diff options
| author | edwin <edwin@FreeBSD.org> | 2007-09-10 21:28:12 +0800 |
|---|---|---|
| committer | edwin <edwin@FreeBSD.org> | 2007-09-10 21:28:12 +0800 |
| commit | 341588fc6689e349ff293c3a51d89f7f37e3efce (patch) | |
| tree | 8c2fa01f4015989c3b27acdea653219765c90740 /security | |
| parent | b122bc1b6b7c6470fe5df3ed4fb9cdf729199682 (diff) | |
| download | freebsd-ports-gnome-341588fc6689e349ff293c3a51d89f7f37e3efce.tar.gz freebsd-ports-gnome-341588fc6689e349ff293c3a51d89f7f37e3efce.tar.zst freebsd-ports-gnome-341588fc6689e349ff293c3a51d89f7f37e3efce.zip | |
security/bro, port upgrade to version 1.2.1, take over maintainership
This is an upgrade of the security/bro port to the current
stable version. The port is very complex, so it needs to
be tested carefully to make sure that I'm not screwing
anything up or using wrong conventions. Also, I'm willing
to take over maintainership of the port if it's accepted
into the tree.
Please note, there are several files that need to be removed
from the port and quite a few that need to be added. All
these files are in FILESDIR. I have provided blank patches
for the files that need to be removed, so the patches will
create blank files.
Added IS_INTERACTIVE to the port
Left original freebsd header comments in it.
Next time please use one big patch-file instead of lots of little ones :-)
PR: ports/114999
Submitted by: Paul Schmehl <pauls@utdallas.edu>
Diffstat (limited to 'security')
27 files changed, 856 insertions, 251 deletions
diff --git a/security/bro/Makefile b/security/bro/Makefile index 8afe6eaeadd2..b29426909c19 100644 --- a/security/bro/Makefile +++ b/security/bro/Makefile @@ -1,62 +1,106 @@ -# ex:ts=8 # Ports collection makefile for: bro -# Date created: Sat Feb 28, 1998 -# Whom: David O'Brien (obrien@FreeBSD.org) +# Date created: Mon Jul 16, 2007 +# Whom: Paul Schmehl (pauls@utdallas.edu) # # $FreeBSD$ # PORTNAME= bro -PORTVERSION= 0.8 -PORTREVISION= 1 +PORTVERSION= 1.2 CATEGORIES= security -MASTER_SITES= ftp://ftp.ee.lbl.gov/ -DISTNAME= ${PORTNAME}-pub-${PORTVERSION}a37 +MASTER_SITES= ftp://bro-ids.org/ +DISTNAME= ${PORTNAME}-${PORTVERSION}-stable -MAINTAINER= ports@FreeBSD.org +MAINTAINER= pauls@utdallas.edu COMMENT= System for detecting Network Intruders in real-time BUILD_DEPENDS= bison:${PORTSDIR}/devel/bison -WRKSRC= ${WRKDIR}/${PORTNAME}-pub-${PORTVERSION}a37 +OPTIONS= GPG "Support encrypted email" Off \ + DOCS "Install documentation (not recommended)" Off +WRKSRC= ${WRKDIR}/bro-${PORTVERSION}.1 + +USE_LDCONFIG= ${PREFIX}/share GNU_CONFIGURE= yes MAKE_ENV+= CC="${CC}" CONFIGURE_TARGET= --build=${MACHINE_ARCH}-portbld-freebsd${OSREL} CONFIGURE_ARGS= --libdir=${PREFIX}/share USE_PERL5= yes +IS_INTERACTIVE= yes # during the install phase + +SUB_FILES= pkg-deinstall pkg-install pkg-message +SUB_LIST= BROHOME=${BROHOME} BROSITEDIR=${BROSITEDIR} SITE_PERL=${SITE_PERL} WRKSRC=${WRKSRC} +BROHOME= ${PREFIX}/bro +BROSITEDIR= ${BROHOME}/site + +.include <bsd.port.pre.mk> + +.if defined(WITH_GPG) +BUILD_DEPENDS+= gpg:${PORTSDIR}/security/gnupg +.endif +.if !defined(WITH_DOCS) +NOPORTDOCS= Yes +.endif + post-extract: - @cd ${WRKSRC} && ${TAR} xfz libedit.src.tar.gz + @cd ${WRKSRC}/src && ${TAR} xfz libedit.src.tar.gz post-patch: @${REINPLACE_CMD} -e 's|CFLAGS+=-g -O0||g; \ s|CC=gcc||' \ - ${WRKSRC}/libedit/Makefile.in \ - ${WRKSRC}/libedit/Makefile + ${WRKSRC}/src/libedit/Makefile.in \ + ${WRKSRC}/src/libedit/Makefile @${REINPLACE_CMD} -e "s,tr '\[a-z\]' '\[A-Z\]',tr 'a-z' 'A-Z',g" \ - ${WRKSRC}/libedit/makelist + ${WRKSRC}/src/libedit/makelist @${REINPLACE_CMD} -E -e 's,(const char\*) const (helpstring),\1 \2,g' \ - ${WRKSRC}/DebugCmds.h + ${WRKSRC}/src/DebugCmds.h pre-configure: @${ECHO_CMD} "Configure libedit..." - @(cd ${WRKSRC}/libedit && ${MAKE_ENV} ./configure) + @(cd ${WRKSRC}/src/libedit && ${MAKE_ENV} ./configure) pre-build: @${ECHO_CMD} "Building libedit..." - @(cd ${WRKSRC}/libedit && ${MAKE}) - -pre-install: - @${MKDIR} ${DATADIR} + @(cd ${WRKSRC}/src/libedit && ${MAKE}) post-install: - @${STRIP_CMD} ${PREFIX}/sbin/bro - @${INSTALL_DATA} ${WRKSRC}/policy/*.* ${DATADIR} + @${STRIP_CMD} ${PREFIX}/bin/bro + @${MKDIR} ${PREFIX}/bro/etc + @${MKDIR} ${SITE_PERL}/mach/Bro + @${MKDIR} ${SITE_PERL}/mach/Bro/Log + @${MKDIR} ${SITE_PERL}/mach/Bro/Report + ${INSTALL_DATA} ${WRKSRC}/scripts/bro.cfg.example ${PREFIX}/etc + ${INSTALL_DATA} ${WRKSRC}/scripts/local.site.bro.default ${BROSITEDIR} + ${INSTALL_DATA} ${WRKSRC}/scripts/IP4.pm ${SITE_PERL}/mach + ${INSTALL_DATA} ${WRKSRC}/scripts/perl/lib/Bro/Config.pm ${SITE_PERL}/mach/Bro + ${INSTALL_DATA} ${WRKSRC}/scripts/perl/lib/Bro/Log.pm ${SITE_PERL}/mach/Bro + ${INSTALL_DATA} ${WRKSRC}/scripts/perl/lib/Bro/Report.pm ${SITE_PERL}/mach/Bro + ${INSTALL_DATA} ${WRKSRC}/scripts/perl/lib/Bro/Signature.pm ${SITE_PERL}/mach/Bro + ${INSTALL_DATA} ${WRKSRC}/scripts/perl/lib/Bro/Log/Alarm.pm ${SITE_PERL}/mach/Bro/Log + ${INSTALL_DATA} ${WRKSRC}/scripts/perl/lib/Bro/Log/Conn.pm ${SITE_PERL}/mach/Bro/Log + ${INSTALL_DATA} ${WRKSRC}/scripts/perl/lib/Bro/Report/Alarm.pm ${SITE_PERL}/mach/Bro/Report + ${INSTALL_DATA} ${WRKSRC}/scripts/perl/lib/Bro/Report/Conn.pm ${SITE_PERL}/mach/Bro/Report + ${INSTALL_SCRIPT} ${WRKSRC}/scripts/bro.rc ${BROHOME}/scripts + ${INSTALL_SCRIPT} ${WRKSRC}/scripts/bro.rc-hooks.sh ${BROHOME}/scripts + ${INSTALL_SCRIPT} ${WRKSRC}/scripts/bro_config ${BROHOME}/scripts + ${INSTALL_SCRIPT} ${WRKSRC}/scripts/localnetMAC.pl ${BROHOME}/scripts + ${INSTALL_SCRIPT} ${WRKSRC}/scripts/perl/script/edit-brorule.pl ${BROHOME}/scripts + ${INSTALL_SCRIPT} ${WRKSRC}/scripts/perl/script/site-report.pl ${BROHOME}/scripts + ${INSTALL_PROGRAM} ${WRKSRC}/aux/adtrace/adtrace ${PREFIX}/bin + ${SH} ${PKGINSTALL} + .if !defined(NOPORTDOCS) + @${ECHO_MSG} "You have chosen to install documentation" + @${ECHO_MSG} "but the online