diff options
| author | Edwin Groothuis <edwin@FreeBSD.org> | 2007-09-10 13:28:12 +0000 |
|---|---|---|
| committer | Edwin Groothuis <edwin@FreeBSD.org> | 2007-09-10 13:28:12 +0000 |
| commit | 13b2aeec3d5ed1e4dfa26683fe7a510e5d707b6f (patch) | |
| tree | b6b1e8ff00efee49177dfbf44ba9add77f827008 /security/bro | |
| parent | adbd08cb8898c119456c84ed083ad5d3064b2b53 (diff) | |
| download | ports-13b2aeec3d5ed1e4dfa26683fe7a510e5d707b6f.tar.gz ports-13b2aeec3d5ed1e4dfa26683fe7a510e5d707b6f.zip | |
Notes
Diffstat (limited to 'security/bro')
27 files changed, 856 insertions, 251 deletions
diff --git a/security/bro/Makefile b/security/bro/Makefile index 8afe6eaeadd2..b29426909c19 100644 --- a/security/bro/Makefile +++ b/security/bro/Makefile @@ -1,62 +1,106 @@ -# ex:ts=8 # Ports collection makefile for: bro -# Date created: Sat Feb 28, 1998 -# Whom: David O'Brien (obrien@FreeBSD.org) +# Date created: Mon Jul 16, 2007 +# Whom: Paul Schmehl (pauls@utdallas.edu) # # $FreeBSD$ # PORTNAME= bro -PORTVERSION= 0.8 -PORTREVISION= 1 +PORTVERSION= 1.2 CATEGORIES= security -MASTER_SITES= ftp://ftp.ee.lbl.gov/ -DISTNAME= ${PORTNAME}-pub-${PORTVERSION}a37 +MASTER_SITES= ftp://bro-ids.org/ +DISTNAME= ${PORTNAME}-${PORTVERSION}-stable -MAINTAINER= ports@FreeBSD.org +MAINTAINER= pauls@utdallas.edu COMMENT= System for detecting Network Intruders in real-time BUILD_DEPENDS= bison:${PORTSDIR}/devel/bison -WRKSRC= ${WRKDIR}/${PORTNAME}-pub-${PORTVERSION}a37 +OPTIONS= GPG "Support encrypted email" Off \ + DOCS "Install documentation (not recommended)" Off +WRKSRC= ${WRKDIR}/bro-${PORTVERSION}.1 + +USE_LDCONFIG= ${PREFIX}/share GNU_CONFIGURE= yes MAKE_ENV+= CC="${CC}" CONFIGURE_TARGET= --build=${MACHINE_ARCH}-portbld-freebsd${OSREL} CONFIGURE_ARGS= --libdir=${PREFIX}/share USE_PERL5= yes +IS_INTERACTIVE= yes # during the install phase + +SUB_FILES= pkg-deinstall pkg-install pkg-message +SUB_LIST= BROHOME=${BROHOME} BROSITEDIR=${BROSITEDIR} SITE_PERL=${SITE_PERL} WRKSRC=${WRKSRC} +BROHOME= ${PREFIX}/bro +BROSITEDIR= ${BROHOME}/site + +.include <bsd.port.pre.mk> + +.if defined(WITH_GPG) +BUILD_DEPENDS+= gpg:${PORTSDIR}/security/gnupg +.endif +.if !defined(WITH_DOCS) +NOPORTDOCS= Yes +.endif + post-extract: - @cd ${WRKSRC} && ${TAR} xfz libedit.src.tar.gz + @cd ${WRKSRC}/src && ${TAR} xfz libedit.src.tar.gz post-patch: @${REINPLACE_CMD} -e 's|CFLAGS+=-g -O0||g; \ s|CC=gcc||' \ - ${WRKSRC}/libedit/Makefile.in \ - ${WRKSRC}/libedit/Makefile + ${WRKSRC}/src/libedit/Makefile.in \ + ${WRKSRC}/src/libedit/Makefile @${REINPLACE_CMD} -e "s,tr '\[a-z\]' '\[A-Z\]',tr 'a-z' 'A-Z',g" \ - ${WRKSRC}/libedit/makelist + ${WRKSRC}/src/libedit/makelist @${REINPLACE_CMD} -E -e 's,(const char\*) const (helpstring),\1 \2,g' \ - ${WRKSRC}/DebugCmds.h + ${WRKSRC}/src/DebugCmds.h pre-configure: @${ECHO_CMD} "Configure libedit..." - @(cd ${WRKSRC}/libedit && ${MAKE_ENV} ./configure) + @(cd ${WRKSRC}/src/libedit && ${MAKE_ENV} ./configure) pre-build: @${ECHO_CMD} "Building libedit..." - @(cd ${WRKSRC}/libedit && ${MAKE}) - -pre-install: - @${MKDIR} ${DATADIR} + @(cd ${WRKSRC}/src/libedit && ${MAKE}) post-install: - @${STRIP_CMD} ${PREFIX}/sbin/bro - @${INSTALL_DATA} ${WRKSRC}/policy/*.* ${DATADIR} + @${STRIP_CMD} ${PREFIX}/bin/bro + @${MKDIR} ${PREFIX}/bro/etc + @${MKDIR} ${SITE_PERL}/mach/Bro + @${MKDIR} ${SITE_PERL}/mach/Bro/Log + @${MKDIR} ${SITE_PERL}/mach/Bro/Report + ${INSTALL_DATA} ${WRKSRC}/scripts/bro.cfg.example ${PREFIX}/etc + ${INSTALL_DATA} ${WRKSRC}/scripts/local.site.bro.default ${BROSITEDIR} + ${INSTALL_DATA} ${WRKSRC}/scripts/IP4.pm ${SITE_PERL}/mach + ${INSTALL_DATA} ${WRKSRC}/scripts/perl/lib/Bro/Config.pm ${SITE_PERL}/mach/Bro + ${INSTALL_DATA} ${WRKSRC}/scripts/perl/lib/Bro/Log.pm ${SITE_PERL}/mach/Bro + ${INSTALL_DATA} ${WRKSRC}/scripts/perl/lib/Bro/Report.pm ${SITE_PERL}/mach/Bro + ${INSTALL_DATA} ${WRKSRC}/scripts/perl/lib/Bro/Signature.pm ${SITE_PERL}/mach/Bro + ${INSTALL_DATA} ${WRKSRC}/scripts/perl/lib/Bro/Log/Alarm.pm ${SITE_PERL}/mach/Bro/Log + ${INSTALL_DATA} ${WRKSRC}/scripts/perl/lib/Bro/Log/Conn.pm ${SITE_PERL}/mach/Bro/Log + ${INSTALL_DATA} ${WRKSRC}/scripts/perl/lib/Bro/Report/Alarm.pm ${SITE_PERL}/mach/Bro/Report + ${INSTALL_DATA} ${WRKSRC}/scripts/perl/lib/Bro/Report/Conn.pm ${SITE_PERL}/mach/Bro/Report + ${INSTALL_SCRIPT} ${WRKSRC}/scripts/bro.rc ${BROHOME}/scripts + ${INSTALL_SCRIPT} ${WRKSRC}/scripts/bro.rc-hooks.sh ${BROHOME}/scripts + ${INSTALL_SCRIPT} ${WRKSRC}/scripts/bro_config ${BROHOME}/scripts + ${INSTALL_SCRIPT} ${WRKSRC}/scripts/localnetMAC.pl ${BROHOME}/scripts + ${INSTALL_SCRIPT} ${WRKSRC}/scripts/perl/script/edit-brorule.pl ${BROHOME}/scripts + ${INSTALL_SCRIPT} ${WRKSRC}/scripts/perl/script/site-report.pl ${BROHOME}/scripts + ${INSTALL_PROGRAM} ${WRKSRC}/aux/adtrace/adtrace ${PREFIX}/bin + ${SH} ${PKGINSTALL} + .if !defined(NOPORTDOCS) + @${ECHO_MSG} "You have chosen to install documentation" + @${ECHO_MSG} "but the online documentation will be much" + @${ECHO_MSG} "more up to date." @${MKDIR} ${DOCSDIR} - ${INSTALL_MAN} ${WRKSRC}/doc/bro-CN99.ps ${DOCSDIR} - @${GZIP_CMD} ${DOCSDIR}/bro-CN99.ps + ${INSTALL_DATA} ${WRKSRC}/doc/quick-start/Bro-quick-start.pdf ${DOCSDIR} + ${INSTALL_DATA} ${WRKSRC}/doc/quick-start/bro-deployment.pdf ${DOCSDIR} + ${INSTALL_DATA} ${WRKSRC}/doc/user-manual/Bro-user-manual.pdf ${DOCSDIR} .endif -.include <bsd.port.mk> + @${CAT} ${PKGMESSAGE} + +.include <bsd.port.post.mk> diff --git a/security/bro/distinfo b/security/bro/distinfo index 2fe3ea524f3e..dde086d459e8 100644 --- a/security/bro/distinfo +++ b/security/bro/distinfo @@ -1,3 +1,3 @@ -MD5 (bro-pub-0.8a37.tar.gz) = abf9ddc6e7086639130f2e792eca4ab3 -SHA256 (bro-pub-0.8a37.tar.gz) = 3bdf9c18ccb12181e8383c9d5969fd1b86d7d601a98fdf6655467c64167fb5bc -SIZE (bro-pub-0.8a37.tar.gz) = 1696069 +MD5 (bro-1.2-stable.tar.gz) = ca4c0435da066d901c63f182faa7f540 +SHA256 (bro-1.2-stable.tar.gz) = 276da336a210d5664b483bc44fe29e3e670a02cd5b2932890050a11954afe17f +SIZE (bro-1.2-stable.tar.gz) = 3986890 diff --git a/security/bro/files/patch-Conn.h b/security/bro/files/patch-Conn.h deleted file mode 100644 index 6d126fb09e23..000000000000 --- a/security/bro/files/patch-Conn.h +++ /dev/null @@ -1,29 +0,0 @@ ---- Conn.h.orig Sun Aug 31 02:39:01 2003 -+++ Conn.h Thu Dec 21 13:27:24 2006 -@@ -59,7 +59,7 @@ - // dst_port just have to reflect the two different sides of the - // connection, neither has to be the particular source/destination - // or originator/responder. -- HashKey* ConnID::BuildConnKey() const; -+ HashKey* BuildConnKey() const; - }; - - static inline int addr_port_canon_lt(const uint32* a1, uint32 p1, -@@ -223,6 +223,8 @@ - return 1; - } - -+ void DeleteTimer(double t); -+ - protected: - virtual void UpdateEndpointVal(RecordVal* endp, int is_orig) = 0; - -@@ -235,8 +237,6 @@ - - friend class ConnectionTimer; - void RemoveTimer(Timer* t); -- -- void DeleteTimer(double t); - - void InactivityTimer(double t); - diff --git a/security/bro/files/patch-Makefile.in b/security/bro/files/patch-Makefile.in index ed829223ea40..b038cede4703 100644 --- a/security/bro/files/patch-Makefile.in +++ b/security/bro/files/patch-Makefile.in @@ -1,27 +1,36 @@ ---- Makefile.in.orig Sun Aug 31 04:39:14 2003 -+++ Makefile.in Tue Oct 14 12:08:51 2003 -@@ -52,13 +52,13 @@ - LIBS = $(LIBEDIT_LIBS) @LIBS@ -lm +--- Makefile.in.orig Thu Dec 14 11:59:51 2006 ++++ Makefile.in Wed Jul 18 23:57:10 2007 +@@ -206,7 +206,7 @@ + # noticed. + # + DISTCHECK_CONFIGURE_FLAGS = --disable-gtk-doc +-versiondir = $(prefix)/etc ++versiondir = $(prefix)/bro/etc + dist_version_DATA = VERSION + chown = @CHOWN@ - # Purify barfs when c++ is used for $(CPLUS). --PURIFY_CPLUS = g++ -+PURIFY_CPLUS = @CC@ - PURE_FLAGS = -chain-length=20 +@@ -658,9 +658,9 @@ + install-brolite: + $(MAKE) install + ( cd scripts && $(MAKE) install-brolite ) +- - @CHOWN@ -R `cat scripts/bro_user_id` ${prefix}/ ++ - @CHOWN@ -R `cat scripts/bro_user_id` ${prefix}/bro + @echo "*********************************************************" +- @echo "Please run \"${prefix}/etc/bro.rc --start\" to start bro" ++ @echo "Please run \"${prefix}/bro/scripts/bro.rc --start\" to start bro" + @echo "*********************************************************" - YACC = @YACC@ - YFLAGS = -d -t -v - LEX = @LEX@ --INSTALL = @INSTALL@ -d -+INSTALL = @INSTALL_PROGRAM@ - INSTALL_DATA = @INSTALL_DATA@ - @SET_MAKE@ - COMPRESS = @COMPRESS@ -@@ -121,7 +121,7 @@ + docs: +@@ -687,9 +687,9 @@ - all: $(PKG) + # make sure all the dirs are correctly created and owned + install-data-local: +- $(INSTALL) -d $(prefix)/logs +- $(INSTALL) -d $(prefix)/archive +- $(INSTALL) -d $(prefix)/var ++ $(INSTALL) -d $(prefix)/bro/logs ++ $(INSTALL) -d $(prefix)/bro/archive ++ $(INSTALL) -d $(prefix)/bro/var --$(PKG): $(LIBEDIT_LIB) $(OBJ) -+$(PKG): $(OBJ) - $(CPLUS) -o $(EXEC) $(OBJ) $(LDFLAGS) $(LIBS) - opt: - @$(MAKE) $(MFLAGS) CCOPT="`echo $(CCOPT) | sed -e 's/-O2//;s/$$/ -O3/'`" + release: + ./autogen.sh diff --git a/security/bro/files/patch-Obj.cc b/security/bro/files/patch-Obj.cc deleted file mode 100644 index 295affb0d446..000000000000 --- a/security/bro/files/patch-Obj.cc +++ /dev/null @@ -1,11 +0,0 @@ ---- Obj.cc.orig Sun Oct 5 18:27:31 2003 -+++ Obj.cc Sun Oct 5 18:27:44 2003 -@@ -47,7 +47,7 @@ - delete_data = true; - - int tmp; -- return s->Read(&(char*) filename, &tmp) && -+ return s->Read((char**) &filename, &tmp) && - s->Read(&first_line) && s->Read(&last_line) && - s->Read(&first_column) && s->Read(&last_column); - } diff --git a/security/bro/files/patch-Serializer.h b/security/bro/files/patch-Serializer.h deleted file mode 100644 index 3113bddd8ef9..000000000000 --- a/security/bro/files/patch-Serializer.h +++ /dev/null @@ -1,13 +0,0 @@ ---- Serializer.h.orig Thu Dec 21 13:24:28 2006 -+++ Serializer.h Thu Dec 21 13:24:45 2006 -@@ -82,8 +82,8 @@ - void StartSerialization(); - bool EndSerialization(); - -- bool Serializer::UnserializeID(); -- bool Serializer::UnserializeEvent(); -+ bool UnserializeID(); -+ bool UnserializeEvent(); - - SerializationFormat* format; - diff --git a/security/bro/files/patch-aux-scripts-Makefile.in b/security/bro/files/patch-aux-scripts-Makefile.in new file mode 100644 index 000000000000..cbd3f2b43819 --- /dev/null +++ b/security/bro/files/patch-aux-scripts-Makefile.in @@ -0,0 +1,11 @@ +--- aux/scripts/Makefile.in.orig Wed Jul 18 16:27:01 2007 ++++ aux/scripts/Makefile.in Wed Jul 18 16:27:41 2007 +@@ -173,7 +173,7 @@ + target_vendor = @target_vendor@ + + # override where to stick the scripts +-scriptdir = ${prefix}/scripts ++scriptdir = ${prefix}/bro/scripts + dist_script_SCRIPTS = bro-logchk.pl host-to-addrs mvlog host-grep + EXTRA_DIST = hot-report mon-report ip-grep ca-create ca-issue + all: all-am diff --git a/security/bro/files/patch-libedit::configure b/security/bro/files/patch-libedit::configure deleted file mode 100644 index fe37b4aeec1c..000000000000 --- a/security/bro/files/patch-libedit::configure +++ /dev/null @@ -1,19 +0,0 @@ ---- libedit/configure.orig Tue Oct 14 12:30:58 2003 -+++ libedit/configure Tue Oct 14 12:31:54 2003 -@@ -733,13 +733,13 @@ - CFLAGS="$ac_save_CFLAGS" - elif test $ac_cv_prog_cc_g = yes; then - if test "$GCC" = yes; then -- CFLAGS="-g -O2" -+ CFLAGS="" - else -- CFLAGS="-g" -+ CFLAGS="" - fi - else - if test "$GCC" = yes; then -- CFLAGS="-O2" -+ CFLAGS="" - else - CFLAGS= - fi diff --git a/security/bro/files/patch-patricia.c b/security/bro/files/patch-patricia.c deleted file