Date: Sat, 28 Jul 2007 19:26:11 -0500 (CDT) From: Paul Schmehl <pauls@utdallas.edu> To: FreeBSD-gnats-submit@FreeBSD.org Subject: ports/114999: security/bro, port upgrade to version 1.2.1, take over maintainership Message-ID: <20070729002611.D9D8F261824@utd59514.utdallas.edu> Resent-Message-ID: <200707290030.l6T0UKJf009521@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help
>Number: 114999 >Category: ports >Synopsis: security/bro, port upgrade to version 1.2.1, take over maintainership >Confidential: no >Severity: non-critical >Priority: low >Responsible: freebsd-ports-bugs >State: open >Quarter: >Keywords: >Date-Required: >Class: update >Submitter-Id: current-users >Arrival-Date: Sun Jul 29 00:30:20 GMT 2007 >Closed-Date: >Last-Modified: >Originator: Paul Schmehl >Release: FreeBSD 6.0-SECURITY i386 >Organization: The University of Texas at Dallas >Environment: System: FreeBSD hostname.utdallas.edu 6.0-SECURITY FreeBSD 6.0-SECURITY #0: Wed Feb 14 12:22:36 UTC 2007 root@builder.daemonology.net:/usr/obj/usr/src/sys/GENERIC i386 >Description: This is an upgrade of the security/bro port to the current stable version. The port is very complex, so it needs to be tested carefully to make sure that I'm not screwing anything up or using wrong conventions. Also, I'm willing to take over maintainership of the port if it's accepted into the tree. Please note, there are several files that need to be removed from the port and quite a few that need to be added. All these files are in FILESDIR. I have provided blank patches for the files that need to be removed, so the patches will create blank files. The names of the files that are to be removed are files/patch-Conn.h, files/patch-Obj.cc, files/patch-Serializer.h, files/patch-doc-Makefile.in, files/patch-patricia.c and files/patch-patricia.h. The new files that are to be added are files/patch-aux-scripts.Makefile.in, files/patch-policy-Makefile.in, files/patch-policy-sigs-Makefile.in, files/patch-scripts-Makefile.in, files/patch-scripts-Makefile.in, files/patch-scripts-bro-config.in, files/patch-scripts-bro.rc.in, files/patch-scripts-localnetMAC.pl, files/patch-scripts-perl-Makefile.PL, files/patch-scripts-s2b-bin-Makefile.in, files/patch-scripts-s2b-bro-include-Makefile.in, files/patch-scripts-s2b-etc-Makefile.in, files/patch-scripts-s2b-example-bro-files-Makefile.in, files/patch-src-Makefile.in, files/pkg-deinstall.in, files/pkg-install.in and files/pkg-message.in. >How-To-Repeat: >Fix: --- patch-Makefile begins here --- --- Makefile.orig Tue Jul 24 13:41:45 2007 +++ Makefile Thu Jul 26 09:58:20 2007 @@ -1,62 +1,104 @@ -# # Ports collection makefile for: bro -# Date created: Sat Feb 28, 1998 -# Whom: David O'Brien (obrien@FreeBSD.org) +# Date created: Mon Jul 16, 2007 +# Whom: Paul Schmehl (pauls@utdallas.edu) # # $FreeBSD: ports/security/bro/Makefile,v 1.31 2006/05/13 04:14:59 edwin Exp $ # PORTNAME= bro -PORTVERSION= 0.8 -PORTREVISION= 1 +PORTVERSION= 1.2 CATEGORIES= security -MASTER_SITES= ftp://ftp.ee.lbl.gov/ -DISTNAME= ${PORTNAME}-pub-${PORTVERSION}a37 +MASTER_SITES= ftp://bro-ids.org/ +DISTNAME= ${PORTNAME}-${PORTVERSION}-stable -MAINTAINER= ports@FreeBSD.org +MAINTAINER= pauls@utdallas.edu COMMENT= System for detecting Network Intruders in real-time BUILD_DEPENDS= bison:${PORTSDIR}/devel/bison -WRKSRC= ${WRKDIR}/${PORTNAME}-pub-${PORTVERSION}a37 +OPTIONS= GPG "Support encrypted email" Off \ + DOCS "Install documentation (not recommended)" Off + +WRKSRC= ${WRKDIR}/bro-${PORTVERSION}.1 +USE_LDCONFIG= ${PREFIX}/share GNU_CONFIGURE= yes MAKE_ENV+= CC="${CC}" CONFIGURE_TARGET= --build=${MACHINE_ARCH}-portbld-freebsd${OSREL} CONFIGURE_ARGS= --libdir=${PREFIX}/share USE_PERL5= yes +SUB_FILES= pkg-deinstall pkg-install pkg-message +SUB_LIST= BROHOME=${BROHOME} BROSITEDIR=${BROSITEDIR} SITE_PERL=${SITE_PERL} WRKSRC=${WRKSRC} +BROHOME= ${PREFIX}/bro +BROSITEDIR= ${BROHOME}/site + +.include <bsd.port.pre.mk> + +.if defined(WITH_GPG) +BUILD_DEPENDS+= gpg:${PORTSDIR}/security/gnupg +.endif +.if !defined(WITH_DOCS) +NOPORTDOCS= Yes +.endif + post-extract: - @cd ${WRKSRC} && ${TAR} xfz libedit.src.tar.gz + @cd ${WRKSRC}/src && ${TAR} xfz libedit.src.tar.gz post-patch: @${REINPLACE_CMD} -e 's|CFLAGS+=-g -O0||g; \ s|CC=gcc||' \ - ${WRKSRC}/libedit/Makefile.in \ - ${WRKSRC}/libedit/Makefile + ${WRKSRC}/src/libedit/Makefile.in \ + ${WRKSRC}/src/libedit/Makefile @${REINPLACE_CMD} -e "s,tr '\[a-z\]' '\[A-Z\]',tr 'a-z' 'A-Z',g" \ - ${WRKSRC}/libedit/makelist + ${WRKSRC}/src/libedit/makelist @${REINPLACE_CMD} -E -e 's,(const char\*) const (helpstring),\1 \2,g' \ - ${WRKSRC}/DebugCmds.h + ${WRKSRC}/src/DebugCmds.h pre-configure: @${ECHO_CMD} "Configure libedit..." - @(cd ${WRKSRC}/libedit && ${MAKE_ENV} ./configure) + @(cd ${WRKSRC}/src/libedit && ${MAKE_ENV} ./configure) pre-build: @${ECHO_CMD} "Building libedit..." - @(cd ${WRKSRC}/libedit && ${MAKE}) - -pre-install: - @${MKDIR} ${DATADIR} + @(cd ${WRKSRC}/src/libedit && ${MAKE}) post-install: - @${STRIP_CMD} ${PREFIX}/sbin/bro - @${INSTALL_DATA} ${WRKSRC}/policy/*.