diff --git a/security/bro/Makefile b/security/bro/Makefile new file mode 100644 index 000000000000..3de4d8077693 --- /dev/null +++ b/security/bro/Makefile @@ -0,0 +1,39 @@ +# ex:ts=8 +# Ports collection makefile for: bro +# Version required: 0.3alpha +# Date created: Sat Feb 28, 1998 +# Whom: David O'Brien (obrien@FreeBSD.org) +# +# $Id$ +# + +DISTNAME= vp-bro-0.3-alpha +PKGNAME= bro-0.3a +CATEGORIES= security net +MASTER_SITES= ftp://ee.lbl.gov/ \ + ftp://ftp.nuxi.com/pub/misc/ + +MAINTAINER= obrien@NUXI.com + +WRKSRC= ${WRKDIR}/bro-0.3 +CONFIGURE_ARGS+= --libdir=${PREFIX}/share +GNU_CONFIGURE= yes + +post-patch: + @${MV} ${WRKSRC}/util.cc ${WRKSRC}/util.cc.in + @${SED} -e "s|/usr/src/rtsg/bro/policy:/usr/local/lib/bro|${PREFIX}/share/bro|" \ + ${WRKSRC}/util.cc.in >${WRKSRC}/util.cc +pre-install: + @${MKDIR} ${PREFIX}/share/bro + +post-install: + @strip ${PREFIX}/sbin/bro + @${INSTALL_DATA} ${WRKSRC}/policy/* ${PREFIX}/share/bro +.if !defined(NOPORTDOCS) + @${MKDIR} ${PREFIX}/share/doc/bro + ${INSTALL_MAN} ${WRKSRC}/doc/bro-usenix98-revised.ps \ + ${PREFIX}/share/doc/bro + @${GZIP_CMD} ${PREFIX}/share/doc/bro/bro-usenix98-revised.ps +.endif + +.include diff --git a/security/bro/distinfo b/security/bro/distinfo new file mode 100644 index 000000000000..6f4333eb5899 --- /dev/null +++ b/security/bro/distinfo @@ -0,0 +1 @@ +MD5 (vp-bro-0.3-alpha.tar.gz) = ec573b765794d9396c53cff9d559e7d8 diff --git a/security/bro/pkg-comment b/security/bro/pkg-comment new file mode 100644 index 000000000000..1cb763a05927 --- /dev/null +++ b/security/bro/pkg-comment @@ -0,0 +1 @@ +System for detecting Network Intruders in real-time diff --git a/security/bro/pkg-descr b/security/bro/pkg-descr new file mode 100644 index 000000000000..184d8017aa39 --- /dev/null +++ b/security/bro/pkg-descr @@ -0,0 +1,16 @@ +Bro is a system for detecting Network Intruders in real-time by the guys +that brought you tcpdump, libpcap, and flex. + +Bro is a stand-alone system for detecting network intruders in real-time +by passively monitoring a network link over which the intruder's traffic +transits. Bro is divided into an "event engine" that reduces a +kernel-filtered network traffic stream into a series of higher-level +events, and a "policy script interpreter" that interprets event handlers +written in a specialized language used to express a site's security policy. +Event handlers can update state information, synthesize new events, record +information to disk, and generate real-time notifications via `syslog'. + +Bro is documented in the the USENIX 1998 Security Conference proceedings. + +-- David + obrien@cs.ucdavis.edu diff --git a/security/bro/pkg-plist b/security/bro/pkg-plist new file mode 100644 index 000000000000..275740b7f194 --- /dev/null +++ b/security/bro/pkg-plist @@ -0,0 +1,13 @@ +sbin/bro +share/bro/bro.init +share/bro/dns.bro +share/bro/finger.bro +share/bro/ftp.bro +share/bro/hot.bro +share/bro/mt.bro +share/bro/port-name.bro +share/bro/portmapper.bro +share/bro/tcp.bro +share/bro/telnet.bro +share/bro/udp.bro +share/doc/bro/bro-usenix98-revised.ps.gz