diff --git a/security/zeek/Makefile b/security/zeek/Makefile index 37b42d0770b9..7fc43d77d3c0 100644 --- a/security/zeek/Makefile +++ b/security/zeek/Makefile @@ -1,167 +1,167 @@ # Created by: David O'Brien PORTNAME= zeek PORTVERSION= 5.0.0 -PORTREVISION= 1 +PORTREVISION= 2 CATEGORIES= security MASTER_SITES= https://download.zeek.org/ DISTFILES= ${DISTNAME}${EXTRACT_SUFX} MAINTAINER= leres@FreeBSD.org COMMENT= System for detecting network intruders in real-time LICENSE= BSD3CLAUSE BROKEN_FreeBSD_12_powerpc64= does not build: error: zero-size array 'names' BUILD_DEPENDS= cmake>=3.15.0:devel/cmake USES= bison cmake compiler cpe gettext-runtime \ ninja perl5 python shebangfix ssl USE_LDCONFIG= yes BINARY_ALIAS= python3=${PYTHON_CMD} PORTSCOUT= limit:0,even CXXFLAGS_powerpc64= -mpower8-vector SHEBANG_FILES= auxil/zeekctl/auxil/trace-summary/trace-summary SUB_FILES= pkg-message NO_MTREE= yes CMAKE_ARGS+= -GNinja \ -D BUILD_SHARED_LIBS:BOOL=true \ -D BUILD_STATIC_BROKER:BOOL=true \ -D BinPAC_SKIP_INSTALL:BOOL=true \ -D CMAKE_EXE_LINKER_FLAGS="${OPENSSL_LDFLAGS}" \ -D CMAKE_INSTALL_PREFIX:PATH=${PREFIX} \ -D ENABLE_PERFTOOLS_DEBUG:BOOL=false \ -D INSTALL_AUX_TOOLS:BOOL=true \ -D PYTHON_EXECUTABLE:PATH=${PYTHON_CMD} \ -D PY_MOD_INSTALL_DIR:PATH=${PREFIX}/lib/zeekctl \ -D ZEEK_ETC_INSTALL_DIR:PATH=${PREFIX}/etc \ -D ZEEK_MAN_INSTALL_PATH=${MANPREFIX}/man \ -D ZEEK_ROOT_DIR:PATH=${PREFIX} \ -D ZEEK_SCRIPT_INSTALL_PATH:PATH=${PREFIX}/share/zeek ZEEKUSER?= zeek ZEEKGROUP?= zeek PLIST_SUB+= ARCH=${UNAME_M} \ LCASE_OPSYS=${OPSYS:tl} \ ZEEKGROUP=${ZEEKGROUP} \ ZEEKUSER=${ZEEKUSER} USERS= ${ZEEKUSER} GROUPS= ${ZEEKGROUP} OPTIONS_DEFINE= BROKER GEOIP2 IPSUMDUMP LBL_CF LBL_HF NETMAP PERFTOOLS \ SPICY ZEEKCTL ZKG OPTIONS_SINGLE= BUILD_TYPE OPTIONS_SINGLE_BUILD_TYPE= DEBUG MINSIZEREL RELEASE RELWITHDEBINFO OPTIONS_DEFAULT= BROKER GEOIP2 IPSUMDUMP LBL_CF LBL_HF NETMAP RELEASE \ SPICY ZEEKCTL ZKG OPTIONS_SUB= yes BROKER_DESC= Enable the Broker communication library DEBUG_DESC= Optimizations off, debug symbols/flags on GEOIP2_DESC= Build with GeoIP2 (MaxMindDB) support IPSUMDUMP_DESC= Enables traffic summaries LBL_CF_DESC= Unix time to formated time/date filter support LBL_HF_DESC= Address to hostname filter support MINSIZEREL_DESC= Optimizations on, debug symbols/flags off NETMAP_DESC= Native Netmap Packet IOSource for Zeek PERFTOOLS_DESC= Use Perftools to improve memory & CPU usage RELEASE_DESC= Optimizations on, debug symbols/flags off RELWITHDEBINFO_DESC= Optimizations/debug symbols on, debug flags off SPICY_DESC= Enable the Spicy parser generator ZEEKCTL_DESC= ZeekControl support (implies BROKER and IPSUMDUMP) ZKG_DESC= Zeek package manager support ZEEKCTL_IMPLIES= BROKER IPSUMDUMP BROKER_BUILD_DEPENDS= swig:devel/swig BROKER_CMAKE_BOOL= ENABLE_BROKER GEOIP2_LIB_DEPENDS= libmaxminddb.so:net/libmaxminddb IPSUMDUMP_BUILD_DEPENDS=ipsumdump:net/ipsumdump IPSUMDUMP_RUN_DEPENDS= ipsumdump:net/ipsumdump LBL_CF_RUN_DEPENDS= ${LOCALBASE}/bin/cf:sysutils/lbl-cf LBL_HF_RUN_DEPENDS= ${LOCALBASE}/bin/hf:sysutils/lbl-hf NETMAP_GH_TUPLE= zeek:zeek-netmap:v2.0.0:zeek_netmap