mode 100644 index b3db5ede01f0..000000000000 --- a/security/bro/files/patch-patricia.c +++ /dev/null @@ -1,22 +0,0 @@ ---- patricia.c.orig Tue Oct 7 15:06:56 2003 -+++ patricia.c Tue Oct 7 15:07:19 2003 -@@ -52,6 +52,11 @@ - "This product includes software developed by the University of Michigan, Merit" - "Network, Inc., and their contributors."; - -+#include <sys/types.h> -+#include <sys/socket.h> -+#include <netinet/in.h> -+#include <arpa/inet.h> -+ - #include <assert.h> /* assert */ - #include <ctype.h> /* isdigit */ - #include <errno.h> /* errno */ -@@ -60,7 +65,6 @@ - #include <stdio.h> /* sprintf, fprintf, stderr */ - #include <stdlib.h> /* free, atol, calloc */ - #include <string.h> /* memcpy, strchr, strlen */ --#include <arpa/inet.h> /* for inet_addr */ - - #include "patricia.h" - diff --git a/security/bro/files/patch-patricia.h b/security/bro/files/patch-patricia.h deleted file mode 100644 index 10979f72537e..000000000000 --- a/security/bro/files/patch-patricia.h +++ /dev/null @@ -1,11 +0,0 @@ ---- patricia.h.orig Sun Oct 5 18:29:52 2003 -+++ patricia.h Sun Oct 5 18:30:05 2003 -@@ -51,6 +51,8 @@ - #ifndef _PATRICIA_H - #define _PATRICIA_H - -+#include <sys/types.h> -+ - /* typedef unsigned int u_int; */ - typedef void (*void_fn_t)(); - /* { from defs.h */ diff --git a/security/bro/files/patch-policy-Makefile.in b/security/bro/files/patch-policy-Makefile.in new file mode 100644 index 000000000000..32cfa1c0f4b7 --- /dev/null +++ b/security/bro/files/patch-policy-Makefile.in @@ -0,0 +1,64 @@ +--- policy/Makefile.in.orig Wed Jul 18 16:30:32 2007 ++++ policy/Makefile.in Wed Jul 18 16:31:47 2007 +@@ -190,7 +190,7 @@ + + + # doesn't end in a sig +-bropolicydir = ${prefix}/policy ++bropolicydir = ${prefix}/bro/policy + dist_bropolicy_DATA = bro.init adu.bro alarm.bro analy.bro \ + anon.bro arp.bro backdoor.bro blaster.bro brolite.bro \ + brolite-backdoor.bro brolite-sigs.bro capture-events.bro \ +@@ -542,30 +542,30 @@ + + + install-data-hook: +- $(INSTALL_DATA) bro.bif.bro $(DESTDIR)${prefix}/policy/ +- $(INSTALL_DATA) common-rw.bif.bro $(DESTDIR)${prefix}/policy/ +- $(INSTALL_DATA) const.bif.bro $(DESTDIR)${prefix}/policy/ +- $(INSTALL_DATA) dns-rw.bif.bro $(DESTDIR)${prefix}/policy/ +- $(INSTALL_DATA) event.bif.bro $(DESTDIR)${prefix}/policy/ +- $(INSTALL_DATA) finger-rw.bif.bro $(DESTDIR)${prefix}/policy/ +- $(INSTALL_DATA) ftp-rw.bif.bro $(DESTDIR)${prefix}/policy/ +- $(INSTALL_DATA) http-rw.bif.bro $(DESTDIR)${prefix}/policy/ +- $(INSTALL_DATA) ident-rw.bif.bro $(DESTDIR)${prefix}/policy/ +- $(INSTALL_DATA) smtp-rw.bif.bro $(DESTDIR)${prefix}/policy/ +- $(INSTALL_DATA) strings.bif.bro $(DESTDIR)${prefix}/policy/ ++ $(INSTALL_DATA) bro.bif.bro $(DESTDIR)${prefix}/bro/policy/ ++ $(INSTALL_DATA) common-rw.bif.bro $(DESTDIR)${prefix}/bro/policy/ ++ $(INSTALL_DATA) const.bif.bro $(DESTDIR)${prefix}/bro/policy/ ++ $(INSTALL_DATA) dns-rw.bif.bro $(DESTDIR)${prefix}/bro/policy/ ++ $(INSTALL_DATA) event.bif.bro $(DESTDIR)${prefix}/bro/policy/ ++ $(INSTALL_DATA) finger-rw.bif.bro $(DESTDIR)${prefix}/bro/policy/ ++ $(INSTALL_DATA) ftp-rw.bif.bro $(DESTDIR)${prefix}/bro/policy/ ++ $(INSTALL_DATA) http-rw.bif.bro $(DESTDIR)${prefix}/bro/policy/ ++ $(INSTALL_DATA) ident-rw.bif.bro $(DESTDIR)${prefix}/bro/policy/ ++ $(INSTALL_DATA) smtp-rw.bif.bro $(DESTDIR)${prefix}/bro/policy/ ++ $(INSTALL_DATA) strings.bif.bro $(DESTDIR)${prefix}/bro/policy/ + + uninstall-local: +- rm -f $(DESTDIR)${prefix}/policy/bro.bif.bro +- rm -f $(DESTDIR)${prefix}/policy/common-rw.bif.bro +- rm -f $(DESTDIR)${prefix}/policy/const.bif.bro +- rm -f $(DESTDIR)${prefix}/policy/dns-rw.bif.bro +- rm -f $(DESTDIR)${prefix}/policy/event.bif.bro +- rm -f $(DESTDIR)${prefix}/policy/finger-rw.bif.bro +- rm -f $(DESTDIR)${prefix}/policy/ftp-rw.bif.bro +- rm -f $(DESTDIR)${prefix}/policy/http-rw.bif.bro +- rm -f $(DESTDIR)${prefix}/policy/ident-rw.bif.bro +- rm -f $(DESTDIR)${prefix}/policy/smtp-rw.bif.bro +- rm -f $(DESTDIR)${prefix}/policy/strings.bif.bro ++ rm -f $(DESTDIR)${prefix}/bro/policy/bro.bif.bro ++ rm -f $(DESTDIR)${prefix}/bro/policy/common-rw.bif.bro ++ rm -f $(DESTDIR)${prefix}/bro/policy/const.bif.bro ++ rm -f $(DESTDIR)${prefix}/bro/policy/dns-rw.bif.bro ++ rm -f $(DESTDIR)${prefix}/bro/policy/event.bif.bro ++ rm -f $(DESTDIR)${prefix}/bro/policy/finger-rw.bif.bro ++ rm -f $(DESTDIR)${prefix}/bro/policy/ftp-rw.bif.bro ++ rm -f $(DESTDIR)${prefix}/bro/policy/http-rw.bif.bro ++ rm -f $(DESTDIR)${prefix}/bro/policy/ident-rw.bif.bro ++ rm -f $(DESTDIR)${prefix}/bro/policy/smtp-rw.bif.bro ++ rm -f $(DESTDIR)${prefix}/bro/policy/strings.bif.bro + # Tell versions [3.59,3.63) of GNU make to not export all variables. + # Otherwise a system limit (for SysV at least) may be exceeded. + .NOEXPORT: diff --git a/security/bro/files/patch-policy-sigs-Makefile.in b/security/bro/files/patch-policy-sigs-Makefile.in new file mode 100644 index 000000000000..be598acfd6a0 --- /dev/null +++ b/security/bro/files/patch-policy-sigs-Makefile.in @@ -0,0 +1,11 @@ +--- policy/sigs/Makefile.in.orig Wed Jul 18 16:32:45 2007 ++++ policy/sigs/Makefile.in Wed Jul 18 16:33:13 2007 +@@ -171,7 +171,7 @@ + target_cpu = @target_cpu@ + target_os = @target_os@ + target_vendor = @target_vendor@ +-sigsdir = ${prefix}/policy/sigs ++sigsdir = ${prefix}/bro/policy/sigs + dist_sigs_DATA = dpd.sig ex.web-rules.sig p0fsyn.osf \ + snort-default.sig ssl-worm.sig worm.sig + diff --git a/security/bro/files/patch-script-s2b-example-bro_files-Makefile.in b/security/bro/files/patch-script-s2b-example-bro_files-Makefile.in new file mode 100644 index 000000000000..deb7f329fe49 --- /dev/null +++ b/security/bro/files/patch-script-s2b-example-bro_files-Makefile.in @@ -0,0 +1,14 @@ +--- scripts/s2b/example_bro_files/Makefile.in.orig Wed Jul 18 17:39:54 2007 ++++ scripts/s2b/example_bro_files/Makefile.in Wed Jul 18 17:40:29 2007 +@@ -172,9 +172,9 @@ + target_cpu = @target_cpu@ + target_os = @target_os@ + target_vendor = @target_vendor@ +-actiondir = ${prefix}/policy ++actiondir = ${prefix}/bro/policy + dist_action_DATA = sig-action.bro +-sigsdir = ${prefix}/site ++sigsdir = ${prefix}/bro/site + dist_sigs_DATA = signatures.sig + all: all-am + diff --git a/security/bro/files/patch-scripts-Makefile.in b/security/bro/files/patch-scripts-Makefile.in new file mode 100644 index 000000000000..25bcff64dd7d --- /dev/null +++ b/security/bro/files/patch-scripts-Makefile.in @@ -0,0 +1,92 @@ +--- scripts/Makefile.in.orig Thu Dec 14 11:59:53 2006 ++++ scripts/Makefile.in Wed Jul 18 22:30:43 2007 +@@ -186,12 +186,12 @@ + target_os = @target_os@ + target_vendor = @target_vendor@ + bro_bin = ${prefix}/bin +-bro_logs = ${prefix}/logs ++bro_logs = ${prefix}/bro/logs + bro_etc = ${prefix}/etc +-bro_site = ${prefix}/site +-bro_scripts = ${prefix}/scripts +-bro_reports = ${prefix}/reports +-bro_perlmods = ${prefix}/perl ++bro_site = ${prefix}/bro/site ++bro_scripts = ${prefix}/bro/scripts ++bro_reports = ${prefix}/bro/reports ++bro_perlmods = ${prefix}/bro/perl + + # where to download signatures from. + SIGHOST = www.bro-ids.org +@@ -222,9 +222,9 @@ + bin_SCRIPT = bro.rc + + # more files! Ugggg, will the pain ever stop? +-scoredir = $(prefix)/etc ++scoredir = $(prefix)/bro/etc + dist_score_DATA = alert_scores signature_scores +-scriptsdir = $(prefix)/scripts ++scriptsdir = $(prefix)/bro/scripts + dist_scripts_SCRIPTS = bro_log_compress.sh \ + frontend-mail-reports.sh frontend-site-report.sh push_logs.sh mail_notice.sh + +@@ -596,11 +596,11 @@ + rm -f $(bro_etc)/bro.rc + rm -f $(bro_etc)/bro.cfg + rm -f $(bro_etc)/bro.cfg.example +- rm -f $(prefix)/etc/bro.rc-hooks.sh ++ rm -f $(prefix)/bro/scripts/bro.rc-hooks.sh + rm -f $(prefix)/site/local.site.bro + rm -f $(prefix)/site/${brohost}.bro + $(srcdir)/install_cron.sh uninstall +- -rm -f $(prefix)/etc/bro.rc-hooks.sh.new ++ -rm -f $(prefix)/bro/scripts/bro.rc-hooks.sh.new + -rm -f /usr/local/etc/rc.d/bro.sh + + # install the stuff to do reports +@@ -625,14 +625,14 @@ + @if [ ! -s signatures.sig.new ] ; then \ + echo "Error in download. Try again later." ; \ + else \ +- if [ ! -f $(prefix)/site/signatures.sig ] ; then \ ++ if [ ! -f $(prefix)/bro/site/signatures.sig ] ; then \ + echo "No previous version, installing new version." ; \ +- cp signatures.sig.new $(prefix)/site/signatures.sig ; \ ++ cp signatures.sig.new $(prefix)/bro/site/signatures.sig ; \ + else \ +- cp signatures.sig.new $(prefix)/site/signatures.sig.new ; \ ++ cp signatures.sig.new $(prefix)/bro/site/signatures.sig.new ; \ + echo "***********************************************************" ; \ + echo "A new signature file (signatures.sig.new) has been placed in" ; \ +- echo "$(prefix)/site. Please compare it to your current signatures.sig " ; \ ++ echo "$(prefix)/bro/site. Please compare it to your current signatures.sig " ; \ + echo "and copy it over if there are no significant differences." ; \ + echo "***********************************************************" ; \ + fi \ +@@ -669,20 +669,20 @@ + else \ + $(INSTALL_DATA) $(srcdir)/local.lite.bro $(bro_site)/${brohost}.bro.new ; \ + fi +- @if [ ! -f $(prefix)/etc/bro.rc-hooks.sh ] ; then \ +- $(INSTALL_DATA) $(srcdir)/bro.rc-hooks.sh $(prefix)/etc/bro.rc-hooks.sh ; \ ++ @if [ ! -f $(prefix)/bro/scripts/bro.rc-hooks.sh ] ; then \ ++ $(INSTALL_DATA) $(srcdir)/bro.rc-hooks.sh $(prefix)/bro/scripts/bro.rc-hooks.sh ; \ + else \ +- $(INSTALL_DATA) $(srcdir)/bro.rc-hooks.sh $(prefix)/etc/bro.rc-hooks.sh.new ; \ ++ $(INSTALL_DATA) $(srcdir)/bro.rc-hooks.sh $(prefix)/bro/scripts/bro.rc-hooks.sh.new ; \ + fi + + # Default files that can be installed/reinstalled, not site specific + install_default_files: + $(INSTALL) $(srcdir)/mail_reports.sh $(bro_scripts)/mail_reports.sh +- $(INSTALL) bro.rc $(prefix)/etc/bro.rc +- $(INSTALL) bro_config $(prefix)/scripts/bro_config ++ $(INSTALL) bro.rc $(prefix)/bro/scripts/bro.rc ++ $(INSTALL) bro_config $(prefix)/bro/scripts/bro_config + -$(INSTALL_DATA) bro.cfg $(bro_etc)/bro.cfg + $(INSTALL_DATA) $(srcdir)/bro.cfg.example $(bro_etc)/bro.cfg.example +- - $(INSTALL) bro.rc /usr/local/etc/rc.d/bro.sh ++ - $(INSTALL) bro.rc @prefix@/bro/scripts/bro.sh + (cd s2b ; $(MAKE) install) + + # install cron file diff --git a/security/bro/files/patch-scripts-bro-config.in b/security/bro/files/patch-scripts-bro-config.in new file mode 100644 index 000000000000..64fecf79a024 --- /dev/null +++ b/security/bro/files/patch-scripts-bro-config.in @@ -0,0 +1,115 @@ +--- scripts/bro_config.in.orig Tue Dec 5 15:58:52 2006 ++++ scripts/bro_config.in Sat Jul 14 14:38:48 2007 +@@ -6,7 +6,7 @@ + # on the "configure" command line + # some machines (i.e. OSX) don't put sbin in the path by default + PATH=$PATH:/usr/sbin:/sbin +-BROHOME=@prefix@ ++BROHOME=@prefix@/bro + # Usage + Usage="bro_config: [-p prefix] [-d]" + # Debug mode? +@@ -39,9 +39,9 @@ + bro_config_got_root() + { + # make a backup of local.site.bro if it exists +- if [ -f local.site.bro ]; then ++ if [ -f ${BROHOME}/site/local.site.bro ]; then + echo "Detected an old local.site.bro, saving it to local.site.bro.save" +- cp local.site.bro local.site.bro.save ++ cp ${BROHOME}/site/local.site.bro ${BROHOME}/site/local.site.bro.save + fi + + if [ `id -ur` -ne 0 ]; then +@@ -62,7 +62,7 @@ + ###################################################################### + bro_config_create_local_site_bro() + { +-cat - > local.site.bro << _EOF ++cat - > ${BROHOME}/sitelocal.site.bro.default << _EOF + # This file should describe your network configuration. + # If your local network is a class C, and its network + # address was 192.168.1.0 and a class B network +@@ -263,7 +263,7 @@ + # BRO_HOSTNAME=`hostname` + + # Directory containing Bro binaries +-BRO_BIN_DIR="${BRO_BIN_DIR:-${BROHOME}/bin}" ++BRO_BIN_DIR="${BRO_BIN_DIR:-@prefix@/bin}" + + # Directory containing Bro logs + BROLOGS="${BROLOGS:-${BROHOME}/logs}" +@@ -287,7 +287,7 @@ + # BRO_PREFIX="local" + + # Location of the Bro executable +-BRO="${BRO:-$BRO_BIN_DIR/bro}" ++BRO="${BRO_BIN_DIR}/bro" + + # Base command line options. + BRO_ADD_OPTS=" -W" +@@ -352,7 +352,7 @@ + BRO_EMAIL_REMOTE="${BRO_EMAIL_REMOTE}" + + # User id to install and run Bro under +-BRO_USER_ID="${BRO_USER_ID:-brother}" ++BRO_USER_ID="${BRO_USER_ID:-root}" + + # Site name for reports (i.e. LBNL, FOO.COM, BAZ.ORG) + BRO_SITE_NAME="${BRO_SITE_NAME}" +@@ -454,29 +454,29 @@ + echo " done." + kill -INT $pid 2>&1 > /dev/null + echo -n "Analyzing dump file....." +- ./localnetMAC.pl -a 16 -r /tmp/bro_config.tcpdump.file.$$ -b local.site.bro 2>&1 > /dev/null ++ ${BROHOME}/scripts/localnetMAC.pl -a 16 -r /tmp/bro_config.tcpdump.file.$$ -b ${BROHOME}/site/local.site.bro 2>&1 > /dev/null + rm /tmp/bro_config.tcpdump.file.$$ + #Yes there is a spelling error in the output + echo " done." +- num=`grep "MAC adresses" local.site.bro | awk '{print $3}'` ++ num=`grep "MAC adresses" ${BROHOME}/site/local.site.bro | awk '{print $3}'` + if [ "$num" -gt 2 ] ; then + echo "You don't appear to be running on a DMZ (found more then two (2) hardware " +- echo "address. Please edit local.site.bro to reflect your correct network parameters" +- cp local.site.bro.default local.site.bro ++ echo "address. Please edit ${BROHOME}/site/local.site.bro to reflect your correct network parameters" ++ cp ${BROHOME}/site/local.site.bro.default ${BROHOME}/site/local.site.bro + else + echo "Your network appears to contain the following networks:" +- for net in ` grep ",$" local.site.bro|sed 's/,//g'`; ++ for net in ` grep ",$" ${BROHOME}/site/local.site.bro|sed 's/,//g'`; + do + echo $net; + done +- echo "Edit local.site.bro by hand if this is not correct" ++ echo "Edit ${BROHOME}/site/local.site.bro by hand if this is not correct" + fi + else +- if [ -f local.site.bro ]; then ++ if [ -f ${BROHOME}/site/local.site.bro ]; then + echo "No previous local.site.bro found. Creating default" + bro_config_create_local_site_bro + #cp local.site.bro.default local.site.bro +- echo "Please edit local.site.bro so that it describes your network configuration" ++ echo "Please edit ${BROHOME}/site/local.site.bro so that it describes your network configuration" + fi + fi + } +@@ -617,7 +617,7 @@ + # source a bro.cfg if it exists, so we know the past default values from the + # last run + +- dirs="$BROHOME/etc/bro.cfg $BROHOME/etc/bro.cfg.example `pwd`/bro.cfg" ++ dirs="@prefix@/etc/bro.cfg @prefix@/etc/bro.cfg.example `pwd`/bro.cfg" + cfgused= + + for cfgfile in $dirs ; do +@@ -783,7 +783,7 @@ + bro_config_site_name() + { + if [ -z $BRO_SITE_NAME ]; then +- BRO_SITE_NAME=`hostname|awk -F. '{print $2 $3}'` ++ BRO_SITE_NAME=`hostname|awk -F. '{print $2"."$3}'` + if [ -z $BRO_SITE_NAME ] ; then + BRO_SITE_NAME="SOMESITE" + fi diff --git a/security/bro/files/patch-scripts-bro.rc.in b/security/bro/files/patch-scripts-bro.rc.in new file mode 100644 index 000000000000..21a4561599d4 --- /dev/null +++ b/security/bro/files/patch-scripts-bro.rc.in @@ -0,0 +1,47 @@ +--- scripts/bro.rc.in.orig Fri Jul 13 15:53:29 2007 ++++ scripts/bro.rc.in Fri Jul 13 15:59:26 2007 +@@ -25,7 +25,7 @@ + # For tasks to complete before and after Bro starts please edit the following + # scripts to suit your needs. For those of you familiar with dhclient this + # uses the same idea. +-# Before Bro starts $BROHOME/etc/bro.rc-hooks.sh ++# Before Bro starts @prefix@/bin/bro.rc-hooks.sh + + # See the bottom of this script for an explanation of how this all works. + # I'll try my best to be clear.... +@@ -35,14 +35,14 @@ + RETVAL=0 + + # picked up from configure at install time +-BROHOME="@prefix@" ++BROHOME="@prefix@/bro" + export BROHOME + + # Set the environment. +-source_config="${BROHOME}/etc/bro.cfg" ++source_config="@prefix@/etc/bro.cfg" + + # Location of bro-hooks.sh script +-bro_hooks="${BROHOME}/etc/bro.rc-hooks.sh" ++bro_hooks="@prefix@/bro/scripts/bro.rc-hooks.sh" + + # Set the full path to this script as called + if [ `echo ${0} | grep -E "^/"` ]; then +@@ -88,7 +88,7 @@ + export BROLOGS + export BROPATH + export BROHOME +-export PATH="${BROHOME}/bro/bin:${BROHOME}/bro/scripts:/usr/local/bin:/usr/local/sbin:${PATH}" ++export PATH="@prefix@/bin:${BROHOME}/scripts:/usr/local/bin:/usr/local/sbin:${PATH}" + + # Make sure that the $BRO_RUNTIME_DIR exists and is writtable + if [ ! -d "${BRO_RUNTIME_DIR}" ]; then +@@ -1033,7 +1033,7 @@ + # running instance of Bro. + # bro.rc logs it's actions to syslog via the logger command. + # bro.rc offers users an interface into the starting and stopping of a Bro +-# process via the file $BROHOME/etc/bro.rc-hooks.rc. This allows for ++# process via the file @prefix@/bro/scripts/bro.rc-hooks.rc. This allows for + # actions to be sent to any custom monitoring or alerting programs the + # user may wish to use. + diff --git a/security/bro/files/patch-scripts-localnetMAC.pl b/security/bro/files/patch-scripts-localnetMAC.pl new file mode 100644 index 000000000000..b3232189886f --- /dev/null +++ b/security/bro/files/patch-scripts-localnetMAC.pl @@ -0,0 +1,15 @@ +--- scripts/localnetMAC.pl.in.orig Sat Jul 14 00:01:55 2007 ++++ scripts/localnetMAC.pl.in Sat Jul 14 00:03:48 2007 +@@ -50,10 +50,10 @@ + + my $fh; + if ($args{r} and $args{r}=~/gz$/){ +- open (IN, "$decomp $args{r} |../aux/adtrace/adtrace -|") or die "cannot execute $decomp $args{r} |../aux/adtrace/adtrace - : $!