Bro is a system for detecting Network Intruders in real-time by the guys

that brought you tcpdump, libpcap, and flex.

Bro is documented in the the USENIX 1998 Security Conference proceedings.

5 files changed, 70 insertions, 0 deletions

diff --git a/security/bro/Makefile b/security/bro/Makefile
new file mode 100644
index 000000000000..3de4d8077693
--- /dev/null
+++ b/security/bro/Makefile
@@ -0,0 +1,39 @@
+# ex:ts=8
+# Ports collection makefile for:  bro
+# Version required:     	  0.3alpha
+# Date created:			  Sat Feb 28, 1998
+# Whom:				  David O'Brien (obrien@FreeBSD.org)
+#
+# $Id$
+#
+
+DISTNAME=	vp-bro-0.3-alpha
+PKGNAME=	bro-0.3a
+CATEGORIES=	security net
+MASTER_SITES=	ftp://ee.lbl.gov/  \
+		ftp://ftp.nuxi.com/pub/misc/
+
+MAINTAINER=     obrien@NUXI.com
+
+WRKSRC=		${WRKDIR}/bro-0.3
+CONFIGURE_ARGS+=        --libdir=${PREFIX}/share
+GNU_CONFIGURE=	yes
+
+post-patch:
+	@${MV} ${WRKSRC}/util.cc ${WRKSRC}/util.cc.in
+	@${SED} -e "s|/usr/src/rtsg/bro/policy:/usr/local/lib/bro|${PREFIX}/share/bro|" \
+		${WRKSRC}/util.cc.in >${WRKSRC}/util.cc
+pre-install:
+	@${MKDIR} ${PREFIX}/share/bro
+
+post-install:
+	@strip ${PREFIX}/sbin/bro
+	@${INSTALL_DATA} ${WRKSRC}/policy/* ${PREFIX}/share/bro
+.if !defined(NOPORTDOCS)
+	@${MKDIR} ${PREFIX}/share/doc/bro
+	${INSTALL_MAN} ${WRKSRC}/doc/bro-usenix98-revised.ps \
+		${PREFIX}/share/doc/bro
+	@${GZIP_CMD} ${PREFIX}/share/doc/bro/bro-usenix98-revised.ps
+.endif
+
+.include <bsd.port.mk>
diff --git a/security/bro/distinfo b/security/bro/distinfo
new file mode 100644
index 000000000000..6f4333eb5899
--- /dev/null
+++ b/security/bro/distinfo
@@ -0,0 +1 @@
+MD5 (vp-bro-0.3-alpha.tar.gz) = ec573b765794d9396c53cff9d559e7d8
diff --git a/security/bro/pkg-comment b/security/bro/pkg-comment
new file mode 100644
index 000000000000..1cb763a05927
--- /dev/null
+++ b/security/bro/pkg-comment
@@ -0,0 +1 @@
+System for detecting Network Intruders in real-time
diff --git a/security/bro/pkg-descr b/security/bro/pkg-descr
new file mode 100644
index 000000000000..184d8017aa39
--- /dev/null
+++ b/security/bro/pkg-descr
@@ -0,0 +1,16 @@
+Bro is a system for detecting Network Intruders in real-time by the guys
+that brought you tcpdump, libpcap, and flex.
+
+Bro is a stand-alone system for detecting network intruders in real-time
+by passively monitoring a network link over which the intruder's traffic
+transits.  Bro is divided into an "event engine" that reduces a
+kernel-filtered network traffic stream into a series of higher-level
+events, and a "policy script interpreter" that interprets event handlers
+written in a specialized language used to express a site's security policy.
+Event handlers can update state information, synthesize new events, record
+information to disk, and generate real-time notifications via `syslog'.
+
+Bro is documented in the the USENIX 1998 Security Conference proceedings.
+
+-- David
+   obrien@cs.ucdavis.edu
diff --git a/security/bro/pkg-plist b/security/bro/pkg-plist
new file mode 100644
index 000000000000..275740b7f194
--- /dev/null
+++ b/security/bro/pkg-plist
@@ -0,0 +1,13 @@
+sbin/bro
+share/bro/bro.init
+share/bro/dns.bro
+share/bro/finger.bro
+share/bro/ftp.bro
+share/bro/hot.bro
+share/bro/mt.bro
+share/bro/port-name.bro
+share/bro/portmapper.bro
+share/bro/tcp.bro
+share/bro/telnet.bro
+share/bro/udp.bro
+share/doc/bro/bro-usenix98-revised.ps.gz