| Port details on branch 2021Q3 |
- zeek System for detecting network intruders in real-time
- 4.0.4 security
 =0       4.0.4Version of this port present on the latest quarterly branch. - Maintainer: leres@FreeBSD.org
- Port Added: 2021-09-22 22:45:08
- Last Update: 2021-09-22 22:39:22
- Commit Hash: 8fea8f9
- License: BSD3CLAUSE
- WWW:
- https://www.zeek.org/
- Description:
- Zeek (formerly known as Bro) is an open-source, Unix-based Network
Intrusion Detection System (NIDS) that passively monitors network
traffic and looks for suspicious activity. Zeek detects intrusions
by first parsing network traffic to extract its application-level
semantics and then executing event-oriented analyzers that compare
the activity with patterns deemed troublesome. Its analysis includes
detection of specific attacks (including those defined by signatures,
but also those defined in terms of events) and unusual activities
(e.g., certain hosts connecting to certain services, or patterns
of failed connection attempts).
Zeek is documented in the USENIX 1998 Security Conference proceedings
(as Bro).
WWW: https://www.zeek.org/
  ¦  ¦  ¦  ¦ 
- Manual pages:
-
- pkg-plist: as obtained via:
make generate-plist - Dependency lines:
-
- To install the port:
- cd /usr/ports/security/zeek/ && make install clean
- To add the package, run one of these commands:
- pkg install security/zeek
- pkg install zeek
NOTE: If this package has multiple flavors (see below), then use one of them instead of the name specified above.- PKGNAME: zeek
- Flavors: there is no flavor information for this port.
- distinfo:
- TIMESTAMP = 1632345196
SHA256 (zeek-4.0.4.tar.gz) = d9991de344fa8ed8c92d130837309655dc9e22c4f5e53c141dce6deee5c0505c
SIZE (zeek-4.0.4.tar.gz) = 30981125
Packages (timestamps in pop-ups are UTC):
- Dependencies
- NOTE: FreshPorts displays only information on required and default dependencies. Optional dependencies are not covered.
- Build dependencies:
-
- swig : devel/swig
- ipsumdump : net/ipsumdump
- bash : shells/bash
- py38-sqlite3>0 : databases/py-sqlite3@py38
- swig : devel/swig
- bison : devel/bison
- cmake : devel/cmake
- ninja : devel/ninja
- python3.8 : lang/python38
- perl5>=5.32.r0<5.33 : lang/perl5.32
- Runtime dependencies:
-
- ipsumdump : net/ipsumdump
- cf : sysutils/lbl-cf
- hf : sysutils/lbl-hf
- bash : shells/bash
- py38-sqlite3>0 : databases/py-sqlite3@py38
- py38-zkg>=2.7.1 : security/py-zkg@py38
- python3.8 : lang/python38
- perl5>=5.32.r0<5.33 : lang/perl5.32
- Library dependencies:
-
- libmaxminddb.so : net/libmaxminddb
- libintl.so : devel/gettext-runtime
- There are no ports dependent upon this port
Configuration Options:- ===> The following configuration options are available for zeek-4.0.4:
BROKER=on: Enable the Broker communication library
GEOIP2=on: Build with GeoIP2 (MaxMindDB) support
IPSUMDUMP=on: Enables traffic summaries
LBL_CF=on: Unix time to formated time/date filter support
LBL_HF=on: Address to hostname filter support
NETMAP=on: Native Netmap Packet IOSource for Zeek
PERFTOOLS=off: Use Perftools to improve memory & CPU usage
ZEEKCTL=on: ZeekControl support (implies BROKER and IPSUMDUMP)
ZKG=on: Zeek package manager support
====> Options available for the single BUILD_TYPE: you have to select exactly one of them
DEBUG=off: Optimizations off, debug symbols/flags on
MINSIZEREL=off: Optimizations on, debug symbols/flags off
RELEASE=on: Optimizations on, debug symbols/flags off
RELWITHDEBINFO=off: Optimizations/debug symbols on, debug flags off
===> Use 'make config' to modify these settings
- Options name:
- security_zeek
- USES:
- bison cmake compiler:c++11-lang cpe gettext-runtime ninja perl5 python shebangfix ssl
- pkg-message:
- For install:
- The rc.d script now honors the zeek_user rc.d variable. To run as
a user other than root (the default) you need to make a few changes.
