package/zeek: new package

The Zeek Network Security Monitor

Zeek is a powerful network analysis framework that is much different
from the typical IDS you may know. (Zeek is the new name for the
long-established Bro system.)

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
[Arnout:
 - select python3 instead of depends;
 - patch python path in post-patch instead of post-install]
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
2022.08.x
Fabrice Fontaine 2022-01-07 22:52:30 +01:00 committed by Arnout Vandecappelle (Essensium/Mind)
parent adbfb71ee4
commit ea36681572
5 changed files with 139 additions and 0 deletions

View File

@ -974,6 +974,7 @@ F: package/tinycbor/
F: package/tinydtls/
F: package/tinymembench/
F: package/whois/
F: package/zeek/
N: Fabrice Goucem <fabrice.goucem@oss.nxp.com>
F: board/freescale/imx6ullevk/

View File

@ -2440,6 +2440,7 @@ endif
source "package/xl2tp/Config.in"
source "package/xtables-addons/Config.in"
source "package/zabbix/Config.in"
source "package/zeek/Config.in"
source "package/znc/Config.in"
endmenu

View File

@ -0,0 +1,40 @@
config BR2_PACKAGE_ZEEK
bool "zeek"
depends on BR2_USE_MMU # fork()
depends on BR2_INSTALL_LIBSTDCPP
depends on !BR2_STATIC_LIBS
depends on BR2_TOOLCHAIN_HAS_THREADS
depends on BR2_USE_WCHAR
select BR2_PACKAGE_LIBPCAP
select BR2_PACKAGE_MUSL_FTS if !BR2_TOOLCHAIN_USES_GLIBC
select BR2_PACKAGE_OPENSSL
select BR2_PACKAGE_ZLIB
help
The Zeek Network Security Monitor
Zeek is a powerful network analysis framework that is much
different from the typical IDS you may know. (Zeek is the new
name for the long-established Bro system.)
https://www.zeek.org
if BR2_PACKAGE_ZEEK
config BR2_PACKAGE_ZEEK_ZEEKCTL
bool "zeekctl"
select BR2_PACKAGE_BASH # runtime
select BR2_PACKAGE_BUSYBOX_SHOW_OTHERS # bash
select BR2_PACKAGE_PYTHON3
select BR2_PACKAGE_PYTHON3_CURSES
select BR2_PACKAGE_PYTHON3_HASHLIB
select BR2_PACKAGE_PYTHON3_SQLITE
select BR2_PACKAGE_PYTHON3_ZLIB
help
Tool for managing Zeek deployments
endif
comment "zeek needs a toolchain w/ C++, wchar, threads, dynamic library"
depends on BR2_USE_MMU
depends on !BR2_INSTALL_LIBSTDCPP || !BR2_USE_WCHAR || \
!BR2_TOOLCHAIN_HAS_THREADS || BR2_STATIC_LIBS

View File

@ -0,0 +1,6 @@
# Locally computed:
sha256 8c0afc999a8dd1c1f677a5cf818479b99c2d527e679e1ef99fb1b03f989c0373 zeek-4.1.1.tar.gz
# Hash for license files:
sha256 b2817e2fb935805ec9fc0e90c6b971efd810d9aedfc646bc5fcb535221e0266a COPYING
sha256 1a451eca7b3826a7df62991ba90dd6d23ff03d28c2eefb7f8c4f8b1eac97a61b COPYING.3rdparty

View File

@ -0,0 +1,91 @@
################################################################################
#
# zeek
#
################################################################################
ZEEK_VERSION = 4.1.1
ZEEK_SITE = https://download.zeek.org
ZEEK_LICENSE = \
BSD-3-Clause (zeek, C++ Actor Framework, ConvertUTF.c, CardinalityCounter.cc, pybind11), \
Public Domain (sqlite), \
MIT (doctest, libkqueue, RapidJSON, tsl-ordered-map, bro_inet_ntop.c), \
LGPL-3.0+ (Multifast Project), \
BSD-2-Clause (event.h), \
BSD-3-Clause (in_cksum.cc) \
BSD-4-Clause (Patricia.c, strsep.c, bsd-getopt-long.c), \
Apache-2.0 (highwayhash, folly), \
MPL-2.0 (mozilla-ca-list.zeek)
ZEEK_LICENSE_FILES = COPYING COPYING.3rdparty
ZEEK_SUPPORTS_IN_SOURCE_BUILD = NO
ZEEK_DEPENDENCIES = \
host-bison \
host-flex \
host-pkgconf \
host-python3 \
host-zeek \
$(if $(BR2_PACKAGE_LIBKRB5),libkrb5) \
$(if $(BR2_PACKAGE_LIBMAXMINDDB),libmaxminddb) \
libpcap \
openssl \
$(if $(BR2_PACKAGE_ROCKSDB),rocksdb) \
zlib
HOST_ZEEK_DEPENDENCIES = \
host-bison \
host-flex \
host-pkgconf \
host-python3 \
host-libpcap \
host-openssl \
host-zlib
ZEEK_CONF_OPTS = \
-DBIFCL_EXE_PATH=$(HOST_DIR)/bin/bifcl \
-DBINPAC_EXE_PATH=$(HOST_DIR)/bin/binpac \
-DBROKER_DISABLE_DOCS=ON \
-DBROKER_DISABLE_TESTS=ON \
-DINSTALL_AUX_TOOLS=ON \
-DZEEK_ETC_INSTALL_DIR=/etc
define ZEEK_FIX_PYTHON_PATH
$(SED) 's,@PYTHON_EXECUTABLE@,/usr/bin/python,' \
$(@D)/auxil/zeekctl/ZeekControl/ssh_runner.py
endef
ZEEK_POST_PATCH_HOOKS += ZEEK_FIX_PYTHON_PATH
ifeq ($(BR2_PACKAGE_JEMALLOC),y)
ZEEK_DEPENDENCIES += jemalloc
ZEEK_CONF_OPTS += -DENABLE_JEMALLOC=ON
else
ZEEK_CONF_OPTS += -DENABLE_JEMALLOC=OFF
endif
ifeq ($(BR2_PACKAGE_ZEEK_ZEEKCTL),y)
ZEEK_DEPENDENCIES += host-swig python3
ZEEK_CONF_OPTS += \
-DDISABLE_PYTHON_BINDINGS=OFF \
-DINSTALL_ZEEKCTL=ON \
-DPY_MOD_INSTALL_DIR=/usr/lib/zeekctl \
-DZEEK_PYTHON_PREFIX=/usr
else
ZEEK_CONF_OPTS += \
-DDISABLE_PYTHON_BINDINGS=ON \
-DINSTALL_ZEEKCTL=OFF
endif
ifneq ($(BR2_TOOLCHAIN_USES_GLIBC),y)
ZEEK_DEPENDENCIES += musl-fts
ZEEK_CONF_OPTS += -DCMAKE_EXE_LINKER_FLAGS=-lfts
endif
HOST_ZEEK_MAKE_OPTS = binpac bifcl
define HOST_ZEEK_INSTALL_CMDS
$(INSTALL) -D -m 0755 $(HOST_ZEEK_BUILDDIR)/auxil/bifcl/bifcl \
$(HOST_DIR)/bin/bifcl
$(INSTALL) -D -m 0755 $(HOST_ZEEK_BUILDDIR)/auxil/binpac/src/binpac \
$(HOST_DIR)/bin/binpac
endef
$(eval $(cmake-package))
$(eval $(host-cmake-package))