Index: head/sysutils/osquery/Makefile =================================================================== --- head/sysutils/osquery/Makefile (revision 439913) +++ head/sysutils/osquery/Makefile (revision 439914) @@ -1,69 +1,91 @@ # Created by: Ryan Steinmetz # $FreeBSD$ PORTNAME= osquery -PORTVERSION= 2.4.0 +PORTVERSION= 2.4.3 CATEGORIES= sysutils MAINTAINER= zi@FreeBSD.org COMMENT= SQL powered OS instrumentation, monitoring, and analytics LICENSE= BSD3CLAUSE LICENSE_FILE= ${WRKSRC}/LICENSE BUILD_DEPENDS= thrift>0:devel/thrift \ bash>0:shells/bash \ linenoise-ng>0:devel/linenoise-ng \ asio>0:net/asio \ ${PYTHON_PKGNAMEPREFIX}Jinja2>0:devel/py-Jinja2 LIB_DEPENDS= libaugeas.so:textproc/augeas \ libboost_regex.so:devel/boost-libs \ libgflags.so:devel/gflags \ libglog.so:devel/glog \ libicuuc.so:devel/icu \ - libthrift.so:devel/thrift-cpp \ - libtsk.so:sysutils/sleuthkit \ - libcppnetlib-uri.so:devel/cpp-netlib \ librocksdb-lite.so:databases/rocksdb-lite \ - libyara.so:security/yara \ - liblldpctl.so:net-mgmt/lldpd + libthrift.so:devel/thrift-cpp \ + libcppnetlib-uri.so:devel/cpp-netlib +RUN_DEPENDS= ca_root_nss>0:security/ca_root_nss USES= cmake:outsource gmake libtool python:build compiler:c++11-lib CONFIGURE_ENV+= OSQUERY_BUILD_VERSION="${PORTVERSION}" HOME="${WRKDIR}" \ SKIP_TESTS="yes" CC="${CC}" CXX="${CXX}" CMAKE_ARGS+= -DFREEBSD=awesome -DCMAKE_SYSTEM_NAME="FreeBSD" BLDDIR= ${WRKDIR}/.build/${PORTNAME} USE_RC_SUBR= ${PORTNAME}d USE_GITHUB= yes GH_ACCOUNT= facebook ${PORTNAME}:tp GH_PROJECT= third-party:tp GH_SUBDIR= third-party:tp MAKE_JOBS_UNSAFE= yes +# Some options for things that bring in many dependencies +OPTIONS_DEFINE= TSK AWS YARA LLDPD + +TSK_DESC= Build with sleuthkit support +TSK_LIB_DEPENDS= libtsk.so:sysutils/sleuthkit +TSK_CONFIGURE_ENV_OFF= SKIP_TSK=1 + +AWS_DESC= Support logging to AWS Kinesis +AWS_LIB_DEPENDS= libaws-cpp-sdk-core.so:devel/aws-sdk-cpp +AWS_CONFIGURE_ENV_OFF= SKIP_AWS=1 + +YARA_DESC= Build with YARA malware identification support +YARA_LIB_DEPENDS= libyara.so:security/yara +YARA_CONFIGURE_ENV_OFF= SKIP_YARA=1 + +LLDPD_DESC= Support Link Layer Discovery Protocol +LLDPD_LIB_DEPENDS= liblldpctl.so:net-mgmt/lldpd +LLDPD_CONFIGURE_ENV_OFF= SKIP_LLDPD=1 + .include .if ${OSVERSION} < 1100000 BUILD_DEPENDS+= clang38:devel/llvm38 CC= clang38 CXX= clang++38 .endif post-patch: ${REINPLACE_CMD} -e 's|/var/osquery/|/var/db/osquery/|g' \ ${WRKSRC}/tools/deployment/osquery.example.conf + ${REINPLACE_CMD} -e 's|/etc/osquery/yara/|/var/db/osquery/yara/|g' \ + ${WRKSRC}/osquery/tables/yara/yara.cpp \ + ${WRKSRC}/osquery/tables/yara/yara_utils.cpp \ + ${WRKSRC}/specs/yara/yara.table ${REINPLACE_CMD} -e 's|python|${PYTHON_CMD}|g' \ ${WRKSRC}/CMakeLists.txt \ ${WRKSRC}/tools/get_platform.py do-install: ${INSTALL_PROGRAM} ${BLDDIR}/osqueryi ${STAGEDIR}${PREFIX}/bin ${INSTALL_PROGRAM} ${BLDDIR}/osqueryd ${STAGEDIR}${PREFIX}/sbin ${INSTALL_DATA} ${BLDDIR}/libosquery.a ${STAGEDIR}${PREFIX}/lib (cd ${WRKSRC}/include && ${COPYTREE_SHARE} ${PORTNAME} ${STAGEDIR}${PREFIX}/include) ${INSTALL_DATA} ${WRKSRC}/tools/deployment/osquery.example.conf \ ${STAGEDIR}${PREFIX}/etc/osquery.conf.sample + ${TOUCH} ${STAGEDIR}${PREFIX}/etc/osquery.flags ${MKDIR} ${STAGEDIR}/var/db/osquery ${MKDIR} ${STAGEDIR}/var/log/osquery .include Index: head/sysutils/osquery/distinfo =================================================================== --- head/sysutils/osquery/distinfo (revision 439913) +++ head/sysutils/osquery/distinfo (revision 439914) @@ -1,5 +1,5 @@ -TIMESTAMP = 1492024136 -SHA256 (facebook-osquery-2.4.0_GH0.tar.gz) = e5c3f01ac10ac9a9732f9610921cea8e8a7234a18061cf58e22dc86b2b74d685 -SIZE (facebook-osquery-2.4.0_GH0.tar.gz) = 874186 -SHA256 (osquery-third-party-2.4.0_GH0.tar.gz) = 