Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with
or
.
Download ZIP
Commits on Nov 30, 2012
Commits on Nov 29, 2012
Commits on Nov 28, 2012
  1. Merge pull request #55 from binf/PQPing_TEST

    authored
    Add: Added call to PQPing in  dbConnectionStatusPOSTGRESQL().
Commits on Nov 27, 2012
Commits on Nov 21, 2012
  1. @binf

    Add: Added call to PQPing in dbConnectionStatusPOSTGRESQL().

    binf authored
         This modification can allow to detect a dead VPN tunnel
         (Requested fix)
    Fix: configure directive disable_alert_on_each_packet_in_stream, will
         work properly.
Commits on Nov 9, 2012
Commits on Nov 7, 2012
  1. @binf

    fixed: conflict when cherry picking #51

    binf authored committed
Commits on Nov 4, 2012
  1. alert_unixsock: Add a sync mode, which requires the remote end to

    Martijn van Oosterhout authored committed
    acknowledge receipt.  This means in sync mode it requires a SOCK_SEQPACKET
    type socket instead of plain SOCK_DGRAM.  It also complains about failures
    during sending.
  2. alert_unixsock: Improve some error messages so it's clear which modul…

    Martijn van Oosterhout authored committed
    …e they came from.
  3. alert_unixsock: Get rid of global alertaddr by connecting to the sock…

    Martijn van Oosterhout authored committed
    …et at
    
    startup.  This should allow multiple sockets to be used at the same time.
    This also checks the socket name, whereas previously incorrect filenames
    were simply ignored.
  4. alert_unixsock: Allow the path to be configured. Move the configurati…

    Martijn van Oosterhout authored committed
    …on into
    
    the structure created for it.
  5. @dogbert2

    Add code to check return value from unlink()

    dogbert2 authored committed
    This patch adds a check to the unlink() call made in util.c, which is
    not currently done.  If the return value isn't zero, an error in
    unlinking or removing the file has occurred.  This new code adds the
    proper check, though I don't know if you want to add a different return
    value in case unlink() fails.
  6. @bradvoth

    Update Sguil output plugin (spo_sguil.c) to pull ip information from …

    bradvoth authored committed
    …the event data if a packet does not exist for the event
  7. @froschi

    Added a .gitignore file.

    froschi authored committed
    The barnyard2 repo sources exclude all of the files which result from the
    run of autogen.sh which is necessary before compilation. As a result,
    'git status' is cluttered with automatically generated files. The included
    .gitgnore file lets git ignore all those intermediates.
    
    Signed-off-by: Thorsten Fischer <thorsten@froschi.org>
  8. @jasonish

    Fix staged installs - use DESTDIR.

    jasonish authored committed
  9. Update spec file (see Feb 2 2012 spec changelog)

    Brent Woodruff authored committed
  10. updated: platypus plugin renamed to echidna and aligned to the new co…

    authored
    …mmand and sumbmission protocols.
Commits on Oct 28, 2012
  1. @binf

    Version 2-1.11

    binf authored
    Bumped: revision to 315
    
    Fix: enable alert-on-each-packet-in-stream by default, to disable use
         --disable-alert-on-each-packet-in-stream or use
         config disable_alert_on_each_packet_in_stream
    
    Fix: spo_database.c:
          Was never resolved shared object (SO_RULE) signature message.
    
    Fix: Call to GetSigByGidSid now use event revision and generate correct
         Snort Alert [gid:sid:rev] messages.
    
    Fix: spo_syslog_full
         i)  operation_mode complete display ip in doted notation instead
             of host alligned integers for alert_ and log_
         ii) Signature will also by default be prefixed with
             [gid:sid:rev] block
         iii) missing break statement that was causing the output plugin to
              output ALERT AND LOG in complete mode.
Commits on Oct 8, 2012
  1. @binf

    Minor bugfix and improvement

    binf authored
    Bumped revision to 313
    
    Fix: Enable compilation without error with --enable-ipv6
    
    Fix to spo_syslog_full
    Fix: operation_mode parsing (strcasecmp return value)
    Fix: defined values (literals instead of 0 and 1) for clarity.
    Fix: in complete mode used a } instead of a ] at one place in a output
    literal.
    Fix: Check for input data in spo_database.c where revision is 0, we do
    not log and we print messages
    Modified: Replaced WARNING database by INFO database so people are less
    alarmed when those pop-up.
Commits on Sep 24, 2012
  1. @jsiwek

    Fixes for the Bro output plugin.

