Date: Wed, 17 Aug 2011 20:09:03 GMT From: Michael Scheidell <scheidell@secnap.net> To: freebsd-gnats-submit@FreeBSD.org Subject: ports/159845: add multi-conf file to security/barnyard2 Message-ID: <201108172009.p7HK93hb059560@red.freebsd.org> Resent-Message-ID: <201108172010.p7HKA87X044706@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help
>Number: 159845 >Category: ports >Synopsis: add multi-conf file to security/barnyard2 >Confidential: no >Severity: non-critical >Priority: low >Responsible: freebsd-ports-bugs >State: open >Quarter: >Keywords: >Date-Required: >Class: change-request >Submitter-Id: current-users >Arrival-Date: Wed Aug 17 20:10:08 UTC 2011 >Closed-Date: >Last-Modified: >Originator: Michael Scheidell >Release: lots of them >Organization: SECNAP Network Security >Environment: 7.3 amd, 8.x* >Description: (paul: long time no hear...) to preface, I am a port maintainer myself and sometimes have to reject changes that are NOT upward compatible, and/or don't make sense, except for very specific instances, so, if you don't like this, don't put it in. I don't think it needs a portsversion bump, since it doesn't 'fix' anything, it just adds the ability to have multiple barnyard2 instances running. (I will work on snort next) I took as a template, the work that swatch did on multiple copies of swatch running. in THEORY, if someone does not 'enable' multiple barnyard2.conf's with the rc.conf line: barnyard2_rules="1 2" (or "lan wan"), it should act just like old version. But, this looks like it can give you the ability to have arbitrary barnyard2_${i}.conf files, and in many of our locations, we use 'lan wan' this patch should allow this >How-To-Repeat: have a complex set of barnyard2_*.conf files. >Fix: this patch, and add this to rc.conf: to enable in rc: (for a barnyard2_wan.conf and barnyard2_lan.conf) barnyard2_rules="lan wan" barnyard2_lan_pidfile="/var/run/barnyard2_lan.pid" barnyard2_lan_conf="/etc/snort/barnyard2_lan.conf" barnyard2_lan_flags="-d /var/log/snort_lan -n -f log -l /var/log/snort_lan \ -w /var/log/snort_lan/waldo.log -a /var/log/snort_lan/tmp \ --nolock-pidfile" barnyard2_wan_pidfile="/var/run/barnyard2_wan.pid" barnyard2_wan_conf="/etc/snort/barnyard2_wan.conf" barnyard2_wan_flags="-d /var/log/snort_wan -n -f log -l /var/log/snort_wan \ -w /var/log/snort_wan/waldo.log -a /var/log/snort_wan/tmp \ --nolock-pidfile" Patch attached with submission follows: --- barnyard2 2011-07-21 15:37:56.000000000 -0400 +++ barnyard2.new 2011-08-17 15:44:59.000000000 -0400 @@ -13,6 +13,11 @@ # Default: -D # barnyard2_conf (str): Barnyard configuration file # Default: /usr/local/etc/barnyard2.conf +# optional, multi-barnyard: +# barnyard2_rules="1 2 3" +# barnyard2_1_flags="-D" +# barnyard2_1_pidfile="" +# #$command $flags $args # # USAGE: barnyard2 [-options] # @@ -58,7 +63,6 @@ . /etc/rc.subr name="barnyard2" -load_rc_config $name rcvar=`set_rcvar` # set some defaults : ${barnyard2_enable="NO"} @@ -68,4 +72,18 @@ command="/usr/local/bin/barnyard2" command_args="-c ${barnyard2_conf} ${barnyard2_flags}" -run_rc_command "$1" +load_rc_config $name + +if [ -n "${barnyard2_rules}" ];then + for i in ${barnyard2_rules}; do + echo -n "$i:" + eval barnyard2_flags=\$barnyard2_${i}_flags + eval pidfile=\$barnyard2_${i}_pidfile + eval barnyard2_conf=\$barnyard2_${i}_conf + command_args="-c $barnyard2_conf -D" + run_rc_command "$1" + done +else + run_rc_command "$1" +fi + >Release-Note: >Audit-Trail: >Unformatted:
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201108172009.p7HK93hb059560>