security/zeek: This adds security/zeek, the new version of security/bro.
This is being done as svn copy instead of rename so that users of security/bro can have some time to migrate. It also allows for possible security updates to the old bro port which upstream has indicated is possible for at least a few months. Reviewed by: ler (mentor) Approved by: ler (mentor) Differential Revision: https://reviews.freebsd.org/D22376
This commit is contained in:
parent
6914917dc6
commit
2e9dc31504
Notes:
svn2git
2021-03-31 03:12:20 +00:00
svn path=/head/; revision=517788
2
GIDs
2
GIDs
|
@ -722,7 +722,7 @@ litecoin:*:778:
|
|||
bitcoin:*:779:
|
||||
zetacoin:*:780:
|
||||
monero:*:781:
|
||||
# free: 782
|
||||
zeek:*:782
|
||||
# free: 783
|
||||
# free: 784
|
||||
# free: 785
|
||||
|
|
2
UIDs
2
UIDs
|
@ -727,7 +727,7 @@ litecoin:*:778:778::0:0:litecoin Daemon:/var/db/litecoin:/usr/sbin/nologin
|
|||
bitcoin:*:779:779::0:0:bitcoin Daemon:/var/db/bitcoin:/usr/sbin/nologin
|
||||
zetacoin:*:780:780::0:0:ZetaCoin Daemon:/nonexistent:/usr/sbin/nologin
|
||||
monero:*:781:781::0:0:Monero Daemon:/var/db/monero:/usr/sbin/nologin
|
||||
# free: 782
|
||||
zeek:*:782:782::0:0:Zeek Network Security Monitor:/nonexistent:/usr/sbin/nologin
|
||||
# free: 783
|
||||
# free: 784
|
||||
# free: 785
|
||||
|
|
|
@ -1329,6 +1329,7 @@
|
|||
SUBDIR += yubikey-personalization-gui
|
||||
SUBDIR += yubioath-desktop
|
||||
SUBDIR += zebedee
|
||||
SUBDIR += zeek
|
||||
SUBDIR += zenmap
|
||||
SUBDIR += zeronet
|
||||
SUBDIR += zxid
|
||||
|
|
122
security/zeek/Makefile
Normal file
122
security/zeek/Makefile
Normal file
|
@ -0,0 +1,122 @@
|
|||
# Created by: David O'Brien <obrien@FreeBSD.org>
|
||||
# $FreeBSD$
|
||||
|
||||
PORTNAME= zeek
|
||||
PORTVERSION= 3.0.0
|
||||
CATEGORIES= security
|
||||
MASTER_SITES= https://www.zeek.org/downloads/
|
||||
DISTFILES= ${DISTNAME}${EXTRACT_SUFX}
|
||||
|
||||
MAINTAINER= leres@FreeBSD.org
|
||||
COMMENT= System for detecting network intruders in real-time
|
||||
|
||||
LICENSE= BSD3CLAUSE
|
||||
|
||||
BROKEN_powerpc64= Does not build: error: zero-size array 'names'
|
||||
|
||||
USES= bison cmake compiler:c++11-lang gettext-runtime ninja perl5 python shebangfix ssl
|
||||
|
||||
CMAKE_ARGS+= -DPYTHON_EXECUTABLE:PATH=${PYTHON_CMD}
|
||||
CXXFLAGS+= -std=c++11 -Wall
|
||||
|
||||
CONFLICTS= bro
|
||||
|
||||
SHEBANG_FILES= aux/zeekctl/aux/trace-summary/trace-summary
|
||||
|
||||
SUB_FILES= pkg-message
|
||||
NO_MTREE= yes
|
||||
|
||||