* ${DATADIR} + @${STRIP_CMD} ${PREFIX}/bin/bro + @${MKDIR} ${PREFIX}/bro/etc + @${MKDIR} ${SITE_PERL}/mach/Bro + @${MKDIR} ${SITE_PERL}/mach/Bro/Log + @${MKDIR} ${SITE_PERL}/mach/Bro/Report + ${INSTALL_DATA} ${WRKSRC}/scripts/bro.cfg.example ${PREFIX}/etc + ${INSTALL_DATA} ${WRKSRC}/scripts/local.site.bro.default ${BROSITEDIR} + ${INSTALL_DATA} ${WRKSRC}/scripts/IP4.pm ${SITE_PERL}/mach + ${INSTALL_DATA} ${WRKSRC}/scripts/perl/lib/Bro/Config.pm ${SITE_PERL}/mach/Bro + ${INSTALL_DATA} ${WRKSRC}/scripts/perl/lib/Bro/Log.pm ${SITE_PERL}/mach/Bro + ${INSTALL_DATA} ${WRKSRC}/scripts/perl/lib/Bro/Report.pm ${SITE_PERL}/mach/Bro + ${INSTALL_DATA} ${WRKSRC}/scripts/perl/lib/Bro/Signature.pm ${SITE_PERL}/mach/Bro + ${INSTALL_DATA} ${WRKSRC}/scripts/perl/lib/Bro/Log/Alarm.pm ${SITE_PERL}/mach/Bro/Log + ${INSTALL_DATA} ${WRKSRC}/scripts/perl/lib/Bro/Log/Conn.pm ${SITE_PERL}/mach/Bro/Log + ${INSTALL_DATA} ${WRKSRC}/scripts/perl/lib/Bro/Report/Alarm.pm ${SITE_PERL}/mach/Bro/Report + ${INSTALL_DATA} ${WRKSRC}/scripts/perl/lib/Bro/Report/Conn.pm ${SITE_PERL}/mach/Bro/Report + ${INSTALL_SCRIPT} ${WRKSRC}/scripts/bro.rc ${BROHOME}/scripts + ${INSTALL_SCRIPT} ${WRKSRC}/scripts/bro.rc-hooks.sh ${BROHOME}/scripts + ${INSTALL_SCRIPT} ${WRKSRC}/scripts/bro_config ${BROHOME}/scripts + ${INSTALL_SCRIPT} ${WRKSRC}/scripts/localnetMAC.pl ${BROHOME}/scripts + ${INSTALL_SCRIPT} ${WRKSRC}/scripts/perl/script/edit-brorule.pl ${BROHOME}/scripts + ${INSTALL_SCRIPT} ${WRKSRC}/scripts/perl/script/site-report.pl ${BROHOME}/scripts + ${INSTALL_PROGRAM} ${WRKSRC}/aux/adtrace/adtrace ${PREFIX}/bin + ${SH} ${PKGINSTALL} + .if !defined(NOPORTDOCS) + @${ECHO_MSG} "You have chosen to install documentation" + @${ECHO_MSG} "but the online documentation will be much" + @${ECHO_MSG} "more up to date." @${MKDIR} ${DOCSDIR} - ${INSTALL_MAN} ${WRKSRC}/doc/bro-CN99.ps ${DOCSDIR} - @${GZIP_CMD} ${DOCSDIR}/bro-CN99.ps + ${INSTALL_DATA} ${WRKSRC}/doc/quick-start/Bro-quick-start.pdf ${DOCSDIR} + ${INSTALL_DATA} ${WRKSRC}/doc/quick-start/bro-deployment.pdf ${DOCSDIR} + ${INSTALL_DATA} ${WRKSRC}/doc/user-manual/Bro-user-manual.pdf ${DOCSDIR} .endif -.include <bsd.port.mk> + @${CAT} ${PKGMESSAGE} + +.include <bsd.port.post.mk> --- patch-Makefile ends here --- --- patch-distinfo begins here --- --- distinfo.orig Tue Jul 24 13:44:16 2007 +++ distinfo Tue Jul 17 12:42:39 2007 @@ -1,3 +1,3 @@ -MD5 (bro-pub-0.8a37.tar.gz) = abf9ddc6e7086639130f2e792eca4ab3 -SHA256 (bro-pub-0.8a37.tar.gz) = 3bdf9c18ccb12181e8383c9d5969fd1b86d7d601a98fdf6655467c64167fb5bc -SIZE (bro-pub-0.8a37.tar.gz) = 1696069 +MD5 (bro-1.2-stable.tar.gz) = ca4c0435da066d901c63f182faa7f540 +SHA256 (bro-1.2-stable.tar.gz) = 276da336a210d5664b483bc44fe29e3e670a02cd5b2932890050a11954afe17f +SIZE (bro-1.2-stable.tar.gz) = 3986890 --- patch-distinfo ends here --- --- patch-pkg-descr begins here --- --- pkg-descr.orig Tue Jul 24 13:44:29 2007 +++ pkg-descr Mon Jul 16 17:31:25 2007 @@ -1,16 +1,16 @@ -Bro is a system for detecting Network Intruders in real-time by the guys -that brought you tcpdump, libpcap, and flex. - -Bro is a stand-alone system for detecting network intruders in real-time -by passively monitoring a network link over which the intruder's traffic -transits. Bro is divided into an "event engine" that reduces a -kernel-filtered network traffic stream into a series of higher-level -events, and a "policy script interpreter" that interprets event handlers -written in a specialized language used to express a site's security policy. -Event handlers can update state information, synthesize new events, record -information to disk, and generate real-time notifications via `syslog'. +Bro is an open-source, Unix-based Network Intrusion Detection System (NIDS) +that passively monitors network traffic and looks for suspicious activity. +Bro detects intrusions by first parsing network traffic to extract is +application-level semantics and then executing event-oriented analyzers that +compare the activity with patterns deemed troublesome. Its analysis includes +detection of specific attacks (including those defined by signatures, but +also those defined in terms of events) and unusual activities (e.g., certain +hosts connecting to certain services, or patterns of failed connection +attempts). Bro is documented in the USENIX 1998 Security Conference proceedings. --- David - obrien@cs.ucdavis.edu +-- Paul + pauls@utdallas.edu + +WWW: http://bro-ids.org/ --- patch-pkg-descr ends here --- --- patch-pkg-plist begins here --- --- pkg-plist.orig Tue Jul 24 13:44:42 2007 +++ pkg-plist Tue Jul 24 10:16:58 2007 @@ -1,83 +1,238 @@ -@comment $FreeBSD: ports/security/bro/pkg-plist,v 1.4 2003/10/14 14:50:58 osa Exp $ -sbin/bro -%%DATADIR%%/active.bro -%%DATADIR%%/alert.bro -%%DATADIR%%/analy.bro -%%DATADIR%%/anon.bro -%%DATADIR%%/backdoor.bro -%%DATADIR%%/bro.bif.bro -%%DATADIR%%/bro.init -%%DATADIR%%/capture-events.bro -%%DATADIR%%/checkpoint.bro -%%DATADIR%%/common-rw.bif.bro -%%DATADIR%%/conn.bro -%%DATADIR%%/const.bif.bro -%%DATADIR%%/contents.bro -%%DATADIR%%/demux.bro -%%DATADIR%%/dns.bro -%%DATADIR%%/dns-lookup.bro -%%DATADIR%%/drop-adapt.bro -%%DATADIR%%/event.bif.bro -%%DATADIR%%/finger.bro -%%DATADIR%%/finger-rw.bif.bro -%%DATADIR%%/flag-irc.bro -%%DATADIR%%/flag-warez.bro -%%DATADIR%%/frag.bro -%%DATADIR%%/ftp.bro -%%DATADIR%%/ftp-anonymizer.bro -%%DATADIR%%/ftp-cmd-arg.bro -%%DATADIR%%/ftp-rw.bif.bro -%%DATADIR%%/ftp-safe-words.bro -%%DATADIR%%/hot.bro -%%DATADIR%%/hot-ids.bro -%%DATADIR%%/http.bro -%%DATADIR%%/http-abstract.bro -%%DATADIR%%/http-body.bro -%%DATADIR%%/http-entity.bro -%%DATADIR%%/http-event.bro -%%DATADIR%%/http-header.bro -%%DATADIR%%/http-reply.bro -%%DATADIR%%/http-request.bro -%%DATADIR%%/http-rewriter.bro -%%DATADIR%%/http-rw.bif.bro -%%DATADIR%%/icmp.bro -%%DATADIR%%/ident-rewriter.bro -%%DATADIR%%/ident.bro -%%DATADIR%%/ident-rw.bif.bro -%%DATADIR%%/inactivity.bro -%%DATADIR%%/interconn.bro -%%DATADIR%%/load-level.bro -%%DATADIR%%/log.bro -%%DATADIR%%/login.bro -%%DATADIR%%/mime.bro -%%DATADIR%%/mt.bro -%%DATADIR%%/netstats.bro -%%DATADIR%%/ntp.bro -%%DATADIR%%/pcap.bro -%%DATADIR%%/port-name.bro -%%DATADIR%%/portmapper.bro -%%DATADIR%%/print-filter.bro -%%DATADIR%%/print-globals.bro -%%DATADIR%%/print-resources.bro -%%DATADIR%%/reduce-memory.bro -%%DATADIR%%/scan.bro -%%DATADIR%%/signatures.bro -%%DATADIR%%/site.bro -%%DATADIR%%/smtp-relay.bro -%%DATADIR%%/smtp-rewriter.bro -%%DATADIR%%/smtp.bro -%%DATADIR%%/smtp-rw.bif.bro -%%DATADIR%%/software.bro -%%DATADIR%%/ssh-stepping.bro -%%DATADIR%%/ssh.bro -%%DATADIR%%/ssl-worm.bro -%%DATADIR%%/stepping.bro -%%DATADIR%%/synflood.bro -%%DATADIR%%/tcp.bro -%%DATADIR%%/tftp.bro -%%DATADIR%%/udp.bro -%%DATADIR%%/weird.bro -%%DATADIR%%/worm.bro -%%PORTDOCS%%%%DOCSDIR%%/bro-CN99.ps.gz -%%PORTDOCS%%@dirrm %%DATADIR%% -%%PORTDOCS%%@dirrm %%DOCSDIR%% +bin/adtrace +bin/bdcat +bin/binpac +bin/bro +bin/broccoli-config +bin/broconftest +bin/broconn +bin/broenum +bin/brohose +bin/broping +bin/cf +bin/hf +bin/nf +bin/pf +bin/rst +bro/etc/alert_scores +bro/etc/signature_scores +bro/etc/VERSION +bro/policy/OS-fingerprint.bro +bro/policy/adu.bro +bro/policy/alarm.bro +bro/policy/analy.bro +bro/policy/anon.bro +bro/policy/arp.bro +bro/policy/backdoor.bro +bro/policy/blaster.bro +bro/policy/bro.bif.bro +bro/policy/bro.init +bro/policy/brolite-backdoor.bro +bro/policy/brolite-sigs.bro +bro/policy/brolite.bro +bro/policy/capture-events.bro +bro/policy/checkpoint.bro +bro/policy/clear-passwords.bro +bro/policy/common-rw.bif.bro +bro/policy/conn-id.bro +bro/policy/conn.bro +bro/policy/const.bif.bro +bro/policy/contents.bro +bro/policy/cpu-adapt.bro +bro/policy/demux.bro +bro/policy/detect-protocols-http.bro +bro/policy/detect-protocols.bro +bro/policy/dns-anonymizer.bro +bro/policy/dns-info.bro +bro/policy/dns-lookup.bro +bro/policy/dns-rw.bif.bro +bro/policy/dns.bro +bro/policy/dpd.bro +bro/policy/drop-adapt.bro +bro/policy/dyn-disable.bro +bro/policy/event.bif.bro +bro/policy/file-flush.bro +bro/policy/finger-rw.bif.bro +bro/policy/finger.bro +bro/policy/firewall.bro +bro/policy/flag-irc.bro +bro/policy/flag-warez.bro +bro/policy/frag.bro +bro/policy/ftp-anonymizer.bro +bro/policy/ftp-cmd-arg.bro +bro/policy/ftp-reply-pattern.bro +bro/policy/ftp-rw.bif.bro +bro/policy/ftp-safe-words.bro +bro/policy/ftp.bro +bro/policy/gnutella.bro +bro/policy/hand-over.bro +bro/policy/heavy-analysis.bro +bro/policy/heavy.http.bro +bro/policy/heavy.irc.bro +bro/policy/heavy.scan.bro +bro/policy/heavy.software.bro +bro/policy/heavy.trw.bro +bro/policy/hot-ids.bro +bro/policy/hot.bro +bro/policy/http-abstract.bro +bro/policy/http-anon-server.bro +bro/policy/http-anon-useragent.bro +bro/policy/http-anon-utils.bro +bro/policy/http-anonymizer.bro +bro/policy/http-body.bro +bro/policy/http-entity.bro +bro/policy/http-event.bro +bro/policy/http-header.bro +bro/policy/http-reply.bro +bro/policy/http-request.bro +bro/policy/http-rewriter.bro +bro/policy/http-rw.bif.bro +bro/policy/http.bro +bro/policy/icmp.bro +bro/policy/ident-rewriter.bro +bro/policy/ident-rw.bif.bro +bro/policy/ident.bro +bro/policy/inactivity.bro +bro/policy/interconn.bro +bro/policy/irc-bot.bro +bro/policy/irc.bro +bro/policy/large-conns.bro +bro/policy/listen-clear.bro +bro/policy/listen-ssl.bro +bro/policy/load-level.bro +bro/policy/load-sample.bro +bro/policy/log-append.bro +bro/policy/login.bro +bro/policy/mime-pop.bro +bro/policy/mime.bro +bro/policy/mt.bro +bro/policy/netstats.bro +bro/policy/nfs.bro +bro/policy/notice-action-filters.bro +bro/policy/notice-policy.bro +bro/policy/notice.bro +bro/policy/ntp.bro +bro/policy/passwords.bro +bro/policy/pcap.bro +bro/policy/peer-status.bro +bro/policy/pkt-profile.bro +bro/policy/pop3.bro +bro/policy/port-name.bro +bro/policy/portmapper.bro +bro/policy/print-filter.bro +bro/policy/print-globals.bro +bro/policy/print-resources.bro +bro/policy/print-sig-states.bro +bro/policy/profiling.bro +bro/policy/proxy.bro +bro/policy/remote-pcap.bro +bro/policy/remote-ping.bro +bro/policy/remote-print.bro +bro/policy/remote-report-notices.bro +bro/policy/remote-send-id.bro +bro/policy/remote.bro +bro/policy/rotate-logs.bro +bro/policy/rsh.bro +bro/policy/scan.bro +bro/policy/secondary-filter.bro +bro/policy/sensor-sshd.bro +bro/policy/server-ports.bro +bro/policy/service-probe.bro +bro/policy/sig-action.bro +bro/policy/sig-addendum.sig +bro/policy/sig-functions.bro +bro/policy/signatures.bro +bro/policy/sigs/dpd.sig +bro/policy/sigs/ex.web-rules.sig +bro/policy/sigs/p0fsyn.osf +bro/policy/sigs/snort-default.sig +bro/policy/sigs/ssl-worm.sig +bro/policy/sigs/worm.sig +bro/policy/site.bro +bro/policy/smtp-relay.bro +bro/policy/smtp-rewriter.bro +bro/policy/smtp-rw.bif.bro +bro/policy/smtp.bro +bro/policy/snort.bro +bro/policy/software.bro +bro/policy/ssh-stepping.bro +bro/policy/ssh.bro +bro/policy/ssl-alerts.bro +bro/policy/ssl-ciphers.bro +bro/policy/ssl-errors.bro +bro/policy/ssl-worm.bro +bro/policy/ssl.bro +bro/policy/stats.bro +bro/policy/stepping.bro +bro/policy/strings.bif.bro +bro/policy/synflood.bro +bro/policy/tcp.bro +bro/policy/tftp.bro +bro/policy/trw-impl.bro +bro/policy/trw.bro +bro/policy/udp-common.bro +bro/policy/udp.bro +bro/policy/vlan.bro +bro/policy/weird.bro +bro/policy/worm.bro +bro/scripts/bro-logchk.pl +bro/scripts/bro.rc +bro/scripts/bro.rc-hooks.sh +bro/scripts/bro_config +bro/scripts/bro_log_compress.sh +bro/scripts/edit-brorule.pl +bro/scripts/frontend-mail-reports.sh +bro/scripts/frontend-site-report.sh +bro/scripts/host-grep +bro/scripts/host-to-addrs +bro/scripts/localnetMAC.pl +bro/scripts/mail_notice.sh +bro/scripts/mvlog +bro/scripts/push_logs.sh +bro/scripts/site-report.pl +@unexec if cmp -s %D/bro/site/local.site.bro.default %D/bro/site/local.site.bro; then rm -f %D/bro/site/local.site.bro; fi +bro/site/local.site.bro.default +bro/site/signatures.sig +@unexec if cmp -s %D/etc/bro.cfg.sample %D/etc/bro.cfg; then rm -f %D/etc/bro.cfg; fi +etc/bro.cfg.example +etc/broccoli.conf +include/broccoli.h +share/broccoli/broconn.bro +share/broccoli/broenum.bro +share/broccoli/brohose.bro +share/broccoli/broping-record.bro +share/broccoli/broping.bro +share/gtk-doc/html/broccoli/a2850.html +share/gtk-doc/html/broccoli/api.html +share/gtk-doc/html/broccoli/broccoli-broccoli.html +share/gtk-doc/html/broccoli/c21.html +share/gtk-doc/html/broccoli/c55.html +share/gtk-doc/html/broccoli/c85.html +share/gtk-doc/html/broccoli/images/caution.gif +share/gtk-doc/html/broccoli/images/logo.jpg +share/gtk-doc/html/broccoli/images/note.gif +share/gtk-doc/html/broccoli/images/warning.gif +share/gtk-doc/html/broccoli/index.html +share/gtk-doc/html/broccoli/stylesheet.css +share/libbroccoli.a +share/libbroccoli.la +share/libbroccoli.so +share/libbroccoli.so.0 +@unexec if [ -f %D/%%DOCSDIR%%/bro-deployment.pdf ]; then rm -f %D/%%DOCSDIR%%/bro-deployment.pdf; fi +@unexec if [ -f %D/%%DOCSDIR%%/Bro-quick-start.pdf ]; then rm -f %D/%%DOCSDIR%%/Bro-quick-start.pdf; fi +@unexec if [ -f %D/%%DOCSDIR%%/Bro-user-manual.pdf ]; then rm -f %D/%%DOCSDIR%%/Bro-user-manual.pdf; fi +@dirrmtry %%DOCSDIR%% +@dirrm share/gtk-doc/html/broccoli/images +@dirrm share/gtk-doc/html/broccoli +@dirrmtry share/gtk-doc/html +@dirrmtry share/gtk-doc +@dirrm share/broccoli +@dirrmtry bro/var +@dirrmtry bro/site +@dirrmtry bro/scripts +@dirrmtry bro/reports +@dirrmtry bro/policy/sigs +@dirrmtry bro/policy +@dirrmtry bro/logs +@dirrmtry bro/etc +@dirrmtry bro/archive +@dirrmtry bro --- patch-pkg-plist ends here --- --- patch-patch-Conn.h begins here --- --- files/patch-Conn.h.orig Tue Jul 24 13:45:25 2007 +++ files/remove.file Tue Jul 24 14:11:18 2007 @@ -1,29 +0,0 @@ ---- Conn.h.orig Sun Aug 31 02:39:01 2003 -+++ Conn.h Thu Dec 21 13:27:24 2006 -@@ -59,7 +59,7 @@ - // dst_port just have to reflect the two different sides of the - // connection, neither has to be the particular source/destination - // or originator/responder. -- HashKey* ConnID::BuildConnKey() const; -+ HashKey* BuildConnKey() const; - }; - - static inline int addr_port_canon_lt(const uint32* a1, uint32 p1, -@@ -223,6 +223,8 @@ - return 1; - } - -+ void DeleteTimer(double t); -+ - protected: - virtual void UpdateEndpointVal(RecordVal* endp, int is_orig) = 0; - -@@ -235,8 +237,6 @@ - - friend class ConnectionTimer; - void RemoveTimer(Timer* t); -- -- void DeleteTimer(double t); - - void InactivityTimer(double t); - --- patch-patch-Conn.h ends here --- --- patch-patch-Makefile.in begins here --- --- files/patch-Makefile.in.orig Tue Jul 24 13:45:41 2007 +++ files/patch-Makefile.in Wed Jul 18 23:58:07 2007 @@ -1,27 +1,36 @@ ---- Makefile.in.orig Sun Aug 31 04:39:14 2003 -+++ Makefile.in Tue Oct 14 12:08:51 2003 -@@ -52,13 +52,13 @@ - LIBS = $(LIBEDIT_LIBS) @LIBS@ -lm +--- Makefile.in.orig Thu Dec 14 11:59:51 2006 ++++ Makefile.in Wed Jul 18 23:57:10 2007 +@@ -206,7 +206,7 @@ + # noticed. + # + DISTCHECK_CONFIGURE_FLAGS = --disable-gtk-doc +-versiondir = $(prefix)/etc ++versiondir = $(prefix)/bro/etc + dist_version_DATA = VERSION + chown = @CHOWN@ - # Purify barfs when c++ is used for $(CPLUS). --PURIFY_CPLUS = g++ -+PURIFY_CPLUS = @CC@ - PURE_FLAGS = -chain-length=20 +@@ -658,9 +658,9 @@ + install-brolite: + $(MAKE) install + ( cd scripts && $(MAKE) install-brolite ) +- - @CHOWN@ -R `cat scripts/bro_user_id` ${prefix}/ ++ - @CHOWN@ -R `cat scripts/bro_user_id` ${prefix}/bro + @echo "*********************************************************" +- @echo "Please run \"${prefix}/etc/bro.rc --start\" to start bro" ++ @echo "Please run \"${prefix}/bro/scripts/bro.rc --start\" to start bro" + @echo "*********************************************************" - YACC = @YACC@ - YFLAGS = -d -t -v - LEX = @LEX@ --INSTALL = @INSTALL@ -d -+INSTALL = @INSTALL_PROGRAM@ - INSTALL_DATA = @INSTALL_DATA@ - @SET_MAKE@ - COMPRESS = @COMPRESS@ -@@ -121,7 +121,7 @@ + docs: +@@ -687,9 +687,9 @@ - all: $(PKG) + # make sure all the dirs are correctly created and owned + install-data-local: +- $(INSTALL) -d $(prefix)/logs +- $(INSTALL) -d $(prefix)/archive +- $(INSTALL) -d $(prefix)/var ++ $(INSTALL) -d $(prefix)/bro/logs ++ $(INSTALL) -d $(prefix)/bro/archive ++ $(INSTALL) -d $(prefix)/bro/var --$(PKG): $(LIBEDIT_LIB) $(OBJ) -+$(PKG): $(OBJ) - $(CPLUS) -o $(EXEC) $(OBJ) $(LDFLAGS) $(LIBS) - opt: - @$(MAKE) $(MFLAGS) CCOPT="`echo $(CCOPT) | sed -e 's/-O2//;s/$$/ -O3/'`" + release: + ./autogen.sh --- patch-patch-Makefile.in ends here --- --- patch-patch-Obj.cc begins here --- --- files/patch-Obj.cc.orig Tue Jul 24 13:46:02 2007 +++ files/remove.file Tue Jul 24 14:11:18 2007 @@ -1,11 +0,0 @@ ---- Obj.cc.orig Sun Oct 5 18:27:31 2003 -+++ Obj.cc Sun Oct 5 18:27:44 2003 -@@ -47,7 +47,7 @@ - delete_data = true; - - int tmp; -- return s->Read(&(char*) filename, &tmp) && -+ return s->Read((char**) &filename, &tmp) && - s->Read(&first_line) && s->Read(&last_line) && - s->Read(&first_column) && s->Read(&last_column); - } --- patch-patch-Obj.cc ends here --- --- patch-patch-Serializer.h begins here --- --- files/patch-Serializer.h.orig Tue Jul 24 13:46:25 2007 +++ files/remove.file Tue Jul 24 14:11:18 2007 @@ -1,13 +0,0 @@ ---- Serializer.h.orig Thu Dec 21 13:24:28 2006 -+++ Serializer.h Thu Dec 21 13:24:45 2006 -@@ -82,8 +82,8 @@ - void StartSerialization(); - bool EndSerialization(); - -- bool Serializer::UnserializeID(); -- bool Serializer::UnserializeEvent(); -+ bool UnserializeID(); -+ bool UnserializeEvent(); - - SerializationFormat* format; - --- patch-patch-Serializer.h ends here --- --- patch-aux-scripts-Makefile.in begins here --- --- aux/scripts/Makefile.in.orig Wed Jul 18 16:27:01 2007 +++ aux/scripts/Makefile.in Wed Jul 18 16:27:41 2007 @@ -173,7 +173,7 @@ target_vendor = @target_vendor@ # override where to stick the scripts -scriptdir = ${prefix}/scripts +scriptdir = ${prefix}/bro/scripts dist_script_SCRIPTS = bro-logchk.pl host-to-addrs mvlog host-grep EXTRA_DIST = hot-report mon-report ip-grep ca-create ca-issue all: all-am --- patch-aux-scripts-Makefile.in ends here --- begin 644 patch-patch-configure ` end --- patch-patch-doc-Makefile.in begins here --- --- files/patch-doc-Makefile.in.orig Tue Jul 24 13:47:00 2007 +++ files/remove.file Tue Jul 24 14:11:18 2007 @@ -1,11 +0,0 @@ ---- doc/Makefile.in.orig Thu Jun 7 15:09:29 2007 -+++ doc/Makefile.in Thu Jun 7 15:09:56 2007 -@@ -161,7 +161,7 @@ - mandir = @mandir@ - mkdir_p = @mkdir_p@ - oldincludedir = @oldincludedir@ --prefix = @prefix@ -+prefix = @prefix@/share/doc/bro - program_transform_name = @program_transform_name@ - sbindir = @sbindir@ - sharedstatedir = @sharedstatedir@ --- patch-patch-doc-Makefile.in ends here --- --- patch-patch-libedit::configure begins here --- --- files/patch-libedit::configure.orig Tue Jul 24 13:47:31 2007 +++ files/remove.file Tue Jul 24 14:11:18 2007 @@ -1,19 +0,0 @@ ---- libedit/configure.orig Tue Oct 14 12:30:58 2003 -+++ libedit/configure Tue Oct 14 12:31:54 2003 -@@ -733,13 +733,13 @@ - CFLAGS="$ac_save_CFLAGS" - elif test $ac_cv_prog_cc_g = yes; then - if test "$GCC" = yes; then -- CFLAGS="-g -O2" -+ CFLAGS="" - else -- CFLAGS="-g" -+ CFLAGS="" - fi - else - if test "$GCC" = yes; then -- CFLAGS="-O2" -+ CFLAGS="" - else - CFLAGS= - fi --- patch-patch-libedit::configure ends here --- --- patch-patch-patricia.c begins here --- --- files/patch-patricia.c.orig Tue Jul 24 13:48:08 2007 +++ files/remove.file Tue Jul 24 14:11:18 2007 @@ -1,22 +0,0 @@ ---- patricia.c.orig Tue Oct 7 15:06:56 2003 -+++ patricia.c Tue Oct 7 15:07:19 2003 -@@ -52,6 +52,11 @@ - "This product includes software developed by the University of Michigan, Merit" - "Network, Inc., and their contributors."; - -+#include <sys/types.h> -+#include <sys/socket.h> -+#include <netinet/in.h> -+#include <arpa/inet.h> -+ - #include <assert.h> /* assert */ - #include <ctype.h> /* isdigit */ - #include <errno.h> /* errno */ -@@ -60,7 +65,6 @@ - #include <stdio.h> /* sprintf, fprintf, stderr */ - #include <stdlib.h> /* free, atol, calloc */ - #include <string.h> /* memcpy, strchr, strlen */ --#include <arpa/inet.h> /* for inet_addr */ - - #include "patricia.h" - --- patch-patch-patricia.c ends here --- --- patch-patch-patricia.h begins here --- --- files/patch-patricia.h.orig Tue Jul 24 13:47:51 2007 +++ files/remove.file Tue Jul 24 14:11:18 2007 @@ -1,11 +0,0 @@ ---- patricia.h.orig Sun Oct 5 18:29:52 2003 -+++ patricia.h Sun Oct 5 18:30:05 2003 -@@ -51,6 +51,8 @@ - #ifndef _PATRICIA_H - #define _PATRICIA_H - -+#include <sys/types.h> -+ - /* typedef unsigned int u_int; */ - typedef void (*void_fn_t)(); - /* { from defs.h */ --- patch-patch-patricia.h ends here --- --- patch-policy-Makefile.in begins here --- --- policy/Makefile.in.orig Wed Jul 18 16:30:32 2007 +++ policy/Makefile.in Wed Jul 18 16:31:47 2007 @@ -190,7 +190,7 @@ # doesn't end in a sig -bropolicydir = ${prefix}/policy +bropolicydir = ${prefix}/bro/policy dist_bropolicy_DATA = bro.init adu.bro alarm.bro analy.bro \ anon.bro arp.bro backdoor.bro blaster.bro brolite.bro \ brolite-backdoor.bro brolite-sigs.bro capture-events.bro \ @@ -542,30 +542,30 @@ install-data-hook: - $(INSTALL_DATA) bro.bif.bro $(DESTDIR)${prefix}/policy/ - $(INSTALL_DATA) common-rw.bif.bro $(DESTDIR)${prefix}/policy/ - $(INSTALL_DATA) const.bif.bro $(DESTDIR)${prefix}/policy/ - $(INSTALL_DATA) dns-rw.bif.bro $(DESTDIR)${prefix}/policy/ - $(INSTALL_DATA) event.bif.bro $(DESTDIR)${prefix}/policy/ - $(INSTALL_DATA) finger-rw.bif.bro $(DESTDIR)${prefix}/policy/ - $(INSTALL_DATA) ftp-rw.bif.bro $(DESTDIR)${prefix}/policy/ - $(INSTALL_DATA) http-rw.bif.bro $(DESTDIR)${prefix}/policy/ - $(INSTALL_DATA) ident-rw.bif.bro $(DESTDIR)${prefix}/policy/ - $(INSTALL_DATA) smtp-rw.bif.bro $(DESTDIR)${prefix}/policy/ - $(INSTALL_DATA) strings.bif.bro $(DESTDIR)${prefix}/policy/ + $(INSTALL_DATA) bro.bif.bro $(DESTDIR)${prefix}/bro/policy/ + $(INSTALL_DATA) common-rw.bif.bro $(DESTDIR)${prefix}/bro/policy/ + $(INSTALL_DATA) const.bif.bro $(DESTDIR)${prefix}/bro/policy/ + $(INSTALL_DATA) dns-rw.bif.bro $(DESTDIR)${prefix}/bro/policy/ + $(INSTALL_DATA) event.bif.bro $(DESTDIR)${prefix}/bro/policy/ + $(INSTALL_DATA) finger-rw.bif.bro $(DESTDIR)${prefix}/bro/policy/ + $(INSTALL_DATA) ftp-rw.bif.bro $(DESTDIR)${prefix}/bro/policy/ + $(INSTALL_DATA) http-rw.bif.bro $(DESTDIR)${prefix}/bro/policy/ + $(INSTALL_DATA) ident-rw.bif.bro $(DESTDIR)${prefix}/bro/policy/ + $(INSTALL_DATA) smtp-rw.bif.bro $(DESTDIR)${prefix}/bro/policy/ + $(INSTALL_DATA) strings.bif.bro $(DESTDIR)${prefix}/bro/policy/ uninstall-local: - rm -f $(DESTDIR)${prefix}/policy/bro.bif.bro - rm -f $(DESTDIR)${prefix}/policy/common-rw.bif.bro - rm -f $(DESTDIR)${prefix}/policy/const.bif.bro - rm -f $(DESTDIR)${prefix}/policy/dns-rw.bif.bro - rm -f $(DESTDIR)${prefix}/policy/event.bif.bro - rm -f $(DESTDIR)${prefix}/policy/finger-rw.bif.bro - rm -f $(DESTDIR)${prefix}/policy/ftp-rw.bif.bro - rm -f $(DESTDIR)${prefix}/policy/http-rw.bif.bro - rm -f $(DESTDIR)${prefix}/policy/ident-rw.bif.bro - rm -f $(DESTDIR)${prefix}/policy/smtp-rw.bif.bro - rm -f $(DESTDIR)${prefix}/policy/strings.bif.bro + rm -f $(DESTDIR)${prefix}/bro/policy/bro.bif.bro + rm -f $(DESTDIR)${prefix}/bro/policy/common-rw.bif.bro + rm -f $(DESTDIR)${prefix}/bro/policy/const.bif.bro + rm -f $(DESTDIR)${prefix}/bro/policy/dns-rw.bif.bro + rm -f $(DESTDIR)${prefix}/bro/policy/event.bif.bro + rm -f $(DESTDIR)${prefix}/bro/policy/finger-rw.bif.bro + rm -f $(DESTDIR)${prefix}/bro/policy/ftp-rw.bif.bro + rm -f $(DESTDIR)${prefix}/bro/policy/http-rw.bif.bro + rm -f $(DESTDIR)${prefix}/bro/policy/ident-rw.bif.bro + rm -f $(DESTDIR)${prefix}/bro/policy/smtp-rw.bif.bro + rm -f $(DESTDIR)${prefix}/bro/policy/strings.bif.bro # Tell versions [3.59,3.63) of GNU make to not export all variables. # Otherwise a system limit (for SysV at least) may be exceeded. .NOEXPORT: --- patch-policy-Makefile.in ends here --- --- patch-policy-sigs-Makefile.in begins here --- --- policy/sigs/Makefile.in.orig Wed Jul 18 16:32:45 2007 +++ policy/sigs/Makefile.in Wed Jul 18 16:33:13 2007 @@ -171,7 +171,7 @@ target_cpu = @target_cpu@ target_os = @target_os@ target_vendor = @target_vendor@ -sigsdir = ${prefix}/policy/sigs +sigsdir = ${prefix}/bro/policy/sigs dist_sigs_DATA = dpd.sig ex.web-rules.sig p0fsyn.osf \ snort-default.sig ssl-worm.sig worm.sig --- patch-policy-sigs-Makefile.in ends here --- --- patch-scripts-Makefile.in