Barnyard is a critical tool for the parsing of Snort's unified binary files,

processing and on-forwarding to a variety of output plugins. Unfortunately
it has not seen an updated in over 4 years and is not going to be maintained
by the original developers. With the new version of the unified format
(ie. unified2) arriving we need something to bridge this gap.

The SXL team love barnyard. So much so that we want it to stay and have been
tinkering around with the code to give it a breath of new life. Here is what
we have achieved to far for this reinvigorated code base:

    * Parsing of the new unified2 log files.
    * Maintaining majority of the command syntax of barnyard.
    * Addressed all associated bug reports and feature requests arising since
		barnyard-0.2.0.
    * Completely rewritten code based on the GPLv2 Snort making it entirely
		GPLv2.

This is an effort to fuse the awesome work of Snort and the original concept
of barnyard giving it a fresh update along the way. We've come a long way so
far and have a very stable build that we've integrated into our NSMnow
framework.  If you have any feature requests, bugs or gripes then send them
our way.

WWW: http://www.securixlive.com/barnyard2/

PR:		138326
Submitted by:	Paul Schmehl <pauls@utdallas.edu>

security/Makefile

@@ -29,6 +29,7 @@
     SUBDIR += autossh
     SUBDIR += avcheck
     SUBDIR += barnyard
+    SUBDIR += barnyard2
     SUBDIR += barnyard-sguil
     SUBDIR += base
     SUBDIR += bcrypt

security/barnyard2/Makefile

@@ -0,0 +1,57 @@
+# New ports collection makefile for:	barnyard2
+# Date created:				28 Aug 2009
+# Whom:					pauls
+#
+# $FreeBSD$
+#
+
+PORTNAME=	barnyard2
+PORTVERSION=	1.6
+CATEGORIES=	security
+MASTER_SITES=	http://www.securixlive.com/download/barnyard2/
+
+MAINTAINER=	pauls@utdallas.edu
+COMMENT=	An output system for Snort that parses unified2 files
+
+RUN_DEPENDS+=	${LOCALBASE}/bin/snort:${PORTSDIR}/security/snort
+
+OPTIONS=	MYSQL "Enable MySQL support" on \
+		POSTGRESQL "Enable PostgreSQL support" off
+
+USE_RC_SUBR=	barnyard2.sh
+GNU_CONFIGURE=	yes
+CONFIGURE_ENV=	LDFLAGS="${LDFLAGS}"
+SUB_FILES=	pkg-message
+
+PORTDOCS=	INSTALL	README README.aruba README.database README.sguil
+
+.include <bsd.port.pre.mk>
+
+.if defined(WITH_MYSQL)
+USE_MYSQL=		yes
+CONFIGURE_ARGS+=	--with-mysql \
+			--with-mysql-includes=${LOCALBASE}/include/mysql \
+			--with-mysql-libraries=${LOCALBASE}/lib/mysql
+.endif
+
+.if defined(WITH_POSTGRESQL)
+USE_PGSQL=		yes
+CONFIGURE_ARGS+=	--with-postgresql
+.endif
+
+post-install:
+
+.for f in barnyard2.conf
+	${INSTALL_DATA} ${WRKSRC}/etc/${f} ${PREFIX}/etc/${f}-sample
+	[ -f ${PREFIX}/etc/${f} ] || \
+	${INSTALL_DATA} ${WRKSRC}/etc/${f} ${PREFIX}/etc/${f}
+.endfor
+.if !defined(NOPORTDOCS)
+	@${MKDIR} ${DOCSDIR}
+#	cd ${WRKSRC} && ${INSTALL_DATA} ${DOCS} ${DOCSDIR}
+	cd ${WRKSRC}/doc && ${INSTALL_DATA} ${PORTDOCS} ${DOCSDIR}
+.endif
+
+	@${CAT} ${PKGMESSAGE}
+
+.include <bsd.port.post.mk>

security/barnyard2/distinfo

@@ -0,0 +1,3 @@
+MD5 (barnyard2-1.6.tar.gz) = fe49fae09f585677af7dda53f3f4bedf
+SHA256 (barnyard2-1.6.tar.gz) = c8b9b58d48b420634c502d27f21cbdaf42df0205abeb2970f9ee7e114744433b
+SIZE (barnyard2-1.6.tar.gz) = 631471

