diff options
author | Mx Kookie <kookie@spacekookie.de> | 2020-10-31 19:35:09 +0100 |
---|---|---|
committer | Mx Kookie <kookie@spacekookie.de> | 2020-10-31 19:35:09 +0100 |
commit | c4625b175f8200f643fd6e11010932ea44c78433 (patch) | |
tree | bce3f89888c8ac3991fa5569a878a9eab6801ccc /infra/libkookie/nixpkgs/pkgs/applications/networking/ids | |
parent | 49f735974dd103039ddc4cb576bb76555164a9e7 (diff) | |
parent | d661aa56a8843e991261510c1bb28fdc2f6975ae (diff) |
Add 'infra/libkookie/' from commit 'd661aa56a8843e991261510c1bb28fdc2f6975ae'
git-subtree-dir: infra/libkookie
git-subtree-mainline: 49f735974dd103039ddc4cb576bb76555164a9e7
git-subtree-split: d661aa56a8843e991261510c1bb28fdc2f6975ae
Diffstat (limited to 'infra/libkookie/nixpkgs/pkgs/applications/networking/ids')
6 files changed, 375 insertions, 0 deletions
diff --git a/infra/libkookie/nixpkgs/pkgs/applications/networking/ids/daq/default.nix b/infra/libkookie/nixpkgs/pkgs/applications/networking/ids/daq/default.nix new file mode 100644 index 000000000000..871aba0a669f --- /dev/null +++ b/infra/libkookie/nixpkgs/pkgs/applications/networking/ids/daq/default.nix @@ -0,0 +1,27 @@ +{stdenv, fetchurl, flex, bison, libpcap, libdnet, libnfnetlink, libnetfilter_queue}: + +stdenv.mkDerivation rec { + name = "daq-2.2.2"; + + src = fetchurl { + name = "${name}.tar.gz"; + url = "https://snort.org/downloads/archive/snort/${name}.tar.gz"; + sha256 = "0yvzscy7vqj7s5rccza0f7p6awghfm3yaxihx1h57lqspg51in3w"; + }; + + buildInputs = [ flex bison libpcap libdnet libnfnetlink libnetfilter_queue]; + + configureFlags = [ + "--enable-nfq-module=yes" + "--with-dnet-includes=${libdnet}/includes" + "--with-dnet-libraries=${libdnet}/lib" + ]; + + meta = { + description = "Data AcQuisition library (DAQ), for packet I/O"; + homepage = "https://www.snort.org"; + maintainers = with stdenv.lib.maintainers; [ aycanirican ]; + license = stdenv.lib.licenses.gpl2; + platforms = with stdenv.lib.platforms; linux; + }; +} diff --git a/infra/libkookie/nixpkgs/pkgs/applications/networking/ids/snort/default.nix b/infra/libkookie/nixpkgs/pkgs/applications/networking/ids/snort/default.nix new file mode 100644 index 000000000000..7529e233e137 --- /dev/null +++ b/infra/libkookie/nixpkgs/pkgs/applications/networking/ids/snort/default.nix @@ -0,0 +1,39 @@ +{stdenv, pkgconfig, luajit, openssl, fetchurl, libpcap, pcre, libdnet, daq, zlib, flex, bison, makeWrapper +, libtirpc +}: + +stdenv.mkDerivation rec { + version = "2.9.16.1"; + pname = "snort"; + + src = fetchurl { + name = "${pname}-${version}.tar.gz"; + url = "https://snort.org/downloads/archive/snort/${pname}-${version}.tar.gz"; + sha256 = "13lzvjli6kbsnkd7lf0rm71l2mnz38pxk76ia9yrjb6clfhlbb73"; + }; + + buildInputs = [ makeWrapper pkgconfig luajit openssl libpcap pcre libdnet daq zlib flex bison libtirpc ]; + + NIX_CFLAGS_COMPILE = [ "-I${libtirpc.dev}/include/tirpc" ]; + + enableParallelBuilding = true; + + configureFlags = [ + "--disable-static-daq" + "--enable-control-socket" + "--with-daq-includes=${daq}/includes" + "--with-daq-libraries=${daq}/lib" + ]; + + postInstall = '' + wrapProgram $out/bin/snort --add-flags "--daq-dir ${daq}/lib/daq --dynamic-preprocessor-lib-dir $out/lib/snort_dynamicpreprocessor/ --dynamic-engine-lib-dir $out/lib/snort_dynamicengine" + ''; + + meta = { + description = "Network intrusion prevention and detection system (IDS/IPS)"; + homepage = "https://www.snort.org"; + maintainers = with stdenv.lib.maintainers; [ aycanirican ]; + license = stdenv.lib.licenses.gpl2; + platforms = with stdenv.lib.platforms; linux; + }; +} diff --git a/infra/libkookie/nixpkgs/pkgs/applications/networking/ids/suricata/bpf_stubs_workaround.patch b/infra/libkookie/nixpkgs/pkgs/applications/networking/ids/suricata/bpf_stubs_workaround.patch new file mode 100644 index 000000000000..d4e8c95fea22 --- /dev/null +++ b/infra/libkookie/nixpkgs/pkgs/applications/networking/ids/suricata/bpf_stubs_workaround.patch @@ -0,0 +1,19 @@ +*** suricata-5.0.0/ebpf/Makefile.in 2019-10-16 22:39:13.174649416 +0200 +--- suricata-5.0.0/ebpf/Makefile.in.fixed 2019-10-16 22:38:41.822201802 +0200 +*************** +*** 527,533 **** + @BUILD_EBPF_TRUE@$(BPF_TARGETS): %.bpf: %.c + # From C-code to LLVM-IR format suffix .ll (clang -S -emit-llvm) + @BUILD_EBPF_TRUE@ ${CLANG} -Wall $(BPF_CFLAGS) -O2 \ +! @BUILD_EBPF_TRUE@ -I/usr/include/$(build_cpu)-$(build_os)/ \ + @BUILD_EBPF_TRUE@ -D__KERNEL__ -D__ASM_SYSREG_H \ + @BUILD_EBPF_TRUE@ -target bpf -S -emit-llvm $< -o ${@:.bpf=.ll} + # From LLVM-IR to BPF-bytecode in ELF-obj file +--- 527,533 ---- + @BUILD_EBPF_TRUE@$(BPF_TARGETS): %.bpf: %.c + # From C-code to LLVM-IR format suffix .ll (clang -S -emit-llvm) + @BUILD_EBPF_TRUE@ ${CLANG} -Wall $(BPF_CFLAGS) -O2 \ +! @BUILD_EBPF_TRUE@ -idirafter ../bpf_stubs_workaround \ + @BUILD_EBPF_TRUE@ -D__KERNEL__ -D__ASM_SYSREG_H \ + @BUILD_EBPF_TRUE@ -target bpf -S -emit-llvm $< -o ${@:.bpf=.ll} + # From LLVM-IR to BPF-bytecode in ELF-obj file diff --git a/infra/libkookie/nixpkgs/pkgs/applications/networking/ids/suricata/default.nix b/infra/libkookie/nixpkgs/pkgs/applications/networking/ids/suricata/default.nix new file mode 100644 index 000000000000..d6e9b2e74397 --- /dev/null +++ b/infra/libkookie/nixpkgs/pkgs/applications/networking/ids/suricata/default.nix @@ -0,0 +1,158 @@ +{ stdenv +, lib +, fetchurl +, clang +, llvm +, pkgconfig +, makeWrapper +, file +, hyperscan +, jansson +, libbpf +, libcap_ng +, libelf +, libevent +, libmaxminddb +, libnet +, libnetfilter_log +, libnetfilter_queue +, libnfnetlink +, libpcap +, libyaml +, luajit +, lz4 +, nspr +, nss +, pcre +, python +, zlib +, redisSupport ? true, redis, hiredis +, rustSupport ? true, rustc, cargo +}: let + libmagic = file; + hyperscanSupport = stdenv.system == "x86_64-linux" || stdenv.system == "i686-linux"; +in +stdenv.mkDerivation rec { + pname = "suricata"; + version = "5.0.3"; + + src = fetchurl { + url = "https://www.openinfosecfoundation.org/download/${pname}-${version}.tar.gz"; + sha256 = "1nv5aq5lpkpskkzw05hr2lshkzcs4zqj5kfv4qjlbwigmp6kwh9l"; + }; + + nativeBuildInputs = [ + clang + llvm + makeWrapper + pkgconfig + ] + ++ lib.optionals rustSupport [ rustc cargo ] + ; + + buildInputs = [ + jansson + libbpf + libcap_ng + libelf + libevent + libmagic + libmaxminddb + libnet + libnetfilter_log + libnetfilter_queue + libnfnetlink + libpcap + libyaml + luajit + lz4 + nspr + nss + pcre + python + zlib + ] + ++ lib.optional hyperscanSupport hyperscan + ++ lib.optionals redisSupport [ redis hiredis ] + ; + + enableParallelBuilding = true; + + patches = lib.optional stdenv.is64bit ./bpf_stubs_workaround.patch; + + postPatch = '' + substituteInPlace ./configure \ + --replace "/usr/bin/file" "${file}/bin/file" + substituteInPlace ./libhtp/configure \ + --replace "/usr/bin/file" "${file}/bin/file" + + mkdir -p bpf_stubs_workaround/gnu + touch bpf_stubs_workaround/gnu/stubs-32.h + ''; + + configureFlags = [ + "--disable-gccmarch-native" + "--enable-af-packet" + "--enable-ebpf" + "--enable-ebpf-build" + "--enable-gccprotect" + "--enable-geoip" + "--enable-luajit" + "--enable-nflog" + "--enable-nfqueue" + "--enable-pie" + "--disable-prelude" + "--enable-python" + "--enable-unix-socket" + "--localstatedir=/var" + "--sysconfdir=/etc" + "--with-libnet-includes=${libnet}/include" + "--with-libnet-libraries=${libnet}/lib" + ] + ++ lib.optionals hyperscanSupport [ + "--with-libhs-includes=${hyperscan.dev}/include/hs" + "--with-libhs-libraries=${hyperscan}/lib" + ] + ++ lib.optional redisSupport "--enable-hiredis" + ++ lib.optionals rustSupport [ + "--enable-rust" + "--enable-rust-experimental" + ]; + + postConfigure = '' + # Avoid unintended clousure growth. + sed -i 's|/nix/store/\(.\{8\}\)[^-]*-|/nix/store/\1...-|g' ./src/build-info.h + ''; + + hardeningDisable = [ "stackprotector" ]; + + installFlags = [ + "e_localstatedir=\${TMPDIR}" + "e_logdir=\${TMPDIR}" + "e_logcertsdir=\${TMPDIR}" + "e_logfilesdir=\${TMPDIR}" + "e_rundir=\${TMPDIR}" + "e_sysconfdir=\${out}/etc/suricata" + "e_sysconfrulesdir=\${out}/etc/suricata/rules" + "localstatedir=\${TMPDIR}" + "runstatedir=\${TMPDIR}" + "sysconfdir=\${out}/etc" + ]; + + installTargets = [ "install" "install-conf" ]; + + postInstall = '' + wrapProgram "$out/bin/suricatasc" \ + --prefix PYTHONPATH : $PYTHONPATH:$(toPythonPath "$out") + substituteInPlace "$out/etc/suricata/suricata.yaml" \ + --replace "/etc/suricata" "$out/etc/suricata" + ''; + + meta = with stdenv.lib; { + description = "A free and open source, mature, fast and robust network threat detection engine"; + homepage = "https://suricata-ids.org"; + license = licenses.gpl2; + platforms = platforms.linux; + maintainers = with maintainers; [ magenbluten ]; + }; +} diff --git a/infra/libkookie/nixpkgs/pkgs/applications/networking/ids/zeek/default.nix b/infra/libkookie/nixpkgs/pkgs/applications/networking/ids/zeek/default.nix new file mode 100644 index 000000000000..a6189da7ee3e --- /dev/null +++ b/infra/libkookie/nixpkgs/pkgs/applications/networking/ids/zeek/default.nix @@ -0,0 +1,63 @@ +{ stdenv +, fetchurl +, cmake +, flex +, bison +, openssl +, libpcap +, zlib +, file +, curl +, libmaxminddb +, gperftools +, python +, swig +, gettext +, fetchpatch +, coreutils +}: +let + preConfigure = (import ./script.nix {inherit coreutils;}); +in +stdenv.mkDerivation rec { + pname = "zeek"; + version = "3.2.1"; + + src = fetchurl { + url = "https://download.zeek.org/zeek-${version}.tar.gz"; + sha256 = "0rybs79h0sq12vsayah8dixqac404z84rlvqynvzf3dh2lwcgg0y"; + }; + + nativeBuildInputs = [ cmake flex bison file ]; + buildInputs = [ openssl libpcap zlib curl libmaxminddb gperftools python swig ] + ++ stdenv.lib.optionals stdenv.isDarwin [ gettext ]; + + #see issue https://github.com/zeek/zeek/issues/804 to modify hardlinking duplicate files. + inherit preConfigure; + + enableParallelBuilding = true; + + patches = stdenv.lib.optionals stdenv.cc.isClang [ + # Fix pybind c++17 build with Clang. See: https://github.com/pybind/pybind11/issues/1604 + (fetchpatch { + url = "https://github.com/pybind/pybind11/commit/759221f5c56939f59d8f342a41f8e2d2cacbc8cf.patch"; + sha256 = "17qznp8yavnv84fjsbghv3d59z6k6rx74j49w0izakmgw5a95w84"; + extraPrefix = "auxil/broker/bindings/python/3rdparty/pybind11/"; + stripLen = 1; + }) + ]; + + cmakeFlags = [ + "-DPY_MOD_INSTALL_DIR=${placeholder "out"}/${python.sitePackages}" + "-DENABLE_PERFTOOLS=true" + "-DINSTALL_AUX_TOOLS=true" + ]; + + meta = with stdenv.lib; { + description = "Powerful network analysis framework much different from a typical IDS"; + homepage = "https://www.zeek.org"; + license = licenses.bsd3; + maintainers = with maintainers; [ pSub marsam tobim ]; + platforms = platforms.unix; + }; +} diff --git a/infra/libkookie/nixpkgs/pkgs/applications/networking/ids/zeek/script.nix b/infra/libkookie/nixpkgs/pkgs/applications/networking/ids/zeek/script.nix new file mode 100644 index 000000000000..4c8bbcf22c03 --- /dev/null +++ b/infra/libkookie/nixpkgs/pkgs/applications/networking/ids/zeek/script.nix @@ -0,0 +1,69 @@ +{coreutils}: +'' + sed -i 's|/bin/mv|${coreutils}/bin/mv|' scripts/base/frameworks/logging/writers/ascii.zeek + sed -i 's|/bin/mv|${coreutils}/bin/mv|' scripts/policy/misc/trim-trace-file.zeek + sed -i 's|/bin/cat|${coreutils}/bin/cat|' scripts/base/frameworks/notice/actions/pp-alarms.zeek + sed -i 's|/bin/cat|${coreutils}/bin/cat|' scripts/base/frameworks/notice/main.zeek + + sed -i "1i##! test dpd" $PWD/scripts/base/frameworks/dpd/__load__.zeek + sed -i "1i##! test x509" $PWD/scripts/base/files/x509/__load__.zeek + sed -i "1i##! test files-extract" $PWD/scripts/base/files/extract/__load__.zeek + sed -i "1i##! test files-hash" $PWD/scripts/base/files/hash/__load__.zeek + sed -i "1i##! test files-pe" $PWD/scripts/base/files/pe/__load__.zeek + sed -i "1i##! test analyzer" $PWD/scripts/base/frameworks/analyzer/__load__.zeek + sed -i "1i##! test cluster" $PWD/scripts/base/frameworks/cluster/__load__.zeek + sed -i "1i##! test config" $PWD/scripts/base/frameworks/config/__load__.zeek + sed -i "1i##! test contro" $PWD/scripts/base/frameworks/control/__load__.zeek + sed -i "1i##! test files" $PWD/scripts/base/frameworks/files/__load__.zeek + sed -i "1i##! test files-magic" $PWD/scripts/base/frameworks/files/magic/__load__.zeek + sed -i "1i##! test input" $PWD/scripts/base/frameworks/input/__load__.zeek + sed -i "1i##! test