documentation will be much" + @${ECHO_MSG} "more up to date." @${MKDIR} ${DOCSDIR} - ${INSTALL_MAN} ${WRKSRC}/doc/bro-CN99.ps ${DOCSDIR} - @${GZIP_CMD} ${DOCSDIR}/bro-CN99.ps + ${INSTALL_DATA} ${WRKSRC}/doc/quick-start/Bro-quick-start.pdf ${DOCSDIR} + ${INSTALL_DATA} ${WRKSRC}/doc/quick-start/bro-deployment.pdf ${DOCSDIR} + ${INSTALL_DATA} ${WRKSRC}/doc/user-manual/Bro-user-manual.pdf ${DOCSDIR} .endif -.include <bsd.port.mk> + @${CAT} ${PKGMESSAGE} + +.include <bsd.port.post.mk> diff --git a/security/bro/distinfo b/security/bro/distinfo index 2fe3ea524f3e..dde086d459e8 100644 --- a/security/bro/distinfo +++ b/security/bro/distinfo @@ -1,3 +1,3 @@ -MD5 (bro-pub-0.8a37.tar.gz) = abf9ddc6e7086639130f2e792eca4ab3 -SHA256 (bro-pub-0.8a37.tar.gz) = 3bdf9c18ccb12181e8383c9d5969fd1b86d7d601a98fdf6655467c64167fb5bc -SIZE (bro-pub-0.8a37.tar.gz) = 1696069 +MD5 (bro-1.2-stable.tar.gz) = ca4c0435da066d901c63f182faa7f540 +SHA256 (bro-1.2-stable.tar.gz) = 276da336a210d5664b483bc44fe29e3e670a02cd5b2932890050a11954afe17f +SIZE (bro-1.2-stable.tar.gz) = 3986890 diff --git a/security/bro/files/patch-Conn.h b/security/bro/files/patch-Conn.h deleted file mode 100644 index 6d126fb09e23..000000000000 --- a/security/bro/files/patch-Conn.h +++ /dev/null @@ -1,29 +0,0 @@ ---- Conn.h.orig Sun Aug 31 02:39:01 2003 -+++ Conn.h Thu Dec 21 13:27:24 2006 -@@ -59,7 +59,7 @@ - // dst_port just have to reflect the two different sides of the - // connection, neither has to be the particular source/destination - // or originator/responder. -- HashKey* ConnID::BuildConnKey() const; -+ HashKey* BuildConnKey() const; - }; - - static inline int addr_port_canon_lt(const uint32* a1, uint32 p1, -@@ -223,6 +223,8 @@ - return 1; - } - -+ void DeleteTimer(double t); -+ - protected: - virtual void UpdateEndpointVal(RecordVal* endp, int is_orig) = 0; - -@@ -235,8 +237,6 @@ - - friend class ConnectionTimer; - void RemoveTimer(Timer* t); -- -- void DeleteTimer(double t); - - void InactivityTimer(double t); - diff --git a/security/bro/files/patch-Makefile.in b/security/bro/files/patch-Makefile.in index ed829223ea40..b038cede4703 100644 --- a/security/bro/files/patch-Makefile.in +++ b/security/bro/files/patch-Makefile.in @@ -1,27 +1,36 @@ ---- Makefile.in.orig Sun Aug 31 04:39:14 2003 -+++ Makefile.in Tue Oct 14 12:08:51 2003 -@@ -52,13 +52,13 @@ - LIBS = $(LIBEDIT_LIBS) @LIBS@ -lm +--- Makefile.in.orig Thu Dec 14 11:59:51 2006 ++++ Makefile.in Wed Jul 18 23:57:10 2007 +@@ -206,7 +206,7 @@ + # noticed. + # + DISTCHECK_CONFIGURE_FLAGS = --disable-gtk-doc +-versiondir = $(prefix)/etc ++versiondir = $(prefix)/bro/etc + dist_version_DATA = VERSION + chown = @CHOWN@ - # Purify barfs when c++ is used for $(CPLUS). --PURIFY_CPLUS = g++ -+PURIFY_CPLUS = @CC@ - PURE_FLAGS = -chain-length=20 +@@ -658,9 +658,9 @@ + install-brolite: + $(MAKE) install + ( cd scripts && $(MAKE) install-brolite ) +- - @CHOWN@ -R `cat scripts/bro_user_id` ${prefix}/ ++ - @CHOWN@ -R `cat scripts/bro_user_id` ${prefix}/bro + @echo "*********************************************************" +- @echo "Please run \"${prefix}/etc/bro.rc --start\" to start bro" ++ @echo "Please run \"${prefix}/bro/scripts/bro.rc --start\" to start bro" + @echo "*********************************************************" - YACC = @YACC@ - YFLAGS = -d -t -v - LEX = @LEX@ --INSTALL = @INSTALL@ -d -+INSTALL = @INSTALL_PROGRAM@ - INSTALL_DATA = @INSTALL_DATA@ - @SET_MAKE@ - COMPRESS = @COMPRESS@ -@@ -121,7 +121,7 @@ + docs: +@@ -687,9 +687,9 @@ - all: $(PKG) + # make sure all the dirs are correctly created and owned + install-data-local: +- $(INSTALL) -d $(prefix)/logs +- $(INSTALL) -d $(prefix)/archive +- $(INSTALL) -d $(prefix)/var ++ $(INSTALL) -d $(prefix)/bro/logs ++ $(INSTALL) -d $(prefix)/bro/archive ++ $(INSTALL) -d $(prefix)/bro/var --$(PKG): $(LIBEDIT_LIB) $(OBJ) -+$(PKG): $(OBJ) - $(CPLUS) -o $(EXEC) $(OBJ) $(LDFLAGS) $(LIBS) - opt: - @$(MAKE) $(MFLAGS) CCOPT="`echo $(CCOPT) | sed -e 's/-O2//;s/$$/ -O3/'`" + release: + ./autogen.sh diff --git a/security/bro/files/patch-Obj.cc b/security/bro/files/patch-Obj.cc deleted file mode 100644 index 295affb0d446..000000000000 --- a/security/bro/files/patch-Obj.cc +++ /dev/null @@ -1,11 +0,0 @@ ---- Obj.cc.orig Sun Oct 5 18:27:31 2003 -+++ Obj.cc Sun Oct 5 18:27:44 2003 -@@ -47,7 +47,7 @@ - delete_data = true; - - int tmp; -- return s->Read(&(char*) filename, &tmp) && -+ return s->Read((char**) &filename, &tmp) && - s->Read(&first_line) && s->Read(&last_line) && - s->Read(&first_column) && s->Read(&last_column); - } diff --git a/security/bro/files/patch-Serializer.h b/security/bro/files/patch-Serializer.h deleted file mode 100644 index 3113bddd8ef9..000000000000 --- a/security/bro/files/patch-Serializer.h +++ /dev/null @@ -1,13 +0,0 @@ ---- Serializer.h.orig Thu Dec 21 13:24:28 2006 -+++ Serializer.h Thu Dec 21 13:24:45 2006 -@@ -82,8 +82,8 @@ - void StartSerialization(); - bool EndSerialization(); - -- bool Serializer::UnserializeID(); -- bool Serializer::UnserializeEvent(); -+ bool UnserializeID(); -+ bool UnserializeEvent(); - - SerializationFormat* format; - diff --git a/security/bro/files/patch-aux-scripts-Makefile.in b/security/bro/files/patch-aux-scripts-Makefile.in new file mode 100644 index 000000000000..cbd3f2b43819 --- /dev/null +++ b/security/bro/files/patch-aux-scripts-Makefile.in @@ -0,0 +1,11 @@ +--- aux/scripts/Makefile.in.orig Wed Jul 18 16:27:01 2007 ++++ aux/scripts/Makefile.in Wed Jul 18 16:27:41 2007 +@@ -173,7 +173,7 @@ + target_vendor = @target_vendor@ + + # override where to stick the scripts +-scriptdir = ${prefix}/scripts ++scriptdir = ${prefix}/bro/scripts + dist_script_SCRIPTS = bro-logchk.pl host-to-addrs mvlog host-grep + EXTRA_DIST = hot-report mon-report ip-grep ca-create ca-issue + all: all-am diff --git a/security/bro/files/patch-libedit::configure