Wednesday, December 28, 2005

Manually Patching Barnyard Package

I'm currently working on a VM image of FreeBSD 6.0 with cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 components needed for a demonstration Sguil sensor, server, and database deployment. I'm using a minimal FreeBSD installation; /usr, for example, began at 100 MB.

I intend to install as many Sguil components as possible using precompiled packages. Unfortunately, cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 Barnyard package used to read Snort unified output spool files does not contain support for cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 latest version of Sguil. To deal with this problem, I am creating a custom Sguil package.

I'm not building cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 package on cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 host that will eventually run Barnyard. That host, gruden, does not have a compiler and ocá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365r development tools. Instead I'm working on cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 package on anocá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365r FreeBSD 6.0/i386 host, sguilref. First I see what packages Barnyard needs to build.

sguilref:/usr/ports/security/barnyard# make pretty-print-build-depends-list
This port requires package(s) "autoconf-2.59_2 m4-1.4.3 perl-5.8.7" to build.

I know sguilref has cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365se packages already installed, so I am ready to start. First I retrieve cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 source code with 'make fetch'.

sguilref:/usr/ports/security/barnyard# make fetch
===> WARNING: Vulnerability database out of date, checking anyway
===> Found saved configuration for barnyard-0.2.0
=> barnyard-0.2.0.tar.gz doesn't seem to exist in /usr/ports/distfiles/.
=> Attempting to fetch from http://heanet.dl.sourceforge.net/sourceforge/barnyard/.
barnyard-0.2.0.tar.gz 100% of 157 kB 107 kBps

Now I extract it.

sguilref:/usr/ports/security/barnyard# make extract
===> WARNING: Vulnerability database out of date, checking anyway
===> Found saved configuration for barnyard-0.2.0
===> Extracting for barnyard-0.2.0
=> MD5 Checksum OK for barnyard-0.2.0.tar.gz.
=> No SHA256 checksum recorded for barnyard-0.2.0.tar.gz.

At this point I need to edit cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 Makefile. I make a copy called Makefile.orig for reference. Then I edit cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 Makefile to include a new option, WITH_SGUIL, that I will be able to use when invoking 'make'. You can see cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 contents of cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 new Makefile with cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 diff command.

sguilref:/usr/ports/security/barnyard# diff -u Makefile.orig Makefile
--- Makefile.orig Wed Dec 28 11:30:24 2005
+++ Makefile Wed Dec 28 11:34:05 2005
@@ -18,7 +18,8 @@
RUN_DEPENDS= ${LOCALBASE}/bin/snort:${PORTSDIR}/security/snort

OPTIONS= MYSQL "Enable MySQL support" off - POSTGRESQL "Enable PostgreSQL support" off
+ POSTGRESQL "Enable PostgreSQL support" off + SGUIL "Enable Sguil support" off

USE_AUTOCONF_VER= 259
USE_AUTOHEADER_VER= 259
@@ -43,6 +44,11 @@
.if defined(WITH_POSTGRESQL)
USE_PGSQL= yes
CONFIGURE_ARGS+= --enable-postgres
+.endif
+
+.if defined(WITH_SGUIL)
+USE_SGUIL= yes
+CONFIGURE_ARGS+= --enable-tcl --with-tcl=/usr/local/lib/tcl8.4
.endif

post-patch:

Now I am ready to copy cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 patches from my Sguil source distribution.

sguilref:/usr/ports/security/barnyard# cd work/barnyard-0.2.0
sguilref:/usr/ports/security/barnyard/work/barnyard-0.2.0# cp
/usr/local/src/sguil-0.6.0p1/sensor/barnyard_mods/op_sguil.* src/output-plugins/
sguilref:/usr/ports/security/barnyard/work/barnyard-0.2.0# cp
/usr/local/src/sguil-0.6.0p1/sensor/barnyard_mods/configure.in .

Now I can apply those patches.

sguilref:/usr/ports/security/barnyard/work/barnyard-0.2.0# cd src/output-plugins/
sguilref:/usr/ports/security/barnyard/work/barnyard-0.2.0/src/output-plugins# patch
-p0 < /usr/local/src/sguil-0.6.0p1/sensor/barnyard_mods/op_plugbase.c.patch
Hmm... Looks like a new-style context diff to me...
The text leading up to this was:
--------------------------
|*** op_plugbase.c.old Sun Mar 28 18:14:19 2004
|--- op_plugbase.c Mon Apr 4 10:39:54 2005
--------------------------
Patching file op_plugbase.c using Plan A...
Hunk #1 succeeded at 27.
Hunk #2 succeeded at 47.
done

With cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 right files patched, I can make a custom Barnyard package.

sguilref:/usr/ports/security/barnyard/work/barnyard-0.2.0/src/output-plugins# cd ../../../..
sguilref:/usr/ports/security/barnyard# make package WITH_SGUIL=yes
===> Patching for barnyard-0.2.0
===> Applying FreeBSD patches for barnyard-0.2.0
===> barnyard-0.2.0 depends on file: /usr/local/bin/autoconf259 - found
===> Configuring for barnyard-0.2.0
...edited...
checking for tclsh8.4... tclsh8.4
checking for cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 tcl version number... 8.4, patchlevel .11
...edited...
===> Registering installation for barnyard-0.2.0
===> Building package for barnyard-0.2.0
Creating package /usr/ports/packages/All/barnyard-0.2.0.tbz
Registering depends: snort-2.4.3_1 pcre-6.4.
Creating bzip'd tar ball in '/usr/ports/packages/All/barnyard-0.2.0.tbz'

Now I have a custom Barnyard package in /usr/ports/packages/All/barnyard-0.2.0.tbz. The last step is to see what packages Barnyard needs when it runs.

sguilref:/usr/ports/security/barnyard# make pretty-print-run-depends-list
This port requires package(s) "pcre-6.4 snort-2.4.3_1" to run.

I know that pcre-6.4 and snort-2.4.3_1 will be installed when I put Snort on this system. That means I can do a 'pkg_add barnyard-0.2.0.tbz' and cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 process will only look for pcre-6.4 and snort-2.4.3_1, which will be installed prior to Barnyard.

I plan to submit cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365se steps to cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 Barnyard package maintainer to see if he might be able to get cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365m merged.

No comments: