diff options
-rw-r--r-- | security/Makefile | 1 | ||||
-rw-r--r-- | security/razorback-yaraNugget/Makefile | 50 | ||||
-rw-r--r-- | security/razorback-yaraNugget/distinfo | 2 | ||||
-rw-r--r-- | security/razorback-yaraNugget/pkg-descr | 8 | ||||
-rw-r--r-- | security/razorback-yaraNugget/pkg-message | 6 | ||||
-rw-r--r-- | security/razorback-yaraNugget/pkg-plist | 14 |
6 files changed, 81 insertions, 0 deletions
diff --git a/security/Makefile b/security/Makefile index c22380cf8662..0f89332f82d3 100644 --- a/security/Makefile +++ b/security/Makefile @@ -798,6 +798,7 @@ SUBDIR += razorback-scriptNugget SUBDIR += razorback-swfScanner SUBDIR += razorback-syslogNugget + SUBDIR += razorback-yaraNugget SUBDIR += rdigest SUBDIR += retranslator SUBDIR += revelation diff --git a/security/razorback-yaraNugget/Makefile b/security/razorback-yaraNugget/Makefile new file mode 100644 index 000000000000..c68d1e383372 --- /dev/null +++ b/security/razorback-yaraNugget/Makefile @@ -0,0 +1,50 @@ +# New ports collection makefile for: razorback-yaraNugget +# Date created: 2011/06/8 +# Whom: Tom Judge <tom@tomjudge.com> +# +# $FreeBSD$ +# + +PORTNAME= yaraNugget +PORTVERSION= 0.5.0 +CATEGORIES= security +MASTER_SITES= SF/razorbacktm/Nuggets +PKGNAMEPREFIX= razorback- +DIST_SUBDIR= razorback + +MAINTAINER= tj@FreeBSD.org +COMMENT= Framework for an intelligence driven security - Yara Detection + +LICENSE= GPLv2 +LICENSE_FILE= ${WRKSRC}/LICENSE + +LIB_DEPENDS= razorback_api:${PORTSDIR}/security/razorback-api \ + pcre:${PORTSDIR}/devel/pcre +BUILD_DEPENDS= razorback-masterNugget>=0.5.0:${PORTSDIR}/security/razorback-masterNugget +RUN_DEPENDS= razorback-masterNugget>=0.5.0:${PORTSDIR}/security/razorback-masterNugget + +OPTIONS_DEFINE= DEBUG ASSERT +ASSERT_DESC= Enable Asserts + +.include <bsd.port.options.mk> + +RB_LIBDIR?= ${PREFIX}/lib/razorback +GNU_CONFIGURE= yes +USE_AUTOTOOLS= libtool +USE_LDCONFIG= ${RB_LIBDIR} + +.if ${PORT_OPTIONS:MDEBUG} +CONFIGURE_ARGS+=--enable-debug +.endif + +.if ${PORT_OPTIONS:MASSERT} +CONFIGURE_ARGS+=--enable-assert +.endif + +post-install: + ${LN} -sf ${RB_LIBDIR}/yaraNugget.so.2 ${RB_LIBDIR}/yaraNugget.so.2.0.0 + @if [ ! -f ${PREFIX}/etc/razorback/yara.conf ]; then \ + ${CP} -p ${PREFIX}/etc/razorback/yara.conf.sample ${PREFIX}/etc/razorback/yara.conf ; \ + fi + +.include <bsd.port.mk> diff --git a/security/razorback-yaraNugget/distinfo b/security/razorback-yaraNugget/distinfo new file mode 100644 index 000000000000..8017e2160990 --- /dev/null +++ b/security/razorback-yaraNugget/distinfo @@ -0,0 +1,2 @@ +SHA256 (razorback/yaraNugget-0.5.0.tar.gz) = 6b43e0033aa9f834acdd8aba1c437d7fac47a4d2edac1e9961983d6a019b1fc1 +SIZE (razorback/yaraNugget-0.5.0.tar.gz) = 623917 diff --git a/security/razorback-yaraNugget/pkg-descr b/security/razorback-yaraNugget/pkg-descr new file mode 100644 index 000000000000..a8b27d1c8830 --- /dev/null +++ b/security/razorback-yaraNugget/pkg-descr @@ -0,0 +1,8 @@ +Razorback is a framework for an intelligence driven security solution. +It consists of a Dispatcher at the core of the system, surrounded by +Nuggets of varying types. + +The Yara nugget allows modified Yara rules to dictate which flags are +set when they alert. + +WWW: http://razorbacktm.sourceforge.net/ diff --git a/security/razorback-yaraNugget/pkg-message b/security/razorback-yaraNugget/pkg-message new file mode 100644 index 000000000000..498ac9913048 --- /dev/null +++ b/security/razorback-yaraNugget/pkg-message @@ -0,0 +1,6 @@ +After this port has been installed, you will need to copy and edit the +sample configuration (rzb_yara.conf.sample) to rzb_yara.conf. + +Additionally, you will need to provide rules for yara. The rules should be +placed in the directory specified in the rzb_yara.conf file. The rules may +be placed in subdirectories or symlinked. diff --git a/security/razorback-yaraNugget/pkg-plist b/security/razorback-yaraNugget/pkg-plist new file mode 100644 index 000000000000..a3086f3bf32b --- /dev/null +++ b/security/razorback-yaraNugget/pkg-plist @@ -0,0 +1,14 @@ +@comment $FreeBSD$ +@unexec if cmp -s %D/etc/razorback/yara.conf %D/etc/razorback/yara.conf.sample; then rm -f %D/etc/razorback/yara.conf; fi +etc/razorback/yara.conf.sample +@exec if [ ! -f %D/etc/razorback/yara.conf ]; then cp -p %D/%F %B/yara.conf; fi +etc/razorback/yara/banker.rules +etc/razorback/yara/packer.rules +@dirrmtry etc/razorback/yara +@dirrmtry etc/razorback +lib/razorback/yaraNugget.so.2.0.0 +lib/razorback/yaraNugget.so.2 +lib/razorback/yaraNugget.so +lib/razorback/yaraNugget.la +lib/razorback/yaraNugget.a +@dirrmtry lib/razorback |