From 16c8d52e523f3aa2473a54fe7cb999df5fff6398 Mon Sep 17 00:00:00 2001
From: Ryan Steinmetz <zi@FreeBSD.org>
Date: Mon, 11 Jun 2012 13:28:32 +0000
Subject: New port: security/razorback-yaraNugget:

Razorback is a framework for an intelligence driven security solution.
It consists of a Dispatcher at the core of the system, surrounded by
Nuggets of varying types.

The Yara nugget allows modified Yara rules to dictate which flags are
set when they alert.

WWW: http://razorbacktm.sourceforge.net/

PR:		ports/167756
Submitted by:	Tom Judge <tom@tomjudge.com>
---
 security/Makefile                         |  1 +
 security/razorback-yaraNugget/Makefile    | 50 +++++++++++++++++++++++++++++++
 security/razorback-yaraNugget/distinfo    |  2 ++
 security/razorback-yaraNugget/pkg-descr   |  8 +++++
 security/razorback-yaraNugget/pkg-message |  6 ++++
 security/razorback-yaraNugget/pkg-plist   | 14 +++++++++
 6 files changed, 81 insertions(+)
 create mode 100644 security/razorback-yaraNugget/Makefile
 create mode 100644 security/razorback-yaraNugget/distinfo
 create mode 100644 security/razorback-yaraNugget/pkg-descr
 create mode 100644 security/razorback-yaraNugget/pkg-message
 create mode 100644 security/razorback-yaraNugget/pkg-plist

diff --git a/security/Makefile b/security/Makefile
index c22380cf8662..0f89332f82d3 100644
--- a/security/Makefile
+++ b/security/Makefile
@@ -798,6 +798,7 @@
     SUBDIR += razorback-scriptNugget
     SUBDIR += razorback-swfScanner
     SUBDIR += razorback-syslogNugget
+    SUBDIR += razorback-yaraNugget
     SUBDIR += rdigest
     SUBDIR += retranslator
     SUBDIR += revelation
diff --git a/security/razorback-yaraNugget/Makefile b/security/razorback-yaraNugget/Makefile
new file mode 100644
index 000000000000..c68d1e383372
--- /dev/null
+++ b/security/razorback-yaraNugget/Makefile
@@ -0,0 +1,50 @@
+# New ports collection makefile for:	razorback-yaraNugget
+# Date created:				2011/06/8
+# Whom:					Tom Judge <tom@tomjudge.com>
+#
+# $FreeBSD$
+#
+
+PORTNAME=	yaraNugget
+PORTVERSION=	0.5.0
+CATEGORIES=	security
+MASTER_SITES=	SF/razorbacktm/Nuggets
+PKGNAMEPREFIX=	razorback-
+DIST_SUBDIR=	razorback
+
+MAINTAINER=	tj@FreeBSD.org
+COMMENT=	Framework for an intelligence driven security - Yara Detection
+
+LICENSE=	GPLv2
+LICENSE_FILE=	${WRKSRC}/LICENSE
+
+LIB_DEPENDS=	razorback_api:${PORTSDIR}/security/razorback-api \
+		pcre:${PORTSDIR}/devel/pcre
+BUILD_DEPENDS=	razorback-masterNugget>=0.5.0:${PORTSDIR}/security/razorback-masterNugget
+RUN_DEPENDS=	razorback-masterNugget>=0.5.0:${PORTSDIR}/security/razorback-masterNugget
+
+OPTIONS_DEFINE=	DEBUG ASSERT
+ASSERT_DESC=	Enable Asserts
+
+.include <bsd.port.options.mk>
+
+RB_LIBDIR?=	${PREFIX}/lib/razorback
+GNU_CONFIGURE=	yes
+USE_AUTOTOOLS=	libtool
+USE_LDCONFIG=	${RB_LIBDIR}
+
+.if ${PORT_OPTIONS:MDEBUG}
+CONFIGURE_ARGS+=--enable-debug
+.endif
+
+.if ${PORT_OPTIONS:MASSERT}
+CONFIGURE_ARGS+=--enable-assert
+.endif
+
+post-install:
+	${LN} -sf ${RB_LIBDIR}/yaraNugget.so.2 ${RB_LIBDIR}/yaraNugget.so.2.0.0
+	@if [ ! -f ${PREFIX}/etc/razorback/yara.conf ]; then \
+		${CP} -p ${PREFIX}/etc/razorback/yara.conf.sample ${PREFIX}/etc/razorback/yara.conf ; \
+	fi
+
+.include <bsd.port.mk>
diff --git a/security/razorback-yaraNugget/distinfo b/security/razorback-yaraNugget/distinfo
new file mode 100644
index 000000000000..8017e2160990
--- /dev/null
+++ b/security/razorback-yaraNugget/distinfo
@@ -0,0 +1,2 @@
+SHA256 (razorback/yaraNugget-0.5.0.tar.gz) = 6b43e0033aa9f834acdd8aba1c437d7fac47a4d2edac1e9961983d6a019b1fc1
+SIZE (razorback/yaraNugget-0.5.0.tar.gz) = 623917
diff --git a/security/razorback-yaraNugget/pkg-descr b/security/razorback-yaraNugget/pkg-descr
new file mode 100644
index 000000000000..a8b27d1c8830
--- /dev/null
+++ b/security/razorback-yaraNugget/pkg-descr
@@ -0,0 +1,8 @@
+Razorback is a framework for an intelligence driven security solution.
+It consists of a Dispatcher at the core of the system, surrounded by
+Nuggets of varying types.
+
+The Yara nugget allows modified Yara rules to dictate which flags are
+set when they alert.
+
+WWW: http://razorbacktm.sourceforge.net/
diff --git a/security/razorback-yaraNugget/pkg-message b/security/razorback-yaraNugget/pkg-message
new file mode 100644
index 000000000000..498ac9913048
--- /dev/null
+++ b/security/razorback-yaraNugget/pkg-message
@@ -0,0 +1,6 @@
+After this port has been installed, you will need to copy and edit the
+sample configuration (rzb_yara.conf.sample) to rzb_yara.conf.
+
+Additionally, you will need to provide rules for yara.  The rules should be
+placed in the directory specified in the rzb_yara.conf file.  The rules may
+be placed in subdirectories or symlinked.
diff --git a/security/razorback-yaraNugget/pkg-plist b/security/razorback-yaraNugget/pkg-plist
new file mode 100644
index 000000000000..a3086f3bf32b
--- /dev/null
+++ b/security/razorback-yaraNugget/pkg-plist
@@ -0,0 +1,14 @@
+@comment $FreeBSD$
+@unexec if cmp -s %D/etc/razorback/yara.conf %D/etc/razorback/yara.conf.sample; then rm -f %D/etc/razorback/yara.conf; fi
+etc/razorback/yara.conf.sample
+@exec if [ ! -f %D/etc/razorback/yara.conf ]; then cp -p %D/%F %B/yara.conf; fi
+etc/razorback/yara/banker.rules
+etc/razorback/yara/packer.rules
+@dirrmtry etc/razorback/yara
+@dirrmtry etc/razorback
+lib/razorback/yaraNugget.so.2.0.0
+lib/razorback/yaraNugget.so.2
+lib/razorback/yaraNugget.so
+lib/razorback/yaraNugget.la
+lib/razorback/yaraNugget.a
+@dirrmtry lib/razorback
-- 
cgit v1.2.3