diff options
-rw-r--r-- | security/barnyard-sguil/files/patch-barnyard.conf | 150 | ||||
-rw-r--r-- | security/barnyard-sguil6/files/patch-barnyard.conf | 150 |
2 files changed, 300 insertions, 0 deletions
diff --git a/security/barnyard-sguil/files/patch-barnyard.conf b/security/barnyard-sguil/files/patch-barnyard.conf new file mode 100644 index 000000000000..cd1038bdd608 --- /dev/null +++ b/security/barnyard-sguil/files/patch-barnyard.conf @@ -0,0 +1,150 @@ +--- etc/barnyard.conf.orig Sat May 1 11:43:29 2004 ++++ etc/barnyard.conf Mon Jan 15 15:16:57 2007 +@@ -1,139 +1,22 @@ + #------------------------------------------------------------- +-# http://www.snort.org Barnyard 0.1.0 configuration file ++# http://www.snort.org Barnyard 0.2.0 configuration file + # Contact: snort-barnyard@lists.sourceforge.net + #------------------------------------------------------------- + # $Id: barnyard.conf,v 1.9 2004/05/01 16:43:29 andrewbaker Exp $ + ######################################################## +-# Currently you want to do two things in here: turn on +-# available data processors and turn on output plugins. +-# The data processors (dp's) and output plugin's (op's) +-# automatically associate with each other by type and +-# are automatically selected at run time depending on +-# the type of file you try to load. ++# This config is to be used ONLY for barnyard-sguil6 and ++# will not work for other uses of barnyard such as base ++# because it is missing many of the configuration options ++# that are required for other uses. The requirements for ++# barnyard use with sguil 0.6.0 and above are minimal. + ######################################################## + + # Step 1: configuration declarations +-# To keep from having a commandline that uses every letter in the alphabet +-# most configuration options are set here +- +-# enable daemon mode +-# config daemon +- + # use localtime instead of UTC (*not* recommended because of timewarps) +-#config localtime +- +-# set the hostname (currently only used for the acid db output plugin) +-config hostname: snorthost +- +-# set the interface name (currently only used for the acid db output plugin) +-config interface: fxp0 +- +-# set the filter (currently only used for the acid db output plugin) +-config filter: not port 22 +- +-# Step 2: setup the output plugins +- +-# alert_fast +-#----------------------------- +-# Converts data from the dp_alert plugin into an approximation of Snort's +-# "fast alert" mode. Argument: <filename> +- +-output alert_fast +- +-# log_dump +-#----------------------------- +-# Converts data from the dp_log plugin into an approximation of Snort's +-# "ASCII packet dump" mode. Argument: <filename> +- +-output log_dump +- +-# alert_csv (experimental) +-#--------------------------- +-# Creates a CSV output file of alerts (optionally using a user specified format) +-# Arguments: filepath [format] +-# +-# The format is a comma-seperated list of fields to output (no spaces allowed) +-# The available fields are: +-# sig_gen - signature generator +-# sig_id - signature id +-# sig_rev - signatrue revision +-# sid - SID triplet +-# class - class id +-# classname - textual name of class +-# priority - priority id +-# event_id - event id +-# event_reference - event reference +-# ref_tv_sec - reference seconds +-# ref_tv_usec - reference microseconds +-# tv_sec - event seconds +-# tv_usec - event microseconds +-# timestamp - prettified timestamp (2001-01-01 01:02:03) in UTC +-# src - src address as a u_int32_t +-# srcip - src address as a dotted quad +-# dst - dst address as a u_int32_t +-# dstip - dst address as a dotted quad +-# sport_itype - source port or ICMP type (or 0) +-# sport - source port (if UDP or TCP) +-# itype - ICMP type (if ICMP) +-# dport_icode - dest port or ICMP code (or 0) +-# dport - dest port +-# icode - ICMP code (if ICMP) +-# proto - protocol number +-# protoname - protocol name +-# flags - flags from UnifiedAlertRecord +-# msg - message text +-# hostname - hostname (from barnyard.conf) +-# interface - interface (from barnyard.conf) +-# +-# Examples: +-# output alert_csv: /var/log/snort/csv.out +-# output alert_csv: /var/log/snort/csv.out timestamp,msg,srcip,sport,dstip,dport,protoname,itype,icode +-# output alert_csv: csv.out timestamp,msg,srcip,sport,dstip,dport,protoname,itype,icode +- +- +-# alert_syslog +-#----------------------------- +-# Converts data from the alert stream into an approximation of Snort's +-# syslog alert output plugin. Same arguments as the output plugin in snort. +- +-#output alert_syslog +- +-# alert_syslog2 +-#------------------------------- +-# Generates a syslog alert. This supports considerably more features than +-# the original syslog output plugin. +-# +-# output alert_syslog2 ++# config localtime + +-# log_pcap +-#----------------------------- +-# Converts data from the dp_log plugin into standard pcap format +-# Argument: <filename> +- +-#output log_pcap +- +-# acid_db +-#------------------------------- +-# Available as both a log and alert output plugin. Used to output data into +-# the db schema used by ACID +-# Arguments: +-# $db_flavor - what flavor of database (ie, mysql) +-# sensor_id $sensor_id - integer sensor id to insert data as +-# database $database - name of the database +-# server $server - server the database is located on +-# user $user - username to connect to the database as +-# password $password - password for database authentication +-# output alert_acid_db: mysql, sensor_id 1, database snort, server localhost, user root +-# output log_acid_db: mysql, database snort, server localhost, user root, detail full +- + # sguil +-#---- + # This output plug-in is used to generate output for use with the SGUIL user + # interface. To learn more about SGUIL, go to http://sguil.sourceforge.net + # +-#output sguil: mysql, sensor_id 0, database sguildb, server