diff --git a/sysutils/osquery/Makefile b/sysutils/osquery/Makefile index 44335a7bdede..be187be0176d 100644 --- a/sysutils/osquery/Makefile +++ b/sysutils/osquery/Makefile @@ -2,7 +2,7 @@ # $FreeBSD$ PORTNAME= osquery -PORTVERSION= 2.4.0 +PORTVERSION= 2.4.3 CATEGORIES= sysutils MAINTAINER= zi@FreeBSD.org @@ -21,12 +21,10 @@ LIB_DEPENDS= libaugeas.so:textproc/augeas \ libgflags.so:devel/gflags \ libglog.so:devel/glog \ libicuuc.so:devel/icu \ - libthrift.so:devel/thrift-cpp \ - libtsk.so:sysutils/sleuthkit \ - libcppnetlib-uri.so:devel/cpp-netlib \ librocksdb-lite.so:databases/rocksdb-lite \ - libyara.so:security/yara \ - liblldpctl.so:net-mgmt/lldpd + libthrift.so:devel/thrift-cpp \ + libcppnetlib-uri.so:devel/cpp-netlib +RUN_DEPENDS= ca_root_nss>0:security/ca_root_nss USES= cmake:outsource gmake libtool python:build compiler:c++11-lib CONFIGURE_ENV+= OSQUERY_BUILD_VERSION="${PORTVERSION}" HOME="${WRKDIR}" \ @@ -40,6 +38,25 @@ GH_PROJECT= third-party:tp GH_SUBDIR= third-party:tp MAKE_JOBS_UNSAFE= yes +# Some options for things that bring in many dependencies +OPTIONS_DEFINE= TSK AWS YARA LLDPD + +TSK_DESC= Build with sleuthkit support +TSK_LIB_DEPENDS= libtsk.so:sysutils/sleuthkit +TSK_CONFIGURE_ENV_OFF= SKIP_TSK=1 + +AWS_DESC= Support logging to AWS Kinesis +AWS_LIB_DEPENDS= libaws-cpp-sdk-core.so:devel/aws-sdk-cpp +AWS_CONFIGURE_ENV_OFF= SKIP_AWS=1 + +YARA_DESC= Build with YARA malware identification support +YARA_LIB_DEPENDS= libyara.so:security/yara +YARA_CONFIGURE_ENV_OFF= SKIP_YARA=1 + +LLDPD_DESC= Support Link Layer Discovery Protocol +LLDPD_LIB_DEPENDS= liblldpctl.so:net-mgmt/lldpd +LLDPD_CONFIGURE_ENV_OFF= SKIP_LLDPD=1 + .include .if ${OSVERSION} < 1100000 @@ -51,6 +68,10 @@ CXX= clang++38 post-patch: ${REINPLACE_CMD} -e 's|/var/osquery/|/var/db/osquery/|g' \ ${WRKSRC}/tools/deployment/osquery.example.conf + ${REINPLACE_CMD} -e 's|/etc/osquery/yara/|/var/db/osquery/yara/|g' \ + ${WRKSRC}/osquery/tables/yara/yara.cpp \ + ${WRKSRC}/osquery/tables/yara/yara_utils.cpp \ + ${WRKSRC}/specs/yara/yara.table ${REINPLACE_CMD} -e 's|python|${PYTHON_CMD}|g' \ ${WRKSRC}/CMakeLists.txt \ ${WRKSRC}/tools/get_platform.py @@ -63,6 +84,7 @@ do-install: ${INSTALL_DATA} ${WRKSRC}/tools/deployment/osquery.example.conf \ ${STAGEDIR}${PREFIX}/etc/osquery.conf.sample + ${TOUCH} ${STAGEDIR}${PREFIX}/etc/osquery.flags ${MKDIR} ${STAGEDIR}/var/db/osquery ${MKDIR} ${STAGEDIR}/var/log/osquery diff --git a/sysutils/osquery/distinfo b/sysutils/osquery/distinfo index 6717ac29c5d6..adc0996831c8 100644 --- a/sysutils/osquery/distinfo +++ b/sysutils/osquery/distinfo @@ -1,5 +1,5 @@ -TIMESTAMP = 1492024136 -SHA256 (facebook-osquery-2.4.0_GH0.tar.gz) = e5c3f01ac10ac9a9732f9610921cea8e8a7234a18061cf58e22dc86b2b74d685 -SIZE (facebook-osquery-2.4.0_GH0.tar.gz) = 874186 -SHA256 (osquery-third-party-2.4.0_GH0.tar.gz) = 729830902faa4f438c77dfdce849bfbc862501591e3a51154f0e0fbe14af7ede -SIZE (osquery-third-party-2.4.0_GH0.tar.gz) = 3864623 +TIMESTAMP = 1493669104 +SHA256 (facebook-osquery-2.4.3_GH0.tar.gz) = 60dd80c6c8633c5baa307fb7aab296cf8726c9d7044b2c14d064547af1ef89c0 +SIZE (facebook-osquery-2.4.3_GH0.tar.gz) = 896305 +SHA256 (osquery-third-party-2.4.3_GH0.tar.gz) = 1119deb9265697021a5fe9f8214be444745811eedd9d291e7d15b5dd1bc709fa +SIZE (osquery-third-party-2.4.3_GH0.tar.gz) = 3229298 diff --git a/sysutils/osquery/files/osqueryd.in b/sysutils/osquery/files/osqueryd.in index 703680859264..6145026efabc 100644 --- a/sysutils/osquery/files/osqueryd.in +++ b/sysutils/osquery/files/osqueryd.in @@ -23,7 +23,7 @@ osqueryd_enable=${osqueryd_enable-"NO"} osqueryd_flags=${osqueryd_flags-""} osqueryd_config=${osqueryd_config-"%%PREFIX%%/etc/osquery.conf"} required_files=${osqueryd_config} -command_args="--pidfile /var/run/osqueryd.pid --disable_watchdog --daemonize=true --database_path /var/db/osquery/osqueryd --extensions_socket /var/run/osquery.em --extensions_autoload %%PREFIX%%/etc/osquery.extensions --modules_autoload %%PREFIX%%/etc/osquery.modules --config_path=${osqueryd_config}" +command_args="--pidfile /var/run/osqueryd.pid --disable_watchdog --daemonize=true --database_path /var/db/osquery/osqueryd --extensions_socket /var/run/osquery.em --extensions_autoload %%PREFIX%%/etc/osquery.extensions --modules_autoload %%PREFIX%%/etc/osquery.modules --tls_server_certs /etc/ssl/cert.pem --flagfile %%PREFIX%%/etc/osquery.flags --config_path=${osqueryd_config}" extra_commands="configtest" configtest_cmd="configtest" pidfile="/var/run/osqueryd.pid" diff --git a/sysutils/osquery/pkg-message b/sysutils/osquery/pkg-message new file mode 100644 index 000000000000..d4f98c1e0ec5 --- /dev/null +++ b/sysutils/osquery/pkg-message @@ -0,0 +1,4 @@ +Note that some osquery tables are currently unsupported on FreeBSD. A list of +disabled tables can be found at: + +https://github.com/facebook/osquery/blob/master/specs/blacklist diff --git a/sysutils/osquery/pkg-plist b/sysutils/osquery/pkg-plist index c76842a11758..9e22242debbe 100644 --- a/sysutils/osquery/pkg-plist +++ b/sysutils/osquery/pkg-plist @@ -1,6 +1,7 @@ bin/osqueryi @dir /var/db/osquery @dir /var/log/osquery +etc/osquery.flags include/osquery/config.h include/osquery/core.h include/osquery/database.h