# -*- coding: utf-8; mode: tcl; tab-width: 4; indent-tabs-mode: nil; c-basic-offset: 4 -*- vim:fenc=utf-8:ft=tcl:et:sw=4:ts=4:sts=4 # $Id$ PortSystem 1.0 name bro version 2.4.1 revision 1 categories net security platforms darwin maintainers nomaintainer license BSD description BRO is a Network Intrusion Detection System long_description Bro is an open-source, Unix-based Network Intrusion \ Detection System (NIDS) that passively monitors network \ traffic and looks for suspicious activity. homepage http://www.bro.org/ master_sites ${homepage}downloads/release/ \ ${homepage}downloads/archive/ checksums rmd160 d0de91e52d5ff4edd08dff3b913a4250ad43e03a \ sha256 d8b99673a5024630f6bae820c4f8c3ca9029f1167f9e5729c914c66e1fc7c8f6 depends_build port:cmake \ port:libgeoip \ port:swig-python # use the system-provided flex depends_lib port:bison \ port:curl \ port:libmagic \ port:libpcap \ path:lib/libssl.dylib:openssl \ port:perl5 \ port:python27 \ port:readline \ port:zlib variant universal {} configure.cflags-append "${configure.cflags} [get_canonical_archflags cc]" configure.universal_args configure.args --enable-mobile-ipv6 --conf-files-dir=${prefix}/etc/bro post-patch { reinplace "s|\${BroBase}/spool|\${BroBase}/var/spool/bro|" ${worksrcpath}/aux/broctl/BroControl/options.py reinplace "s|\${BroBase}/logs|\${BroBase}/var/log/bro|" ${worksrcpath}/aux/broctl/BroControl/options.py reinplace "s|\${PREFIX}/logs|\${PREFIX}/var/log/bro|" ${worksrcpath}/aux/broctl/CMakeLists.txt reinplace "s|{BroBase}/logs|{BroBase}/var/log/bro|" ${worksrcpath}/aux/broctl/doc/broctl.rst reinplace "s|\${PREFIX}/spool|\${PREFIX}/var/spool/bro|" ${worksrcpath}/aux/broctl/CMakeLists.txt reinplace "s|{BroBase}/spool|{BroBase}/var/spool/bro|" ${worksrcpath}/aux/broctl/doc/broctl.rst } post-destroot { xinstall -d ${destroot}${prefix}/share/examples/${name} move ${destroot}${prefix}/etc/bro/broccoli.conf ${destroot}${prefix}/share/examples/${name}/ move ${destroot}${prefix}/etc/bro/node.cfg ${destroot}${prefix}/share/examples/${name}/ move ${destroot}${prefix}/etc/bro/networks.cfg ${destroot}${prefix}/share/examples/${name}/ move ${destroot}${prefix}/etc/bro/broctl.cfg ${destroot}${prefix}/share/examples/${name}/ reinplace "s|${prefix}/spool|${prefix}/var/spool/bro|" ${destroot}${prefix}/share/examples/${name}/broctl.cfg reinplace "s|${prefix}/logs|${prefix}/var/log/bro|" ${destroot}${prefix}/share/examples/${name}/broctl.cfg reinplace "s|/usr/bin/python|${prefix}/bin/python2.7|" ${destroot}${prefix}/bin/broctl reinplace "s| /usr/bin/env python|${prefix}/bin/python2.7|" ${destroot}${prefix}/bin/trace-summary xinstall -d ${destroot}${prefix}/Library/LaunchDaemons/ copy ${filespath}/org.macports.bro.plist ${destroot}${prefix}/Library/LaunchDaemons/ reinplace "s|%%PREFIX%%|${prefix}|g" ${destroot}${prefix}/Library/LaunchDaemons/org.macports.bro.plist xinstall -d ${destroot}${prefix}/etc/${name} xinstall -d ${destroot}${prefix}/var/log/${name} xinstall -d ${destroot}${prefix}/var/spool/${name} destroot.keepdirs ${destroot}${prefix}/etc/${name} \ ${destroot}${prefix}/var/log/${name} \ ${destroot}${prefix}/var/spool/${name} } post-activate { if {![file exists ${prefix}/etc/bro/broccoli.conf]} { copy ${prefix}/share/examples/${name}/broccoli.conf ${prefix}/etc/bro/broccoli.conf } if {![file exists ${prefix}/etc/bro/node.cfg]} { copy ${prefix}/share/examples/${name}/node.cfg ${prefix}/etc/bro/node.cfg } if {![file exists ${prefix}/etc/bro/networks.cfg]} { copy ${prefix}/share/examples/${name}/networks.cfg ${prefix}/etc/bro/networks.cfg } if {![file exists ${prefix}/etc/bro/broctl.cfg]} { copy ${prefix}/share/examples/${name}/broctl.cfg ${prefix}/etc/bro/broctl.cfg } } startupitem.create yes startupitem.netchange yes startupitem.start "${prefix}/bin/broctl start" startupitem.stop "${prefix}/bin/broctl stop" startupitem.restart "${prefix}/bin/broctl restart" # This doesn't work due to error: error: AF_UNIX path too long # To manual test: # sudo port build # cd ${worksrcpath}/aux/btest/testing # sudo make all # #test.run yes #test.target all #test.dir ${worksrcpath}/aux/btest/testing notes " You'll need to set your BROHOME to ${prefix}/share/bro and your BROPATH to ${prefix}/share/bro/site:${prefix}/share/bro/policy to use the provided policies. Check online documentation to finish install http://www.bro.org/sphinx/quickstart/index.html 1) review config: node.cfg, network.cfg, broctl.cfg especially network interface, MailTo Existing files have not been modified 2) Run as root or with sudo # broctl \[BroControl\] > install \[BroControl\] > start 3) Use scheduled task for maintenance # ln -s ${prefix}/Library/LaunchDaemons/org.macports.bro.plist /Library/LaunchDaemons/ # launchctl load -w /Library/LaunchDaemons/org.macports.bro.plist **** UPGRADING **** Paths have been changed to respect macports hierarchy ${prefix}/etc -> ${prefix}/etc/bro ${prefix}/spool -> ${prefix}/var/spool/bro ${prefix}/logs -> ${prefix}/var/log/bro " livecheck.type regex livecheck.url ${homepage}download/ livecheck.regex ${name}-(\[0-9a-z.\]+)${extract.suffix}