aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--security/Makefile1
-rw-r--r--security/py-rekall/Makefile46
-rw-r--r--security/py-rekall/distinfo2
-rw-r--r--security/py-rekall/pkg-descr10
4 files changed, 59 insertions, 0 deletions
diff --git a/security/Makefile b/security/Makefile
index 18327838c7d5..ca0bd8bae358 100644
--- a/security/Makefile
+++ b/security/Makefile
@@ -795,6 +795,7 @@
SUBDIR += py-pyptlib
SUBDIR += py-pysha3
SUBDIR += py-python-registry
+ SUBDIR += py-rekall
SUBDIR += py-rsa
SUBDIR += py-service_identity
SUBDIR += py-slowaes
diff --git a/security/py-rekall/Makefile b/security/py-rekall/Makefile
new file mode 100644
index 000000000000..b35defe95bef
--- /dev/null
+++ b/security/py-rekall/Makefile
@@ -0,0 +1,46 @@
+# Created by: antoine@FreeBSD.org
+# $FreeBSD$
+
+PORTNAME= rekall
+DISTVERSION= 1.1.0.beta
+CATEGORIES= security python
+MASTER_SITES= CHEESESHOP
+PKGNAMEPREFIX= ${PYTHON_PKGNAMEPREFIX}
+
+MAINTAINER= antoine@FreeBSD.org
+COMMENT= Memory forensics analysis framework
+
+LICENSE= GPLv2
+LICENSE_FILE= ${WRKSRC}/LICENSE.txt
+
+RUN_DEPENDS= cabextract:${PORTSDIR}/archivers/cabextract \
+ ${PYTHON_PKGNAMEPREFIX}acora>=1.8:${PORTSDIR}/textproc/py-acora \
+ ${PYTHON_PKGNAMEPREFIX}codegen>=1.0:${PORTSDIR}/devel/py-codegen \
+ ${PYTHON_PKGNAMEPREFIX}distorm>=0:${PORTSDIR}/devel/py-distorm \
+ ${PYTHON_PKGNAMEPREFIX}Flask>=0.10.1:${PORTSDIR}/www/py-flask \
+ ${PYTHON_PKGNAMEPREFIX}Flask-Sockets>=0:${PORTSDIR}/www/py-flask-sockets \
+ ${PYTHON_PKGNAMEPREFIX}gevent>=1.0.1:${PORTSDIR}/devel/py-gevent \
+ ${PYTHON_PKGNAMEPREFIX}gevent-websocket>=0.9.3:${PORTSDIR}/www/py-gevent-websocket \
+ ${PYTHON_PKGNAMEPREFIX}ipython>=2.0.0:${PORTSDIR}/devel/ipython \
+ ${PYTHON_PKGNAMEPREFIX}pycrypto>=2.3.1:${PORTSDIR}/security/py-pycrypto \
+ ${PYTHON_PKGNAMEPREFIX}pyelftools>=0.21:${PORTSDIR}/devel/py-pyelftools \
+ ${PYTHON_PKGNAMEPREFIX}pytz>=2012:${PORTSDIR}/devel/py-pytz \
+ ${PYTHON_PKGNAMEPREFIX}yaml>=2.10:${PORTSDIR}/devel/py-yaml \
+ ${PYTHON_PKGNAMEPREFIX}yara>=0:${PORTSDIR}/security/py-yara
+
+USES= python:2
+USE_PYTHON= distutils autoplist
+
+PORTDOCS= CREDITS.txt LEGAL.txt README.md
+
+OPTIONS_DEFINE= DOCS
+
+post-patch:
+ @${CHMOD} -R a+rX ${WRKSRC}
+ @${REINPLACE_CMD} '/argparse/d' ${WRKSRC}/setup.py
+
+post-install:
+ @${MKDIR} ${STAGEDIR}${DOCSDIR}
+ ${INSTALL_DATA} ${PORTDOCS:S,^,${WRKSRC}/,} ${STAGEDIR}${DOCSDIR}
+
+.include <bsd.port.mk>
diff --git a/security/py-rekall/distinfo b/security/py-rekall/distinfo
new file mode 100644
index 000000000000..b9a0744d9834
--- /dev/null
+++ b/security/py-rekall/distinfo
@@ -0,0 +1,2 @@
+SHA256 (rekall-1.1.0.beta.tar.gz) = 2815ec19aefe7c3ef48a49b5a054f0c8d9242cc9855e525a2ea872ff3da2f4d6
+SIZE (rekall-1.1.0.beta.tar.gz) = 3510576
diff --git a/security/py-rekall/pkg-descr b/security/py-rekall/pkg-descr
new file mode 100644
index 000000000000..8944d2dc81df
--- /dev/null
+++ b/security/py-rekall/pkg-descr
@@ -0,0 +1,10 @@
+The Rekall Framework is a completely open collection of tools, implemented in
+Python under the GNU General Public License, for the extraction of digital
+artifacts from volatile memory (RAM) samples. The extraction techniques are
+performed completely independent of the system being investigated but offer
+visibility into the runtime state of the system. The framework is intended to
+introduce people to the techniques and complexities associated with extracting
+digital artifacts from volatile memory samples and provide a platform for
+further work into this exciting area of research.
+
+WWW: http://www.rekall-forensic.com/