\n"; ++ open (IN, "$decomp $args{r} |@prefix@/bin/adtrace -|") or die "cannot execute $decomp $args{r} |@prefix@/bin/adtrace - : $!\n"; + $fh = *IN; + }elsif($args{r}){ +- open (IN, "../aux/adtrace/adtrace $args{r}|") or die "cannot execute ./adtrace/adtrace $args{r}: $!\n"; ++ open (IN, "@prefix@/bin/adtrace $args{r}|") or die "cannot execute @prefix@/bin/adtrace $args{r}: $!\n"; + $fh = *IN; + }elsif($args{t} and $args{t}=~/gz$/){ + open (IN, "$decomp $args{t} |") or die "cannot execute $decomp $args{t} | : $!\n"; diff --git a/security/bro/files/patch-scripts-perl-Makefile.PL b/security/bro/files/patch-scripts-perl-Makefile.PL new file mode 100644 index 000000000000..b28d02dc311a --- /dev/null +++ b/security/bro/files/patch-scripts-perl-Makefile.PL @@ -0,0 +1,18 @@ +--- scripts/perl/Makefile.PL.orig Wed Jul 18 16:40:51 2007 ++++ scripts/perl/Makefile.PL Wed Jul 18 16:47:11 2007 +@@ -43,13 +43,13 @@ + } + else + { +- $brohome = '/usr/local/bro'; ++ $brohome = $ENV{PREFIX}/bro'; + } + } + + if( ! $broconfig ) + { +- $broconfig = "$brohome/etc/bro.cfg"; ++ $broconfig = "$ENV{PREFIX}/etc/bro.cfg"; + } + + diff --git a/security/bro/files/patch-scripts-s2b-bin-Makefile.in b/security/bro/files/patch-scripts-s2b-bin-Makefile.in new file mode 100644 index 000000000000..30649ae3bdfb --- /dev/null +++ b/security/bro/files/patch-scripts-s2b-bin-Makefile.in @@ -0,0 +1,11 @@ +--- scripts/s2b/bin/Makefile.in.orig Wed Jul 18 17:33:29 2007 ++++ scripts/s2b/bin/Makefile.in Wed Jul 18 17:34:02 2007 +@@ -321,7 +321,7 @@ + + + # OR we can install them on a make install +-#scriptsdir=$(prefix)/etc ++#scriptsdir=$(prefix)/bro/scripts + #dist_scripts_SCRIPTS = s2b.pl snort2bro + # Tell versions [3.59,3.63) of GNU make to not export all variables. + # Otherwise a system limit (for SysV at least) may be exceeded. diff --git a/security/bro/files/patch-scripts-s2b-bro-include-Makefile.in b/security/bro/files/patch-scripts-s2b-bro-include-Makefile.in new file mode 100644 index 000000000000..1539a3b047c1 --- /dev/null +++ b/security/bro/files/patch-scripts-s2b-bro-include-Makefile.in @@ -0,0 +1,11 @@ +--- scripts/s2b/bro-include/Makefile.in.orig Wed Jul 18 17:35:02 2007 ++++ scripts/s2b/bro-include/Makefile.in Wed Jul 18 17:35:25 2007 +@@ -171,7 +171,7 @@ + target_cpu = @target_cpu@ + target_os = @target_os@ + target_vendor = @target_vendor@ +-includesigsdir = ${prefix}/policy ++includesigsdir = ${prefix}/bro/policy + dist_includesigs_DATA = sig-addendum.sig sig-functions.bro + all: all-am + diff --git a/security/bro/files/patch-scripts-s2b-etc-Makefile.in b/security/bro/files/patch-scripts-s2b-etc-Makefile.in new file mode 100644 index 000000000000..de449617299d --- /dev/null +++ b/security/bro/files/patch-scripts-s2b-etc-Makefile.in @@ -0,0 +1,11 @@ +--- scripts/s2b/etc/Makefile.in.orig Wed Jul 18 17:37:19 2007 ++++ scripts/s2b/etc/Makefile.in Wed Jul 18 17:37:45 2007 +@@ -321,7 +321,7 @@ + + + # OR we can install them on a make install +-#scriptsdir=$(prefix)/etc ++#scriptsdir=$(prefix)/bro/scripts + #dist_scripts_SCRIPTS = s2b-augment.cfg s2b-ruleset-augment.cfg s2b-sigmap.cfg s2b.cfg + # Tell versions [3.59,3.63) of GNU make to not export all variables. + # Otherwise a system limit (for SysV at least) may be exceeded. diff --git a/security/bro/files/patch-src-Makefile.in b/security/bro/files/patch-src-Makefile.in new file mode 100644 index 000000000000..e351acf5d880 --- /dev/null +++ b/security/bro/files/patch-src-Makefile.in @@ -0,0 +1,11 @@ +--- src/Makefile.in.orig Wed Jul 18 16:48:03 2007 ++++ src/Makefile.in Wed Jul 18 16:48:34 2007 +@@ -550,7 +550,7 @@ + $(DISTCLEANFILES) + + +-#bropolicydir=${prefix}/policy ++#bropolicydir=${prefix}/bro/policy + #dist_bropolicy_DATA = $(BIF_BRO) + CCOPT = @V_CCOPT@ -W -Wall -Wno-unused + INCLS = @V_INCLS@ diff --git a/security/bro/files/pkg-deinstall.in b/security/bro/files/pkg-deinstall.in new file mode 100644 index 000000000000..f36772a02b0e --- /dev/null +++ b/security/bro/files/pkg-deinstall.in @@ -0,0 +1,21 @@ +#!/bin/sh + +# Since pkg-plist prepends PREFIX to SITE_PERL, +# we can't remove these files in the normal way + +if [ "$2" != "POST-DEINSTALL" ]; then + exit 0 +fi + +/bin/rm %%SITE_PERL%%/mach/IP4.pm +/bin/rm %%SITE_PERL%%/mach/Bro/Config.pm +/bin/rm %%SITE_PERL%%/mach/Bro/Log.pm +/bin/rm %%SITE_PERL%%/mach/Bro/Report.pm +/bin/rm %%SITE_PERL%%/mach/Bro/Signature.pm +/bin/rm %%SITE_PERL%%/mach/Bro/Log/Alarm.pm +/bin/rm %%SITE_PERL%%/mach/Bro/Log/Conn.pm +/bin/rm %%SITE_PERL%%/mach/Bro/Report/Alarm.pm +/bin/rm %%SITE_PERL%%/mach/Bro/Report/Conn.pm +/bin/rmdir %%SITE_PERL%%/mach/Bro/Report +/bin/rmdir %%SITE_PERL%%/mach/Bro/Log +/bin/rmdir %%SITE_PERL%%/mach/Bro diff --git a/security/bro/files/pkg-install.in b/security/bro/files/pkg-install.in new file mode 100644 index 000000000000..c10f1d2392cf --- /dev/null +++ b/security/bro/files/pkg-install.in @@ -0,0 +1,25 @@ +#!/bin/sh + +# Call the bro_config script to configure bro and, when complete, +# copy the newly created cfg file to %%PREFIX%%/etc. + +echo "****************************************" +echo "* RUNNING THE BRO CONFIGURATION SCRIPT *" +echo "****************************************" +echo + +if [ -f %%BROHOME%%/scripts/bro_config ]; then + /bin/sh %%BROHOME%%/scripts/bro_config +fi + +if [ -f %%WRKSRC%%/../../bro.cfg ]; then + cp bro.cfg %%PREFIX%%/etc/bro.cfg +fi + +if [ -f %%WRKSRC%%/../../bro.cfg ]; then + rm %%WRKSRC%%/../../bro.cfg* +fi + +if [ -f %%WRKSRC%%/../../bro_user_id ]; then + rm %%WRKSRC%%/../../bro_user* +fi diff --git a/security/bro/files/pkg-message.in b/security/bro/files/pkg-message.in new file mode 100644 index 000000000000..c10f1d2392cf --- /dev/null +++ b/security/bro/files/pkg-message.in @@ -0,0 +1,25 @@ +#!