729830902faa4f438c77dfdce849bfbc862501591e3a51154f0e0fbe14af7ede -SIZE (osquery-third-party-2.4.0_GH0.tar.gz) = 3864623 +TIMESTAMP = 1493669104 +SHA256 (facebook-osquery-2.4.3_GH0.tar.gz) = 60dd80c6c8633c5baa307fb7aab296cf8726c9d7044b2c14d064547af1ef89c0 +SIZE (facebook-osquery-2.4.3_GH0.tar.gz) = 896305 +SHA256 (osquery-third-party-2.4.3_GH0.tar.gz) = 1119deb9265697021a5fe9f8214be444745811eedd9d291e7d15b5dd1bc709fa +SIZE (osquery-third-party-2.4.3_GH0.tar.gz) = 3229298 Index: head/sysutils/osquery/files/osqueryd.in =================================================================== --- head/sysutils/osquery/files/osqueryd.in (revision 439913) +++ head/sysutils/osquery/files/osqueryd.in (revision 439914) @@ -1,41 +1,41 @@ #!/bin/sh # # $FreeBSD$ # # PROVIDE: osqueryd # REQUIRE: %%REQUIRE%% # KEYWORD: shutdown # # Add the following lines to /etc/rc.conf to enable osqueryd: # # osqueryd_enable="YES" # . /etc/rc.subr name=osqueryd rcvar=osqueryd_enable load_rc_config $name command=%%PREFIX%%/sbin/osqueryd osqueryd_enable=${osqueryd_enable-"NO"} osqueryd_flags=${osqueryd_flags-""} osqueryd_config=${osqueryd_config-"%%PREFIX%%/etc/osquery.conf"} required_files=${osqueryd_config} -command_args="--pidfile /var/run/osqueryd.pid --disable_watchdog --daemonize=true --database_path /var/db/osquery/osqueryd --extensions_socket /var/run/osquery.em --extensions_autoload %%PREFIX%%/etc/osquery.extensions --modules_autoload %%PREFIX%%/etc/osquery.modules --config_path=${osqueryd_config}" +command_args="--pidfile /var/run/osqueryd.pid --disable_watchdog --daemonize=true --database_path /var/db/osquery/osqueryd --extensions_socket /var/run/osquery.em --extensions_autoload %%PREFIX%%/etc/osquery.extensions --modules_autoload %%PREFIX%%/etc/osquery.modules --tls_server_certs /etc/ssl/cert.pem --flagfile %%PREFIX%%/etc/osquery.flags --config_path=${osqueryd_config}" extra_commands="configtest" configtest_cmd="configtest" pidfile="/var/run/osqueryd.pid" start_precmd=prestart configtest() { ${command} ${osqueryd_flags} --config_check --config_path=${osqueryd_config} --verbose } prestart() { install -d /var/db/osquery } run_rc_command "$1" Index: head/sysutils/osquery/pkg-message =================================================================== --- head/sysutils/osquery/pkg-message (nonexistent) +++ head/sysutils/osquery/pkg-message (revision 439914) @@ -0,0 +1,4 @@ +Note that some osquery tables are currently unsupported on FreeBSD. A list of +disabled tables can be found at: + +https://github.com/facebook/osquery/blob/master/specs/blacklist Property changes on: head/sysutils/osquery/pkg-message ___________________________________________________________________ Added: fbsd:nokeywords ## -0,0 +1 ## +yes \ No newline at end of property Added: svn:eol-style ## -0,0 +1 ## +native \ No newline at end of property Added: svn:mime-type ## -0,0 +1 ## +text/plain \ No newline at end of property Index: head/sysutils/osquery/pkg-plist =================================================================== --- head/sysutils/osquery/pkg-plist (revision 439913) +++ head/sysutils/osquery/pkg-plist (revision 439914) @@ -1,24 +1,25 @@ bin/osqueryi @dir /var/db/osquery @dir /var/log/osquery +etc/osquery.flags include/osquery/config.h include/osquery/core.h include/osquery/database.h include/osquery/dispatcher.h include/osquery/distributed.h include/osquery/enroll.h include/osquery/events.h include/osquery/extensions.h include/osquery/filesystem.h include/osquery/flags.h include/osquery/logger.h include/osquery/packs.h include/osquery/registry.h include/osquery/sdk.h include/osquery/sql.h include/osquery/status.h include/osquery/system.h include/osquery/tables.h lib/libosquery.a sbin/osqueryd @sample etc/osquery.conf.sample