5 files changed, 39 insertions, 12 deletions

diff --git a/sysutils/osquery/Makefile b/sysutils/osquery/Makefile
index 44335a7bdede..be187be0176d 100644
--- a/sysutils/osquery/Makefile
+++ b/sysutils/osquery/Makefile
@@ -2,7 +2,7 @@
 # $FreeBSD$
 
 PORTNAME=	osquery
-PORTVERSION=	2.4.0
+PORTVERSION=	2.4.3
 CATEGORIES=	sysutils
 
 MAINTAINER=	zi@FreeBSD.org
@@ -21,12 +21,10 @@ LIB_DEPENDS=	libaugeas.so:textproc/augeas \
 		libgflags.so:devel/gflags \
 		libglog.so:devel/glog \
 		libicuuc.so:devel/icu \
-		libthrift.so:devel/thrift-cpp \
-		libtsk.so:sysutils/sleuthkit \
-		libcppnetlib-uri.so:devel/cpp-netlib \
 		librocksdb-lite.so:databases/rocksdb-lite \
-		libyara.so:security/yara \
-		liblldpctl.so:net-mgmt/lldpd
+		libthrift.so:devel/thrift-cpp \
+		libcppnetlib-uri.so:devel/cpp-netlib
+RUN_DEPENDS=	ca_root_nss>0:security/ca_root_nss
 
 USES=		cmake:outsource gmake libtool python:build compiler:c++11-lib
 CONFIGURE_ENV+=	OSQUERY_BUILD_VERSION="${PORTVERSION}" HOME="${WRKDIR}" \
@@ -40,6 +38,25 @@ GH_PROJECT=	third-party:tp
 GH_SUBDIR=	third-party:tp
 MAKE_JOBS_UNSAFE=	yes
 
+# Some options for things that bring in many dependencies
+OPTIONS_DEFINE=	TSK AWS YARA LLDPD
+
+TSK_DESC=	Build with sleuthkit support
+TSK_LIB_DEPENDS=	libtsk.so:sysutils/sleuthkit
+TSK_CONFIGURE_ENV_OFF=		SKIP_TSK=1
+
+AWS_DESC=	Support logging to AWS Kinesis
+AWS_LIB_DEPENDS=	libaws-cpp-sdk-core.so:devel/aws-sdk-cpp
+AWS_CONFIGURE_ENV_OFF=		SKIP_AWS=1
+
+YARA_DESC=	Build with YARA malware identification support
+YARA_LIB_DEPENDS=	libyara.so:security/yara
+YARA_CONFIGURE_ENV_OFF=	SKIP_YARA=1
+
+LLDPD_DESC=	Support Link Layer Discovery Protocol
+LLDPD_LIB_DEPENDS=	liblldpctl.so:net-mgmt/lldpd
+LLDPD_CONFIGURE_ENV_OFF=	SKIP_LLDPD=1
+
 .include <bsd.port.pre.mk>
 
 .if ${OSVERSION} < 1100000
@@ -51,6 +68,10 @@ CXX=	clang++38
 post-patch:
 	${REINPLACE_CMD} -e 's|/var/osquery/|/var/db/osquery/|g' \
 		${WRKSRC}/tools/deployment/osquery.example.conf
+	${REINPLACE_CMD} -e 's|/etc/osquery/yara/|/var/db/osquery/yara/|g' \
+		${WRKSRC}/osquery/tables/yara/yara.cpp \
+		${WRKSRC}/osquery/tables/yara/yara_utils.cpp \
+		${WRKSRC}/specs/yara/yara.table
 	${REINPLACE_CMD} -e 's|python|${PYTHON_CMD}|g' \
 		${WRKSRC}/CMakeLists.txt \
 		${WRKSRC}/tools/get_platform.py
@@ -63,6 +84,7 @@ do-install:
 	${INSTALL_DATA} ${WRKSRC}/tools/deployment/osquery.example.conf \
 		${STAGEDIR}${PREFIX}/etc/osquery.conf.sample
 