b/security/bro/files/patch-libedit::configure deleted file mode 100644 index fe37b4aeec1c..000000000000 --- a/security/bro/files/patch-libedit::configure +++ /dev/null @@ -1,19 +0,0 @@ ---- libedit/configure.orig Tue Oct 14 12:30:58 2003 -+++ libedit/configure Tue Oct 14 12:31:54 2003 -@@ -733,13 +733,13 @@ - CFLAGS="$ac_save_CFLAGS" - elif test $ac_cv_prog_cc_g = yes; then - if test "$GCC" = yes; then -- CFLAGS="-g -O2" -+ CFLAGS="" - else -- CFLAGS="-g" -+ CFLAGS="" - fi - else - if test "$GCC" = yes; then -- CFLAGS="-O2" -+ CFLAGS="" - else - CFLAGS= - fi diff --git a/security/bro/files/patch-patricia.c b/security/bro/files/patch-patricia.c deleted file mode 100644 index b3db5ede01f0..000000000000 --- a/security/bro/files/patch-patricia.c +++ /dev/null @@ -1,22 +0,0 @@ ---- patricia.c.orig Tue Oct 7 15:06:56 2003 -+++ patricia.c Tue Oct 7 15:07:19 2003 -@@ -52,6 +52,11 @@ - "This product includes software developed by the University of Michigan, Merit" - "Network, Inc., and their contributors."; - -+#include <sys/types.h> -+#include <sys/socket.h> -+#include <netinet/in.h> -+#include <arpa/inet.h> -+ - #include <assert.h> /* assert */ - #include <ctype.h> /* isdigit */ - #include <errno.h> /* errno */ -@@ -60,7 +65,6 @@ - #include <stdio.h> /* sprintf, fprintf, stderr */ - #include <stdlib.h> /* free, atol, calloc */ - #include <string.h> /* memcpy, strchr, strlen */ --#include <arpa/inet.h> /* for inet_addr */ - - #include "patricia.h" - diff --git a/security/bro/files/patch-patricia.h b/security/bro/files/patch-patricia.h deleted file mode 100644 index 10979f72537e..000000000000 --- a/security/bro/files/patch-patricia.h +++ /dev/null @@ -1,11 +0,0 @@ ---- patricia.h.orig Sun Oct 5 18:29:52 2003 -+++ patricia.h Sun Oct 5 18:30:05 2003 -@@ -51,6 +51,8 @@ - #ifndef _PATRICIA_H - #define _PATRICIA_H - -+#include <sys/types.h> -+ - /* typedef unsigned int u_int; */ - typedef void (*void_fn_t)(); - /* { from defs.h */ diff --git a/security/bro/files/patch-policy-Makefile.in b/security/bro/files/patch-policy-Makefile.in new file mode 100644 index 000000000000..32cfa1c0f4b7 --- /dev/null +++ b/security/bro/files/patch-policy-Makefile.in @@ -0,0 +1,64 @@ +--- policy/Makefile.in.orig Wed Jul 18 16:30:32 2007 ++++ policy/Makefile.in Wed Jul 18 16:31:47 2007 +@@ -190,7 +190,7 @@ + + + # doesn't end in a sig +-bropolicydir = ${prefix}/policy ++bropolicydir = ${prefix}/bro/policy + dist_bropolicy_DATA = bro.init adu.bro alarm.bro analy.bro \ + anon.bro arp.bro backdoor.bro blaster.bro brolite.bro \ + brolite-backdoor.bro brolite-sigs.bro capture-events.bro \ +@@ -542,30 +542,30 @@ + + + install-data-hook: +- $(INSTALL_DATA) bro.bif.bro $(DESTDIR)${prefix}/policy/ +- $(INSTALL_DATA) common-rw.bif.bro $(DESTDIR)${prefix}/policy/ +- $(INSTALL_DATA) const.bif.bro $(DESTDIR)${prefix}/policy/ +- $(INSTALL_DATA) dns-rw.bif.bro $(DESTDIR)${prefix}/policy/ +- $(INSTALL_DATA) event.bif.bro $(DESTDIR)${prefix}/policy/ +- $(INSTALL_DATA) finger-rw.bif.bro $(DESTDIR)${prefix}/policy/ +- $(INSTALL_DATA) ftp-rw.bif.bro $(DESTDIR)${prefix}/policy/ +- $(INSTALL_DATA) http-rw.bif.bro $(DESTDIR)${prefix}/policy/ +- $(INSTALL_DATA) ident-rw.bif.bro $(DESTDIR)${prefix}/policy/ +- $(INSTALL_DATA) smtp-rw.bif.bro $(DESTDIR)${prefix}/policy/ +- $(INSTALL_DATA) strings.bif.bro $(DESTDIR)${prefix}/policy/ ++ $(INSTALL_DATA) bro.bif.bro $(DESTDIR)${prefix}/bro/policy/ ++ $(INSTALL_DATA) common-rw.bif.bro $(DESTDIR)${prefix}/bro/policy/ ++ $(INSTALL_DATA) const.bif.bro $(DESTDIR)${prefix}/bro/policy/ ++ $(INSTALL_DATA) dns-rw.bif.bro $(DESTDIR)${prefix}/bro/policy/ ++ $(INSTALL_DATA) event.bif.bro $(DESTDIR)${prefix}/bro/policy/ ++ $(INSTALL_DATA) finger-rw.bif.bro $(DESTDIR)${prefix}/bro/policy/ ++ $(INSTALL_DATA) ftp-rw.bif.bro $(DESTDIR)${prefix}/bro/policy/ ++ $(INSTALL_DATA) http-rw.bif.bro $(DESTDIR)${prefix}/bro/policy/ ++ $(INSTALL_DATA) ident-rw.bif.bro $(DESTDIR)${prefix}/bro/policy/ ++ $(INSTALL_DATA) smtp-rw.bif.bro $(DESTDIR)${prefix}/bro/policy/ ++ $(INSTALL_DATA) strings.bif.bro $(DESTDIR)${prefix}/bro/policy/ + + uninstall-local: +- rm -f $(DESTDIR)${prefix}/policy/bro.bif.bro +- rm -f $(DESTDIR)${prefix}/policy/common-rw.bif.bro +- rm -f $(DESTDIR)${prefix}/policy/const.bif.bro +- rm -f $(DESTDIR)${prefix}/policy/dns-rw.bif.bro +- rm -f $(DESTDIR)${prefix}/policy/event.bif.bro +- rm -f $(DESTDIR)${prefix}/policy/finger-rw.bif.bro +- rm -f $(DESTDIR)${prefix}/policy/ftp-rw.bif.bro +- rm -f $(DESTDIR)${prefix}/policy/http-rw.bif.bro +- rm -f $(DESTDIR)${prefix}/policy/ident-rw.bif.bro +- rm -f $(DESTDIR)${prefix}/policy/smtp-rw.bif.bro +- rm -f $(DESTDIR)${prefix}/policy/strings.bif.bro ++ rm -f $(DESTDIR)${prefix}/bro/policy/bro.bif.bro ++ rm -f $(DESTDIR)${prefix}/bro/policy/common-rw.bif.bro ++ rm -f $(DESTDIR)${prefix}/bro/policy/const.bif.bro ++ rm -f $(DESTDIR)${prefix}/bro/policy/dns-rw.bif.bro ++ rm -f $(DESTDIR)${prefix}/bro/policy/event.bif.bro ++ rm -f $(DESTDIR)${prefix}/bro/policy/finger-rw.bif.bro ++ rm -f $(DESTDIR)${prefix}/bro/policy/ftp-rw.bif.bro ++ rm -f $(DESTDIR)${prefix}/bro/policy/http-rw.bif.bro ++ rm -f $(DESTDIR)${prefix}/bro/policy/ident-rw.bif.bro ++ rm -f $(DESTDIR)${prefix}/bro/policy/smtp-rw.bif.bro ++ rm -f $(DESTDIR)${prefix}/bro/policy/strings.bif.bro + # Tell versions [3.59,3.63) of GNU make to not export all variables. + # Otherwise a system limit (for SysV at least) may be exceeded. + .NOEXPORT: diff --git a/security/bro/files/patch-policy-sigs-Makefile.in b/security/bro/files/patch-policy-sigs-Makefile.in new file mode 100644 index 000000000000..be598acfd6a0 --- /dev/null +++ b/security/bro/files/patch-policy-sigs-Makefile.in @@ -0,0 +1,11 @@ +--- policy/sigs/Makefile.in.orig Wed Jul 18 16:32:45 2007 ++++ policy/sigs/Makefile.in Wed Jul 18 16:33:13 2007 +@@ -171,7 +171,7 @@ + target_cpu = @target_cpu@ + target_os = @target_os@ + target_vendor = @target_vendor@ +-sigsdir = ${prefix}/policy/sigs ++sigsdir = ${prefix}/bro/policy/sigs + dist_sigs_DATA = dpd.sig ex.web-rules.sig p0fsyn.osf \ + snort-default.sig ssl-worm.sig worm.sig + diff --git a/security/bro/files/patch-script-s2b-example-bro_files-Makefile.in b/security/bro/files/patch-script-s2b-example-bro_files-Makefile.in new file mode 100644 index 000000000000..deb7f329fe49 --- /dev/null +++ b/security/bro/files/patch-script-s2b-example-bro_files-Makefile.in @@ -0,0 +1,14 @@ +--- scripts/s2b/example_bro_files/Makefile.in.orig Wed Jul 18 17:39:54 2007 ++++ scripts/s2b/example_bro_files/Makefile.in Wed Jul 18 17:40:29 2007 +@@ -172,9 +172,9 @@ + target_cpu = @target_cpu@ + target_os = @target_os@ + target_vendor = @target_vendor@ +-actiondir = ${prefix}/policy ++actiondir = ${prefix}/bro/policy + dist_action_DATA = sig-action.bro +-sigsdir = ${prefix}/site ++sigsdir = ${prefix}/bro/site + dist_sigs_DATA = signatures.sig + all: all-am + diff --git a/security/bro/files/patch-scripts-Makefile.in b/security/bro/files/patch-scripts-Makefile.in new file mode 100644 index 000000000000..25bcff64dd7d --- /dev/null +++ b/security/bro/files/patch-scripts-Makefile.in @@ -0,0 +1,92 @@ +--- scripts/Makefile.in.orig Thu Dec 14 11:59:53 2006 ++++ scripts/Makefile.in Wed Jul 18 22:30:43 2007 +@@ -186,12 +186,12 @@ + target_os = @target_os@ + target_vendor = @target_vendor@ + bro_bin = ${prefix}/bin +-bro_logs = ${prefix}/logs ++bro_logs = ${prefix}/bro/logs + bro_etc = ${prefix}/etc +-bro_site = ${prefix}/site +-bro_scripts = ${prefix}/scripts +-bro_reports = ${prefix}/reports +-bro_perlmods = ${prefix}/perl ++bro_site = ${prefix}/bro/site ++bro_scripts = ${prefix}/bro/scripts ++bro_reports = ${prefix}/bro/reports ++bro_perlmods = ${prefix}/bro/perl + + # where to download signatures from. + SIGHOST = www.bro-ids.org +@@ -222,9 +222,9 @@ + bin_SCRIPT = bro.rc + + # more files! Ugggg, will the pain ever stop? +-scoredir = $(prefix)/etc ++scoredir = $(prefix)/bro/etc + dist_score_DATA = alert_scores signature_scores +-scriptsdir = $(prefix)/scripts ++scriptsdir = $(prefix)/bro/scripts + dist_scripts_SCRIPTS = bro_log_compress.sh \ + frontend-mail-reports.sh frontend-site-report.sh push_logs.sh mail_notice.sh + +@@ -596,11 +596,11 @@ + rm -f $(bro_etc)/bro.rc + rm -f $(bro_etc)/bro.cfg + rm -f $(bro_etc)/bro.cfg.example +- rm -f $(prefix)/etc/bro.rc-hooks.sh ++ rm -f $(prefix)/bro/scripts/bro.rc-hooks.sh + rm -f $(prefix)/site/local.site.bro + rm -f $(prefix)/site/${brohost}.bro + $(srcdir)/install_cron.sh uninstall +- -rm -f $(prefix)/etc/bro.rc-hooks.sh.new ++ -rm -f $(prefix)/bro/scripts/bro.rc-hooks.sh.new + -rm -f /usr/local/etc/rc.d/bro.sh + + # install the stuff to do reports +@@ -625,14 +625,14 @@ + @if [ ! -s signatures.sig.new ] ; then \ + echo "Error in download. Try again later." ; \ + else \ +- if [ ! -f $(prefix)/site/signatures.sig ] ; then \ ++ if [ ! -f $(prefix)/bro/site/signatures.sig ] ; then \ + echo "No previous version, installing new version." ; \ +- cp signatures.sig.new $(prefix)/site/signatures.sig ; \ ++ cp signatures.sig.new $(prefix)/bro/site/signatures.sig ; \ + else \ +- cp signatures.sig.new $(prefix)/site/signatures.sig.new ; \ ++ cp signatures.sig.new $(prefix)/bro/site/signatures.sig.new ; \ + echo "***********************************************************" ; \ + echo "A new signature file (signatures.sig.new) has been placed in" ; \ +- echo "$(prefix)/site. Please compare it to your current signatures.sig " ; \ ++ echo "$(prefix)/bro/site. Please compare it to your current signatures.sig " ; \ + echo "and copy it over if there are no significant differences." ; \ + echo "***********************************************************" ; \ + fi \ +@@ -669,20 +669,20 @@ + else \ + $(INSTALL_DATA) $(srcdir)/local.lite.bro $(bro_site)/${brohost}.bro.new ; \ + fi +- @if [ ! -f $(prefix)/etc/bro.rc-hooks.sh ] ; then \ +- $(INSTALL_DATA) $(srcdir)/bro.rc-hooks.sh $(prefix)/etc/bro.rc-hooks.sh ; \ ++ @if [ ! -f $(prefix)/bro/scripts/bro.rc-hooks.sh ] ; then \ ++ $(INSTALL_DATA) $(srcdir)/bro.rc-hooks.sh $(prefix)/bro/scripts/bro.rc-hooks.sh ; \ + else \ +- $(INSTALL_DATA) $(srcdir)/bro.rc-hooks.sh $(prefix)/etc/bro.rc-hooks.sh.new ; \ ++ $(INSTALL_DATA) $(srcdir)/bro.rc-hooks.sh $(prefix)/bro/scripts/bro.rc-hooks.sh.new ; \ + fi + + # Default files that can be installed/reinstalled, not site specific + install_default_files: + $(INSTALL) $(srcdir)/mail_reports.sh $(bro_scripts)/mail_reports.sh +- $(INSTALL) bro.rc $(prefix)/etc/bro.rc +- $(INSTALL) bro_config $(prefix)/scripts/bro_config ++ $(INSTALL) bro.rc $(prefix)/bro/scripts/bro.rc ++ $(INSTALL) bro_config $(prefix)/bro/scripts/bro_config + -$(INSTALL_DATA) bro.cfg $(bro_etc)/bro.cfg + $(INSTALL_DATA) $(srcdir)/bro.cfg.example $(bro_etc)/bro.cfg.example +- - $(INSTALL) bro.rc /usr/local/etc/rc.d/bro.sh ++ - $(INSTALL) bro.rc @prefix@/bro/scripts/bro.sh + (cd s2b ; $(MAKE) install) + + # install cron file diff --git a/security/bro/files/patch-scripts-bro-config.in b/security/bro/files/patch-scripts-bro-config.in new file mode 100644 index 000000000000..64fecf79a024 --- /dev/null +++ b/security/bro/files/patch-scripts-bro-config.in @@ -0,0 +1,115 @@ +--- scripts/bro_config.in.orig Tue Dec 5 15:58:52 2006 ++++ scripts/bro_config.in Sat Jul 14 14:38:48 2007 +@@ -6,7 +6,7 @@ + # on the "configure" command line + # some machines (i.e. OSX) don't put sbin in the path by default + PATH=$PATH:/usr/sbin:/sbin +-BROHOME=@prefix@ ++BROHOME=@prefix@/bro + # Usage + Usage="bro_config: [-p prefix] [-d]" + # Debug mode? +@@ -39,9 +39,9 @@ + bro_config_got_root() + { + # make a backup of local.site.bro if it exists +- if [ -f local.site.bro ]; then ++ if [ -f ${BROHOME}/site/local.site.bro ]; then + echo "Detected an old local.site.bro, saving it to local.site.bro.save" +- cp local.site.bro local.site.bro.save ++ cp ${BROHOME}/site/local.site.bro ${BROHOME}/site/local.site.bro.save + fi + + if [ `id -ur` -ne 0 ]; then +@@ -62,7 +62,7 @@ + ###################################################################### + bro_config_create_local_site_bro() + { +-cat - > local.site.bro << _EOF ++cat - > ${BROHOME}/sitelocal.site.bro.default << _EOF + # This file should describe your network configuration. + # If your local network is a class C, and its network + # address was 192.168.1.0 and a class B network +@@ -263,7 +263,7 @@ + # BRO_HOSTNAME=`hostname` + + # Directory containing Bro binaries +-BRO_BIN_DIR="${BRO_BIN_DIR:-${BROHOME}/bin}" ++BRO_BIN_DIR="${BRO_BIN_DIR:-@prefix@/bin}" + + # Directory containing Bro logs + BROLOGS="${BROLOGS:-${BROHOME}/logs}" +@@ -287,7 +287,7 @@ + # BRO_PREFIX="local" + + # Location of the Bro executable +-BRO="${BRO:-$BRO_BIN_DIR/bro}" ++BRO="${BRO_BIN_DIR}/bro" + + # Base command line options. + BRO_ADD_OPTS=" -W" +@@ -352,7 +352,7 @@ + BRO_EMAIL_REMOTE="${BRO_EMAIL_REMOTE}" + + # User id to install and run Bro under +-BRO_USER_ID="${BRO_USER_ID:-brother}" ++BRO_USER_ID="${BRO_USER_ID:-root}" + + # Site name for reports (i.e. LBNL, FOO.COM, BAZ.ORG) + BRO_SITE_NAME="${BRO_SITE_NAME}" +@@ -454,29 +454,29 @@ + echo " done." + kill -INT $pid 2>&1 > /dev/null + echo -n "Analyzing dump file....." +- ./localnetMAC.pl -a 16 -r /tmp/bro_config.tcpdump.file.$$ -b local.site.bro 2>&1 > /dev/null ++ ${BROHOME}/scripts/localnetMAC.pl -a 16 -r /tmp/bro_config.tcpdump.file.$$ -b ${BROHOME}/site/local.site.bro 2>&1 > /dev/null + rm /tmp/bro_config.tcpdump.file.$$ + #Yes there is a spelling error in the output + echo " done." +- num=`grep "MAC adresses" local.site.bro | awk '{print $3}'` ++ num=`grep "MAC adresses" ${BROHOME}/site/local.site.bro | awk '{print $3}'` + if [ "$num" -gt 2 ] ; then + echo "You don't appear to be running on a DMZ (found more then two (2) hardware " +- echo "address. Please edit local.site.bro to reflect your correct network parameters" +- cp local.site.bro.default local.site.bro ++ echo "address. Please edit ${BROHOME}/site/local.site.bro to reflect your correct network parameters" ++ cp ${BROHOME}/site/local.site.bro.default ${BROHOME}/site/local.site.bro + else + echo "Your network appears to contain the following networks:" +- for net in ` grep ",$" local.site.bro|sed 's/,//g'`; ++ for net in ` grep ",$" ${BROHOME}/site/local.site.bro|sed 's/,//g'`; + do + echo $net; + done +- echo "Edit local.site.bro by hand if this is not correct" ++ echo "Edit ${BROHOME}/site/local.site.bro by hand if this is not correct" + fi + else +- if [ -f local.site.bro ]; then ++ if [ -f ${BROHOME}/site/local.site.bro ]; then + echo "No previous local.site.bro found. Creating default" + bro_config_create_local_site_bro + #cp local.site.bro.default local.site.bro +- echo "Please edit local.site.bro so that it describes your network configuration" ++ echo "Please edit ${BROHOME}/site/local.site.bro so that it describes your network configuration" + fi + fi + } +@@ -617,7 +617,7 @@ + # source a bro.cfg if it exists, so we know the past default values from the + # last run + +- dirs="$BROHOME/etc/bro.cfg $BROHOME/etc/bro.cfg.example `pwd`/bro.cfg" ++ dirs="@prefix@/etc/bro.cfg @prefix@/etc/bro.cfg.example `pwd`/bro.cfg" + cfgused= + + for cfgfile in $dirs ; do +@@ -783,7 +783,7 @@ + bro_config_site_name() + { + if [ -z $BRO_SITE_NAME ]; then +- BRO_SITE_NAME=`hostname|awk -F. '{print $2 $3}'` ++ BRO_SITE_NAME=`hostname|awk -F. '{print $2"."$3}'` + if [ -z $BRO_SITE_NAME ] ; then + BRO_SITE_NAME="SOMESITE" + fi diff --git a/security/bro/files/patch-scripts-bro.rc.in b/security/bro/files/patch-scripts-bro.rc.in new file mode 100644 index 000000000000..21a4561599d4 --- /dev/null +++ b/security/bro/files/patch-scripts-bro.rc.in @@ -0,0 +1,47 @@ +--- scripts/bro.rc.in.orig Fri Jul 13 15:53:29 2007 ++++ scripts/bro.rc.in Fri Jul 13 15:59:26 2007 +@@ -25,7 +25,7 @@ + # For tasks to complete before and after Bro starts please edit the following + # scripts to suit your needs. For those of you familiar with dhclient this + # uses the same idea. +-# Before Bro starts $BROHOME/etc/bro.rc-hooks.sh ++# Before Bro starts @prefix@/bin/bro.rc-hooks.sh + + # See the bottom of this script for an explanation of how this all works. + # I'll try my best to be clear.... +@@ -35,14 +35,14 @@ + RETVAL=0 + + # picked up from configure at install time +-BROHOME="@prefix@" ++BROHOME="@prefix@/bro" + export BROHOME + + # Set the environment. +-source_config="${BROHOME}/etc/bro.cfg" ++source_config="@prefix@/etc/bro.cfg" + + # Location of bro-hooks.sh script +-bro_hooks="${BROHOME}/etc/bro.rc-hooks.sh" ++bro_hooks="@prefix@/bro/scripts/bro.rc-hooks.sh" + + # Set the full path to this script as called + if [ `echo ${0} | grep -E "^/"` ]; then +@@ -88,7 +88,7 @@ + export BROLOGS + export BROPATH + export BROHOME +-export PATH="${BROHOME}/bro/bin:${BROHOME}/bro/scripts:/usr/local/bin:/usr/local/sbin:${PATH}" ++export PATH="@prefix@/bin:${BROHOME}/scripts:/usr/local/bin:/usr/local/sbin:${PATH}" + + # Make sure that the $BRO_RUNTIME_DIR exists and is writtable + if [ ! -d "${BRO_RUNTIME_DIR}" ]; then +@@ -1033,7 +1033,7 @@ + # running instance of Bro. + # bro.rc logs it's actions to syslog via the logger command. + # bro.rc offers users an interface into the starting and stopping of a Bro +-# process via the file $BROHOME/etc/bro.rc-hooks.rc. This allows for ++# process via the file @prefix@/bro/scripts/bro.rc-hooks.rc. This allows for + # actions to be sent to any custom monitoring or alerting programs the + # user may wish to use. + diff --git a/security/bro/files/patch-scripts-localnetMAC.pl b/security/bro/files/patch-scripts-localnetMAC.pl new file mode 100644 index 000000000000..b3232189886f --- /dev/null +++ b/security/bro/files/patch-scripts-localnetMAC.pl @@ -0,0 +1,15 @@ +--- scripts/localnetMAC.pl.in.orig Sat Jul 14 00:01:55 2007 ++++ scripts/localnetMAC.pl.in Sat Jul 14 00:03:48 2007 +@@ -50,10 +50,10 @@ + + my $fh; + if ($args{r} and $args{r}=~/gz$/){ +- open (IN, "$decomp $args{r} |../aux/adtrace/adtrace -|") or die "cannot execute $decomp $args{r} |../aux/adtrace/adtrace - : $!\n"; ++ open (IN, "$decomp $args{r} |@prefix@/bin/adtrace -|") or die "cannot execute $decomp $args{r} |@prefix@/bin/adtrace - : $!\n"; + $fh = *IN; + }elsif($args{r}){ +- open (IN, "../aux/adtrace/adtrace $args{r}|") or die "cannot execute ./adtrace/adtrace $args{r}: $!\n"; ++ open (IN, "@prefix@/bin/adtrace $args{r}|") or die "cannot execute @prefix@/bin/adtrace $args{r}: $!\n"; + $fh = *IN; + }elsif($args{t} and $args{t}=~/gz$/){ + open (IN, "$decomp $args{t} |") or die "cannot execute $decomp $args{t} | : $!\n"; diff --git a/security/bro/files/patch-scripts-perl-Makefile.PL b/security/bro/files/patch-scripts-perl-Makefile.PL new file mode 100644 index 000000000000..b28d02dc311a --- /dev/null +++ b/security/bro/files/patch-scripts-perl-Makefile.PL @@ -0,0 +1,18 @@ +--- scripts/perl/Makefile.PL.orig Wed Jul 18 16:40:51 2007 ++++ scripts/perl/Makefile.PL Wed Jul 18 16:47:11 2007 +@@ -43,13 +43,13 @@ + } + else + { +- $brohome = '/usr/local/bro'; ++ $brohome = $ENV{PREFIX}/bro'; + } + } + + if( ! $broconfig ) + { +- $broconfig = "$brohome/etc/bro.cfg"; ++ $broconfig = "$ENV{PREFIX}/etc/bro.cfg"; + } + + diff --git a/security/bro/files/patch-scripts-s2b-bin-Makefile.in b/security/bro/files/patch-scripts-s2b-bin-Makefile.in new file mode 100644 index 000000000000..30649ae3bdfb --- /dev/null +++ b/security/bro/files/patch-scripts-s2b-bin-Makefile.in @@ -0,0 +1,11 @@ +--- scripts/s2b/bin/Makefile.in.orig Wed Jul 18 17:33:29 2007 ++++ scripts/s2b/bin/Makefile.in Wed Jul 18 17:34:02 2007 +@@ -321,7 +321,7 @@ + + + # OR we can install them on a make install +-#scriptsdir=$(prefix)/etc ++#scriptsdir=$(prefix)/bro/scripts + #dist_scripts_SCRIPTS = s2b.pl snort2bro + # Tell versions [3.59,3.63) of GNU make to not export all variables. + # Otherwise a system limit (for SysV at least) may be exceeded. diff --git a/security/bro/files/patch-scripts-s2b-bro-include-Makefile.in b/security/bro/files/patch-scripts-s2b-bro-include-Makefile.in new file mode 100644 index 000000000000..1539a3b047c1 --- /dev/null +++ b/security/bro/files/patch-scripts-s2b-bro-include-Makefile.in @@ -0,0 +1,11 @@ +--- scripts/s2b/bro-include/Makefile.in.orig Wed Jul 18 17:35:02 2007 ++++ scripts/s2b/bro-include/Makefile.in Wed Jul 18 17:35:25 2007 +@@ -171,7 +171,7 @@ + target_cpu = @target_cpu@ + target_os = @target_os@ + target_vendor = @target_vendor@ +-includesigsdir = ${prefix}/policy ++includesigsdir = ${prefix}/bro/policy + dist_includesigs_DATA = sig-addendum.sig sig-functions.bro + all: all-am + diff --git a/security/bro/files/patch-scripts-s2b-etc-Makefile.in b/security/bro/files/patch-scripts-s2b-etc-Makefile.in new file mode 100644 index 000000000000..de449617299d --- /dev/null +++ b/security/bro/files/patch-scripts-s2b-etc-Makefile.in @@ -0,0 +1,11 @@ +--- scripts/s2b/etc/Makefile.in.orig Wed Jul 18 17:37:19 2007 ++++ scripts/s2b/etc/Makefile.in Wed Jul 18 17:37:45 2007 +@@ -321,7 +321,7 @@ + + + # OR we can install them on a make install +-#scriptsdir=$(prefix)/etc ++#scriptsdir=$(prefix)/bro/scripts + #dist_scripts_SCRIPTS = s2b-augment.cfg s2b-ruleset-augment.cfg s2b-sigmap.cfg s2b.cfg + # Tell versions [3.59,3.63) of GNU make to not export all variables. + # Otherwise a system limit (for SysV at least) may be exceeded. diff --git a/security/bro/files/patch-src-Makefile.in b/security/bro/files/patch-src-Makefile.in new file mode 100644 index 000000000000..e351acf5d880 --- /dev/null +++ b/security/bro/files/patch-src-Makefile.in @@ -0,0 +1,11 @@ +--- src/Makefile.in.orig Wed Jul 18 16:48:03 2007 ++++ src/Makefile.in Wed Jul 18 16:48:34 2007 +@@ -550,7 +550,7 @@ + $(DISTCLEANFILES) + + +-#bropolicydir=${prefix}/policy ++#bropolicydir=${prefix}/bro/policy + #dist_bropolicy_DATA = $(BIF_BRO) + CCOPT = @V_CCOPT@ -W -Wall -Wno-unused + INCLS = @V_INCLS@ diff --git a/security/bro/files/pkg-deinstall.in b/security/bro/files/pkg-deinstall.in new file mode 100644 index 000000000000..f36772a02b0e --- /dev/null +++ b/security/bro/files/pkg-deinstall.in @@ -0,0 +1,21 @@ +#!/bin/sh + +# Since pkg-plist prepends PREFIX to SITE_PERL, +# we can't remove these files in the normal way + +if [ "$2" != "POST-DEINSTALL" ]; then + exit 0 +fi + +/bin/rm %%SITE_PERL%%/mach/IP4.pm +/bin/rm %%SITE_PERL%%/mach/Bro/Config.pm +/bin/rm %%SITE_PERL%%/mach/Bro/Log.pm +/bin/rm %%SITE_PERL%%/mach/Bro/Report.pm +/bin/rm %%SITE_PERL%%/mach/Bro/Signature.pm +/bin/rm %%SITE_PERL%%/mach/Bro/Log/Alarm.pm +/bin/rm %%SITE_PERL%%/mach/Bro/Log/Conn.pm +/bin/rm %%SITE_PERL%%/mach/Bro/Report/Alarm.pm +/bin/rm %%SITE_PERL%%/mach/Bro/Report/Conn.pm +/bin/rmdir %%SITE_PERL%%/mach/Bro/Report +/bin/rmdir %%SITE_PERL%%/mach/Bro/Log +/bin/rmdir %%SITE_PERL%%/mach/Bro diff --git a/security/bro/files/pkg-install.in b/security/bro/files/pkg-install.in new file mode 100644 index 000000000000..c10f1d2392cf --- /dev/null +++ b/security/bro/files/pkg-install.in @@ -0,0 +1,25 @@ +#!/bin/sh + +# Call the bro_config script to configure bro and, when complete, +# copy the newly created cfg file to %%PREFIX%%/etc. + +echo "****************************************" +echo "* RUNNING THE BRO CONFIGURATION SCRIPT *" +echo "****************************************" +echo + +if [ -f %%BROHOME%%/scripts/bro_config ]; then + /bin/sh %%BROHOME%%/scripts/bro_config +fi + +if [ -f %%WRKSRC%%/../../bro.cfg ]; then + cp bro.cfg %%PREFIX%%/etc/bro.cfg +fi + +if [ -f %%WRKSRC%%/../../bro.cfg ]; then + rm %%WRKSRC%%/../../bro.cfg* +fi + +if [ -f %%WRKSRC%%/../../bro_user_id ]; then + rm %%WRKSRC%%/../../bro_user* +fi diff --git a/security/bro/files/pkg-message.in b/security/bro/files/pkg-message.in new file mode 100644 index 000000000000..c10f1d2392cf --- /dev/null +++ b/security/bro/files/pkg-message.in @@ -0,0 +1,25 @@ +#!