security/barnyard2/files/barnyard2.sh.in

@@ -0,0 +1,71 @@
+#!/bin/sh
+# 
+
+# PROVIDE: barnyard2
+# REQUIRE: DAEMON
+# BEFORE: LOGIN
+# KEYWORD: shutdown
+
+# Add the following lines to /etc/rc.conf to enable barnyard2:
+# barnyard2_enable (bool):	Set to YES to enable barnyard2
+# 				Default: NO
+# barnyard2_flags (str):		Extra flags passed to barnyard2
+#				Default: -D
+# barnyard2_conf (str):		Barnyard configuration file
+#				Default: %%PREFIX%%/etc/barnyard2.conf
+#
+# USAGE: barnyard2 [-options]
+#
+# General Options:
+#        -?         Show this information
+#        -c <file>  Use configuration file <file>
+#        -g <gname> Run barnyard gid as <gname> group (or gid) after initialization
+#        -m <umask> Set umask = <umask>
+#        -q         Quiet. Don't show banner and status report
+#        -u <uname> Run barnyard uid as <uname> user (or uid) after initialization
+#        -v         Be verbose
+#        -C <file>  Read the classification map from <file>
+#        -D         Run barnyard in background (daemon) mode
+#        -G <file>  Read the gen-msg map from <file>
+#        -L <dir>   Write output files in <dir>
+#        -R <file>  Read the reference map from <file>
+#        -S <file>  Read the sid-msg map from <file>
+#        -T         Test and report on the current configuration
+#        -U         Use UTC for timestamps
+#        -V         Show version and exit
+#
+# Continual Processing Options:
+#        -a <dir>   Archive processed files to <dir>
+#        -f <base>  Use <base> as the base filename pattern
+#        -d <dir>   Spool files from <dir>
+#        -n         Only process new events
+#        -w <file>  Enable bookmarking using <file>
+#
+# Batch Processing Mode Options:
+#        -o         Enable batch processing mode
+#
+# Longname options and their corresponding single char version
+#   --reference <file>              Same as -R
+#   --classification <file>         Same as -C
+#   --gen-msg <file>                Same as -G
+#   --sid-msg <file>                Same as -S
+#   --pid-path <path>               Specify the path for the barnyard PID file
+#   --create-pidfile                Create PID file, even when not in Daemon mode
+#   --nolock-pidfile                Do not try to lock barnyard PID file
+#   --help                          Same as -?
+#   --version                       Same as -V
+
+. %%RC_SUBR%%
+
+name="barnyard2"
+load_rc_config $name
+rcvar=`set_rcvar`
+# set some defaults
+: ${barnyard2_enable="NO"}
+: ${barnyard2_conf="%%PREFIX%%/etc/barnyard2.conf"}
+: ${barnyard2_flags="-D"}
+
+command="%%PREFIX%%/bin/barnyard2"
+command_args="-c ${barnyard2_conf} ${barnyard2_flags}"
+
+run_rc_command "$1"

security/barnyard2/files/pkg-message.in

@@ -0,0 +1,14 @@
+************************************************************************
+ 
+Read the notes in the barnyard2.conf file for how to configure 
+%%PREFIX%%/etc/barnyard2.conf after installation.  For addtional information
+see the Securixlive FAQ at http://www.securixlive.com/barnyard2/faq.php.
+
+In order to enable barnyard2 to start on boot, you must edit /etc/rc.conf 
+with the appropriate flags, etc.  See the FreeBSD Handbook for syntax:
+http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/configtuning-rcng.html
+
+For the various options available, type % barnyard2 -h after install or read
+the options in the startup script - in %%PREFIX%%/etc/rc.d.
+
+************************************************************************

security/barnyard2/pkg-descr

@@ -0,0 +1,24 @@
+Barnyard is a critical tool for the parsing of Snort's unified binary files,
+processing and on-forwarding to a variety of output plugins. Unfortunately
+it has not seen an updated in over 4 years and is not going to be maintained
+by the original developers. With the new version of the unified format
+(ie. unified2) arriving we need something to bridge this gap.
+
+The SXL team love barnyard. So much so that we want it to stay and have been
+tinkering around with the code to give it a breath of new life. Here is what
+we have achieved to far for this reinvigorated code base:
+
+    * Parsing of the new unified2 log files.
+    * Maintaining majority of the command syntax of barnyard.
+    * Addressed all associated bug reports and feature requests arising since
+		barnyard-0.2.0.
+    * Completely rewritten code based on the GPLv2 Snort making it entirely
+		GPLv2.
+
+This is an effort to fuse the awesome work of Snort and the original concept
+of barnyard giving it a fresh update along the way. We've come a long way so
+far and have a very stable build that we've integrated into our NSMnow
+framework.  If you have any feature requests, bugs or gripes then send them
+our way.
+
+WWW: http://www.securixlive.com/barnyard2/

security/barnyard2/pkg-plist

@@ -0,0 +1,4 @@
+bin/barnyard2
+@unexec if [ -f %D/etc/barnyard2.conf ] && cmp -s %D/etc/barnyard2.conf %D/etc/barnyard2.conf-sample; then rm -f %D/etc/barnyard2.conf; fi
+etc/barnyard2.conf-sample
+@exec if [ ! -f %D/etc/barnyard2.conf ] ; then cp -p %D/%F %B/barnyard2.conf; fi