    jsiwek authored committed
    - Update event/record names for identifiers that Bro uses in its
      Barnyard2 integration scripts.
    - Fix ICMP type/code byte ordering.
    - Fix segfault when an alert has no classification.
    - Fix for Broccoli expecting 64-bit count values.
    - Support for IPv6 addresses (needs Bro > v2.0).
Commits on Aug 30, 2012
  1. @binf

    Fixed typo in spo_alert_unixsock.c (memmmove -> memmove)

    binf authored
    Bumped revision to 310
  2. @dogbert2 @binf

    changed bzero() to memset()

    dogbert2 authored binf committed
    changed bzero() to memset() as bzero is deprecated.
    
    replaced bzero() with memset()
    
    replaced calls to bzero() with memset() as bzero is deprecated.
    
    replaced bcopy() with memmove()
    
    Replaced deprecated bcopy() with memmove(), memmove is guaranteed to
    work even if memory areas overlap, where as memcpy is designed so that
    the memory areas MUST not overlap.
    
    replaced bzero() with memset()
    
    Replaced bzero() with memset() as bzero is deprecated.
    
    replaced bzero() with memset()
    
    changed bzero() which is deprecated to memset().
    
    replaced deprecated function calls
    
    replaced bzero() with memset() and
    bcopy() with memmove().
    
    changed bzero to memset
    
    changed bzero() to memset in #define, bzero deprecated.
    
    replaced bzero() with memset()
    
    replaced bzero() with memset() as bzero is deprecated.
    
    changed function prototype
    
    corrected function prototype for PlatypusAgentReceive to match actual
    function later in file.
    
    corrected function prototype and deprecated calls
    
    changed function prototype for SguilRecvAgentMsg() and changed bzero()
    to memset() as bzero() is deprecated
    
    replaced bzero() with memset()
    
    replaced bzero() with memset() since bzero() is deprecated.
  3. @binf

    -Fix: Lightened dbProcessSignatureInformation and fixed logical issue

    binf authored
    -Bumped: Build to 309
    
    Fix sguil compile issue
Commits on Aug 28, 2012
  1. @binf

    -Fix: Allowed to run with an empty classification.config file as long…

    binf authored
    … as there is data in the database
    
    -Bumped version to 208
  2. @binf

    -Fix: Removed a call to snort_escape_static() in reference populate d…

    binf authored
    …atabase that was leading to a missleading reference compare/insertion and a grow on the reference table.
    
    -Fix: Modified the sigref code so i is smarter and more tolerant to changes of order of reference etc.
    -Bumped revision to 307
Commits on Aug 27, 2012
  1. @binf

    Add: After initialization, free unused cache memory (reference and sy…

    binf authored
    …stem and sigref)
    
    Fix: Signature will now heritate message from latest revision if it exist in cache instead of Snort Alert [gid:sid:rev]
    Fix: Balance reference for signature with same gid:sid and different revision (no logic, raw compare, need to be present in file (sid-msg.map)
    Bumped build to 306.
Commits on Aug 20, 2012
  1. @binf

    Rel version 2-1.10 Build 305

    binf authored
    -Fix: Compilation Warning.
    -Fix: Spooler behavior (ISSUE 9 merge error?)
    -Fix: Stack overwriting in spo_database.c
    -Fix: Potential heap overwriting in spo_database.c
  2. @binf

    -Upd: Build Version

    binf authored
    -Add: SCHEMA_ACCESS for instruction on database schema requirements
    -Add: SQL escaping code check for reference tag name.
    -Fix: will not insert sig_ref for ""internal"" signature
    -Fix: will not fail when there is no reference present in sid-msg.map file.
    -Fix: spo_database.c typo in if (define) for postgresql
    -Fix: max cache events bumped to 256
    -Fix: for compilation without libpcap libraries
    -Fix: compilation issue with Postgresql (Define error)
    -Fix: Database Compilation Warning (Header re-use issue)
    -Fix: Postgresql Encoding issue.
Commits on Jun 1, 2012
  1. @binf

    This commit fixes a few logical issue handling signature and cache data.

    binf authored
    No signature data is commited to the database if it has a revision of 0 (initialized form file, beside preprocessor)
    
    This fixes some issue regarding uninitialized signature being logged.
    A few assert() call have been added. If you hit a bugcheck and use this branch, let us know.
    
    Addmentum: This commit contain ODBC code that is not ready for deployment.
Commits on May 31, 2012
  1. @binf
  2. @binf

    Rebase commit (incomplete fix)

    binf authored
Commits on May 24, 2012
  1. @binf
Something went wrong with that request. Please try again.