/bin/sh + +# Call the bro_config script to configure bro and, when complete, +# copy the newly created cfg file to %%PREFIX%%/etc. + +echo "****************************************" +echo "* RUNNING THE BRO CONFIGURATION SCRIPT *" +echo "****************************************" +echo + +if [ -f %%BROHOME%%/scripts/bro_config ]; then + /bin/sh %%BROHOME%%/scripts/bro_config +fi + +if [ -f %%WRKSRC%%/../../bro.cfg ]; then + cp bro.cfg %%PREFIX%%/etc/bro.cfg +fi + +if [ -f %%WRKSRC%%/../../bro.cfg ]; then + rm %%WRKSRC%%/../../bro.cfg* +fi + +if [ -f %%WRKSRC%%/../../bro_user_id ]; then + rm %%WRKSRC%%/../../bro_user* +fi diff --git a/security/bro/pkg-descr b/security/bro/pkg-descr index 9a2565b85c12..3620bfe9b871 100644 --- a/security/bro/pkg-descr +++ b/security/bro/pkg-descr @@ -1,16 +1,16 @@ -Bro is a system for detecting Network Intruders in real-time by the guys -that brought you tcpdump, libpcap, and flex. - -Bro is a stand-alone system for detecting network intruders in real-time -by passively monitoring a network link over which the intruder's traffic -transits. Bro is divided into an "event engine" that reduces a -kernel-filtered network traffic stream into a series of higher-level -events, and a "policy script interpreter" that interprets event handlers -written in a specialized language used to express a site's security policy. -Event handlers can update state information, synthesize new events, record -information to disk, and generate real-time notifications via `syslog'. +Bro is an open-source, Unix-based Network Intrusion Detection System (NIDS) +that passively monitors network traffic and looks for suspicious activity. +Bro detects intrusions by first parsing network traffic to extract is +application-level semantics and then executing event-oriented analyzers that +compare the activity with patterns deemed troublesome. Its analysis includes +detection of specific attacks (including those defined by signatures, but +also those defined in terms of events) and unusual activities (e.g., certain +hosts connecting to certain services, or patterns of failed connection +attempts). Bro is documented in the USENIX 1998 Security Conference proceedings. --- David - obrien@cs.ucdavis.edu +-- Paul + pauls@utdallas.edu + +WWW: http://bro-ids.org/ diff --git a/security/bro/pkg-plist b/security/bro/pkg-plist index bf7fc1c0c929..ce78833bfa1c 100644 --- a/security/bro/pkg-plist +++ b/security/bro/pkg-plist @@ -1,83 +1,238 @@ -@comment $FreeBSD$ -sbin/bro -%%DATADIR%%/active.bro -%%DATADIR%%/alert.bro -%%DATADIR%%/analy.bro -%%DATADIR%%/anon.bro -%%DATADIR%%/backdoor.bro -%%DATADIR%%/bro.bif.bro -%%DATADIR%%/bro.init -%%DATADIR%%/capture-events.bro -%%DATADIR%%/checkpoint.bro -%%DATADIR%%/common-rw.bif.bro -%%DATADIR%%/conn.bro -%%DATADIR%%/const.bif.bro -%%DATADIR%%/contents.bro -%%DATADIR%%/demux.bro -%%DATADIR%%/dns.bro -%%DATADIR%%/dns-lookup.bro -%%DATADIR%%/drop-adapt.bro -%%DATADIR%%/event.bif.bro -%%DATADIR%%/finger.bro -%%DATADIR%%/finger-rw.bif.bro -%%DATADIR%%/flag-irc.bro -%%DATADIR%%/flag-warez.bro -%%DATADIR%%/frag.bro -%%DATADIR%%/ftp.bro -%%DATADIR%%/ftp-anonymizer.bro -%%DATADIR%%/ftp-cmd-arg.bro -%%DATADIR%%/ftp-rw.bif.bro -%%DATADIR%%/ftp-safe-words.bro -%%DATADIR%%/hot.bro -%%DATADIR%%/hot-ids.bro -%%DATADIR%%/http.bro -%%DATADIR%%/http-abstract.bro -%%DATADIR%%/http-body.bro -%%DATADIR%%/http-entity.bro -%%DATADIR%%/http-event.bro -%%DATADIR%%/http-header.bro -%%DATADIR%%/http-reply.bro -%%DATADIR%%/http-request.bro -%%DATADIR%%/http-rewriter.bro -%%DATADIR%%/http-rw.bif.bro -%%DATADIR%%/icmp.bro -%%DATADIR%%/ident-rewriter.bro -%%DATADIR%%/ident.bro -%%DATADIR%%/ident-rw.bif.bro -%%DATADIR%%/inactivity.bro -%%DATADIR%%/interconn.bro -%%DATADIR%%/load-level.bro -%%DATADIR%%/log.bro -%%DATADIR%%/login.bro -%%DATADIR%%/mime.bro -%%DATADIR%%/mt.bro -%%DATADIR%%/netstats.bro -%%DATADIR%%/ntp.bro -%%DATADIR%%/pcap.bro -%%DATADIR%%/port-name.bro -%%DATADIR%%/portmapper.bro -%%DATADIR%%/print-filter.bro -%%DATADIR%%/print-globals.bro -%%DATADIR%%/print-resources.bro -%%DATADIR%%/reduce-memory.bro -%%DATADIR%%/scan.bro -%%DATADIR%%/signatures.bro -%%DATADIR%%/site.bro -%%DATADIR%%/smtp-relay.bro -%%DATADIR%%/smtp-rewriter.bro -%%DATADIR%%/smtp.bro -%%DATADIR%%/smtp-rw.bif.bro -%%DATADIR%%/software.bro -%%DATADIR%%/ssh-stepping.bro -%%DATADIR%%/ssh.bro -%%DATADIR%%/ssl-worm.bro -%%DATADIR%%/stepping.bro -%%DATADIR%%/synflood.bro -%%DATADIR%%/tcp.bro -%%DATADIR%%/tftp.bro -%%DATADIR%%/udp.bro -%%DATADIR%%/weird.bro -%%DATADIR%%/worm.bro -%%PORTDOCS%%%%DOCSDIR%%/bro-CN99.ps.gz -%%PORTDOCS%%@dirrm %%DATADIR%% -%%PORTDOCS%%@dirrm %%DOCSDIR%% +bin/adtrace +bin/bdcat +bin/binpac +bin/bro +bin/broccoli-config +bin/broconftest +bin/broconn +bin/broenum +bin/brohose +bin/broping +bin/cf +bin/hf +bin/nf +bin/pf +bin/rst +bro/etc/alert_scores +bro/etc/signature_scores +bro/etc/VERSION +bro/policy/OS-fingerprint.bro +bro/policy/adu.bro +bro/policy/alarm.bro +bro/policy/analy.bro +bro/policy/anon.bro +bro/policy/arp.bro +bro/policy/backdoor.bro +bro/policy/blaster.bro +bro/policy/bro.bif.bro +bro/policy/bro.init +bro/policy/brolite-backdoor.bro +bro/policy/brolite-sigs.bro +bro/policy/brolite.bro +bro/policy/capture-events.bro +bro/policy/checkpoint.bro +bro/policy/clear-passwords.bro +bro/policy/common-rw.bif.bro +bro/policy/conn-id.bro +bro/policy/conn.bro +bro/policy/const.bif.bro +bro/policy/contents.bro +bro/policy/cpu-adapt.bro +bro/policy/demux.bro +bro/policy/detect-protocols-http.bro +bro/policy/detect-protocols.bro +bro/policy/dns-anonymizer.bro +bro/policy/dns-info.bro +bro/policy/dns-lookup.bro +bro/policy/dns-rw.bif.bro +bro/policy/dns.bro +bro/policy/dpd.bro +bro/policy/drop-adapt.bro +bro/policy/dyn-disable.bro +bro/policy/event.bif.bro +bro/policy/file-flush.bro +bro/policy/finger-rw.bif.bro +bro/policy/finger.bro +bro/policy/firewall.bro +bro/policy/flag-irc.bro +bro/policy/flag-warez.bro +bro/policy/frag.bro +bro/policy/ftp-anonymizer.bro +bro/policy/ftp-cmd-arg.bro +bro/policy/ftp-reply-pattern.bro +bro/policy/ftp-rw.bif.bro +bro/policy/ftp-safe-words.bro +bro/policy/ftp.bro +bro/policy/gnutella.bro +bro/policy/hand-over.bro +bro/policy/heavy-analysis.bro +bro/policy/heavy.http.bro +bro/policy/heavy.irc.bro +bro/policy/heavy.scan.bro +bro/policy/heavy.software.bro +bro/policy/heavy.trw.bro +bro/policy/hot-ids.bro +bro/policy/hot.bro +bro/policy/http-abstract.bro +bro/policy/http-anon-server.bro +bro/policy/http-anon-useragent.bro +bro/policy/http-anon-utils.bro +bro/policy/http-anonymizer.bro +bro/policy/http-body.bro +bro/policy/http-entity.bro +bro/policy/http-event.bro +bro/policy/http-header.bro +bro/policy/http-reply.bro +bro/policy/http-request.bro +bro/policy/http-rewriter.bro +bro/policy/http-rw.bif.bro +bro/policy/http.bro +bro/policy/icmp.bro +bro/policy/ident-rewriter.bro +bro/policy/ident-rw.bif.bro +bro/policy/ident.bro +bro/policy/inactivity.bro +bro/policy/interconn.bro +bro/policy/irc-bot.bro +bro/policy/irc.bro +bro/policy/large-conns.bro +bro/policy/listen-clear.bro +bro/policy/listen-ssl.bro +bro/policy/load-level.bro +bro/policy/load-sample.bro +bro/policy/log-append.bro +bro/policy/login.bro +bro/policy/mime-pop.bro +bro/policy/mime.bro +bro/policy/mt.bro +bro/policy/netstats.bro +bro/policy/nfs.bro +bro/policy/notice-action-filters.bro +bro/policy/notice-policy.bro +bro/policy/notice.bro +bro/policy/ntp.bro +bro/policy/passwords.bro +bro/policy/pcap.bro +bro/policy/peer-status.bro +bro/policy/pkt-profile.bro +bro/policy/pop3.bro +bro/policy/port-name.bro +bro/policy/portmapper.bro +bro/policy/print-filter.bro +bro/policy/print-globals.bro +bro/policy/print-resources.bro +bro/policy/print-sig-states.bro +bro/policy/profiling.bro +bro/policy/proxy.bro +bro/policy/remote-pcap.bro +bro/policy/remote-ping.bro +bro/policy/remote-print.bro +bro/policy/remote-report-notices.bro +bro/policy/remote-send-id.bro +bro/policy/remote.bro +bro/policy/rotate-logs.bro +bro/policy/rsh.bro +bro/policy/scan.bro +bro/policy/secondary-filter.bro +bro/policy/sensor-sshd.bro +bro/policy/server-ports.bro +bro/policy/service-probe.bro +bro/policy/sig-action.bro +bro/policy/sig-addendum.sig +bro/policy/sig-functions.bro +bro/policy/signatures.bro +bro/policy/sigs/dpd.sig +bro/policy/sigs/ex.web-rules.sig +bro/policy/sigs/p0fsyn.osf +bro/policy/sigs/snort-default.sig +bro/policy/sigs/ssl-worm.sig +bro/policy/sigs/worm.sig +bro/policy/site.bro +bro/policy/smtp-relay.bro +bro/policy/smtp-rewriter.bro +bro/policy/smtp-rw.bif.bro +bro/policy/smtp.bro +bro/policy/snort.bro +bro/policy/software.bro +bro/policy/ssh-stepping.bro +bro/policy/ssh.bro +bro/policy/ssl-alerts.bro +bro/policy/ssl-ciphers.bro +bro/policy/ssl-errors.bro +bro/policy/ssl-worm.bro +bro/policy/ssl.bro +bro/policy/stats.bro +bro/policy/stepping.bro +bro/policy/strings.bif.bro +bro/policy/synflood.bro +bro/policy/tcp.bro +bro/policy/tftp.bro +bro/policy/trw-impl.bro +bro/policy/trw.bro +bro/policy/udp-common.bro +bro/policy/udp.bro +bro/policy/vlan.bro +bro/policy/weird.bro +bro/policy/worm.bro +bro/scripts/bro-logchk.pl +bro/scripts/bro.rc +bro/scripts/bro.rc-hooks.sh +bro/scripts/bro_config +bro/scripts/bro_log_compress.sh +bro/scripts/edit-brorule.pl +bro/scripts/frontend-mail-reports.sh +bro/scripts/frontend-site-report.sh +bro/scripts/host-grep +bro/scripts/host-to-addrs +bro/scripts/localnetMAC.pl +bro/scripts/mail_notice.sh +bro/scripts/mvlog +bro/scripts/push_logs.sh +bro/scripts/site-report.pl +@unexec if cmp -s %D/bro/site/local.site.bro.default %D/bro/site/local.site.bro; then rm -f %D/bro/site/local.site.bro; fi +bro/site/local.site.bro.default +bro/site/signatures.sig +@unexec if cmp -s %D/etc/bro.cfg.sample %D/etc/bro.cfg; then rm -f %D/etc/bro.cfg; fi +etc/bro.cfg.example +etc/broccoli.conf +include/broccoli.h +share/broccoli/broconn.bro +share/broccoli/broenum.bro +share/broccoli/brohose.bro +share/broccoli/broping-record.bro +share/broccoli/broping.bro +share/gtk-doc/html/broccoli/a2850.html +share/gtk-doc/html/broccoli/api.html +share/gtk-doc/html/broccoli/broccoli-broccoli.html +share/gtk-doc/html/broccoli/c21.html +share/gtk-doc/html/broccoli/c55.html +share/gtk-doc/html/broccoli/c85.html +share/gtk-doc/html/broccoli/images/caution.gif +share/gtk-doc/html/broccoli/images/logo.jpg +share/gtk-doc/html/broccoli/images/note.gif +share/gtk-doc/html/broccoli/images/warning.gif +share/gtk-doc/html/broccoli/index.html +share/gtk-doc/html/broccoli/stylesheet.css +share/libbroccoli.a +share/libbroccoli.la +share/libbroccoli.so +share/libbroccoli.so.0 +@unexec if [ -f %D/%%DOCSDIR%%/bro-deployment.pdf ]; then rm -f %D/%%DOCSDIR%%/bro-deployment.pdf; fi +@unexec if [ -f %D/%%DOCSDIR%%/Bro-quick-start.pdf ]; then rm -f %D/%%DOCSDIR%%/Bro-quick-start.pdf; fi +@unexec if [ -f %D/%%DOCSDIR%%/Bro-user-manual.pdf ]; then rm -f %D/%%DOCSDIR%%/Bro-user-manual.pdf; fi +@dirrmtry %%DOCSDIR%% +@dirrm share/gtk-doc/html/broccoli/images +@dirrm share/gtk-doc/html/broccoli +@dirrmtry share/gtk-doc/html +@dirrmtry share/gtk-doc +@dirrm share/broccoli +@dirrmtry bro/var +@dirrmtry bro/site +@dirrmtry bro/scripts +@dirrmtry bro/reports +@dirrmtry bro/policy/sigs +@dirrmtry bro/policy +@dirrmtry bro/logs +@dirrmtry bro/etc +@dirrmtry bro/archive +@dirrmtry bro |