/bin/sh + +# Call the bro_config script to configure bro and, when complete, +# copy the newly created cfg file to %%PREFIX%%/etc. + +echo "****************************************" +echo "* RUNNING THE BRO CONFIGURATION SCRIPT *" +echo "****************************************" +echo + +if [ -f %%BROHOME%%/scripts/bro_config ]; then + /bin/sh %%BROHOME%%/scripts/bro_config +fi + +if [ -f %%WRKSRC%%/../../bro.cfg ]; then + cp bro.cfg %%PREFIX%%/etc/bro.cfg +fi + +if [ -f %%WRKSRC%%/../../bro.cfg ]; then + rm %%WRKSRC%%/../../bro.cfg* +fi + +if [ -f %%WRKSRC%%/../../bro_user_id ]; then + rm %%WRKSRC%%/../../bro_user* +fi diff --git a/security/bro/pkg-descr b/security/bro/pkg-descr index 9a2565b85c12..3620bfe9b871 100644 --- a/security/bro/pkg-descr +++ b/security/bro/pkg-descr @@ -1,16 +1,16 @@ -Bro is a system for detecting Network Intruders in real-time by the guys -that brought you tcpdump, libpcap, and flex. - -Bro is a stand-alone system for detecting network intruders in real-time -by passively monitoring a network link over which the intruder's traffic -transits. Bro is divided into an "event engine" that reduces a -kernel-filtered network traffic stream into a series of higher-level -events, and a "policy script interpreter" that interprets event handlers -written in a specialized language used to express a site's security policy. -Event handlers can update state information, synthesize new events, record -information to disk, and generate real-time notifications via `syslog'. +Bro is an open-source, Unix-based Network Intrusion Detection System (NIDS) +that passively monitors network traffic and looks for suspicious activity. +Bro detects intrusions by first parsing network traffic to extract is +application-level semantics and then executing event-oriented analyzers that +compare the activity with patterns deemed troublesome. Its analysis includes +detection of specific attacks (including those defined by signatures, but +also those defined in terms of events) and unusual activities (e.g., certain +hosts connecting to certain services, or patterns of failed connection +attempts). Bro is documented in the USENIX 1998 Security Conference proceedings. --- David - obrien@cs.ucdavis.edu +-- Paul + pauls@utdallas.edu + +WWW: http://bro-ids.org/ diff --git a/security/bro/pkg-plist b/security/bro/pkg-plist index bf7fc1c0c929..ce78833bfa1c 100644 --- a/security/bro/pkg-plist +++ b/security/bro/pkg-plist @@ -1,83 +1,238 @@ -@comment $FreeBSD$ -sbin/bro -%%DATADIR%%/active.bro -%%DATADIR%%/alert.bro -%%DATADIR%%/analy.bro -%%DATADIR%%/anon.bro -%%DATADIR%%/backdoor.bro -%%DATADIR%%/bro.bif.bro -%%DATADIR%%/bro.init -%%DATADIR%%/capture-events.bro -%%DATADIR%%/checkpoint.bro -%%DATADIR%%/common-rw.bif.bro -%%DATADIR%%/conn.bro -%%DATADIR%%/const.bif.bro -%%DATADIR%%/contents.bro -%%DATADIR%%/demux.bro -%%DATADIR%%/dns.bro -%%DATADIR%%/dns-lookup.bro -%%DATADIR%%/drop-adapt.bro -%%DATADIR%%/event.bif.bro -%%DATADIR%%/finger.bro -%%DATADIR%%/finger-rw.bif.bro -%%DATADIR%%/flag-irc.bro -%%DATADIR%%/flag-warez.bro -%%DATADIR%%/frag.bro -%%DATADIR%%/ftp.bro -%%DATADIR%%/ftp-anonymizer.bro -%%DATADIR%%/ftp-cmd-arg.bro -%%DATADIR%%/ftp-rw.bif.bro -%%DATADIR%%/ftp-safe-words.bro -%%DATADIR%%/hot.bro -%%DATADIR%%/hot-ids.bro -%%DATADIR%%/http.bro -%%DATADIR%%/http-abstract.bro -%%DATADIR%%/http-body.bro -%%DATADIR%%/http-entity.bro -%%DATADIR%%/http-event.bro -%%DATADIR%%/http-header.bro -%%DATADIR%%/http-reply.bro -%%DATADIR%%/http-request.bro -%%DATADIR%%/http-rewriter.bro -%%DATADIR%%/http-rw.bif.bro -%%DATADIR%%/icmp.bro -%%DATADIR%%/ident-rewriter.bro -%%DATADIR%%/ident.bro -%%DATADIR%%/ident-rw.bif.bro -%%DATADIR%%/inactivity.bro -%%DATADIR%%/interconn.bro -%%DATADIR%%/load-level.bro -%%DATADIR%%/log.bro -%%DATADIR%%/login.bro -%%DATADIR%%/mime.bro -%%DATADIR%%/mt.bro -%%DATADIR%%/netstats.bro -%%DATADIR%%/ntp.bro -%%DATADIR%%/pcap.bro -%%DATADIR%%/port-name.bro -%%DATADIR%%/portmapper.bro -%%DATADIR%%/print-filter.bro -%%DATADIR%%/print-globals.bro -%%DATADIR%%/print-resources.bro -%%DATADIR%%/reduce-memory.bro -%%DATADIR%%/scan.bro -%%DATADIR%%/signatures.bro -%%DATADIR%%/site.bro -%%DATADIR%%/smtp-relay.bro -%%DATADIR%%/smtp-rewriter.bro -%%DATADIR%%/smtp.bro -%%DATADIR%%/smtp-rw.bif.bro -%%DATADIR%%/software.bro -%%DATADIR%%/ssh-stepping.bro -%%DATADIR%%/ssh.bro -%%DATADIR%%/ssl-worm.bro -%%DATADIR%%/stepping.bro -%%DATADIR%%/synflood.bro -%%DATADIR%%/tcp.bro -%%DATADIR%%/tftp.bro -%%DATADIR%%/udp.bro -%%DATADIR%%/weird.bro -%%DATADIR%%/worm.bro -%%PORTDOCS%%%%DOCSDIR%%/bro-CN99.ps.gz -%%PORTDOCS%%@dirrm %%DATADIR%% -%%PORTDOCS%%@dirrm %%DOCSDIR%% +bin/adtrace +bin/bdcat +bin/binpac +bin/bro +bin/broccoli-config +bin/broconftest +bin/broconn +bin/broenum +bin/brohose +bin/broping +bin/cf +bin/hf +bin/nf +bin/pf +bin/rst +bro/etc/alert_scores +bro/etc/signature_scores +bro/etc/VERSION +bro/policy/OS-fingerprint.bro +bro/policy/adu.bro +bro/policy/alarm.bro +bro/policy/analy.bro +bro/policy/anon.bro +bro/policy/arp.bro +bro/policy/backdoor.bro +bro/policy/blaster.bro +bro/policy/bro.bif.bro +bro/policy/bro.init +bro/policy/brolite-backdoor.bro +bro/policy/brolite-sigs.bro +bro/policy/brolite.bro +bro/policy/capture-events.bro +bro/policy/checkpoint.bro +bro/policy/clear-passwords.bro +bro/policy/common-rw.bif.bro +bro/policy/conn-id.bro +bro/policy/conn.bro +bro/policy/const.bif.bro +bro/policy/contents.bro +bro/policy/cpu-adapt.bro +bro/policy/demux.bro +bro/policy/detect-protocols-http.bro +bro/policy/detect-protocols.bro +bro/policy/dns-anonymizer.bro +bro/policy/dns-info.bro +bro/policy/dns-lookup.bro +bro/policy/dns-rw.bif.bro +bro/policy/dns.bro +bro/policy/dpd.bro +bro/policy/drop-adapt.bro +bro/policy/dyn-disable.bro +bro/policy/event.bif.bro +bro/policy/file-flush.bro +bro/policy/finger-rw.bif.bro +bro/policy/finger.bro +bro/policy/firewall.bro +bro/policy/flag-irc.bro +bro/policy/flag-warez.bro +bro/policy/frag.bro +bro/policy/ftp-anonymizer.bro +bro/policy/ftp-cmd-arg.bro +bro/policy/ftp-reply-pattern.bro +bro/policy/ftp-rw.bif.bro +bro/policy/ftp-safe-words.bro +bro/policy/ftp.bro +bro/policy/gnutella.bro +bro/policy/hand-over.bro +bro/policy/heavy-analysis.bro +bro/policy/heavy.http.bro +bro/policy/heavy.irc.bro +bro/policy/heavy.scan.bro +bro/policy/heavy.software.bro +bro/policy/heavy.trw.bro +bro/policy/hot-ids.bro +bro/policy/hot.bro +bro/policy/http-abstract.bro +bro/policy/http-anon-server.bro +bro/policy/http-anon-useragent.bro +bro/policy/http-anon-utils.bro +bro/policy/http-anonymizer.bro +bro/policy/http-body.bro +bro/policy/http-entity.bro +bro/policy/http-event.bro +bro/policy/http-header.bro +bro/policy/http-reply.bro +bro/policy/http-request.bro +bro/policy/http-rewriter.bro +bro/policy/http-rw.bif.bro +bro/policy/http.bro +bro/policy/icmp.bro +bro/policy/ident-rewriter.bro +bro/policy/ident-rw.bif.bro +bro/policy/ident.bro +bro/policy/inactivity.bro +bro/policy/interconn.bro +bro/policy/irc-bot.bro +bro/policy/irc.bro +bro/policy/large-conns.bro +bro/policy/listen-clear.bro +bro/policy/listen-ssl.bro +bro/policy/load-level.bro +bro/policy/load-sample.bro +bro/policy/log-append.bro +bro/policy/login.bro +bro/policy/mime-pop.bro +bro/policy/mime.bro +bro/policy/mt.bro +bro/policy/netstats.bro +bro/policy/nfs.bro +bro/policy/notice-action-filters.bro +bro/policy/notice-policy.bro +bro/policy/notice.bro +bro/policy/ntp.bro +bro/policy/passwords.bro +bro/policy/pcap.bro +bro/policy/peer-status.bro +bro/policy/pkt-profile.bro +bro/policy/pop3.bro +bro/policy/port-name.bro +bro/policy/portmapper.bro +bro/policy/print-filter.bro +bro/policy/print-globals.bro +bro/policy/print-resources.bro +bro/policy/print-sig-states.bro +bro/policy/profiling.bro +bro/policy/proxy.bro +bro/policy/remote-pcap.bro +bro/policy/remote-ping.bro +bro/policy/remote-print.bro +bro/policy/remote-report-notices.bro +bro/policy/remote-send-id.bro +bro/policy/remote.bro +bro/policy/rotate-logs.bro +bro/policy/rsh.bro +bro/policy/scan.bro +bro/policy/secondary-filter.bro +bro/policy/sensor-sshd.bro +bro/policy/server-ports.bro +bro/policy/service-probe.bro +bro/policy/sig-action.bro +bro/policy/sig-addendum.sig +bro/policy/sig-functions.bro +bro/policy/signatures.bro +bro/policy/sigs/dpd.sig +bro/policy/sigs/ex.web-rules.sig +bro/policy/sigs/p0fsyn.osf +bro/policy/sigs/snort-default.sig +bro/policy/sigs/ssl-worm.sig +bro/policy/sigs/worm.sig +bro/policy/site.bro +bro/policy/smtp-relay.bro +bro/policy/smtp-rewriter.bro +bro/policy/smtp-rw.bif.bro +bro/policy/smtp.bro +bro/policy/snort.bro +bro/policy/software.bro +bro/policy/ssh-stepping.bro +bro/policy/ssh.bro +bro/policy/ssl-alerts.bro +bro/policy/ssl-ciphers.bro +bro/policy/ssl-errors.bro +bro/policy/ssl-worm.bro +bro/policy/ssl.bro +bro/policy/stats.bro +bro/policy/stepping.bro +bro/policy/strings.bif.bro +bro/policy/synflood.bro +bro/policy/tcp.bro +bro/policy/tftp.bro +bro/policy/trw-impl.bro +bro/policy/trw.bro +bro/policy/udp-common.bro +bro/policy/udp.bro +bro/policy/vlan.bro +bro/policy/weird.bro +bro/policy/worm.bro +bro/scripts/bro-logchk.pl +bro/scripts/bro.rc +bro/scripts/bro.rc-hooks.sh +bro/scripts/bro_config +bro/scripts/bro_log_compress.sh +bro/scripts/edit-brorule.pl +bro/scripts/frontend-mail-reports.sh +bro/scripts/frontend-site-report.sh +bro/scripts/host-grep +bro/scripts/host-to-addrs +bro/scripts/localnetMAC.pl +bro/scripts/mail_notice.sh +bro/scripts/mvlog +bro/scripts/push_logs.sh +bro/scripts/site-report.pl +@unexec if cmp -s %D/bro/site/local.site.bro.default %D/bro/site/local.site.bro; then rm -f %D/bro/site/local.site.bro; fi +bro/site/local.site.bro.default +bro/site/signatures.sig +@unexec if cmp -s %D/etc/bro.cfg.sample %D/etc/bro.cfg; then rm -f %D/etc/bro.cfg; fi +etc/bro.cfg.example +etc/broccoli.conf +include/broccoli.h +share/broccoli/broconn.bro +share/broccoli/broenum.bro +share/broccoli/brohose.bro +share/broccoli/broping-record.bro +share/broccoli/broping.bro +share/gtk-doc/html/broccoli/a2850.html +share/gtk-doc/html/broccoli/api.html +share/gtk-doc/html/broccoli/broccoli-broccoli.html +share/gtk-doc/html/broccoli/c21.html +share/gtk-doc/html/broccoli/c55.html +share/gtk-doc/html/broccoli/c85.html +share/gtk-doc/html/broccoli/images/caution.gif +share/gtk-doc/html/broccoli/images/logo.jpg +share/gtk-doc/html/broccoli/images/note.gif +share/gtk-doc/html/broccoli/images/warning.gif +share/gtk-doc/html/broccoli/index.html +share/gtk-doc/html/broccoli/stylesheet.css +share/libbroccoli.a +share/libbroccoli.la +share/libbroccoli.so +share/libbroccoli.so.0 +@unexec if [ -f %D/%%DOCSDIR%%/bro-deployment.pdf ]; then rm -f %D/%%DOCSDIR%%/bro-deployment.pdf; fi +@unexec if [ -f %D/%%DOCSDIR%%/Bro-quick-start.pdf ]; then rm -f %D/%%DOCSDIR%%/Bro-quick-start.pdf; fi +@unexec if [ -f %D/%%DOCSDIR%%/Bro-user-manual.pdf ]; then rm -f %D/%%DOCSDIR%%/Bro-user-manual.pdf; fi +@dirrmtry %%DOCSDIR%% +@dirrm share/gtk-doc/html/broccoli/images +@dirrm share/gtk-doc/html/broccoli +@dirrmtry share/gtk-doc/html +@dirrmtry share/gtk-doc +@dirrm share/broccoli +@dirrmtry bro/var +@dirrmtry bro/site +@dirrmtry bro/scripts +@dirrmtry bro/reports +@dirrmtry bro/policy/sigs +@dirrmtry bro/policy +@dirrmtry bro/logs +@dirrmtry bro/etc +@dirrmtry bro/archive +@dirrmtry bro |