid,cid,signature,timestamp) " +- "VALUES (%u, %u, %u, {ts '%s'})", +- data->shared->sid, data->shared->cid, sig_id, timestamp_string); +- ++ ret = SnortSnprintf(timestamp_clause, sizeof(timestamp_clause), "{ts '%s'}", timestamp_string); + if (ret != SNORT_SNPRINTF_SUCCESS) + goto bad_query; + } + else + { +- ret = SnortSnprintf(query->val, MAX_QUERY_LENGTH, +- "INSERT INTO " +- "event (sid,cid,signature,timestamp) " +- "VALUES (%u, %u, %u, '%s')", +- data->shared->sid, data->shared->cid, sig_id, timestamp_string); +- +- if (ret != SNORT_SNPRINTF_SUCCESS) ++ ret = SnortSnprintf(timestamp_clause, sizeof(timestamp_clause), "'%s'", timestamp_string); ++ if (ret != SNORT_SNPRINTF_SUCCESS) { ++ fprintf(stderr, "Error in timestamp_clause: %d, size %d, string: '%s'\n", ++ ret, (int) sizeof(timestamp_clause), timestamp_string); + goto bad_query; ++ } ++ + } + +- free(timestamp_string); timestamp_string = NULL; ++ ret = SnortSnprintf(query->val, MAX_QUERY_LENGTH, ++ "INSERT INTO " ++ "event (sid,cid,signature,timestamp) " ++ "VALUES (%u, %u, %u, %s)", ++ data->shared->sid, data->shared->cid, sig_id, timestamp_clause); ++ ++ if (p->tcph) { ++ ++ layer4_sport = ntohs(p->tcph->th_sport); ++ layer4_dport = ntohs(p->tcph->th_dport); ++ ++ } else if (p->udph) { ++ ++ layer4_sport = ntohs(p->udph->uh_sport); ++ layer4_dport = ntohs(p->udph->uh_dport); ++ ++ } else { ++ ++ layer4_sport = 0; ++ layer4_dport = 0; ++ } + + / We do not log fragments! They are assumed to be handled + by the fragment reassembly pre-processor / +@@ -1996,26 +2020,81 @@ + + if(data->detail) + { +- ret = SnortSnprintf(query->val, MAX_QUERY_LENGTH, +- "INSERT INTO " +- "iphdr (sid, cid, ip_src, ip_dst, ip_ver, ip_hlen, " +- " ip_tos, ip_len, ip_id, ip_flags, ip_off," +- " ip_ttl, ip_proto, ip_csum) " +- "VALUES (%u,%u,%lu,%lu,%u,%u,%u,%u,%u,%u,%u,%u,%u,%u)", +- data->shared->sid, +- data->shared->cid, +- (u_long)ntohl(p->iph->ip_src.s_addr), +- (u_long)ntohl(p->iph->ip_dst.s_addr), +- IP_VER(p->iph), +- IP_HLEN(p->iph), +- p->iph->ip_tos, +- ntohs(p->iph->ip_len), +- ntohs(p->iph->ip_id), +- p->frag_flag, +- ntohs(p->frag_offset), +- p->iph->ip_ttl, +- p->iph->ip_proto, +- ntohs(p->iph->ip_csum)); ++ int sock_size; ++#ifdef SUP_IP6 ++ int sock_size; ++#endif ++ if(data->shared->dbtype_id == DB_POSTGRESQL) { ++#ifdef SUP_IP6 ++ if (IP_VER(p->iph) == 6) { ++ SnortSnprintf(src_buf, sizeof(src_buf), "'%s'", inet_ntoa(&p->inner_ip6h.ip_src)); ++ SnortSnprintf(dst_buf, sizeof(dst_buf), "'%s'", inet_ntoa(&p->inner_ip6h.ip_dst)); ++ } else { ++ SnortSnprintf(src_buf, sizeof(src_buf), "'%s'", inet_ntoa(&p->inner_ip4h.ip_src)); ++ SnortSnprintf(dst_buf, sizeof(dst_buf), "'%s'", inet_ntoa(&p->inner_ip4h.ip_dst)); ++ } ++#else ++ SnortSnprintf(src_buf, sizeof(src_buf), "%lu", (u_long)ntohl(p->iph->ip_src.s_addr)); ++ SnortSnprintf(dst_buf, sizeof(dst_buf), "%lu", (u_long)ntohl(p->iph->ip_dst.s_addr)); ++#endif ++ ++ } else if (data->shared->dbtype_id == DB_MYSQL) { ++#ifdef SUP_IP6 ++ if (IP_VER(p->iph) == 6) { ++ sock_size = 16; ++ mysql_real_escape_string (data->m_sock, ++ ip_buf, ++ (const char ) &p->inner_ip6h.ip_src.ip, ++ sock_size); ++ SnortSnprintf(src_buf, sizeof(src_buf), "'%s'", ip_buf); ++ mysql_real_escape_string (data->m_sock, ++ ip_buf, ++ (const char ) &p->inner_ip6h.ip_dst.ip, ++ sock_size); ++ SnortSnprintf(dst_buf, sizeof(dst_buf), "'%s'", ip_buf); ++ } else { ++ sock_size = 4; ++ mysql_real_escape_string (data->m_sock, ++ ip_buf, ++ (const char ) &p->inner_ip4h.ip_src.ip, ++ sock_size); ++ SnortSnprintf(src_buf, sizeof(src_buf), "'%s'", ip_buf); ++ mysql_real_escape_string (data->m_sock, ++ ip_buf, ++ (const char *) &p->inner_ip4h.ip_dst.ip, ++ sock_size); ++ SnortSnprintf(dst_buf, sizeof(dst_buf), "'%s'", ip_buf); ++ } ++#else ++ SnortSnprintf(src_buf, sizeof(src_buf), "%lu", (u_long)ntohl(p->iph->ip_src.s_addr));
	Added	barnyard2-git.tar.bz2 ^