NETMAP_USE= GITHUB=nodefault PERFTOOLS_BUILD_DEPENDS=${LOCALBASE}/bin/perftools-pprof:devel/google-perftools PERFTOOLS_CMAKE_BOOL= ENABLE_PERFTOOLS PERFTOOLS_RUN_DEPENDS=${LOCALBASE}/bin/perftools-pprof:devel/google-perftools PYTHON_BUILD_DEPENDS= swig:devel/swig SPICY_ENABLE= spicy SPICY_BUILD_DEPENDS= bison>=3.3:devel/bison \ flex>=2.6:textproc/flex ZEEKCTL_BUILD_DEPENDS= ${LOCALBASE}/bin/bash:shells/bash \ ${PYTHON_PKGNAMEPREFIX}sqlite3>0:databases/py-sqlite3@${PY_FLAVOR} \ swig:devel/swig ZEEKCTL_CMAKE_BOOL= INSTALL_ZEEKCTL ZEEKCTL_RUN_DEPENDS= ${LOCALBASE}/bin/bash:shells/bash \ ${PYTHON_PKGNAMEPREFIX}sqlite3>0:databases/py-sqlite3@${PY_FLAVOR} ZKG_RUN_DEPENDS= ${PYTHON_PKGNAMEPREFIX}zkg>=2.7.1:security/py-zkg@${PY_FLAVOR} \ .include .if ${PORT_OPTIONS:MDEBUG} CMAKE_BUILD_TYPE= Debug STRIP= .elif ${PORT_OPTIONS:MMINSIZEREL} CMAKE_BUILD_TYPE= MinSizeRel .elif ${PORT_OPTIONS:MRELEASE} CMAKE_BUILD_TYPE= Release .elif ${PORT_OPTIONS:MRELWITHDEBINFO} CMAKE_BUILD_TYPE= RelWithDebInfo STRIP= .endif .if ${PORT_OPTIONS:MZEEKCTL} USE_RC_SUBR= zeek .endif post-patch: ${REINPLACE_CMD} -e '\|/usr/local/|s|$$| ${STAGEDIR}${PREFIX}/|' \ ${WRKSRC_zeek_netmap}/cmake/FindNetmap.cmake post-install-ZEEKCTL-on: ${MKDIR} ${STAGEDIR}${PREFIX}/logs ${MKDIR} ${STAGEDIR}${PREFIX}/spool/tmp ${MKDIR} ${STAGEDIR}${PREFIX}/spool/installed-scripts-do-not-touch/auto ${MKDIR} ${STAGEDIR}${PREFIX}/spool/installed-scripts-do-not-touch/site .for F in zeekctl.cfg networks.cfg node.cfg ${MV} ${STAGEDIR}${PREFIX}/etc/${F} ${STAGEDIR}${PREFIX}/etc/${F}.sample .endfor ${RM} ${STAGEDIR}${PREFIX}/share/zeekctl/scripts/zeekctl-config.sh ${LN} -s ../../../spool/zeekctl-config.sh \ ${STAGEDIR}${PREFIX}/share/zeekctl/scripts/zeekctl-config.sh post-install: ${MV} ${STAGEDIR}${DATADIR}/site/local.zeek \ ${STAGEDIR}${DATADIR}/site/local.zeek.sample pre-install-ZEEKCTL-on: ${MKDIR} ${STAGEDIR}${PREFIX}/etc/rc.d post-install-NETMAP-on: ${MKDIR} ${WRKDIR}/zeek-bin ${CP} ${STAGEDIR}${PREFIX}/bin/zeek-config ${WRKDIR}/zeek-bin ${REINPLACE_CMD} -e 's|${PREFIX}|${STAGEDIR}${PREFIX}|g' \ ${WRKDIR}/zeek-bin/zeek-config cd ${WRKSRC_zeek_netmap} && ${SETENV} PATH=${WRKDIR}/zeek-bin:${PATH} \ ./configure --with-netmap=/usr \ --install-root=${STAGEDIR}${PREFIX}/lib/zeek/plugins cd ${WRKSRC_zeek_netmap}/build && make && make install .include # Would like to use ARCH (uname -p) but it's not always correct (e.g. arm64) UNAME_M!= ${UNAME} -m .include diff --git a/security/zeek/files/patch-src_input_readers_raw_Raw.cc b/security/zeek/files/patch-src_input_readers_raw_Raw.cc index 805217f4371b..7ed81f816406 100644 --- a/security/zeek/files/patch-src_input_readers_raw_Raw.cc +++ b/security/zeek/files/patch-src_input_readers_raw_Raw.cc @@ -1,115 +1,146 @@ ---- src/input/readers/raw/Raw.cc.orig 2022-07-05 21:26:56 UTC +--- src/input/readers/raw/Raw.cc.orig 2022-07-05 19:35:27 UTC +++ src/input/readers/raw/Raw.cc +@@ -2,15 +2,15 @@ + + #include "zeek/input/readers/raw/Raw.h" + +-#include + #include +-#include +-#include +-#include + #include + #include + #include + #include ++#include ++#include ++#include ++#include + + #include "zeek/input/readers/raw/Plugin.h" + #include "zeek/input/readers/raw/raw.bif.h" @@ -36,6 +36,7 @@ Raw::Raw(ReaderFrontend* frontend) firstrun = true; mtime = 0; ino = 0; + dev = 0; forcekill = false; offset = 0; separator.assign((const char*)BifConst::InputRaw::record_separator->Bytes(), -@@ -280,12 +281,31 @@ bool Raw::OpenInput() - else - { +@@ -282,10 +283,27 @@ bool Raw::OpenInput() file = std::unique_ptr(fopen(fname.c_str(), "r"), fclose); -+ if ( ! file && Info().mode == MODE_STREAM ) -+ { -+ // Watch /dev/null until the file appears -+ file = std::unique_ptr(fopen("/dev/null", "r"), fclose); -+ } -+ if ( ! file ) { ++ if ( Info().mode == MODE_STREAM ) ++ // Wait for file to appear ++ return true; ++ Error(Fmt("Init: cannot open %s", fname.c_str())); return false; } + if ( Info().mode == MODE_STREAM ) + { + struct stat sb; + if ( fstat(fileno(file.get()), &sb) == -1 ) + { + // This is unlikely to fail + Error(Fmt("Could not get fstat for %s", fname.c_str())); + return false; + } + ino = sb.st_ino; + dev = sb.st_dev; + } + if ( ! SetFDFlags(fileno(file.get()), F_SETFD, FD_CLOEXEC) ) Warning(Fmt("Init: cannot set close-on-exec for %s", fname.c_str())); } -@@ -346,6 +366,7 @@ bool Raw::DoInit(const ReaderInfo& info, int num_field +@@ -346,6 +364,7 @@ bool Raw::DoInit(const ReaderInfo& info, int num_field fname = info.source; mtime = 0; ino = 0; + dev = 0; execute = false; firstrun = true; int want_fields = 1; -@@ -574,23 +595,57 @@ bool Raw::DoUpdate() +@@ -574,25 +593,61 @@ bool Raw::DoUpdate() mtime = sb.st_mtime; ino = sb.st_ino; + dev = sb.st_dev; // file changed. reread. // // fallthrough } case MODE_MANUAL: - case MODE_STREAM: - if ( Info().mode == MODE_STREAM && file ) - { - clearerr(file.get()); // remove end of file evil bits - break; - } - CloseInput(); if ( ! OpenInput() ) return false; -+ break; -+ + break; + + case MODE_STREAM: + // Clear possible EOF condition + if ( file ) + clearerr(file.get()); + + // Done if reading from a pipe + if ( execute ) + break; + + // Check if the file has changed + struct stat sb; + if ( stat(fname.c_str(), &sb) == -1 ) + // File was removed + break; + + // Is it the same file? -+ if ( sb.st_ino == ino && sb.st_dev == dev ) ++ if ( file && sb.st_ino == ino && sb.st_dev == dev ) + break; + + // File was replaced + FILE* tfile; + tfile = fopen(fname.c_str(), "r"); + if ( ! tfile ) + break; + + // Stat newly opened file + if ( fstat(fileno(tfile), &sb) == -1 ) + { + // This is unlikely to fail + Error(Fmt("Could not fstat %s", fname.c_str())); ++ fclose(tfile); + return false; + } -+ file.reset(nullptr); ++ if ( file ) ++ file.reset(nullptr); + file = std::unique_ptr(tfile, fclose); + ino = sb.st_ino; + dev = sb.st_dev; + offset = 0; + bufpos = 0; - break; - ++ break; ++ default: + assert(false); + } +@@ -604,6 +659,10 @@ bool Raw::DoUpdate() + { + if ( stdin_towrite > 0 ) + WriteToStdin(); ++ ++ if ( ! file && Info().mode == MODE_STREAM ) ++ // Wait for file to appear ++ break; + + int64_t length = GetLine(file.get()); + // printf("Read %lld bytes\n", length);