For example to run as the user zeek, add this to /etc/rc.conf:
zeek_enable="YES"
zeek_user="zeek"
Add this to /etc/devfs.conf:
own bpf root:bpf
perm bpf 0660
And add zeek to the bpf group:
bpf:*:81:zeek
and restart the devfs service:
service devfs restart
or reboot.
If the interface defined in node.cfg is configured for NIC checksum
offloading (the default when this feature is supported by the
hardware) you will want to set ignore_checksums in site/local.zeek:
redef ignore_checksums = T;
- If removing:
- During deinstall of this package, the cfg files for zeekctl are not
deleted if you have edited them. Instead the software will create
a .sample file and the edited files will remain in place when you
upgrade. If you want to delete them, you have to remove the
/usr/local/etc directory manually.
You may also need to manually remove /usr/local/spool/state.db
- Master Sites:
|
| Commit History - (may be incomplete: for full details, see links to repositories near top of page) |
| Commit | Credits | Log message |
|---|
4.0.4
22 Sep 2021 22:39:22
 |
Craig Leres (leres) |
security/zeek: Update to 4.0.4
https://github.com/zeek/zeek/releases/tag/v4.0.4
This release fixes two vulnerabilities:
- Paths from log stream make it into system() unchecked, potentially
leading to commands being run on the system unintentionally.
This requires either bad scripting or a malicious package to be
installed, and is considered low severity.
- Fix potential unbounded state growth in the PIA analyzer when
receiving a connection with either a large number of zero-length
packets, or one which continues ack-ing unseen segments. It is
possible to run Zeek out of memory in these instances and cause(Only the first 15 lines of the commit message are shown above  ) |
4.0.3_1
22 Sep 2021 22:39:21
|
Craig Leres (leres)
Author: Bernhard Froehlich |
security/zeek: Add CPE information
Approved by: portmgr (blanket)
(cherry picked from commit d95d0cfd846bdf61ec728462c20006f2f73eadc4) |
4.0.3_1
22 Sep 2021 22:39:20
|
Craig Leres (leres) |
security/zeek: Add @sample for local.zeek
This github issue:
https://github.com/zeek/zeekctl/issues/35
complained about the lack of a local.zeek file on a fresh install;
adding @sample for local.zeek solves this.
Reported by: shadonet
(cherry picked from commit 7c9b2f40c5f2557d87cc1d2ce7d968377b13d6b3) |
4.0.3
22 Sep 2021 22:39:20
|
Craig Leres (leres)
Author: Piotr Kubaj |
security/zeek: fix build on powerpc64*
In file included from
/wrkdirs/usr/ports/security/zeek/work/zeek-4.0.3/auxil/highwayhash/highwayhash/arch_specific.cc:27:
/usr/include/sys/sysctl.h:1185:25: error: unknown type name 'u_int'
int sysctl(const int *, u_int, void *, size_t *, const void *, size_t);
(cherry picked from commit b91d1bd03771d45095637061c58baba5e62fc991) |
4.0.3
22 Sep 2021 22:39:19
|
Craig Leres (leres) |
security/zeek: Unbreak build under 14.0-CURRENT
According to the cpuset(2) man page, sys/param.h must be included
before sys/cpuset.h. This was fixed in zeek (in the highwayhash
submodule) in May of 2020 and undone in August of 2020. Add a patch
that matches the pull request I just created with upstream:
https://github.com/zeek/highwayhash/pull/1
Thanks to @pluknet for diagnosing the build failure.
Reported by: pkg-fallout
(cherry picked from commit 385875760f0749c31b4c596f4663485b7d68b464) |
4.0.3
22 Sep 2021 22:39:18
|
Craig Leres (leres) |
security/zeek: Update to 4.0.3
https://github.com/zeek/zeek/releases/tag/v4.0.3
This release fixes the following bugs:
- Zeek now accepts unset fields in the input data only when the
corresponding record field is &optional.
- The version field in ssh.log is now optional and will not be set
if we cannot determine the version that was negotiated by the
client and server.
- Zeekctl could crash at startup on certain compilers and platforms
due to a memory corruption issue in the Broker python bindings.(Only the first 15 lines of the commit message are shown above ) |
As an Amazon Associate I earn from qualifying purchases.