begins here --- --- scripts/Makefile.in.orig Thu Dec 14 11:59:53 2006 +++ scripts/Makefile.in Wed Jul 18 22:30:43 2007 @@ -186,12 +186,12 @@ target_os = @target_os@ target_vendor = @target_vendor@ bro_bin = ${prefix}/bin -bro_logs = ${prefix}/logs +bro_logs = ${prefix}/bro/logs bro_etc = ${prefix}/etc -bro_site = ${prefix}/site -bro_scripts = ${prefix}/scripts -bro_reports = ${prefix}/reports -bro_perlmods = ${prefix}/perl +bro_site = ${prefix}/bro/site +bro_scripts = ${prefix}/bro/scripts +bro_reports = ${prefix}/bro/reports +bro_perlmods = ${prefix}/bro/perl # where to download signatures from. SIGHOST = www.bro-ids.org @@ -222,9 +222,9 @@ bin_SCRIPT = bro.rc # more files! Ugggg, will the pain ever stop? -scoredir = $(prefix)/etc +scoredir = $(prefix)/bro/etc dist_score_DATA = alert_scores signature_scores -scriptsdir = $(prefix)/scripts +scriptsdir = $(prefix)/bro/scripts dist_scripts_SCRIPTS = bro_log_compress.sh \ frontend-mail-reports.sh frontend-site-report.sh push_logs.sh mail_notice.sh @@ -596,11 +596,11 @@ rm -f $(bro_etc)/bro.rc rm -f $(bro_etc)/bro.cfg rm -f $(bro_etc)/bro.cfg.example - rm -f $(prefix)/etc/bro.rc-hooks.sh + rm -f $(prefix)/bro/scripts/bro.rc-hooks.sh rm -f $(prefix)/site/local.site.bro rm -f $(prefix)/site/${brohost}.bro $(srcdir)/install_cron.sh uninstall - -rm -f $(prefix)/etc/bro.rc-hooks.sh.new + -rm -f $(prefix)/bro/scripts/bro.rc-hooks.sh.new -rm -f /usr/local/etc/rc.d/bro.sh # install the stuff to do reports @@ -625,14 +625,14 @@ @if [ ! -s signatures.sig.new ] ; then \ echo "Error in download. Try again later." ; \ else \ - if [ ! -f $(prefix)/site/signatures.sig ] ; then \ + if [ ! -f $(prefix)/bro/site/signatures.sig ] ; then \ echo "No previous version, installing new version." ; \ - cp signatures.sig.new $(prefix)/site/signatures.sig ; \ + cp signatures.sig.new $(prefix)/bro/site/signatures.sig ; \ else \ - cp signatures.sig.new $(prefix)/site/signatures.sig.new ; \ + cp signatures.sig.new $(prefix)/bro/site/signatures.sig.new ; \ echo "***********************************************************" ; \ echo "A new signature file (signatures.sig.new) has been placed in" ; \ - echo "$(prefix)/site. Please compare it to your current signatures.sig " ; \ + echo "$(prefix)/bro/site. Please compare it to your current signatures.sig " ; \ echo "and copy it over if there are no significant differences." ; \ echo "***********************************************************" ; \ fi \ @@ -669,20 +669,20 @@ else \ $(INSTALL_DATA) $(srcdir)/local.lite.bro $(bro_site)/${brohost}.bro.new ; \ fi - @if [ ! -f $(prefix)/etc/bro.rc-hooks.sh ] ; then \ - $(INSTALL_DATA) $(srcdir)/bro.rc-hooks.sh $(prefix)/etc/bro.rc-hooks.sh ; \ + @if [ ! -f $(prefix)/bro/scripts/bro.rc-hooks.sh ] ; then \ + $(INSTALL_DATA) $(srcdir)/bro.rc-hooks.sh $(prefix)/bro/scripts/bro.rc-hooks.sh ; \ else \ - $(INSTALL_DATA) $(srcdir)/bro.rc-hooks.sh $(prefix)/etc/bro.rc-hooks.sh.new ; \ + $(INSTALL_DATA) $(srcdir)/bro.rc-hooks.sh $(prefix)/bro/scripts/bro.rc-hooks.sh.new ; \ fi # Default files that can be installed/reinstalled, not site specific install_default_files: $(INSTALL) $(srcdir)/mail_reports.sh $(bro_scripts)/mail_reports.sh - $(INSTALL) bro.rc $(prefix)/etc/bro.rc - $(INSTALL) bro_config $(prefix)/scripts/bro_config + $(INSTALL) bro.rc $(prefix)/bro/scripts/bro.rc + $(INSTALL) bro_config $(prefix)/bro/scripts/bro_config -$(INSTALL_DATA) bro.cfg $(bro_etc)/bro.cfg $(INSTALL_DATA) $(srcdir)/bro.cfg.example $(bro_etc)/bro.cfg.example - - $(INSTALL) bro.rc /usr/local/etc/rc.d/bro.sh + - $(INSTALL) bro.rc @prefix@/bro/scripts/bro.sh (cd s2b ; $(MAKE) install) # install cron file --- patch-scripts-Makefile.in ends here --- --- patch-scripts-bro-config.in begins here --- --- scripts/bro_config.in.orig Tue Dec 5 15:58:52 2006 +++ scripts/bro_config.in Sat Jul 14 14:38:48 2007 @@ -6,7 +6,7 @@ # on the "configure" command line # some machines (i.e. OSX) don't put sbin in the path by default PATH=$PATH:/usr/sbin:/sbin -BROHOME=@prefix@ +BROHOME=@prefix@/bro # Usage Usage="bro_config: [-p prefix] [-d]" # Debug mode? @@ -39,9 +39,9 @@ bro_config_got_root() { # make a backup of local.site.bro if it exists - if [ -f local.site.bro ]; then + if [ -f ${BROHOME}/site/local.site.bro ]; then echo "Detected an old local.site.bro, saving it to local.site.bro.save" - cp local.site.bro local.site.bro.save + cp ${BROHOME}/site/local.site.bro ${BROHOME}/site/local.site.bro.save fi if [ `id -ur` -ne 0 ]; then @@ -62,7 +62,7 @@ ###################################################################### bro_config_create_local_site_bro() { -cat - > local.site.bro << _EOF +cat - > ${BROHOME}/sitelocal.site.bro.default << _EOF # This file should describe your network configuration. # If your local network is a class C, and its network # address was 192.168.1.0 and a class B network @@ -263,7 +263,7 @@ # BRO_HOSTNAME=`hostname` # Directory containing Bro binaries -BRO_BIN_DIR="${BRO_BIN_DIR:-${BROHOME}/bin}" +BRO_BIN_DIR="${BRO_BIN_DIR:-@prefix@/bin}" # Directory containing Bro logs BROLOGS="${BROLOGS:-${BROHOME}/logs}" @@ -287,7 +287,7 @@ # BRO_PREFIX="local" # Location of the Bro executable -BRO="${BRO:-$BRO_BIN_DIR/bro}" +BRO="${BRO_BIN_DIR}/bro" # Base command line options. BRO_ADD_OPTS=" -W" @@ -352,7 +352,7 @@ BRO_EMAIL_REMOTE="${BRO_EMAIL_REMOTE}" # User id to install and run Bro under -BRO_USER_ID="${BRO_USER_ID:-brother}" +BRO_USER_ID="${BRO_USER_ID:-root}" # Site name for reports (i.e. LBNL, FOO.COM, BAZ.ORG) BRO_SITE_NAME="${BRO_SITE_NAME}" @@ -454,29 +454,29 @@ echo " done." kill -INT $pid 2>&1 > /dev/null echo -n "Analyzing dump file....." - ./localnetMAC.pl -a 16 -r /tmp/bro_config.tcpdump.file.$$ -b local.site.bro 2>&1 > /dev/null + ${BROHOME}/scripts/localnetMAC.pl -a 16 -r /tmp/bro_config.tcpdump.file.$$ -b ${BROHOME}/site/local.site.bro 2>&1 > /dev/null rm /tmp/bro_config.tcpdump.file.