1
0
mirror of https://git.FreeBSD.org/ports.git synced 2024-12-24 04:33:24 +00:00
freebsd-ports/security/zeek/Makefile

142 lines
4.7 KiB
Makefile
Raw Normal View History

# Created by: David O'Brien <obrien@FreeBSD.org>
# $FreeBSD$
PORTNAME= zeek
PORTVERSION= 4.0.0
CATEGORIES= security
security/bro: Update to 3.0.3 and address a number of potential denial of service issues: https://github.com/zeek/zeek/releases/tag/v3.0.2 https://github.com/zeek/zeek/releases/tag/v3.0.3 - Potential Denial of Service due to memory leak in DNS TSIG message parsing. - Potential Denial of Service due to memory leak (or assertion when compiling with assertions enabled) when receiving a second SSH KEX message after a first. - Potential Denial of Service due to buffer read overflow and/or memory leaks in Kerberos analyzer. The buffer read overflow could occur when the Kerberos message indicates it contains an IPv6 address, but does not send enough data to parse out a full IPv6 address. A memory leak could occur when processing KRB_KDC_REQ KRB_KDC_REP messages for message types that do not match a known/expected type. - Potential Denial of Service when sending many zero-length SSL/TLS certificate data. Such messages underwent the full Zeek file analysis treatment which is expensive (and meaninguless here) compared to how cheaply one can "create" or otherwise indicate many zero-length contained in an SSL message. - Potential Denial of Service due to buffer read overflow in SMB transaction data string handling. The length of strings being parsed from SMB messages was trusted to be whatever the message claimed instead of the actual length of data found in the message. - Potential Denial of Service due to null pointer dereference in FTP ADAT Base64 decoding. - Potential Denial of Service due buffer read overflow in FTP analyzer word/whitespace handling. This typically won't be a problem in most default deployments of Zeek since the FTP analyzer receives data from a ContentLine (NVT) support analyzer which first null-terminates the buffer used for further FTP parsing. Approved by: ler (mentor, implicit) MFH: 2020Q1 Security: 4ae135f7-85cd-4c32-ad94-358271b31f7f
2020-03-15 22:44:26 +00:00
MASTER_SITES= https://old.zeek.org/downloads/
DISTFILES= ${DISTNAME}${EXTRACT_SUFX}
MAINTAINER= leres@FreeBSD.org
COMMENT= System for detecting network intruders in real-time
LICENSE= BSD3CLAUSE
BROKEN_FreeBSD_11_powerpc64== Does not build: error: zero-size array 'names'
BROKEN_FreeBSD_12_powerpc64== Does not build: error: zero-size array 'names'
USES= bison cmake compiler:c++11-lang gettext-runtime ninja perl5 python shebangfix ssl
USE_LDCONFIG= yes
PORTSCOUT= limit:0,even
CMAKE_ARGS+= -DPYTHON_EXECUTABLE:PATH=${PYTHON_CMD}
SHEBANG_FILES= auxil/zeekctl/auxil/trace-summary/trace-summary
SUB_FILES= pkg-message
NO_MTREE= yes
CMAKE_ARGS+= -GNinja \
-D CMAKE_INSTALL_PREFIX:PATH=${PREFIX} \
-D ZEEK_ROOT_DIR:PATH=${PREFIX} \
-D PY_MOD_INSTALL_DIR:PATH=${PREFIX}/lib/zeekctl \
-D ZEEK_SCRIPT_INSTALL_PATH:PATH=${PREFIX}/share/zeek \
-D ZEEK_ETC_INSTALL_DIR:PATH=${PREFIX}/etc \
-D ZEEK_MAN_INSTALL_PATH=${MANPREFIX}/man \
-D ENABLE_PERFTOOLS_DEBUG:BOOL=false \
-D BinPAC_SKIP_INSTALL:BOOL=true \
-D INSTALL_AUX_TOOLS:BOOL=true \
-D BUILD_SHARED_LIBS:BOOL=true \
-D BUILD_STATIC_BROKER:BOOL=true \
-D CMAKE_EXE_LINKER_FLAGS="${OPENSSL_LDFLAGS}"
ZEEKUSER?= zeek
ZEEKGROUP?= zeek
