New port: security/py-rekall

The Rekall Framework is a completely open collection of tools, implemented in Python under the GNU General Public License, for the extraction of digital artifacts from volatile memory (RAM) samples. The extraction techniques are performed completely independent of the system being investigated but offer visibility into the runtime state of the system. The framework is intended to introduce people to the techniques and complexities associated with extracting digital artifacts from volatile memory samples and provide a platform for further work into this exciting area of research. WWW: http://www.rekall-forensic.com/
svn path=/head/; revision=370110
2014-10-05 20:12:23 +00:00 · 2014-10-05 20:12:23 +00:00 · f77c61ef10 · 2021-03-31 03:12:20 +00:00
commit f77c61ef10
parent ad8846e59c
4 changed files with 59 additions and 0 deletions
--- a/security/Makefile
+++ b/security/Makefile
@ -795,6 +795,7 @@
    SUBDIR += py-pyptlib
    SUBDIR += py-pysha3
    SUBDIR += py-python-registry
+    SUBDIR += py-rekall
    SUBDIR += py-rsa
    SUBDIR += py-service_identity
    SUBDIR += py-slowaes
--- a/security/py-rekall/Makefile
+++ b/security/py-rekall/Makefile
@ -0,0 +1,46 @@
+# Created by: antoine@FreeBSD.org
+# $FreeBSD$
+
+PORTNAME=	rekall
+DISTVERSION=	1.1.0.beta
+CATEGORIES=	security python
+MASTER_SITES=	CHEESESHOP
+PKGNAMEPREFIX=	${PYTHON_PKGNAMEPREFIX}
+
+MAINTAINER=	antoine@FreeBSD.org
+COMMENT=	Memory forensics analysis framework
+
+LICENSE=	GPLv2
+LICENSE_FILE=	${WRKSRC}/LICENSE.txt
+
+RUN_DEPENDS=	cabextract:${PORTSDIR}/archivers/cabextract \
+		${PYTHON_PKGNAMEPREFIX}acora>=1.8:${PORTSDIR}/textproc/py-acora \
+		${PYTHON_PKGNAMEPREFIX}codegen>=1.0:${PORTSDIR}/devel/py-codegen \
+		${PYTHON_PKGNAMEPREFIX}distorm>=0:${PORTSDIR}/devel/py-distorm \
+		${PYTHON_PKGNAMEPREFIX}Flask>=0.10.1:${PORTSDIR}/www/py-flask \
+		${PYTHON_PKGNAMEPREFIX}Flask-Sockets>=0:${PORTSDIR}/www/py-flask-sockets \
+		${PYTHON_PKGNAMEPREFIX}gevent>=1.0.1:${PORTSDIR}/devel/py-gevent \
+		${PYTHON_PKGNAMEPREFIX}gevent-websocket>=0.9.3:${PORTSDIR}/www/py-gevent-websocket \
+		${PYTHON_PKGNAMEPREFIX}ipython>=2.0.0:${PORTSDIR}/devel/ipython \
+		${PYTHON_PKGNAMEPREFIX}pycrypto>=2.3.1:${PORTSDIR}/security/py-pycrypto \
+		${PYTHON_PKGNAMEPREFIX}pyelftools>=0.21:${PORTSDIR}/devel/py-pyelftools \
+		${PYTHON_PKGNAMEPREFIX}pytz>=2012:${PORTSDIR}/devel/py-pytz \
+		${PYTHON_PKGNAMEPREFIX}yaml>=2.10:${PORTSDIR}/devel/py-yaml \
+		${PYTHON_PKGNAMEPREFIX}yara>=0:${PORTSDIR}/security/py-yara
+
+USES=		python:2
+USE_PYTHON=	distutils autoplist
+
+PORTDOCS=	CREDITS.txt LEGAL.txt README.md
+
+OPTIONS_DEFINE=	DOCS
+
+post-patch:
+	@${CHMOD} -R a+rX ${WRKSRC}
+	@${REINPLACE_CMD} '/argparse/d' ${WRKSRC}/setup.py
+
+post-install:
+	@${MKDIR} ${STAGEDIR}${DOCSDIR}
+	${INSTALL_DATA} ${PORTDOCS:S,^,${WRKSRC}/,} ${STAGEDIR}${DOCSDIR}
+
+.include <bsd.port.mk>
--- a/security/py-rekall/distinfo
+++ b/security/py-rekall/distinfo
@ -0,0 +1,2 @@
+SHA256 (rekall-1.1.0.beta.tar.gz) = 2815ec19aefe7c3ef48a49b5a054f0c8d9242cc9855e525a2ea872ff3da2f4d6
+SIZE (rekall-1.1.0.beta.tar.gz) = 3510576
--- a/security/py-rekall/pkg-descr
+++ b/security/py-rekall/pkg-descr
@ -0,0 +1,10 @@
+The Rekall Framework is a completely open collection of tools, implemented in
+Python under the GNU General Public License, for the extraction of digital
+artifacts from volatile memory (RAM) samples. The extraction techniques are
+performed completely independent of the system being investigated but offer
+visibility into the runtime state of the system. The framework is intended to
+introduce people to the techniques and complexities associated with extracting
+digital artifacts from volatile memory samples and provide a platform for
+further work into this exciting area of research.
+
+WWW: http://www.rekall-forensic.com/