# -*- coding: utf-8; mode: tcl; tab-width: 4; indent-tabs-mode: nil; c-basic-offset: 4 -*- vim:fenc=utf-8:ft=tcl:et:sw=4:ts=4:sts=4
# $Id$
PortSystem 1.0
name bro
version 2.4.1
revision 1
categories net security
platforms darwin
maintainers nomaintainer
license BSD
description BRO is a Network Intrusion Detection System
long_description Bro is an open-source, Unix-based Network Intrusion \
Detection System (NIDS) that passively monitors network \
traffic and looks for suspicious activity.
homepage http://www.bro.org/
master_sites ${homepage}downloads/release/ \
${homepage}downloads/archive/
checksums rmd160 d0de91e52d5ff4edd08dff3b913a4250ad43e03a \
sha256 d8b99673a5024630f6bae820c4f8c3ca9029f1167f9e5729c914c66e1fc7c8f6
depends_build port:cmake \
port:libgeoip \
port:swig-python
# use the system-provided flex
depends_lib port:bison \
port:curl \
port:libmagic \
port:libpcap \
path:lib/libssl.dylib:openssl \
port:perl5 \
port:python27 \
port:readline \
port:zlib
variant universal {}
configure.cflags-append "${configure.cflags} [get_canonical_archflags cc]"
configure.universal_args
configure.args --enable-mobile-ipv6 --conf-files-dir=${prefix}/etc/bro
post-patch {
reinplace "s|\${BroBase}/spool|\${BroBase}/var/spool/bro|" ${worksrcpath}/aux/broctl/BroControl/options.py
reinplace "s|\${BroBase}/logs|\${BroBase}/var/log/bro|" ${worksrcpath}/aux/broctl/BroControl/options.py
reinplace "s|\${PREFIX}/logs|\${PREFIX}/var/log/bro|" ${worksrcpath}/aux/broctl/CMakeLists.txt
reinplace "s|{BroBase}/logs|{BroBase}/var/log/bro|" ${worksrcpath}/aux/broctl/doc/broctl.rst
reinplace "s|\${PREFIX}/spool|\${PREFIX}/var/spool/bro|" ${worksrcpath}/aux/broctl/CMakeLists.txt
reinplace "s|{BroBase}/spool|{BroBase}/var/spool/bro|" ${worksrcpath}/aux/broctl/doc/broctl.rst
}
post-destroot {
xinstall -d ${destroot}${prefix}/share/examples/${name}
move ${destroot}${prefix}/etc/bro/broccoli.conf ${destroot}${prefix}/share/examples/${name}/
move ${destroot}${prefix}/etc/bro/node.cfg ${destroot}${prefix}/share/examples/${name}/
move ${destroot}${prefix}/etc/bro/networks.cfg ${destroot}${prefix}/share/examples/${name}/
move ${destroot}${prefix}/etc/bro/broctl.cfg ${destroot}${prefix}/share/examples/${name}/
reinplace "s|${prefix}/spool|${prefix}/var/spool/bro|" ${destroot}${prefix}/share/examples/${name}/broctl.cfg
reinplace "s|${prefix}/logs|${prefix}/var/log/bro|" ${destroot}${prefix}/share/examples/${name}/broctl.cfg
reinplace "s|/usr/bin/python|${prefix}/bin/python2.7|" ${destroot}${prefix}/bin/broctl
reinplace "s| /usr/bin/env python|${prefix}/bin/python2.7|" ${destroot}${prefix}/bin/trace-summary
xinstall -d ${destroot}${prefix}/Library/LaunchDaemons/
copy ${filespath}/org.macports.bro.plist ${destroot}${prefix}/Library/LaunchDaemons/
reinplace "s|%%PREFIX%%|${prefix}|g" ${destroot}${prefix}/Library/LaunchDaemons/org.macports.bro.plist
xinstall -d ${destroot}${prefix}/etc/${name}
xinstall -d ${destroot}${prefix}/var/log/${name}
xinstall -d ${destroot}${prefix}/var/spool/${name}
destroot.keepdirs ${destroot}${prefix}/etc/${name} \
${destroot}${prefix}/var/log/${name} \
${destroot}${prefix}/var/spool/${name}
}
post-activate {
if {![file exists ${prefix}/etc/bro/broccoli.conf]} {
copy ${prefix}/share/examples/${name}/broccoli.conf ${prefix}/etc/bro/broccoli.conf
}
if {![file exists ${prefix}/etc/bro/node.cfg]} {
copy ${prefix}/share/examples/${name}/node.cfg ${prefix}/etc/bro/node.cfg
}
if {![file exists ${prefix}/etc/bro/networks.cfg]} {
copy ${prefix}/share/examples/${name}/networks.cfg ${prefix}/etc/bro/networks.cfg
}
if {![file exists ${prefix}/etc/bro/broctl.cfg]} {
copy ${prefix}/share/examples/${name}/broctl.cfg ${prefix}/etc/bro/broctl.cfg
}
}
startupitem.create yes
startupitem.netchange yes
startupitem.start "${prefix}/bin/broctl start"
startupitem.stop "${prefix}/bin/broctl stop"
startupitem.restart "${prefix}/bin/broctl restart"
# This doesn't work due to error: error: AF_UNIX path too long
# To manual test:
# sudo port build
# cd ${worksrcpath}/aux/btest/testing
# sudo make all
#
#test.run yes
#test.target all
#test.dir ${worksrcpath}/aux/btest/testing
notes "
You'll need to set your BROHOME to ${prefix}/share/bro and your
BROPATH to ${prefix}/share/bro/site:${prefix}/share/bro/policy
to use the provided policies.
Check online documentation to finish install
http://www.bro.org/sphinx/quickstart/index.html
1) review config: node.cfg, network.cfg, broctl.cfg
especially network interface, MailTo
Existing files have not been modified
2) Run as root or with sudo
# broctl
\[BroControl\] > install
\[BroControl\] > start
3) Use scheduled task for maintenance
# ln -s ${prefix}/Library/LaunchDaemons/org.macports.bro.plist /Library/LaunchDaemons/
# launchctl load -w /Library/LaunchDaemons/org.macports.bro.plist
**** UPGRADING ****
Paths have been changed to respect macports hierarchy
${prefix}/etc -> ${prefix}/etc/bro
${prefix}/spool -> ${prefix}/var/spool/bro
${prefix}/logs -> ${prefix}/var/log/bro
"
livecheck.type regex
livecheck.url ${homepage}download/
livecheck.regex ${name}-(\[0-9a-z.\]+)${extract.suffix}