From owner-freebsd-ports-bugs@FreeBSD.ORG Wed Aug 17 20:10:08 2011 Return-Path: Delivered-To: freebsd-ports-bugs@hub.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id BBCFB1065674 for ; Wed, 17 Aug 2011 20:10:08 +0000 (UTC) (envelope-from gnats@FreeBSD.org) Received: from freefall.freebsd.org (freefall.freebsd.org [IPv6:2001:4f8:fff6::28]) by mx1.freebsd.org (Postfix) with ESMTP id 9A0C38FC12 for ; Wed, 17 Aug 2011 20:10:08 +0000 (UTC) Received: from freefall.freebsd.org (localhost [127.0.0.1]) by freefall.freebsd.org (8.14.4/8.14.4) with ESMTP id p7HKA82c044707 for ; Wed, 17 Aug 2011 20:10:08 GMT (envelope-from gnats@freefall.freebsd.org) Received: (from gnats@localhost) by freefall.freebsd.org (8.14.4/8.14.4/Submit) id p7HKA87X044706; Wed, 17 Aug 2011 20:10:08 GMT (envelope-from gnats) Resent-Date: Wed, 17 Aug 2011 20:10:08 GMT Resent-Message-Id: <201108172010.p7HKA87X044706@freefall.freebsd.org> Resent-From: FreeBSD-gnats-submit@FreeBSD.org (GNATS Filer) Resent-To: freebsd-ports-bugs@FreeBSD.org Resent-Reply-To: FreeBSD-gnats-submit@FreeBSD.org, Michael Scheidell Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id E89F8106564A for ; Wed, 17 Aug 2011 20:09:03 +0000 (UTC) (envelope-from nobody@FreeBSD.org) Received: from red.freebsd.org (red.freebsd.org [IPv6:2001:4f8:fff6::22]) by mx1.freebsd.org (Postfix) with ESMTP id C00458FC1A for ; Wed, 17 Aug 2011 20:09:03 +0000 (UTC) Received: from red.freebsd.org (localhost [127.0.0.1]) by red.freebsd.org (8.14.4/8.14.4) with ESMTP id p7HK93vQ059561 for ; Wed, 17 Aug 2011 20:09:03 GMT (envelope-from nobody@red.freebsd.org) Received: (from nobody@localhost) by red.freebsd.org (8.14.4/8.14.4/Submit) id p7HK93hb059560; Wed, 17 Aug 2011 20:09:03 GMT (envelope-from nobody) Message-Id: <201108172009.p7HK93hb059560@red.freebsd.org> Date: Wed, 17 Aug 2011 20:09:03 GMT From: Michael Scheidell To: freebsd-gnats-submit@FreeBSD.org X-Send-Pr-Version: www-3.1 Cc: Subject: ports/159845: add multi-conf file to security/barnyard2 X-BeenThere: freebsd-ports-bugs@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Ports bug reports List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 17 Aug 2011 20:10:08 -0000 >Number: 159845 >Category: ports >Synopsis: add multi-conf file to security/barnyard2 >Confidential: no >Severity: non-critical >Priority: low >Responsible: freebsd-ports-bugs >State: open >Quarter: >Keywords: >Date-Required: >Class: change-request >Submitter-Id: current-users >Arrival-Date: Wed Aug 17 20:10:08 UTC 2011 >Closed-Date: >Last-Modified: >Originator: Michael Scheidell >Release: lots of them >Organization: SECNAP Network Security >Environment: 7.3 amd, 8.x* >Description: (paul: long time no hear...) to preface, I am a port maintainer myself and sometimes have to reject changes that are NOT upward compatible, and/or don't make sense, except for very specific instances, so, if you don't like this, don't put it in. I don't think it needs a portsversion bump, since it doesn't 'fix' anything, it just adds the ability to have multiple barnyard2 instances running. (I will work on snort next) I took as a template, the work that swatch did on multiple copies of swatch running. in THEORY, if someone does not 'enable' multiple barnyard2.conf's with the rc.conf line: barnyard2_rules="1 2" (or "lan wan"), it should act just like old version. But, this looks like it can give you the ability to have arbitrary barnyard2_${i}.conf files, and in many of our locations, we use 'lan wan' this patch should allow this >How-To-Repeat: have a complex set of barnyard2_*.conf files. >Fix: this patch, and add this to rc.conf: to enable in rc: (for a barnyard2_wan.conf and barnyard2_lan.conf) barnyard2_rules="lan wan" barnyard2_lan_pidfile="/var/run/barnyard2_lan.pid" barnyard2_lan_conf="/etc/snort/barnyard2_lan.conf" barnyard2_lan_flags="-d /var/log/snort_lan -n -f log -l /var/log/snort_lan \ -w /var/log/snort_lan/waldo.log -a /var/log/snort_lan/tmp \ --nolock-pidfile" barnyard2_wan_pidfile="/var/run/barnyard2_wan.pid" barnyard2_wan_conf="/etc/snort/barnyard2_wan.conf" barnyard2_wan_flags="-d /var/log/snort_wan -n -f log -l /var/log/snort_wan \ -w /var/log/snort_wan/waldo.log -a /var/log/snort_wan/tmp \ --nolock-pidfile" Patch attached with submission follows: --- barnyard2 2011-07-21 15:37:56.000000000 -0400 +++ barnyard2.new 2011-08-17 15:44:59.000000000 -0400 @@ -13,6 +13,11 @@ # Default: -D # barnyard2_conf (str): Barnyard configuration file # Default: /usr/local/etc/barnyard2.conf +# optional, multi-barnyard: +# barnyard2_rules="1 2 3" +# barnyard2_1_flags="-D" +# barnyard2_1_pidfile="" +# #$command $flags $args # # USAGE: barnyard2 [-options] # @@ -58,7 +63,6 @@ . /etc/rc.subr name="barnyard2" -load_rc_config $name rcvar=`set_rcvar` # set some defaults : ${barnyard2_enable="NO"} @@ -68,4 +72,18 @@ command="/usr/local/bin/barnyard2" command_args="-c ${barnyard2_conf} ${barnyard2_flags}" -run_rc_command "$1" +load_rc_config $name + +if [ -n "${barnyard2_rules}" ];then + for i in ${barnyard2_rules}; do + echo -n "$i:" + eval barnyard2_flags=\$barnyard2_${i}_flags + eval pidfile=\$barnyard2_${i}_pidfile + eval barnyard2_conf=\$barnyard2_${i}_conf + command_args="-c $barnyard2_conf -D" + run_rc_command "$1" + done +else + run_rc_command "$1" +fi + >Release-Note: >Audit-Trail: >Unformatted: