Port details on branch 2022Q2 |
- zeek System for detecting network intruders in real-time
- 4.0.7 security =0 6.0.2_1Version of this port present on the latest quarterly branch.
- Maintainer: leres@FreeBSD.org
- Port Added: 2022-06-04 00:24:06
- Last Update: 2022-06-04 00:23:17
- Commit Hash: 484cb70
- License: BSD3CLAUSE
- WWW:
- https://www.zeek.org/
- Description:
- Zeek (formerly known as Bro) is an open-source, Unix-based Network
Intrusion Detection System (NIDS) that passively monitors network
traffic and looks for suspicious activity. Zeek detects intrusions
by first parsing network traffic to extract its application-level
semantics and then executing event-oriented analyzers that compare
the activity with patterns deemed troublesome. Its analysis includes
detection of specific attacks (including those defined by signatures,
but also those defined in terms of events) and unusual activities
(e.g., certain hosts connecting to certain services, or patterns
of failed connection attempts).
Zeek is documented in the USENIX 1998 Security Conference proceedings
(as Bro).
WWW: https://www.zeek.org/
- ¦ ¦ ¦ ¦
- Manual pages:
-
- pkg-plist: as obtained via:
make generate-plist - Dependency lines:
-
- To install the port:
- cd /usr/ports/security/zeek/ && make install clean
- To add the package, run one of these commands:
- pkg install security/zeek
- pkg install zeek
NOTE: If this package has multiple flavors (see below), then use one of them instead of the name specified above.- PKGNAME: zeek
- Flavors: there is no flavor information for this port.
- distinfo:
- TIMESTAMP = 1654276667
SHA256 (zeek-4.0.7.tar.gz) = e9ee7c6fcf676473419c40dbb5aff2b4e25853f710a5d45c0029683bab09727e
SIZE (zeek-4.0.7.tar.gz) = 32888207
Packages (timestamps in pop-ups are UTC):
- Dependencies
- NOTE: FreshPorts displays only information on required and default dependencies. Optional dependencies are not covered.
- Build dependencies:
-
- swig : devel/swig
- ipsumdump : net/ipsumdump
- bash : shells/bash
- py38-sqlite3>0 : databases/py-sqlite3@py38
- swig : devel/swig
- bison : devel/bison
- cmake : devel/cmake
- ninja : devel/ninja
- python3.8 : lang/python38
- perl5>=5.32.r0<5.33 : lang/perl5.32
- Runtime dependencies:
-
- ipsumdump : net/ipsumdump
- cf : sysutils/lbl-cf
- hf : sysutils/lbl-hf
- bash : shells/bash
- py38-sqlite3>0 : databases/py-sqlite3@py38
- py38-zkg>=2.7.1 : security/py-zkg@py38
- python3.8 : lang/python38
- perl5>=5.32.r0<5.33 : lang/perl5.32
- Library dependencies:
-
- libmaxminddb.so : net/libmaxminddb
- libintl.so : devel/gettext-runtime
- There are no ports dependent upon this port
Configuration Options:
- ===> The following configuration options are available for zeek-4.0.7:
BROKER=on: Enable the Broker communication library
GEOIP2=on: Build with GeoIP2 (MaxMindDB) support
IPSUMDUMP=on: Enables traffic summaries
LBL_CF=on: Unix time to formated time/date filter support
LBL_HF=on: Address to hostname filter support
NETMAP=on: Native Netmap Packet IOSource for Zeek
PERFTOOLS=off: Use Perftools to improve memory & CPU usage
ZEEKCTL=on: ZeekControl support (implies BROKER and IPSUMDUMP)
ZKG=on: Zeek package manager support
====> Options available for the single BUILD_TYPE: you have to select exactly one of them
DEBUG=off: Optimizations off, debug symbols/flags on
MINSIZEREL=off: Optimizations on, debug symbols/flags off
RELEASE=on: Optimizations on, debug symbols/flags off
RELWITHDEBINFO=off: Optimizations/debug symbols on, debug flags off
===> Use 'make config' to modify these settings
- Options name:
- security_zeek
- USES:
- bison cmake compiler:c++11-lang cpe gettext-runtime ninja perl5 python shebangfix ssl
- pkg-message:
- For install:
- The rc.d script now honors the zeek_user rc.d variable. To run as
a user other than root (the default) you need to make a few changes.
For example to run as the user zeek, add this to /etc/rc.conf:
zeek_enable="YES"
zeek_user="zeek"
Add this to /etc/devfs.conf:
own bpf root:bpf
perm bpf 0660
And add zeek to the bpf group:
bpf:*:81:zeek
and restart the devfs service:
service devfs restart
or reboot.
If the interface defined in node.cfg is configured for NIC checksum
offloading (the default when this feature is supported by the
hardware) you will want to set ignore_checksums in site/local.zeek:
redef ignore_checksums = T;
- If removing:
- During deinstall of this package, the cfg files for zeekctl are not
deleted if you have edited them. Instead the software will create
a .sample file and the edited files will remain in place when you
upgrade. If you want to delete them, you have to remove the
/usr/local/etc directory manually.
You may also need to manually remove /usr/local/spool/state.db
- Master Sites:
|