Index: head/sysutils/osquery/Makefile =================================================================== --- head/sysutils/osquery/Makefile (revision 386028) +++ head/sysutils/osquery/Makefile (revision 386029) @@ -1,74 +1,81 @@ # Created by: Ryan Steinmetz # $FreeBSD$ PORTNAME= osquery PORTVERSION= 1.4.5 +PORTREVISION= 1 CATEGORIES= sysutils MASTER_SITES= GH:ghc \ https://codeload.github.com/${PORTNAME}/third-party/tar.gz/${PORTVERSION}?dummy=/:gh DISTFILES= ${PORTNAME}-${PORTVERSION}.tar.gz:ghc \ third-party-${PORTVERSION}.tar.gz:gh MAINTAINER= zi@FreeBSD.org COMMENT= SQL powered OS instrumentation, monitoring, and analytics LICENSE= BSD3CLAUSE BUILD_DEPENDS= snappy>0:${PORTSDIR}/archivers/snappy \ rocksdb>0:${PORTSDIR}/databases/rocksdb \ thrift>0:${PORTSDIR}/devel/thrift \ thrift-cpp>0:${PORTSDIR}/devel/thrift-cpp \ bash>0:${PORTSDIR}/shells/bash \ yara>0:${PORTSDIR}/security/yara \ doxygen:${PORTSDIR}/devel/doxygen \ ${PYTHON_PKGNAMEPREFIX}MarkupSafe>0:${PORTSDIR}/textproc/py-MarkupSafe \ ${PYTHON_PKGNAMEPREFIX}psutil>0:${PORTSDIR}/sysutils/py-psutil \ ${PYTHON_PKGNAMEPREFIX}argparse>0:${PORTSDIR}/devel/py-argparse \ ${PYTHON_PKGNAMEPREFIX}pexpect>0:${PORTSDIR}/misc/py-pexpect \ ${PYTHON_PKGNAMEPREFIX}Jinja2>0:${PORTSDIR}/devel/py-Jinja2 \ ${PYTHON_PKGNAMEPREFIX}thrift>0:${PORTSDIR}/devel/py-thrift \ ${PYTHON_PKGNAMEPREFIX}pip>0:${PORTSDIR}/devel/py-pip LIB_DEPENDS= libboost_regex.so:${PORTSDIR}/devel/boost-libs \ libgflags.so:${PORTSDIR}/devel/gflags \ libicuuc.so:${PORTSDIR}/devel/icu USES= cmake:outsource gmake libtool python:build compiler:c++11-lib CMAKE_ENV+= OSQUERY_BUILD_VERSION="${PORTVERSION}" HOME="${WRKDIR}" SKIP_TESTS="yes" CMAKE_ARGS+= -DFREEBSD=awesome -DCMAKE_SYSTEM_NAME="FreeBSD" BLDDIR= ${WRKDIR}/.build/${PORTNAME} USE_RC_SUBR= ${PORTNAME}d USE_GITHUB= yes GH_ACCOUNT= facebook MAKE_JOBS_UNSAFE= yes .include .if ${OSVERSION} <= 1000000 CFLAGS+= -D_GLIBCXX_USE_C99 .endif post-extract: ${RMDIR} ${WRKSRC}/third-party ${LN} -sf ${WRKDIR}/third-party-${PORTVERSION} ${WRKSRC}/third-party post-patch: + ${REINPLACE_CMD} -e 's|/var/osquery|/var/db/osquery|g' \ + ${WRKSRC}/osquery/core/init.cpp + ${REINPLACE_CMD} -e 's|/var/osquery/osquery.em|/var/run/osquery.em|g' \ + -e 's|/etc/osquery/extensions.load|${PREFIX}/etc/osquery.extensions|g' \ + -e 's|/etc/osquery/modules.load|${PREFIX}/etc/osquery.modules|g' \ + ${WRKSRC}/osquery/extensions/extensions.cpp ${REINPLACE_CMD} -e 's|/var/osquery/osquery.conf|${PREFIX}/etc/osquery.conf|g' \ ${WRKSRC}/osquery/config/plugins/filesystem.cpp ${REINPLACE_CMD} -e 's|/var/osquery/|/var/db/osquery/|g' \ ${WRKSRC}/tools/deployment/osquery.example.conf ${REINPLACE_CMD} -e 's|python |${PYTHON_CMD} |g' \ ${WRKSRC}/CMake/CMakeLibs.cmake \ ${WRKSRC}/CMakeLists.txt do-install: ${INSTALL_PROGRAM} ${BLDDIR}/osqueryi ${STAGEDIR}${PREFIX}/bin ${INSTALL_PROGRAM} ${BLDDIR}/osqueryd ${STAGEDIR}${PREFIX}/sbin ${INSTALL_DATA} ${BLDDIR}/libosquery.a ${STAGEDIR}${PREFIX}/lib (cd ${WRKSRC}/include && ${COPYTREE_SHARE} ${PORTNAME} ${STAGEDIR}${PREFIX}/include) ${INSTALL_DATA} ${WRKSRC}/tools/deployment/osquery.example.conf \ ${STAGEDIR}${PREFIX}/etc/osquery.conf.sample post-stage: ${MKDIR} ${STAGEDIR}/var/db/osquery .include