Remove barnyard2 integration scripts

2025-10-02 06:38:20 +00:00 · 2022-08-19 11:11:04 +02:00 · 2022-08-19 11:11:04 +02:00 · 78beecf37d
commit 78beecf37d
parent b20f2b5b98
8 changed files with 9 additions and 101 deletions
--- a/8
+++ b/8
@ -47,6 +47,9 @@ Breaking Changes
  continue to represent the total number across all connections seen by the
  current instance of Zeek.

+- The barnyard2 policy scripts have been removed. The integration in the
+  Barnyard2 project uses Broccoli, which had been removed with Zeek 3.0
+  and it's assumed there have been no users.

 New Functionality
 -----------------
@ -111,6 +114,11 @@ Changed Functionality
  This prevents callbacks into script-land through change handlers when parts
  of the environment have already been torn down.

+Removed Functionality
+---------------------
+
+- The barnyard2 policy scripts have been removed.
+
 Deprecated Functionality
 ------------------------

--- a/2
+++ b/2
@ -1 +1 @@
-Subproject commit 79238280e1a29ab232af84e4bed354ae37c7e6f6
+Subproject commit 497bcf29bc7bec2ef4eb076c8e4364ff45078858
--- a/scripts/policy/integration/barnyard2/README
+++ b/scripts/policy/integration/barnyard2/README
@ -1 +0,0 @@
-Integration with Barnyard2.
--- a/scripts/policy/integration/barnyard2/load.zeek
+++ b/scripts/policy/integration/barnyard2/load.zeek
@ -1,2 +0,0 @@
-@load ./types
-@load ./main
--- a/scripts/policy/integration/barnyard2/main.zeek
+++ b/scripts/policy/integration/barnyard2/main.zeek
@ -1,61 +0,0 @@
-##! This script lets Barnyard2 integrate with Zeek.  It receives alerts from
-##! Barnyard2 and logs them.  In the future it will do more correlation
-##! and derive new notices from the alerts.
-
-@load ./types
-
-module Barnyard2;
-
-export {
-	redef enum Log::ID += { LOG };
-
-	global log_policy: Log::PolicyHook;
-
-	type Info: record {
-		## Timestamp of the alert.
-		ts:                 time      &log;
-		## Associated packet ID.
-		pid:                PacketID  &log;
-		## Associated alert data.
-		alert:              AlertData &log;
-	};
-
-	## This can convert a Barnyard :zeek:type:`Barnyard2::PacketID` value to
-	## a :zeek:type:`conn_id` value in the case that you might need to index
-	## into an existing data structure elsewhere within Zeek.
-	global pid2cid: function(p: PacketID): conn_id;
-}
-
-event zeek_init() &priority=5
-	{
-	Log::create_stream(Barnyard2::LOG, [$columns=Info, $path="barnyard2", $policy=log_policy]);
-	}
-
-
-function pid2cid(p: PacketID): conn_id
-	{
-	return [$orig_h=p$src_ip, $orig_p=p$src_p, $resp_h=p$dst_ip, $resp_p=p$dst_p];
-	}
-
-event barnyard_alert(id: PacketID, alert: AlertData, msg: string, data: string)
-	{
-	Log::write(Barnyard2::LOG, [$ts=network_time(), $pid=id, $alert=alert]);
-
-	#local proto_connection_string: string;
-	#if ( id$src_p == 0/tcp )
-	#	proto_connection_string = fmt("{PROTO:255} %s -> %s", id$src_ip, id$dst_ip);
-	#else
-	#	proto_connection_string = fmt("{%s} %s:%d -> %s:%d",
-	#	                              to_upper(fmt("%s", get_port_transport_proto(id$dst_p))),
-	#	                              id$src_ip, id$src_p, id$dst_ip, id$dst_p);
-    #
-	#local snort_alike_msg = fmt("%.6f [**] [%d:%d:%d] %s [**] [Classification: %s] [Priority: %d] %s",
-	#                            sad$ts,
-	#                            sad$generator_id,
-	#                            sad$signature_id,
-	#                            sad$signature_revision,
-	#                            msg,
-	#                            sad$classification,
-	#                            sad$priority_id,
-	#                            proto_connection_string);
-	}
--- a/scripts/policy/integration/barnyard2/types.zeek
+++ b/scripts/policy/integration/barnyard2/types.zeek
@ -1,32 +0,0 @@
-##! This file is separate from the base script so that dependencies can
-##! be loaded in the correct order.
-
-module Barnyard2;
-
-export {
-	type AlertData: record {
-		sensor_id:          count;  ##< Sensor that originated this event.
-		ts:                 time;   ##< Timestamp attached to the alert.
-		signature_id:       count;  ##< Sig id for this generator.
-		generator_id:       count;  ##< Which generator generated the alert?
-		signature_revision: count;  ##< Sig revision for this id.
-		classification_id:  count;  ##< Event classification.
-		classification:     string; ##< Descriptive classification string.
-		priority_id:        count;  ##< Event priority.
-		event_id:           count;  ##< Event ID.
-	} &log;
-
-	type PacketID: record {
-		src_ip: addr;
-		src_p: port;
-		dst_ip: addr;
-		dst_p: port;
-	} &log;
-
-	## This is the event that Barnyard2 instances will send if they're
-	## configured with the bro_alert output plugin.
-	global barnyard_alert: event(id: Barnyard2::PacketID,
-	                             alert: Barnyard2::AlertData,
-	                             msg: string,
-	                             data: string);
-}
--- a/scripts/test-all-policy.zeek
+++ b/scripts/test-all-policy.zeek
@ -73,9 +73,6 @@
@load frameworks/software/vulnerable.zeek
@load frameworks/software/windows-version-detection.zeek
@load frameworks/telemetry/log.zeek
-@load integration/barnyard2/__load__.zeek
-@load integration/barnyard2/main.zeek
-@load integration/barnyard2/types.zeek
@load integration/collective-intel/__load__.zeek
@load integration/collective-intel/main.zeek
@load misc/capture-loss.zeek
--- a/testing/btest/Baseline/coverage.find-bro-logs/out
+++ b/testing/btest/Baseline/coverage.find-bro-logs/out
@ -1,5 +1,4 @@
 ### BTest baseline data generated by btest-diff. Do not edit. Use "btest -U/-u" to update. Requires BTest >= 0.63.
-barnyard2
 broker
 capture_loss
 cluster