security/zeek: This adds security/zeek, the new version of security/bro.

This is being done as svn copy instead of rename so that users of security/bro can have some time to migrate. It also allows for possible security updates to the old bro port which upstream has indicated is possible for at least a few months. Reviewed by: ler (mentor) Approved by: ler (mentor) Differential Revision: https://reviews.freebsd.org/D22376
svn path=/head/; revision=517788
2019-11-17 01:03:04 +00:00 · 2019-11-17 01:03:04 +00:00 · 2e9dc31504 · 2021-03-31 03:12:20 +00:00
commit 2e9dc31504
parent 6914917dc6
9 changed files with 2134 additions and 2 deletions
--- a/2
+++ b/2
@ -722,7 +722,7 @@ litecoin:*:778:
 bitcoin:*:779:
 zetacoin:*:780:
 monero:*:781:
-# free: 782
+zeek:*:782
 # free: 783
 # free: 784
 # free: 785
--- a/2
+++ b/2
@ -727,7 +727,7 @@ litecoin:*:778:778::0:0:litecoin Daemon:/var/db/litecoin:/usr/sbin/nologin
 bitcoin:*:779:779::0:0:bitcoin Daemon:/var/db/bitcoin:/usr/sbin/nologin
 zetacoin:*:780:780::0:0:ZetaCoin Daemon:/nonexistent:/usr/sbin/nologin
 monero:*:781:781::0:0:Monero Daemon:/var/db/monero:/usr/sbin/nologin
-# free: 782
+zeek:*:782:782::0:0:Zeek Network Security Monitor:/nonexistent:/usr/sbin/nologin
 # free: 783
 # free: 784
 # free: 785
--- a/security/Makefile
+++ b/security/Makefile
@ -1329,6 +1329,7 @@
    SUBDIR += yubikey-personalization-gui
    SUBDIR += yubioath-desktop
    SUBDIR += zebedee
+    SUBDIR += zeek
    SUBDIR += zenmap
    SUBDIR += zeronet
    SUBDIR += zxid
--- a/security/zeek/Makefile
+++ b/security/zeek/Makefile
@ -0,0 +1,122 @@
+# Created by: David O'Brien <obrien@FreeBSD.org>
+# $FreeBSD$
+
+PORTNAME=	zeek
+PORTVERSION=	3.0.0
+CATEGORIES=	security
+MASTER_SITES=	https://www.zeek.org/downloads/
+DISTFILES=	${DISTNAME}${EXTRACT_SUFX}
+
+MAINTAINER=	leres@FreeBSD.org
+COMMENT=	System for detecting network intruders in real-time
+
+LICENSE=	BSD3CLAUSE
+
+BROKEN_powerpc64=	Does not build: error: zero-size array 'names'
+
+USES=		bison cmake compiler:c++11-lang gettext-runtime ninja perl5 python shebangfix ssl
+
+CMAKE_ARGS+=	-DPYTHON_EXECUTABLE:PATH=${PYTHON_CMD}
+CXXFLAGS+=	-std=c++11 -Wall
+
+CONFLICTS=	bro
+
+SHEBANG_FILES=	aux/zeekctl/aux/trace-summary/trace-summary
+
+SUB_FILES=	pkg-message
+NO_MTREE=	yes
+
+CMAKE_ARGS+=	-GNinja \
+		-D CMAKE_INSTALL_PREFIX:PATH=${PREFIX} \
+		-D ZEEK_ROOT_DIR:PATH=${PREFIX} \
+		-D PY_MOD_INSTALL_DIR:PATH=${PREFIX}/lib/zeekctl \
+		-D ZEEK_SCRIPT_INSTALL_PATH:PATH=${PREFIX}/share/zeek \
+		-D ZEEK_ETC_INSTALL_DIR:PATH=${PREFIX}/etc \
+		-D ZEEK_MAN_INSTALL_PATH=${MANPREFIX}/man \
+		-D ENABLE_PERFTOOLS:BOOL=false \
+		-D ENABLE_PERFTOOLS_DEBUG:BOOL=false \
+		-D BinPAC_SKIP_INSTALL:BOOL=true \
+		-D INSTALL_AUX_TOOLS:BOOL=true \
+		-D BUILD_SHARED_LIBS:BOOL=true \
+		-D BUILD_STATIC_BROKER:BOOL=true \
+		-D CMAKE_EXE_LINKER_FLAGS="${OPENSSL_LDFLAGS}"
+
+ZEEKUSER?=	zeek
+ZEEKGROUP?=	zeek
+PLIST_SUB+=	ARCH=${ARCH} \
+		ZEEKUSER=${ZEEKUSER} \
+		ZEEKGROUP=${ZEEKGROUP} \