syn, user root,\ +-# password dbpasswd, sguild_host syn, sguild_port 7736 +- +- +- +- ++output sguil diff --git a/security/barnyard-sguil6/files/patch-barnyard.conf b/security/barnyard-sguil6/files/patch-barnyard.conf new file mode 100644 index 000000000000..cd1038bdd608 --- /dev/null +++ b/security/barnyard-sguil6/files/patch-barnyard.conf @@ -0,0 +1,150 @@ +--- etc/barnyard.conf.orig Sat May 1 11:43:29 2004 ++++ etc/barnyard.conf Mon Jan 15 15:16:57 2007 +@@ -1,139 +1,22 @@ + #------------------------------------------------------------- +-# http://www.snort.org Barnyard 0.1.0 configuration file ++# http://www.snort.org Barnyard 0.2.0 configuration file + # Contact: snort-barnyard@lists.sourceforge.net + #------------------------------------------------------------- + # $Id: barnyard.conf,v 1.9 2004/05/01 16:43:29 andrewbaker Exp $ + ######################################################## +-# Currently you want to do two things in here: turn on +-# available data processors and turn on output plugins. +-# The data processors (dp's) and output plugin's (op's) +-# automatically associate with each other by type and +-# are automatically selected at run time depending on +-# the type of file you try to load. ++# This config is to be used ONLY for barnyard-sguil6 and ++# will not work for other uses of barnyard such as base ++# because it is missing many of the configuration options ++# that are required for other uses. The requirements for ++# barnyard use with sguil 0.6.0 and above are minimal. + ######################################################## + + # Step 1: configuration declarations +-# To keep from having a commandline that uses every letter in the alphabet +-# most configuration options are set here +- +-# enable daemon mode +-# config daemon +- + # use localtime instead of UTC (*not* recommended because of timewarps) +-#config localtime +- +-# set the hostname (currently only used for the acid db output plugin) +-config hostname: snorthost +- +-# set the interface name (currently only used for the acid db output plugin) +-config interface: fxp0 +- +-# set the filter (currently only used for the acid db output plugin) +-config filter: not port 22 +- +-# Step 2: setup the output plugins +- +-# alert_fast +-#----------------------------- +-# Converts data from the dp_alert plugin into an approximation of Snort's +-# "fast alert" mode. Argument: <filename> +- +-output alert_fast +- +-# log_dump +-#----------------------------- +-# Converts data from the dp_log plugin into an approximation of Snort's +-# "ASCII packet dump" mode. Argument: <filename> +- +-output log_dump +- +-# alert_csv (experimental) +-#--------------------------- +-# Creates a CSV output file of alerts (optionally using a user specified format) +-# Arguments: filepath [format] +-# +-# The format is a comma-seperated list of fields to output (no spaces allowed) +-# The available fields are: +-# sig_gen - signature generator +-# sig_id - signature id +-# sig_rev - signatrue revision +-# sid - SID triplet +-# class - class id +-# classname - textual name of class +-# priority - priority id +-# event_id - event id +-# event_reference - event reference +-# ref_tv_sec - reference seconds +-# ref_tv_usec - reference microseconds +-# tv_sec - event seconds +-# tv_usec - event microseconds +-# timestamp - prettified timestamp (2001-01-01 01:02:03) in UTC +-# src - src address as a u_int32_t +-# srcip - src address as a dotted quad +-# dst - dst address as a u_int32_t +-# dstip - dst address as a dotted quad +-# sport_itype - source port or ICMP type (or 0) +-# sport - source port (if UDP or TCP) +-# itype - ICMP type (if ICMP) +-# dport_icode - dest port or ICMP code (or 0) +-# dport - dest port +-# icode - ICMP code (if ICMP) +-# proto - protocol number +-# protoname - protocol name +-# flags - flags from UnifiedAlertRecord +-# msg - message text +-# hostname - hostname (from barnyard.conf) +-# interface - interface (from barnyard.conf) +-# +-# Examples: +-# output alert_csv: /var/log/snort/csv.out +-# output alert_csv: /var/log/snort/csv.out timestamp,msg,srcip,sport,dstip,dport,protoname,itype,icode +-# output alert_csv: csv.out timestamp,msg,srcip,sport,dstip,dport,protoname,itype,icode +- +- +-# alert_syslog +-#----------------------------- +-# Converts data from the alert stream into an approximation of Snort's +-# syslog alert output plugin. Same arguments as the output plugin in snort. +- +-#output alert_syslog +- +-# alert_syslog2 +-#------------------------------- +-# Generates a syslog alert. This supports considerably more features than +-# the original syslog output plugin. +-# +-# output alert_syslog2 ++# config localtime + +-# log_pcap +-#----------------------------- +-# Converts data from the dp_log plugin into standard pcap format +-# Argument: <filename> +- +-#output log_pcap +- +-# acid_db +-#------------------------------- +-# Available as both a log and alert output plugin. Used to output data into +-# the db schema used by ACID +-# Arguments: +-# $db_flavor - what flavor of database (ie, mysql) +-# sensor_id $sensor_id - integer sensor id to insert data as +-# database $database - name of the database +-# server $server - server the database is located on +-# user $user - username to connect to the database as +-# password $password - password for database authentication +-# output alert_acid_db: mysql, sensor_id 1, database snort, server localhost, user root +-# output log_acid_db: mysql, database snort, server localhost, user root, detail full +- + # sguil +-#---- + # This output plug-in is used to generate output for use with the SGUIL user + # interface. To learn more about SGUIL, go to http://sguil.sourceforge.net + # +-#output sguil: mysql, sensor_id 0, database sguildb, server syn, user root,\ +-# password dbpasswd, sguild_host syn, sguild_port 7736 +- +- +- +- ++output sguil |