diff --git a/DEVELOPERS b/DEVELOPERS index e4df6cfe41..98227e9ba2 100644 --- a/DEVELOPERS +++ b/DEVELOPERS @@ -974,6 +974,7 @@ F: package/tinycbor/ F: package/tinydtls/ F: package/tinymembench/ F: package/whois/ +F: package/zeek/ N: Fabrice Goucem F: board/freescale/imx6ullevk/ diff --git a/package/Config.in b/package/Config.in index b663b225c3..697c94157c 100644 --- a/package/Config.in +++ b/package/Config.in @@ -2440,6 +2440,7 @@ endif source "package/xl2tp/Config.in" source "package/xtables-addons/Config.in" source "package/zabbix/Config.in" + source "package/zeek/Config.in" source "package/znc/Config.in" endmenu diff --git a/package/zeek/Config.in b/package/zeek/Config.in new file mode 100644 index 0000000000..123fedb339 --- /dev/null +++ b/package/zeek/Config.in @@ -0,0 +1,40 @@ +config BR2_PACKAGE_ZEEK + bool "zeek" + depends on BR2_USE_MMU # fork() + depends on BR2_INSTALL_LIBSTDCPP + depends on !BR2_STATIC_LIBS + depends on BR2_TOOLCHAIN_HAS_THREADS + depends on BR2_USE_WCHAR + select BR2_PACKAGE_LIBPCAP + select BR2_PACKAGE_MUSL_FTS if !BR2_TOOLCHAIN_USES_GLIBC + select BR2_PACKAGE_OPENSSL + select BR2_PACKAGE_ZLIB + help + The Zeek Network Security Monitor + + Zeek is a powerful network analysis framework that is much + different from the typical IDS you may know. (Zeek is the new + name for the long-established Bro system.) + + https://www.zeek.org + +if BR2_PACKAGE_ZEEK + +config BR2_PACKAGE_ZEEK_ZEEKCTL + bool "zeekctl" + select BR2_PACKAGE_BASH # runtime + select BR2_PACKAGE_BUSYBOX_SHOW_OTHERS # bash + select BR2_PACKAGE_PYTHON3 + select BR2_PACKAGE_PYTHON3_CURSES + select BR2_PACKAGE_PYTHON3_HASHLIB + select BR2_PACKAGE_PYTHON3_SQLITE + select BR2_PACKAGE_PYTHON3_ZLIB + help + Tool for managing Zeek deployments + +endif + +comment "zeek needs a toolchain w/ C++, wchar, threads, dynamic library" + depends on BR2_USE_MMU + depends on !BR2_INSTALL_LIBSTDCPP || !BR2_USE_WCHAR || \ + !BR2_TOOLCHAIN_HAS_THREADS || BR2_STATIC_LIBS diff --git a/package/zeek/zeek.hash b/package/zeek/zeek.hash new file mode 100644 index 0000000000..05e57b5024 --- /dev/null +++ b/package/zeek/zeek.hash @@ -0,0 +1,6 @@ +# Locally computed: +sha256 8c0afc999a8dd1c1f677a5cf818479b99c2d527e679e1ef99fb1b03f989c0373 zeek-4.1.1.tar.gz + +# Hash for license files: +sha256 b2817e2fb935805ec9fc0e90c6b971efd810d9aedfc646bc5fcb535221e0266a COPYING +sha256 1a451eca7b3826a7df62991ba90dd6d23ff03d28c2eefb7f8c4f8b1eac97a61b COPYING.3rdparty diff --git a/package/zeek/zeek.mk b/package/zeek/zeek.mk new file mode 100644 index 0000000000..6c8fa06875 --- /dev/null +++ b/package/zeek/zeek.mk @@ -0,0 +1,91 @@ +################################################################################ +# +# zeek +# +################################################################################ + +ZEEK_VERSION = 4.1.1 +ZEEK_SITE = https://download.zeek.org +ZEEK_LICENSE = \ + BSD-3-Clause (zeek, C++ Actor Framework, ConvertUTF.c, CardinalityCounter.cc, pybind11), \ + Public Domain (sqlite), \ + MIT (doctest, libkqueue, RapidJSON, tsl-ordered-map, bro_inet_ntop.c), \ + LGPL-3.0+ (Multifast Project), \ + BSD-2-Clause (event.h), \ + BSD-3-Clause (in_cksum.cc) \ + BSD-4-Clause (Patricia.c, strsep.c, bsd-getopt-long.c), \ + Apache-2.0 (highwayhash, folly), \ + MPL-2.0 (mozilla-ca-list.zeek) +ZEEK_LICENSE_FILES = COPYING COPYING.3rdparty +ZEEK_SUPPORTS_IN_SOURCE_BUILD = NO +ZEEK_DEPENDENCIES = \ + host-bison \ + host-flex \ + host-pkgconf \ + host-python3 \ + host-zeek \ + $(if $(BR2_PACKAGE_LIBKRB5),libkrb5) \ + $(if $(BR2_PACKAGE_LIBMAXMINDDB),libmaxminddb) \ + libpcap \ + openssl \ + $(if $(BR2_PACKAGE_ROCKSDB),rocksdb) \ + zlib +HOST_ZEEK_DEPENDENCIES = \ + host-bison \ + host-flex \ + host-pkgconf \ + host-python3 \ + host-libpcap \ + host-openssl \ + host-zlib + +ZEEK_CONF_OPTS = \ + -DBIFCL_EXE_PATH=$(HOST_DIR)/bin/bifcl \ + -DBINPAC_EXE_PATH=$(HOST_DIR)/bin/binpac \ + -DBROKER_DISABLE_DOCS=ON \ + -DBROKER_DISABLE_TESTS=ON \ + -DINSTALL_AUX_TOOLS=ON \ + -DZEEK_ETC_INSTALL_DIR=/etc + +define ZEEK_FIX_PYTHON_PATH + $(SED) 's,@PYTHON_EXECUTABLE@,/usr/bin/python,' \ + $(@D)/auxil/zeekctl/ZeekControl/ssh_runner.py +endef +ZEEK_POST_PATCH_HOOKS += ZEEK_FIX_PYTHON_PATH + +ifeq ($(BR2_PACKAGE_JEMALLOC),y) +ZEEK_DEPENDENCIES += jemalloc +ZEEK_CONF_OPTS += -DENABLE_JEMALLOC=ON +else +ZEEK_CONF_OPTS += -DENABLE_JEMALLOC=OFF +endif + +ifeq ($(BR2_PACKAGE_ZEEK_ZEEKCTL),y) +ZEEK_DEPENDENCIES += host-swig python3 +ZEEK_CONF_OPTS += \ + -DDISABLE_PYTHON_BINDINGS=OFF \ + -DINSTALL_ZEEKCTL=ON \ + -DPY_MOD_INSTALL_DIR=/usr/lib/zeekctl \ + -DZEEK_PYTHON_PREFIX=/usr +else +ZEEK_CONF_OPTS += \ + -DDISABLE_PYTHON_BINDINGS=ON \ + -DINSTALL_ZEEKCTL=OFF +endif + +ifneq ($(BR2_TOOLCHAIN_USES_GLIBC),y) +ZEEK_DEPENDENCIES += musl-fts +ZEEK_CONF_OPTS += -DCMAKE_EXE_LINKER_FLAGS=-lfts +endif + +HOST_ZEEK_MAKE_OPTS = binpac bifcl + +define HOST_ZEEK_INSTALL_CMDS + $(INSTALL) -D -m 0755 $(HOST_ZEEK_BUILDDIR)/auxil/bifcl/bifcl \ + $(HOST_DIR)/bin/bifcl + $(INSTALL) -D -m 0755 $(HOST_ZEEK_BUILDDIR)/auxil/binpac/src/binpac \ + $(HOST_DIR)/bin/binpac +endef + +$(eval $(cmake-package)) +$(eval $(host-cmake-package))