+		LCASE_OPSYS=${OPSYS:tl}
+
+USERS=		${ZEEKUSER}
+GROUPS=		${ZEEKGROUP}
+
+OPTIONS_DEFINE= BROCCOLI BROKER DEBUG GEOIP2 IPSUMDUMP LBL_CF LBL_HF \
+		NETMAP PERFTOOLS ZEEKCTL
+OPTIONS_DEFAULT=BROKER GEOIP2 IPSUMDUMP LBL_CF LBL_HF NETMAP ZEEKCTL
+OPTIONS_SUB=	yes
+
+BROCCOLI_DESC=	Build support for libbroccoli communications (DEPRECATED)
+BROKER_DESC=	Enable the Broker communication library
+GEOIP2_DESC=	Build with GeoIP2 (MaxMindDB) support
+IPSUMDUMP_DESC=	Enables traffic summaries
+LBL_CF_DESC=	Unix time to formated time/date filter support
+LBL_HF_DESC=	Address to hostname filter support
+NETMAP_DESC=	Native Netmap Packet IOSource for Bro
+PERFTOOLS_DESC=	Use Perftools to improve memory & CPU usage
+ZEEKCTL_DESC=	ZeekControl support (implies BROKER and IPSUMDUMP)
+
+ZEEKCTL_IMPLIES=		BROKER IPSUMDUMP
+
+BROCCOLI_LIB_DEPENDS=	libbroccoli.so:security/broccoli
+GEOIP2_LIB_DEPENDS=	libmaxminddb.so:net/libmaxminddb
+IPSUMDUMP_BUILD_DEPENDS=ipsumdump:net/ipsumdump
+IPSUMDUMP_RUN_DEPENDS=	ipsumdump:net/ipsumdump
+BROKER_BUILD_DEPENDS=	swig3.0:devel/swig30
+BROKER_CMAKE_BOOL=	ENABLE_BROKER
+DEBUG_CMAKE_BOOL=	ENABLE_DEBUG
+LBL_HF_RUN_DEPENDS=	${LOCALBASE}/bin/hf:sysutils/lbl-hf
+LBL_CF_RUN_DEPENDS=	${LOCALBASE}/bin/cf:sysutils/lbl-cf
+NETMAP_GH_TUPLE=	bro:bro-netmap:f3620df:bro_netmap
+NETMAP_USE=		GITHUB=nodefault
+PERFTOOLS_CMAKE_BOOL=	ENABLE_PERFTOOLS
+PERFTOOLS_RUN_DEPENDS=	${LOCALBASE}/bin/perftools-pprof:devel/google-perftools
+PYTHON_BUILD_DEPENDS=	swig3.0:devel/swig30
+ZEEKCTL_BUILD_DEPENDS=	${LOCALBASE}/bin/bash:shells/bash \
+			${PYTHON_PKGNAMEPREFIX}sqlite3>0:databases/py-sqlite3@${PY_FLAVOR} \
+			swig3.0:devel/swig30
+ZEEKCTL_RUN_DEPENDS=	${LOCALBASE}/bin/bash:shells/bash \
+			${PYTHON_PKGNAMEPREFIX}sqlite3>0:databases/py-sqlite3@${PY_FLAVOR}
+ZEEKCTL_CMAKE_BOOL=	INSTALL_ZEEKCTL
+
+.include <bsd.port.options.mk>
+
+.if ${PORT_OPTIONS:MZEEKCTL}
+USE_RC_SUBR=	zeek
+.endif
+
+post-install-ZEEKCTL-on:
+	${MKDIR} ${STAGEDIR}${PREFIX}/logs
+	${MKDIR} ${STAGEDIR}${PREFIX}/spool/tmp
+	${MKDIR} ${STAGEDIR}${PREFIX}/spool/installed-scripts-do-not-touch/auto
+	${MKDIR} ${STAGEDIR}${PREFIX}/spool/installed-scripts-do-not-touch/site
+.for F in zeekctl.cfg networks.cfg node.cfg
+	${MV} ${STAGEDIR}${PREFIX}/etc/${F} ${STAGEDIR}${PREFIX}/etc/${F}.example
+.endfor
+	${RM} ${STAGEDIR}${PREFIX}/share/zeekctl/scripts/zeekctl-config.sh
+	${LN} -s ../../../spool/zeekctl-config.sh \
+	    ${STAGEDIR}${PREFIX}/share/zeekctl/scripts/zeekctl-config.sh
+
+post-install:
+	${RM} -r ${STAGEDIR}${PREFIX}/share/zeek/cmake
+
+pre-install-ZEEKCTL-on:
+	${MKDIR} ${STAGEDIR}${PREFIX}/etc/rc.d
+
+post-build-NETMAP-on:
+	${LN} -s ../.build ${WRKSRC}/build
+	(cd ${WRKSRC_bro_netmap} && ./configure --bro-dist=${WRKSRC} \
+	    --install-root=${STAGEDIR}${PREFIX}/lib/zeek/plugins && \
+	    make && make install)
+
+.include <bsd.port.mk>
--- a/security/zeek/distinfo
+++ b/security/zeek/distinfo
@ -0,0 +1,5 @@
+TIMESTAMP = 1573594504
+SHA256 (zeek-3.0.0.tar.gz) = b552940a14132bcbbd9afdf6476ec615b5a44a6d15f78b2cdc15860fa02bff9a