$$ #Yes there is a spelling error in the output echo " done." - num=`grep "MAC adresses" local.site.bro | awk '{print $3}'` + num=`grep "MAC adresses" ${BROHOME}/site/local.site.bro | awk '{print $3}'` if [ "$num" -gt 2 ] ; then echo "You don't appear to be running on a DMZ (found more then two (2) hardware " - echo "address. Please edit local.site.bro to reflect your correct network parameters" - cp local.site.bro.default local.site.bro + echo "address. Please edit ${BROHOME}/site/local.site.bro to reflect your correct network parameters" + cp ${BROHOME}/site/local.site.bro.default ${BROHOME}/site/local.site.bro else echo "Your network appears to contain the following networks:" - for net in ` grep ",$" local.site.bro|sed 's/,//g'`; + for net in ` grep ",$" ${BROHOME}/site/local.site.bro|sed 's/,//g'`; do echo $net; done - echo "Edit local.site.bro by hand if this is not correct" + echo "Edit ${BROHOME}/site/local.site.bro by hand if this is not correct" fi else - if [ -f local.site.bro ]; then + if [ -f ${BROHOME}/site/local.site.bro ]; then echo "No previous local.site.bro found. Creating default" bro_config_create_local_site_bro #cp local.site.bro.default local.site.bro - echo "Please edit local.site.bro so that it describes your network configuration" + echo "Please edit ${BROHOME}/site/local.site.bro so that it describes your network configuration" fi fi } @@ -617,7 +617,7 @@ # source a bro.cfg if it exists, so we know the past default values from the # last run - dirs="$BROHOME/etc/bro.cfg $BROHOME/etc/bro.cfg.example `pwd`/bro.cfg" + dirs="@prefix@/etc/bro.cfg @prefix@/etc/bro.cfg.example `pwd`/bro.cfg" cfgused= for cfgfile in $dirs ; do @@ -783,7 +783,7 @@ bro_config_site_name() { if [ -z $BRO_SITE_NAME ]; then - BRO_SITE_NAME=`hostname|awk -F. '{print $2 $3}'` + BRO_SITE_NAME=`hostname|awk -F. '{print $2"."$3}'` if [ -z $BRO_SITE_NAME ] ; then BRO_SITE_NAME="SOMESITE" fi --- patch-scripts-bro-config.in ends here --- --- patch-scripts-bro.rc.in begins here --- --- scripts/bro.rc.in.orig Fri Jul 13 15:53:29 2007 +++ scripts/bro.rc.in Fri Jul 13 15:59:26 2007 @@ -25,7 +25,7 @@ # For tasks to complete before and after Bro starts please edit the following # scripts to suit your needs. For those of you familiar with dhclient this # uses the same idea. -# Before Bro starts $BROHOME/etc/bro.rc-hooks.sh +# Before Bro starts @prefix@/bin/bro.rc-hooks.sh # See the bottom of this script for an explanation of how this all works. # I'll try my best to be clear.... @@ -35,14 +35,14 @@ RETVAL=0 # picked up from configure at install time -BROHOME="@prefix@" +BROHOME="@prefix@/bro" export BROHOME # Set the environment. -source_config="${BROHOME}/etc/bro.cfg" +source_config="@prefix@/etc/bro.cfg" # Location of bro-hooks.sh script -bro_hooks="${BROHOME}/etc/bro.rc-hooks.sh" +bro_hooks="@prefix@/bro/scripts/bro.rc-hooks.sh" # Set the full path to this script as called if [ `echo ${0} | grep -E "^/"` ]; then @@ -88,7 +88,7 @@ export BROLOGS export BROPATH export BROHOME -export PATH="${BROHOME}/bro/bin:${BROHOME}/bro/scripts:/usr/local/bin:/usr/local/sbin:${PATH}" +export PATH="@prefix@/bin:${BROHOME}/scripts:/usr/local/bin:/usr/local/sbin:${PATH}" # Make sure that the $BRO_RUNTIME_DIR exists and is writtable if [ ! -d "${BRO_RUNTIME_DIR}" ]; then @@ -1033,7 +1033,7 @@ # running instance of Bro. # bro.rc logs it's actions to syslog via the logger command. # bro.rc offers users an interface into the starting and stopping of a Bro -# process via the file $BROHOME/etc/bro.rc-hooks.rc. This allows for +# process via the file @prefix@/bro/scripts/bro.rc-hooks.rc. This allows for # actions to be sent to any custom monitoring or alerting programs the # user may wish to use. --- patch-scripts-bro.rc.in ends here --- --- patch-scripts-localnetMAC.pl begins here --- --- scripts/localnetMAC.pl.in.orig Sat Jul 14 00:01:55 2007 +++ scripts/localnetMAC.pl.in Sat Jul 14 00:03:48 2007 @@ -50,10 +50,10 @@ my $fh; if ($args{r} and $args{r}=~/gz$/){ - open (IN, "$decomp $args{r} |../aux/adtrace/adtrace -|") or die "cannot execute $decomp $args{r} |../aux/adtrace/adtrace - : $!\n"; + open (IN, "$decomp $args{r} |@prefix@/bin/adtrace -|") or die "cannot execute $decomp $args{r} |@prefix@/bin/adtrace - : $!\n"; $fh = *IN; }elsif($args{r}){ - open (IN, "../aux/adtrace/adtrace $args{r}|") or die "cannot execute ./adtrace/adtrace $args{r}: $!\n"; + open (IN, "@prefix@/bin/adtrace $args{r}|") or die "cannot execute @prefix@/bin/adtrace $args{r}: $!\n"; $fh = *IN; }elsif($args{t} and $args{t}=~/gz$/){ open (IN, "$decomp $args{t} |") or die "cannot execute $decomp $args{t} | : $!\n"; --- patch-scripts-localnetMAC.pl ends here --- --- patch-scripts-perl-Makefile.PL begins here --- --- scripts/perl/Makefile.PL.orig Wed Jul 18 16:40:51 2007 +++ scripts/perl/Makefile.PL Wed Jul 18 16:47:11 2007 @@ -43,13 +43,13 @@ } else { - $brohome = '/usr/local/bro'; + $brohome = $ENV{PREFIX}/bro'; } } if( ! $broconfig ) { - $broconfig = "$brohome/etc/bro.cfg"; + $broconfig = "$ENV{PREFIX}/etc/bro.cfg"; } --- patch-scripts-perl-Makefile.PL ends here --- --- patch-scripts-s2b-bro-include-Makefile.in begins here --- --- scripts/s2b/bro-include/Makefile.in.orig Wed Jul 18 17:35:02 2007 +++ scripts/s2b/bro-include/Makefile.in Wed Jul 18 17:35:25 2007 @@ -171,7 +171,7 @@ target_cpu = @target_cpu@ target_os = @target_os@ target_vendor = @target_vendor@ -includesigsdir = ${prefix}/policy +includesigsdir = ${prefix}/bro/policy dist_includesigs_DATA = sig-addendum.sig sig-functions.bro all: all-am --- patch-scripts-s2b-bro-include-Makefile.in ends here --- --- patch-scripts-s2b-bin-Makefile.in begins here --- --- scripts/s2b/bin/Makefile.in.orig Wed Jul 18 17:33:29 2007 +++ scripts/s2b/bin/Makefile.in Wed Jul 18 17:34:02 2007 @@ -321,7 +321,7 @@ # OR we can install them on a make install -#scriptsdir=$(prefix)/etc +#scriptsdir=$(prefix)/bro/scripts #dist_scripts_SCRIPTS = s2b.pl snort2bro # Tell versions [3.59,3.63) of GNU make to not export all variables. # Otherwise a system limit (for SysV at least) may be exceeded. --- patch-scripts-s2b-bin-Makefile.in ends here --- --- patch-scripts-s2b-etc-Makefile.in begins here --- --- scripts/s2b/etc/Makefile.in.orig Wed Jul 18 17:37:19 2007 +++ scripts/s2b/etc/Makefile.in Wed Jul 18 17:37:45 2007 @@ -321,7 +321,7 @@ # OR we can install them on a make install -#scriptsdir=$(prefix)/etc +#scriptsdir=$(prefix)/bro/scripts #dist_scripts_SCRIPTS = s2b-augment.cfg s2b-ruleset-augment.cfg s2b-sigmap.cfg s2b.cfg # Tell versions [3.59,3.63) of GNU make to not export all variables. # Otherwise a system limit (for SysV at least) may be exceeded. --- patch-scripts-s2b-etc-Makefile.in ends here --- --- patch-scripts-s2b-example-bro-files-Makefile.in begins here --- --- scripts/s2b/example_bro_files/Makefile.in.orig Wed Jul 18 17:39:54 2007 +++ scripts/s2b/example_bro_files/Makefile.in Wed Jul 18 17:40:29 2007 @@ -172,9 +172,9 @@ target_cpu = @target_cpu@ target_os = @target_os@ target_vendor = @target_vendor@ -actiondir = ${prefix}/policy +actiondir = ${prefix}/bro/policy dist_action_DATA = sig-action.bro -sigsdir = ${prefix}/site +sigsdir = ${prefix}/bro/site dist_sigs_DATA = signatures.sig all: all-am --- patch-scripts-s2b-example-bro-files-Makefile.in ends here --- --- patch-src-Makefile.in begins here --- --- src/Makefile.in.orig Wed Jul 18 16:48:03 2007 +++ src/Makefile.in Wed Jul 18 16:48:34 2007 @@ -550,7 +550,7 @@ $(DISTCLEANFILES) -#bropolicydir=${prefix}/policy +#bropolicydir=${prefix}/bro/policy #dist_bropolicy_DATA = $(BIF_BRO) CCOPT = @V_CCOPT@ -W -Wall -Wno-unused INCLS = @V_INCLS@ --- patch-src-Makefile.in ends here --- --- pkg-deinstall.in begins here --- #!/bin/sh # Since pkg-plist prepends PREFIX to SITE_PERL, # we can't remove these files in the normal way if [ "$2" != "POST-DEINSTALL" ]; then exit 0 fi /bin/rm %%SITE_PERL%%/mach/IP4.pm /bin/rm %%SITE_PERL%%/mach/Bro/Config.pm /bin/rm %%SITE_PERL%%/mach/Bro/Log.pm /bin/rm %%SITE_PERL%%/mach/Bro/Report.pm /bin/rm %%SITE_PERL%%/mach/Bro/Signature.pm /bin/rm %%SITE_PERL%%/mach/Bro/Log/Alarm.pm /bin/rm %%SITE_PERL%%/mach/Bro/Log/Conn.pm /bin/rm %%SITE_PERL%%/mach/Bro/Report/Alarm.pm /bin/rm %%SITE_PERL%%/mach/Bro/Report/Conn.pm /bin/rmdir %%SITE_PERL%%/mach/Bro/Report /bin/rmdir %%SITE_PERL%%/mach/Bro/Log /bin/rmdir %%SITE_PERL%%/mach/Bro --- pkg-deinstall.in ends here --- --- pkg-install.in begins here --- #!/bin/sh # Call the bro_config script to configure bro and, when complete, # copy the newly created cfg file to %%PREFIX%%/etc. echo "****************************************" echo "* RUNNING THE BRO CONFIGURATION SCRIPT *" echo "****************************************" echo if [ -f %%BROHOME%%/scripts/bro_config ]; then /bin/sh %%BROHOME%%/scripts/bro_config fi if [ -f %%WRKSRC%%/../../bro.cfg ]; then cp bro.cfg %%PREFIX%%/etc/bro.cfg fi if [ -f %%WRKSRC%%/../../bro.cfg ]; then rm %%WRKSRC%%/../../bro.cfg* fi if [ -f %%WRKSRC%%/../../bro_user_id ]; then rm %%WRKSRC%%/../../bro_user* fi --- pkg-install.in ends here --- --- pkg-message.in begins here --- ********************************************************************************************* * WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING * ********************************************************************************************* Bro is not for the faint of heart. If you aren't an expert in Unix and FreeBSD, you may want to consider using snort (security/snort) instead. Bro requires a high degree of manual customization in order to function. To get started, read the User Manual, located here: http://www.bro-ids.org/wiki/index.php/User_Manual:_Installation_and_Configuration Docs are not installed locally because the online wiki is more current at all times. ********************************************************************************************* * WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING * ********************************************************************************************* Before running bro for the first time, you must run the bro_config script. The script runs automatically during the install as well. The script is located in %%BROHOME%%/scripts and will set many of the configuration options required for your system. An example cfg file is located in %%PREFIX/etc if you prefer to configure your system manually. The script runs automatically during the install as well. The startup script (bro.rc) is installed in %%BROHOME%%/scripts A copy of a default local.site.bro file is copied to %%BROSITEDIR%% and can be used as a reference to configure yours. Networks must be comma separated and on the same line. You must also create a local site file named "hostname"."domain"."tld".bro. PLEASE NOTE: As with any IDS program, bro can generate a large amount of logs very quickly. This depends, of course, on the amount of traffic that it's monitoring. If you are going to use bro on a high traffic network, you may want to consider moving the logs directory from its present location (%%PREFIX%%/bro/logs) to a location with more available space. This port also installs broccoli. Broccoli is the BRO Client COmmunications LIbrary. It allows you to write applications that speak the communication protocol of the Bro intrusion detection system. After installation, you'll find the broccoli libraries in %%PREFIX%%/share, the header file for compilation in %%PREFIX%%/include, and the manual in HTML below %%PREFIX%%/share/gtk-doc/html/broccoli. You will also find some broccoli policy files (*.bro) in %%PREFIX%%/share/broccoli. --- pkg-message.in ends here --- >Release-Note: >Audit-Trail: >Unformatted:
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20070729002611.D9D8F261824>