+	${TOUCH} ${STAGEDIR}${PREFIX}/etc/osquery.flags
 	${MKDIR} ${STAGEDIR}/var/db/osquery
 	${MKDIR} ${STAGEDIR}/var/log/osquery
 
diff --git a/sysutils/osquery/distinfo b/sysutils/osquery/distinfo
index 6717ac29c5d6..adc0996831c8 100644
--- a/sysutils/osquery/distinfo
+++ b/sysutils/osquery/distinfo
@@ -1,5 +1,5 @@
-TIMESTAMP = 1492024136
-SHA256 (facebook-osquery-2.4.0_GH0.tar.gz) = e5c3f01ac10ac9a9732f9610921cea8e8a7234a18061cf58e22dc86b2b74d685
-SIZE (facebook-osquery-2.4.0_GH0.tar.gz) = 874186
-SHA256 (osquery-third-party-2.4.0_GH0.tar.gz) = 729830902faa4f438c77dfdce849bfbc862501591e3a51154f0e0fbe14af7ede
-SIZE (osquery-third-party-2.4.0_GH0.tar.gz) = 3864623
+TIMESTAMP = 1493669104
+SHA256 (facebook-osquery-2.4.3_GH0.tar.gz) = 60dd80c6c8633c5baa307fb7aab296cf8726c9d7044b2c14d064547af1ef89c0
+SIZE (facebook-osquery-2.4.3_GH0.tar.gz) = 896305
+SHA256 (osquery-third-party-2.4.3_GH0.tar.gz) = 1119deb9265697021a5fe9f8214be444745811eedd9d291e7d15b5dd1bc709fa
+SIZE (osquery-third-party-2.4.3_GH0.tar.gz) = 3229298
diff --git a/sysutils/osquery/files/osqueryd.in b/sysutils/osquery/files/osqueryd.in
index 703680859264..6145026efabc 100644
--- a/sysutils/osquery/files/osqueryd.in
+++ b/sysutils/osquery/files/osqueryd.in
@@ -23,7 +23,7 @@ osqueryd_enable=${osqueryd_enable-"NO"}
 osqueryd_flags=${osqueryd_flags-""}
 osqueryd_config=${osqueryd_config-"%%PREFIX%%/etc/osquery.conf"}
 required_files=${osqueryd_config}
-command_args="--pidfile /var/run/osqueryd.pid --disable_watchdog --daemonize=true --database_path /var/db/osquery/osqueryd --extensions_socket /var/run/osquery.em --extensions_autoload %%PREFIX%%/etc/osquery.extensions --modules_autoload %%PREFIX%%/etc/osquery.modules --config_path=${osqueryd_config}"
+command_args="--pidfile /var/run/osqueryd.pid --disable_watchdog --daemonize=true --database_path /var/db/osquery/osqueryd --extensions_socket /var/run/osquery.em --extensions_autoload %%PREFIX%%/etc/osquery.extensions --modules_autoload %%PREFIX%%/etc/osquery.modules --tls_server_certs /etc/ssl/cert.pem --flagfile %%PREFIX%%/etc/osquery.flags --config_path=${osqueryd_config}"
 extra_commands="configtest"
 configtest_cmd="configtest"
 pidfile="/var/run/osqueryd.pid"
diff --git a/sysutils/osquery/pkg-message b/sysutils/osquery/pkg-message
new file mode 100644
index 000000000000..d4f98c1e0ec5
--- /dev/null
+++ b/sysutils/osquery/pkg-message
@@ -0,0 +1,4 @@
+Note that some osquery tables are currently unsupported on FreeBSD. A list of
+disabled tables can be found at:
+
+https://github.com/facebook/osquery/blob/master/specs/blacklist
diff --git a/sysutils/osquery/pkg-plist b/sysutils/osquery/pkg-plist
index c76842a11758..9e22242debbe 100644
--- a/sysutils/osquery/pkg-plist
+++ b/sysutils/osquery/pkg-plist
@@ -1,6 +1,7 @@
 bin/osqueryi
 @dir /var/db/osquery
 @dir /var/log/osquery
+etc/osquery.flags
 include/osquery/config.h
 include/osquery/core.h
 include/osquery/database.h