+SIZE (zeek-3.0.0.tar.gz) = 29252635
+SHA256 (bro-bro-netmap-f3620df_GH0.tar.gz) = e51f420781c9a01b0494f93d82f94a1b045725c1cff406c33887974a9940c655
+SIZE (bro-bro-netmap-f3620df_GH0.tar.gz) = 24661
--- a/security/zeek/files/pkg-message.in
+++ b/security/zeek/files/pkg-message.in
@ -0,0 +1,12 @@
+[
+{ type: install
+  message: <<EOM
+During deinstall of this package, the cfg files for broctl
+are not deleted if you have edited them.  Instead
+the software will create a .sample file instead and the
+edited files will remain in place when you upgrade.  If you
+want to delete them, you have to delete them and the directory,
+%%PREFIX%%/etc manually.
+EOM
+}
+]
--- a/security/zeek/files/zeek.in
+++ b/security/zeek/files/zeek.in
@ -0,0 +1,81 @@
+#!/bin/sh
+#
+# $FreeBSD$
+#
+
+# PROVIDE: zeek
+# REQUIRE: NETWORKING
+# REQUIRE: LOGIN FILESYSTEMS
+# KEYWORD: shutdown
+
+. /etc/rc.subr
+
+name="zeek"
+rcvar=`set_rcvar`
+node=$2
+
+start_cmd="zeek_start"
+stop_cmd="zeek_stop"
+restart_cmd="zeek_restart"
+deploy_cmd="zeek_deploy"
+install_cmd="zeek_install"
+cleanup_cmd="zeek_cleanup"
+restart_cmd="zeek_restart"
+status_cmd="zeek_status"
+
+extra_commands="deploy install cleanup status restart"
+
+: ${zeekctl_program:=%%PREFIX%%/bin/zeekctl}
+
+zeek_enable=${zeek_enable-"NO"}
+
+zeek_start() {
+    if [ ! "${node}" ];
+    then
+        $zeekctl_program start
+    else
+        $zeekctl_program start $node
+    fi
+}
+
+bro_stop() {
+    if [ ! "${node}" ];
+    then
+        $zeekctl_program stop
+    else
+        $zeekctl_program stop $node
+    fi
+}
+
+zeek_restart() {
+    if [ ! "${node}" ];
+    then
+        $zeekctl_program restart
+    else
+        $zeekctl_program restart $node
+    fi
+}
+
+zeek_deploy() {
+    $zeekctl_program deploy
+}
+
+zeek_install() {
+    $zeekctl_program install
+}
+
+zeek_cleanup() {
+    if [ ! "${node}" ];
+    then
+        $zeekctl_program cleanup
+    else
+        $zeekctl_program cleanup ${node}
+    fi
+}
+
+zeek_status() {
+    $zeekctl_program status
+}
+
+load_rc_config $name
+run_rc_command "$1"
--- a/security/zeek/pkg-descr
+++ b/security/zeek/pkg-descr
@ -0,0 +1,15 @@
+Zeek (formerly known as Bro) is an open-source, Unix-based Network
+Intrusion Detection System (NIDS) that passively monitors network
+traffic and looks for suspicious activity. Zeek detects intrusions
+by first parsing network traffic to extract its application-level
+semantics and then executing event-oriented analyzers that compare
+the activity with patterns deemed troublesome. Its analysis includes
+detection of specific attacks (including those defined by signatures,
+but also those defined in terms of events) and unusual activities
+(e.g., certain hosts connecting to certain services, or patterns
+of failed connection attempts).
+
+Zeek is documented in the USENIX 1998 Security Conference proceedings
+(as Bro).
+
+WWW: https://www.zeek.org/
--- a/security/zeek/pkg-plist
+++ b/security/zeek/pkg-plist