Index: head/sysutils/osquery/files/patch-osquery_tables_specs_blacklist =================================================================== --- head/sysutils/osquery/files/patch-osquery_tables_specs_blacklist (revision 386028) +++ head/sysutils/osquery/files/patch-osquery_tables_specs_blacklist (revision 386029) @@ -1,40 +1,40 @@ --- osquery/tables/specs/blacklist.orig 2015-05-05 00:16:41 UTC +++ osquery/tables/specs/blacklist @@ -1,4 +1,36 @@ # osquery/tables/specs/blacklist # Usage: add table spec names to this list to prevent table generation # Example: add tables that are not yet ready for release - +# Example: add a platform:table_name, which is not yet ready +freebsd:acpi_tables +freebsd:arp_cache +freebsd:block_devices +freebsd:chrome_extensions +freebsd:disk_encryption +freebsd:file_events +freebsd:firefox_addons +#freebsd:groups +freebsd:hardware_events +#freebsd:interface_addresses +#freebsd:interface_details +freebsd:kernel_info +freebsd:last +#freebsd:listening_ports +freebsd:mounts +freebsd:opera_extensions +freebsd:os_version +freebsd:passwd_changes +freebsd:pci_devices +freebsd:process_envs +freebsd:process_memory_map +freebsd:process_open_files +freebsd:process_open_sockets +freebsd:processes +freebsd:routes +freebsd:system_controls +freebsd:usb_devices -+freebsd:users ++#freebsd:users +freebsd:yara_events +freebsd:yara +freebsd:system_controls +freebsd:smbios_tables Index: head/sysutils/osquery/files/patch-osquery_tables_system_freebsd_groups.cpp =================================================================== --- head/sysutils/osquery/files/patch-osquery_tables_system_freebsd_groups.cpp (nonexistent) +++ head/sysutils/osquery/files/patch-osquery_tables_system_freebsd_groups.cpp (revision 386029) @@ -0,0 +1,43 @@ +--- osquery/tables/system/freebsd/groups.cpp.orig 2015-05-05 00:16:41 UTC ++++ osquery/tables/system/freebsd/groups.cpp +@@ -8,6 +8,11 @@ + * + */ + ++#include ++#include ++ ++#include ++ + #include + #include + +@@ -16,10 +21,26 @@ namespace tables { + + std::mutex grpEnumerationMutex; + +-QueryData genGroups(QueryContext& context) { ++QueryData genGroups(QueryContext &context) { ++ std::lock_guard lock(grpEnumerationMutex); + QueryData results; ++ struct group *grp = nullptr; ++ std::set groups_in; + +- throw std::domain_error("Table not implemented for FreeBSD"); ++ setgrent(); ++ while ((grp = getgrent()) != nullptr) { ++ if (std::find(groups_in.begin(), groups_in.end(), grp->gr_gid) == ++ groups_in.end()) { ++ Row r; ++ r["gid"] = INTEGER(grp->gr_gid); ++ r["gid_signed"] = INTEGER((int32_t) grp->gr_gid); ++ r["groupname"] = TEXT(grp->gr_name); ++ results.push_back(r); ++ groups_in.insert(grp->gr_gid); ++ } ++ } ++ endgrent(); ++ groups_in.clear(); + + return results; + } Property changes on: head/sysutils/osquery/files/patch-osquery_tables_system_freebsd_groups.cpp ___________________________________________________________________ Added: fbsd:nokeywords ## -0,0 +1 ## +yes \ No newline at end of property Added: svn:eol-style ## -0,0 +1 ## +native \ No newline at end of property Added: svn:mime-type ## -0,0 +1 ## +text/plain \ No newline at end of property Index: head/sysutils/osquery/files/patch-osquery_tables_system_freebsd_sysctl__utils.cpp =================================================================== --- head/sysutils/osquery/files/patch-osquery_tables_system_freebsd_sysctl__utils.cpp (revision 386028) +++ head/sysutils/osquery/files/patch-osquery_tables_system_freebsd_sysctl__utils.cpp (revision 386029) @@ -1,39 +1,39 @@ ---- osquery/tables/system/freebsd/sysctl_utils.cpp.orig 2015-05-08 22:20:24 UTC +--- osquery/tables/system/freebsd/sysctl_utils.cpp.orig 2015-05-10 20:45:08 UTC +++ osquery/tables/system/freebsd/sysctl_utils.cpp @@ -0,0 +1,36 @@ +/* + * Copyright (c) 2014, Facebook, Inc. + * All rights reserved. + * + * This source code is licensed under the BSD-style license found in the + * LICENSE file in the root directory of this source tree. An additional grant + * of patent rights can be found in the PATENTS file in the same directory. + * + */ + +//#include + +#include +#include + +#include "osquery/tables/system/sysctl_utils.h" + +namespace osquery { +namespace tables { + +void genControlInfo(int* oid, + size_t oid_size, + QueryData& results, + const std::map& config) { +} + +void genControlInfoFromName(const std::string& name, QueryData& results, + const std::map& config) { +} + +void genAllControls(QueryData& results, + const std::map& config, + const std::string& subsystem) { +} +} +} Index: head/sysutils/osquery/files/patch-osquery_tables_system_freebsd_users.cpp =================================================================== --- head/sysutils/osquery/files/patch-osquery_tables_system_freebsd_users.cpp (nonexistent) +++ head/sysutils/osquery/files/patch-osquery_tables_system_freebsd_users.cpp (revision 386029) @@ -0,0 +1,49 @@ +--- osquery/tables/system/freebsd/users.cpp.orig 2015-05-05 00:16:41 UTC ++++ osquery/tables/system/freebsd/users.cpp +@@ -8,16 +8,45 @@ + * + */ + ++#include ++#include ++#include ++#include ++ ++#include ++ + #include + #include + + namespace osquery { + namespace tables { + ++std::mutex pwdEnumerationMutex; ++ + QueryData genUsers(QueryContext& context) { ++ std::lock_guard lock(pwdEnumerationMutex); + QueryData results; ++ struct passwd *pwd = nullptr; ++ std::set users_in; + +- throw std::domain_error("Table not implemented for FreeBSD"); ++ while ((pwd = getpwent()) != nullptr) { ++ if (std::find(users_in.begin(), users_in.end(), pwd->pw_uid) == ++ users_in.end()) { ++ Row r; ++ r["uid"] = BIGINT(pwd->pw_uid); ++ r["gid"] = BIGINT(pwd->pw_gid); ++ r["uid_signed"] = BIGINT((int32_t) pwd->pw_uid); ++ r["gid_signed"] = BIGINT((int32_t) pwd->pw_gid); ++ r["username"] = TEXT(pwd->pw_name); ++ r["description"] = TEXT(pwd->pw_gecos); ++ r["directory"] = TEXT(pwd->pw_dir); ++ r["shell"] = TEXT(pwd->pw_shell); ++ results.push_back(r); ++ users_in.insert(pwd->pw_uid); ++ } ++ } ++ endpwent(); ++ users_in.clear(); + + return results; + } Property changes on: head/sysutils/osquery/files/patch-osquery_tables_system_freebsd_users.cpp ___________________________________________________________________ Added: fbsd:nokeywords ## -0,0 +1 ## +yes \ No newline at end of property Added: svn:eol-style ## -0,0 +1 ## +native \ No newline at end of property Added: svn:mime-type ## -0,0 +1 ## +text/plain \ No newline at end of property