CMAKE_ARGS+= -GNinja \
|
||||
-D CMAKE_INSTALL_PREFIX:PATH=${PREFIX} \
|
||||
-D ZEEK_ROOT_DIR:PATH=${PREFIX} \
|
||||
-D PY_MOD_INSTALL_DIR:PATH=${PREFIX}/lib/zeekctl \
|
||||
-D ZEEK_SCRIPT_INSTALL_PATH:PATH=${PREFIX}/share/zeek \
|
||||
-D ZEEK_ETC_INSTALL_DIR:PATH=${PREFIX}/etc \
|
||||
-D ZEEK_MAN_INSTALL_PATH=${MANPREFIX}/man \
|
||||
-D ENABLE_PERFTOOLS:BOOL=false \
|
||||
-D ENABLE_PERFTOOLS_DEBUG:BOOL=false \
|
||||
-D BinPAC_SKIP_INSTALL:BOOL=true \
|
||||
-D INSTALL_AUX_TOOLS:BOOL=true \
|
||||
-D BUILD_SHARED_LIBS:BOOL=true \
|
||||
-D BUILD_STATIC_BROKER:BOOL=true \
|
||||
-D CMAKE_EXE_LINKER_FLAGS="${OPENSSL_LDFLAGS}"
|
||||
|
||||
ZEEKUSER?= zeek
|
||||
ZEEKGROUP?= zeek
|
||||
PLIST_SUB+= ARCH=${ARCH} \
|
||||
ZEEKUSER=${ZEEKUSER} \
|
||||
ZEEKGROUP=${ZEEKGROUP} \
|
||||
LCASE_OPSYS=${OPSYS:tl}
|
||||
|
||||
USERS= ${ZEEKUSER}
|
||||
GROUPS= ${ZEEKGROUP}
|
||||
|
||||
OPTIONS_DEFINE= BROCCOLI BROKER DEBUG GEOIP2 IPSUMDUMP LBL_CF LBL_HF \
|
||||
NETMAP PERFTOOLS ZEEKCTL
|
||||
OPTIONS_DEFAULT=BROKER GEOIP2 IPSUMDUMP LBL_CF LBL_HF NETMAP ZEEKCTL
|
||||
OPTIONS_SUB= yes
|
||||
|
||||
BROCCOLI_DESC= Build support for libbroccoli communications (DEPRECATED)
|
||||
BROKER_DESC= Enable the Broker communication library
|
||||
GEOIP2_DESC= Build with GeoIP2 (MaxMindDB) support
|
||||
IPSUMDUMP_DESC= Enables traffic summaries
|
||||
LBL_CF_DESC= Unix time to formated time/date filter support
|
||||
LBL_HF_DESC= Address to hostname filter support
|
||||
NETMAP_DESC= Native Netmap Packet IOSource for Bro
|
||||
PERFTOOLS_DESC= Use Perftools to improve memory & CPU usage
|
||||
ZEEKCTL_DESC= ZeekControl support (implies BROKER and IPSUMDUMP)
|
||||
|
||||
ZEEKCTL_IMPLIES= BROKER IPSUMDUMP
|
||||
|
||||
BROCCOLI_LIB_DEPENDS= libbroccoli.so:security/broccoli
|
||||
GEOIP2_LIB_DEPENDS= libmaxminddb.so:net/libmaxminddb
|
||||
IPSUMDUMP_BUILD_DEPENDS=ipsumdump:net/ipsumdump
|
||||
IPSUMDUMP_RUN_DEPENDS= ipsumdump:net/ipsumdump
|
||||
BROKER_BUILD_DEPENDS= swig3.0:devel/swig30
|
||||
BROKER_CMAKE_BOOL= ENABLE_BROKER
|
||||
DEBUG_CMAKE_BOOL= ENABLE_DEBUG
|
||||
LBL_HF_RUN_DEPENDS= ${LOCALBASE}/bin/hf:sysutils/lbl-hf
|
||||
LBL_CF_RUN_DEPENDS= ${LOCALBASE}/bin/cf:sysutils/lbl-cf
|
||||
NETMAP_GH_TUPLE= bro:bro-netmap:f3620df:bro_netmap
|
||||
NETMAP_USE= GITHUB=nodefault
|
||||
PERFTOOLS_CMAKE_BOOL= ENABLE_PERFTOOLS
|
||||
PERFTOOLS_RUN_DEPENDS= ${LOCALBASE}/bin/perftools-pprof:devel/google-perftools
|
||||
PYTHON_BUILD_DEPENDS= swig3.0:devel/swig30
|
||||
