# -*- coding: utf-8; mode: tcl; tab-width: 4; indent-tabs-mode: nil; c-basic-offset: 4 -*- vim:fenc=utf-8:ft=tcl:et:sw=4:ts=4:sts=4 PortSystem 1.0 PortGroup cmake 1.1 PortGroup openssl 1.0 name zeek version 7.0.5 revision 0 categories net security maintainers {mps @Schamschula} openmaintainer license BSD description Zeek is a powerful network analysis framework that is much different \ from the typical IDS you may know. long_description {*}${description} Zeek is the new name for the long-established Bro \ system. Note that parts of the system retain the "Bro" name, and it \ also often appears in the documentation and distributions. homepage https://www.zeek.org/ master_sites https://download.zeek.org/ checksums rmd160 82e3eda2d3e5bd351f32ba65fbc145d7e752becf \ sha256 e0e6e6f5d5b0402bb1ccd02ecee0ac5bd237d60c5095d71a146651c7f6721eb7 \ size 95847393 subport ${name} { conflicts ${name}-devel } subport ${name}-devel { conflicts ${name} version 7.1.0 revision 0 checksums rmd160 26d8ab13293cb46ca42413d5c89901b29b3c15d0 \ sha256 9a40199c5f6c97b4c79e968caa3a83742bf4fd45c293b21c9bfb3b632d4849c0 \ size 95868119 } openssl.branch 3 set python.version 313 set python.branch [string index ${python.version} 0].[string range ${python.version} 1 end] depends_build-append \ port:flex \ port:swig \ port:swig-python depends_lib-append port:bison \ port:curl \ port:libmagic \ port:libmaxminddb \ port:libpcap \ port:perl5 \ port:python${python.version} \ port:readline \ port:zlib configure.args-append \ -DCMAKE_BUILD_WITH_INSTALL_RPATH:BOOL=OFF \ -DCMAKE_VERBOSE_MAKEFILE:BOOL=ON \ -DPYTHON_EXECUTABLE=${prefix}/bin/python${python.branch} \ -DPYTHON_CONFIG=${frameworks_dir}/Python.framework/Versions/${python.branch}/lib/python${python.branch}/config-${python.branch}-darwin/python-config.py \ -DZEEK_ETC_INSTALL_DIR=${prefix}/etc/zeek \ -DZEEK_LOG_DIR=${prefix}/var/log/zeek \ -DZEEK_SPOOL_DIR=${prefix}/var/spool variant universal {} compiler.cxx_standard 2017 # see https://trac.macports.org/ticket/60252 platforms {darwin >= 19} post-destroot { delete {*}[glob ${destroot}${prefix}/etc/zeek/*.cfg] xinstall -d ${destroot}${prefix}/share/examples/${name} copy ${worksrcpath}/auxil/zeekctl/etc/node.cfg ${destroot}${prefix}/share/examples/${name}/ copy ${worksrcpath}/auxil/zeekctl/etc/networks.cfg ${destroot}${prefix}/share/examples/${name}/ copy ${worksrcpath}/auxil/zeekctl/etc/zeekctl.cfg.in ${destroot}${prefix}/share/examples/${name}/ xinstall -d ${destroot}${prefix}/Library/LaunchDaemons/ copy ${filespath}/org.macports.zeek.plist ${destroot}${prefix}/Library/LaunchDaemons/ reinplace "s|%%PREFIX%%|${prefix}|g" ${destroot}${prefix}/Library/LaunchDaemons/org.macports.zeek.plist xinstall -d ${destroot}${prefix}/etc/${name} xinstall -d ${destroot}${prefix}/var/log/${name} xinstall -d ${destroot}${prefix}/var/spool/${name} destroot.keepdirs ${destroot}${prefix}/etc/${name} \ ${destroot}${prefix}/var/log/${name} \ ${destroot}${prefix}/var/spool/${name} } startupitem.create yes startupitem.netchange yes startupitem.start "${prefix}/bin/zeekctl start" startupitem.stop "${prefix}/bin/zeekctl stop" startupitem.restart "${prefix}/bin/zeekctl restart" post-activate { if {![file exists ${prefix}/etc/zeek/node.cfg]} { copy ${prefix}/share/examples/${name}/node.cfg ${prefix}/etc/zeek/node.cfg } if {![file exists ${prefix}/etc/zeek/networks.cfg]} { copy ${prefix}/share/examples/${name}/networks.cfg ${prefix}/etc/zeek/networks.cfg } if {![file exists ${prefix}/etc/zeek/zeekctl.cfg]} { copy ${prefix}/share/examples/${name}/zeekctl.cfg.in ${prefix}/etc/zeek/zeekctl.cfg } } # This doesn't work due to error: error: AF_UNIX path too long # To manual test: # sudo port build # cd ${worksrcpath}/aux/btest/testing # sudo make all # #test.run yes #test.target all #test.dir ${worksrcpath}/aux/btest/testing notes " You'll need to set your ZEEKHOME to ${prefix}/share/zeek and your ZEEKPATH to ${prefix}/share/zeek/site:${prefix}/share/zeek/policy to use the provided policies. Check online documentation to finish install https://docs.zeek.org/en/stable/quickstart/index.html 1) review config: node.cfg, network.cfg, zeekctl.cfg especially network interface, MailTo Existing files have not been modified 2) Run as root or with sudo # zeekctl \[ZeekControl\] > install \[ZeekControl\] > start 3) Use scheduled task for maintenance # ln -s ${prefix}/Library/LaunchDaemons/org.macports.zeek.plist /Library/LaunchDaemons/ # launchctl load -w /Library/LaunchDaemons/org.macports.zeek.plist **** UPGRADING **** Paths have been changed to respect macports hierarchy ${prefix}/etc -> ${prefix}/etc/zeek ${prefix}/spool -> ${prefix}/var/spool/zeek ${prefix}/logs -> ${prefix}/var/log/zeek " livecheck.type regex livecheck.url https://zeek.org/get-zeek/ if {${subport} eq ${name}} { livecheck.regex org/${name}-(7\.0\.\[0-9a-z.\]+)${extract.suffix} } else { livecheck.regex org/${name}-(\[0-9a-z.\]+)${extract.suffix} }