PLIST_SUB+= ARCH=${UNAME_M} \
ZEEKUSER=${ZEEKUSER} \
ZEEKGROUP=${ZEEKGROUP} \
LCASE_OPSYS=${OPSYS:tl}
USERS= ${ZEEKUSER}
GROUPS= ${ZEEKGROUP}
OPTIONS_DEFINE= BROKER DEBUG GEOIP2 IPSUMDUMP LBL_CF LBL_HF NETMAP \
PERFTOOLS ZEEKCTL
OPTIONS_DEFAULT=BROKER GEOIP2 IPSUMDUMP LBL_CF LBL_HF NETMAP ZEEKCTL
OPTIONS_SUB= yes
BROKER_DESC= Enable the Broker communication library
GEOIP2_DESC= Build with GeoIP2 (MaxMindDB) support
IPSUMDUMP_DESC= Enables traffic summaries
LBL_CF_DESC= Unix time to formated time/date filter support
LBL_HF_DESC= Address to hostname filter support
NETMAP_DESC= Native Netmap Packet IOSource for Zeek
PERFTOOLS_DESC= Use Perftools to improve memory & CPU usage
ZEEKCTL_DESC= ZeekControl support (implies BROKER and IPSUMDUMP)
ZEEKCTL_IMPLIES= BROKER IPSUMDUMP
BROKER_BUILD_DEPENDS= swig:devel/swig
BROKER_CMAKE_BOOL= ENABLE_BROKER
DEBUG_CMAKE_BOOL= ENABLE_DEBUG
GEOIP2_LIB_DEPENDS= libmaxminddb.so:net/libmaxminddb
IPSUMDUMP_BUILD_DEPENDS=ipsumdump:net/ipsumdump
IPSUMDUMP_RUN_DEPENDS= ipsumdump:net/ipsumdump
LBL_CF_RUN_DEPENDS= ${LOCALBASE}/bin/cf:sysutils/lbl-cf
LBL_HF_RUN_DEPENDS= ${LOCALBASE}/bin/hf:sysutils/lbl-hf
NETMAP_GH_TUPLE= zeek:zeek-netmap:v2.0.0:zeek_netmap
NETMAP_USE= GITHUB=nodefault
PERFTOOLS_BUILD_DEPENDS=${LOCALBASE}/bin/perftools-pprof:devel/google-perftools
PERFTOOLS_CMAKE_BOOL= ENABLE_PERFTOOLS
PERFTOOLS_RUN_DEPENDS=${LOCALBASE}/bin/perftools-pprof:devel/google-perftools
PYTHON_BUILD_DEPENDS= swig:devel/swig
ZEEKCTL_BUILD_DEPENDS= ${LOCALBASE}/bin/bash:shells/bash \
${PYTHON_PKGNAMEPREFIX}sqlite3>0:databases/py-sqlite3@${PY_FLAVOR} \
swig:devel/swig
ZEEKCTL_CMAKE_BOOL= INSTALL_ZEEKCTL
ZEEKCTL_RUN_DEPENDS= ${LOCALBASE}/bin/bash:shells/bash \
${PYTHON_PKGNAMEPREFIX}sqlite3>0:databases/py-sqlite3@${PY_FLAVOR}
.include <bsd.port.options.mk>
.if ${PORT_OPTIONS:MZEEKCTL}
USE_RC_SUBR= zeek
.endif
post-patch:
${REINPLACE_CMD} -e '\|/usr/local/|s|$$| ${STAGEDIR}${PREFIX}/|' \
${WRKSRC_zeek_netmap}/cmake/FindNetmap.cmake
# # Silence the "use ZeekControl.plugin instead of BroControl.plugin" nag
# @${REINPLACE_CMD} -e 's/^print/#&/' \
# ${WRKSRC}/auxil/zeekctl/BroControl/__init__.py
post-install-ZEEKCTL-on:
${MKDIR} ${STAGEDIR}${PREFIX}/logs
${MKDIR} ${STAGEDIR}${PREFIX}/spool/tmp
${MKDIR} ${STAGEDIR}${PREFIX}/spool/installed-scripts-do-not-touch/auto
${MKDIR} ${STAGEDIR}${PREFIX}/spool/installed-scripts-do-not-touch/site
.for F in zeekctl.cfg networks.cfg node.cfg
${MV} ${STAGEDIR}${PREFIX}/etc/${F} ${STAGEDIR}${PREFIX}/etc/${F}.sample
.endfor
${RM} ${STAGEDIR}${PREFIX}/share/zeekctl/scripts/zeekctl-config.sh
${LN} -s ../../../spool/zeekctl-config.sh \
${STAGEDIR}${PREFIX}/share/zeekctl/scripts/zeekctl-config.sh
post-install:
${MV} ${STAGEDIR}${DATADIR}/site/local.zeek \
${STAGEDIR}${DATADIR}/site/local.zeek.sample
pre-install-ZEEKCTL-on:
${MKDIR} ${STAGEDIR}${PREFIX}/etc/rc.d
post-install-NETMAP-on:
${MKDIR} ${WRKDIR}/zeek-bin
${CP} ${STAGEDIR}${PREFIX}/bin/zeek-config ${WRKDIR}/zeek-bin
${REINPLACE_CMD} -e 's|=/usr/local|=${STAGEDIR}${PREFIX}|' \
-e '/^include_dir=/s|:/usr/local|:${STAGEDIR}${PREFIX}|' \
${WRKDIR}/zeek-bin/zeek-config
cd ${WRKSRC_zeek_netmap} && env PATH=${WRKDIR}/zeek-bin:${PATH} \
./configure --with-netmap=/usr \
--install-root=${STAGEDIR}${PREFIX}/lib/zeek/plugins
cd ${WRKSRC_zeek_netmap}/build && make && make install
.include <bsd.port.pre.mk>
UNAME_M!= ${UNAME} -m
.include <bsd.port.post.mk>