ZEEKCTL_BUILD_DEPENDS= ${LOCALBASE}/bin/bash:shells/bash \
|
||||
${PYTHON_PKGNAMEPREFIX}sqlite3>0:databases/py-sqlite3@${PY_FLAVOR} \
|
||||
swig3.0:devel/swig30
|
||||
ZEEKCTL_RUN_DEPENDS= ${LOCALBASE}/bin/bash:shells/bash \
|
||||
${PYTHON_PKGNAMEPREFIX}sqlite3>0:databases/py-sqlite3@${PY_FLAVOR}
|
||||
ZEEKCTL_CMAKE_BOOL= INSTALL_ZEEKCTL
|
||||
|
||||
.include <bsd.port.options.mk>
|
||||
|
||||
.if ${PORT_OPTIONS:MZEEKCTL}
|
||||
USE_RC_SUBR= zeek
|
||||
.endif
|
||||
|
||||
post-install-ZEEKCTL-on:
|
||||
${MKDIR} ${STAGEDIR}${PREFIX}/logs
|
||||
${MKDIR} ${STAGEDIR}${PREFIX}/spool/tmp
|
||||
${MKDIR} ${STAGEDIR}${PREFIX}/spool/installed-scripts-do-not-touch/auto
|
||||
${MKDIR} ${STAGEDIR}${PREFIX}/spool/installed-scripts-do-not-touch/site
|
||||
.for F in zeekctl.cfg networks.cfg node.cfg
|
||||
${MV} ${STAGEDIR}${PREFIX}/etc/${F} ${STAGEDIR}${PREFIX}/etc/${F}.example
|
||||
.endfor
|
||||
${RM} ${STAGEDIR}${PREFIX}/share/zeekctl/scripts/zeekctl-config.sh
|
||||
${LN} -s ../../../spool/zeekctl-config.sh \
|
||||
${STAGEDIR}${PREFIX}/share/zeekctl/scripts/zeekctl-config.sh
|
||||
|
||||
post-install:
|
||||
${RM} -r ${STAGEDIR}${PREFIX}/share/zeek/cmake
|
||||
|
||||
pre-install-ZEEKCTL-on:
|
||||
${MKDIR} ${STAGEDIR}${PREFIX}/etc/rc.d
|
||||
|
||||
post-build-NETMAP-on:
|
||||
${LN} -s ../.build ${WRKSRC}/build
|
||||
(cd ${WRKSRC_bro_netmap} && ./configure --bro-dist=${WRKSRC} \
|
||||
--install-root=${STAGEDIR}${PREFIX}/lib/zeek/plugins && \
|
||||
make && make install)
|
||||
|
||||
.include <bsd.port.mk>
|
5
security/zeek/distinfo
Normal file
5
security/zeek/distinfo
Normal file
|
@ -0,0 +1,5 @@
|
|||
TIMESTAMP = 1573594504
|
||||
SHA256 (zeek-3.0.0.tar.gz) = b552940a14132bcbbd9afdf6476ec615b5a44a6d15f78b2cdc15860fa02bff9a
|
||||
SIZE (zeek-3.0.0.tar.gz) = 29252635
|
||||
SHA256 (bro-bro-netmap-f3620df_GH0.tar.gz) = e51f420781c9a01b0494f93d82f94a1b045725c1cff406c33887974a9940c655
|
||||
SIZE (bro-bro-netmap-f3620df_GH0.tar.gz) = 24661
|
12
security/zeek/files/pkg-message.in
Normal file
12
security/zeek/files/pkg-message.in
Normal file
|
@ -0,0 +1,12 @@
|
|||
[
|
||||
{ type: install
|
||||
message: <<EOM
|
||||
During deinstall of this package, the cfg files for broctl
|
||||
are not deleted if you have edited them. Instead
|
||||
the software will create a .sample file instead and the
|
||||
edited files will remain in place when you upgrade. If you
|
||||
want to delete them, you have to delete them and the directory,
|
||||
%%PREFIX%%/etc manually.
