Date: Wed, 17 Aug 2011 20:09:03 GMT From: Michael Scheidell <scheidell@secnap.net> To: freebsd-gnats-submit@FreeBSD.org Subject: ports/159845: add multi-conf file to security/barnyard2 Message-ID: <201108172009.p7HK93hb059560@red.freebsd.org> Resent-Message-ID: <201108172010.p7HKA87X044706@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help
>Number: 159845
>Category: ports
>Synopsis: add multi-conf file to security/barnyard2
>Confidential: no
>Severity: non-critical
>Priority: low
>Responsible: freebsd-ports-bugs
>State: open
>Quarter:
>Keywords:
>Date-Required:
>Class: change-request
>Submitter-Id: current-users
>Arrival-Date: Wed Aug 17 20:10:08 UTC 2011
>Closed-Date:
>Last-Modified:
>Originator: Michael Scheidell
>Release: lots of them
>Organization:
SECNAP Network Security
>Environment:
7.3 amd, 8.x*
>Description:
(paul: long time no hear...)
to preface, I am a port maintainer myself and sometimes have to reject changes that are NOT upward compatible, and/or don't make sense, except for very specific instances, so, if you don't like this, don't put it in.
I don't think it needs a portsversion bump, since it doesn't 'fix' anything, it just adds the ability to have multiple barnyard2 instances running.
(I will work on snort next)
I took as a template, the work that swatch did on multiple copies of swatch running.
in THEORY, if someone does not 'enable' multiple barnyard2.conf's with the rc.conf line: barnyard2_rules="1 2" (or "lan wan"), it should act just like old version.
But, this looks like it can give you the ability to have arbitrary barnyard2_${i}.conf files, and in many of our locations, we use 'lan wan'
this patch should allow this
>How-To-Repeat:
have a complex set of barnyard2_*.conf files.
>Fix:
this patch, and add this to rc.conf:
to enable in rc: (for a barnyard2_wan.conf and barnyard2_lan.conf)
barnyard2_rules="lan wan"
barnyard2_lan_pidfile="/var/run/barnyard2_lan.pid"
barnyard2_lan_conf="/etc/snort/barnyard2_lan.conf"
barnyard2_lan_flags="-d /var/log/snort_lan -n -f log -l /var/log/snort_lan \
-w /var/log/snort_lan/waldo.log -a /var/log/snort_lan/tmp \
--nolock-pidfile"
barnyard2_wan_pidfile="/var/run/barnyard2_wan.pid"
barnyard2_wan_conf="/etc/snort/barnyard2_wan.conf"
barnyard2_wan_flags="-d /var/log/snort_wan -n -f log -l /var/log/snort_wan \
-w /var/log/snort_wan/waldo.log -a /var/log/snort_wan/tmp \
--nolock-pidfile"
Patch attached with submission follows:
--- barnyard2 2011-07-21 15:37:56.000000000 -0400
+++ barnyard2.new 2011-08-17 15:44:59.000000000 -0400
@@ -13,6 +13,11 @@
# Default: -D
# barnyard2_conf (str): Barnyard configuration file
# Default: /usr/local/etc/barnyard2.conf
+# optional, multi-barnyard:
+# barnyard2_rules="1 2 3"
+# barnyard2_1_flags="-D"
+# barnyard2_1_pidfile=""
+# #$command $flags $args
#
# USAGE: barnyard2 [-options]
#
@@ -58,7 +63,6 @@
. /etc/rc.subr
name="barnyard2"
-load_rc_config $name
rcvar=`set_rcvar`
# set some defaults
: ${barnyard2_enable="NO"}
@@ -68,4 +72,18 @@
command="/usr/local/bin/barnyard2"
command_args="-c ${barnyard2_conf} ${barnyard2_flags}"
-run_rc_command "$1"
+load_rc_config $name
+
+if [ -n "${barnyard2_rules}" ];then
+ for i in ${barnyard2_rules}; do
+ echo -n "$i:"
+ eval barnyard2_flags=\$barnyard2_${i}_flags
+ eval pidfile=\$barnyard2_${i}_pidfile
+ eval barnyard2_conf=\$barnyard2_${i}_conf
+ command_args="-c $barnyard2_conf -D"
+ run_rc_command "$1"
+ done
+else
+ run_rc_command "$1"
+fi
+
>Release-Note:
>Audit-Trail:
>Unformatted:
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201108172009.p7HK93hb059560>