| Port details |
- zeek System for detecting network intruders in real-time
- 8.0.8 security
 =2       8.0.6_1Version of this port present on the latest quarterly branch. - Maintainer: leres@FreeBSD.org
- Port Added: 2019-11-17 01:03:14
- Last Update: 2026-05-12 23:31:15
- Commit Hash: 8c6ab50
- People watching this port, also watch:: monit, grafana, libinotify, coreutils, gogs
- License: CC-BY-4.0
- WWW:
- https://www.zeek.org/
- Description:
- Zeek (formerly known as Bro) is an open-source, Unix-based Network
Intrusion Detection System (NIDS) that passively monitors network
traffic and looks for suspicious activity. Zeek detects intrusions
by first parsing network traffic to extract its application-level
semantics and then executing event-oriented analyzers that compare
the activity with patterns deemed troublesome. Its analysis includes
detection of specific attacks (including those defined by signatures,
but also those defined in terms of events) and unusual activities
(e.g., certain hosts connecting to certain services, or patterns
of failed connection attempts).
Zeek is documented in the USENIX 1998 Security Conference proceedings
(as Bro).
  ¦  ¦  ¦  ¦ 
- Manual pages:
-
- pkg-plist: as obtained via:
make generate-plist - USE_RC_SUBR (Service Scripts)
-
- Dependency lines:
-
- To install the port:
- cd /usr/ports/security/zeek/ && make install clean
- To add the package, run one of these commands:
- pkg install security/zeek
- pkg install zeek
NOTE: If this package has multiple flavors (see below), then use one of them instead of the name specified above.- PKGNAME: zeek
- Flavors: there is no flavor information for this port.
- distinfo:
- TIMESTAMP = 1778626523
SHA256 (zeek-8.0.8.tar.gz) = 4fe714238cdecb72234c287e9e18178ff40a95fe195bd513471e4ef79ff42e7c
SIZE (zeek-8.0.8.tar.gz) = 100080362
Packages (timestamps in pop-ups are UTC):
- Dependencies
- NOTE: FreshPorts displays only information on required and default dependencies. Optional dependencies are not covered.
- Build dependencies:
-
- bison>=3.3 : devel/bison
- flex>=2.6 : textproc/flex
- swig>=4.0.2 : devel/swig
- ipsumdump : net/ipsumdump
- bash : shells/bash
- py311-sqlite3>0 : databases/py-sqlite3@py311
- bison : devel/bison
- cmake : devel/cmake-core
- ninja : devel/ninja
- gettext-runtime>=0.26 : devel/gettext-runtime
- python3.11 : lang/python311
- perl5>=5.42.r<5.43 : lang/perl5.42
- Test dependencies:
-
- python3.11 : lang/python311
- Runtime dependencies:
-
- c-ares>=1.25.0 : dns/c-ares
- ipsumdump : net/ipsumdump
- cf : sysutils/lbl-cf
- hf : sysutils/lbl-hf
- bash : shells/bash
- py311-sqlite3>0 : databases/py-sqlite3@py311
- py311-zkg>=2.7.1 : security/py-zkg@py311
- python3.11 : lang/python311
- perl5>=5.42.r<5.43 : lang/perl5.42
- Library dependencies:
-
- libcares.so : dns/c-ares
- libzmq.so : net/libzmq4
- libmaxminddb.so : net/libmaxminddb
- libintl.so : devel/gettext-runtime
- There are no ports dependent upon this port
Configuration Options:- ===> The following configuration options are available for zeek-8.0.8:
GEOIP2=on: Build with GeoIP2 (MaxMindDB) support
IPSUMDUMP=on: Enables traffic summaries
LBL_CF=on: Unix time to formated time/date filter support
LBL_HF=on: Address to hostname filter support
PERFTOOLS=off: Use Perftools to improve memory & CPU usage
SPICY=on: Enable the Spicy parser generator
ZEEKCTL=on: ZeekControl support (implies IPSUMDUMP)
ZKG=on: Zeek package manager support
====> Options available for the single BUILD_TYPE: you have to select exactly one of them
DEBUG=off: Optimizations off, debug symbols/flags on
MINSIZEREL=off: Optimizations on, debug symbols/flags off
RELEASE=on: Optimizations on, debug symbols/flags off
RELWITHDEBINFO=off: Optimizations/debug symbols on, debug flags off
===> Use 'make config' to modify these settings
- Options name:
- security_zeek
- USES:
- bison cmake compiler:c++17-lang cpe gettext-runtime perl5 python:3.9+ shebangfix ssl
- FreshPorts was unable to extract/find any pkg message
- Master Sites:
|
| Commit History - (may be incomplete: for full details, see links to repositories near top of page) |
| Commit | Credits | Log message |
|---|
3.0.5
15 Apr 2020 00:01:37
   |
leres |
security/zeek: Update to 3.0.5
Chase latest version number that contains a simple fix not relevant
to supported versions of FreeBSD (hence no MFH).
https://raw.githubusercontent.com/zeek/zeek/3ad19762770c567edc3498b3c1f9f216f46970b0/NEWS
- Same as 3.0.4 but fixes compilation on various platforms with
older compilers, for example GCC 4.8.x. |
3.0.4
14 Apr 2020 20:55:15
|
leres |
security/zeek: Update to 3.0.4 and address a remote crash vulnerability:
https://github.com/zeek/zeek/blob/e059d4ec2e689b3c8942f4aa08b272f24ed3f612/NEWS
- Fix stack overflow in POP3 analyzer. An attacker can crash Zeek
remotely via crafted packet sequence.
Other fixes:
- Fix use-after-free in Zeek lambda functions with uninitialized
locals
- Fix buffer overflow due to tables/records created at parse-time
not rebuilt on record redef
(Only the first 15 lines of the commit message are shown above  ) |
3.0.3_1
14 Apr 2020 18:10:15
|
leres |
security/zeek: Fix typo in the rc.d script
(From the PR) "bro_stop" should say "zeek_stop" instead.
PR: 245612
Reported by: bugs@codejammer.se
MFH: 2020Q2 |
3.0.3
18 Mar 2020 00:34:19
|
leres |
security/zeek: Limit portscout to even long term support release versions
https://github.com/zeek/zeek/releases
Zeek 3.0.x is the Long-Term Support release, receiving bug fixes
until at least October 2020 while Zeek 3.1.x is the current
feature release, receiving bug fixes until approximately July
2020 when the 3.2.x release series begins.
Approved by: matthew (mentor, implicit) |
3.0.3
15 Mar 2020 22:44:26
|
leres |
security/bro: Update to 3.0.3 and address a number of potential
denial of service issues:
https://github.com/zeek/zeek/releases/tag/v3.0.2
https://github.com/zeek/zeek/releases/tag/v3.0.3
- Potential Denial of Service due to memory leak in DNS TSIG message
parsing.
- Potential Denial of Service due to memory leak (or assertion
when compiling with assertions enabled) when receiving a second
SSH KEX message after a first.
- Potential Denial of Service due to buffer read overflow and/or
memory leaks in Kerberos analyzer. The buffer read overflow (Only the first 15 lines of the commit message are shown above ) |
3.0.1
11 Dec 2019 21:43:22
|
leres |
security/bro: Update to 3.0.1. As announced by Jon Siwek:
This is a bug-fix release that most notably addresses a JSON
logging performance regression in 3.0.0, but also fixes other
minor bugs. A list which details the changes can be found here:
https://github.com/zeek/zeek/releases/tag/v3.0.1
Approved by: ler (mentor, implicit) |
3.0.0
17 Nov 2019 01:03:04
|
leres |
security/zeek: This adds security/zeek, the new version of security/bro.
This is being done as svn copy instead of rename so that users of
security/bro can have some time to migrate. It also allows for
possible security updates to the old bro port which upstream has
indicated is possible for at least a few months.
Reviewed by: ler (mentor)
Approved by: ler (mentor)
Differential Revision: https://reviews.freebsd.org/D22376 |
As an Amazon Associate I earn from qualifying purchases.