|
||||
EOM
|
||||
}
|
||||
]
|
81
security/zeek/files/zeek.in
Normal file
81
security/zeek/files/zeek.in
Normal file
|
@ -0,0 +1,81 @@
|
|||
#!/bin/sh
|
||||
#
|
||||
# $FreeBSD$
|
||||
#
|
||||
|
||||
# PROVIDE: zeek
|
||||
# REQUIRE: NETWORKING
|
||||
# REQUIRE: LOGIN FILESYSTEMS
|
||||
# KEYWORD: shutdown
|
||||
|
||||
. /etc/rc.subr
|
||||
|
||||
name="zeek"
|
||||
rcvar=`set_rcvar`
|
||||
node=$2
|
||||
|
||||
start_cmd="zeek_start"
|
||||
stop_cmd="zeek_stop"
|
||||
restart_cmd="zeek_restart"
|
||||
deploy_cmd="zeek_deploy"
|
||||
install_cmd="zeek_install"
|
||||
cleanup_cmd="zeek_cleanup"
|
||||
restart_cmd="zeek_restart"
|
||||
status_cmd="zeek_status"
|
||||
|
||||
extra_commands="deploy install cleanup status restart"
|
||||
|
||||
: ${zeekctl_program:=%%PREFIX%%/bin/zeekctl}
|
||||
|
||||
zeek_enable=${zeek_enable-"NO"}
|
||||
|
||||
zeek_start() {
|
||||
if [ ! "${node}" ];
|
||||
then
|
||||
$zeekctl_program start
|
||||
else
|
||||
$zeekctl_program start $node
|
||||
fi
|
||||
}
|
||||
|
||||
bro_stop() {
|
||||
if [ ! "${node}" ];
|
||||
then
|
||||
$zeekctl_program stop
|
||||
else
|
||||
$zeekctl_program stop $node
|
||||
fi
|
||||
}
|
||||
|
||||
zeek_restart() {
|
||||
if [ ! "${node}" ];
|
||||
then
|
||||
$zeekctl_program restart
|
||||
else
|
||||
$zeekctl_program restart $node
|
||||
fi
|
||||
}
|
||||
|
||||
zeek_deploy() {
|
||||
$zeekctl_program deploy
|
||||
}
|
||||
|
||||
zeek_install() {
|
||||
$zeekctl_program install
|
||||
}
|
||||
|
||||
zeek_cleanup() {
|
||||
if [ ! "${node}" ];
|
||||
then
|
||||
$zeekctl_program cleanup
|
||||
else
|
||||
$zeekctl_program cleanup ${node}
|
||||
fi
|
||||
}
|
||||
|
||||
zeek_status() {
|
||||
$zeekctl_program status
|
||||
}
|
||||
|
||||
load_rc_config $name
|
||||
run_rc_command "$1"
|
15
security/zeek/pkg-descr
Normal file
15
security/zeek/pkg-descr
Normal file
|
@ -0,0 +1,15 @@
|
|||
Zeek (formerly known as Bro) is an open-source, Unix-based Network
|
||||
Intrusion Detection System (NIDS) that passively monitors network
|
||||
traffic and looks for suspicious activity. Zeek detects intrusions
|
||||
by first parsing network traffic to extract its application-level
|
||||
semantics and then executing event-oriented analyzers that compare
|
||||
the activity with patterns deemed troublesome. Its analysis includes
|
||||
detection of specific attacks (including those defined by signatures,
|
||||
but also those defined in terms of events) and unusual activities
|
||||
(e.g., certain hosts connecting to certain services, or patterns
|
||||
of failed connection attempts).
|
||||
|
||||
Zeek is documented in the USENIX 1998 Security Conference proceedings
|
||||
(as Bro).
|
||||
|
||||
WWW: https://www.zeek.org/
|
1896
security/zeek/pkg-plist
Normal file
1896
security/zeek/pkg-plist
Normal file
File diff suppressed because it is too large
Load Diff
Loading…
Reference in New Issue
Block a user