intel" $PWD/scripts/base/frameworks/intel/__load__.zeek + sed -i "1i##! test logging" $PWD/scripts/base/frameworks/logging/__load__.zeek + sed -i "1i##! test logging-postprocessors" $PWD/scripts/base/frameworks/logging/postprocessors/__load__.zeek + sed -i "1i##! test netcontrol" $PWD/scripts/base/frameworks/netcontrol/__load__.zeek + sed -i "1i##! test netcontrol-plugins" $PWD/scripts/base/frameworks/netcontrol/plugins/__load__.zeek + sed -i "1i##! test notice" $PWD/scripts/base/frameworks/notice/__load__.zeek + sed -i "1i##! test openflow" $PWD/scripts/base/frameworks/openflow/__load__.zeek + sed -i "1i##! test openflow-plugins" $PWD/scripts/base/frameworks/openflow/plugins/__load__.zeek + sed -i "1i##! test packet-filter" $PWD/scripts/base/frameworks/packet-filter/__load__.zeek + sed -i "1i##! test reporter" $PWD/scripts/base/frameworks/reporter/__load__.zeek + sed -i "1i##! test signatures" $PWD/scripts/base/frameworks/signatures/__load__.zeek + sed -i "1i##! test software" $PWD/scripts/base/frameworks/software/__load__.zeek + sed -i "1i##! test sumstats" $PWD/scripts/base/frameworks/sumstats/__load__.zeek + sed -i "1i##! test sumstats-plugins" $PWD/scripts/base/frameworks/sumstats/plugins/__load__.zeek + sed -i "1i##! test conn" $PWD/scripts/base/protocols/conn/__load__.zeek + sed -i "1i##! test dce-rpc" $PWD/scripts/base/protocols/dce-rpc/__load__.zeek + sed -i "1i##! test dhcp" $PWD/scripts/base/protocols/dhcp/__load__.zeek + sed -i "1i##! test dnp3" $PWD/scripts/base/protocols/dnp3/__load__.zeek + sed -i "1i##! test dns" $PWD/scripts/base/protocols/dns/__load__.zeek + sed -i "1i##! test ftp" $PWD/scripts/base/protocols/ftp/__load__.zeek + sed -i "1i##! test http" $PWD/scripts/base/protocols/http/__load__.zeek + sed -i "1i##! test tunnels" $PWD/scripts/base/protocols/tunnels/__load__.zeek + sed -i "1i##! test imap" $PWD/scripts/base/protocols/imap/__load__.zeek + sed -i "1i##! test irc" $PWD/scripts/base/protocols/irc/__load__.zeek + sed -i "1i##! test krb" $PWD/scripts/base/protocols/krb/__load__.zeek + sed -i "1i##! test modbus" $PWD/scripts/base/protocols/modbus/__load__.zeek + sed -i "1i##! test mqtt" $PWD/scripts/base/protocols/mqtt/__load__.zeek + sed -i "1i##! test mysql" $PWD/scripts/base/protocols/mysql/__load__.zeek + sed -i "1i##! test ntlm" $PWD/scripts/base/protocols/ntlm/__load__.zeek + sed -i "1i##! test ntp" $PWD/scripts/base/protocols/ntp/__load__.zeek + sed -i "1i##! test pop3" $PWD/scripts/base/protocols/pop3/__load__.zeek + sed -i "1i##! test radius" $PWD/scripts/base/protocols/radius/__load__.zeek + sed -i "1i##! test rdp" $PWD/scripts/base/protocols/rdp/__load__.zeek + sed -i "1i##! test rfb" $PWD/scripts/base/protocols/rfb/__load__.zeek + sed -i "1i##! test sip" $PWD/scripts/base/protocols/sip/__load__.zeek + sed -i "1i##! test smb" $PWD/scripts/base/protocols/smb/__load__.zeek + sed -i "1i##! test smtp" $PWD/scripts/base/protocols/smtp/__load__.zeek + sed -i "1i##! test snmp" $PWD/scripts/base/protocols/snmp/__load__.zeek + sed -i "1i##! test socks" $PWD/scripts/base/protocols/socks/__load__.zeek + sed -i "1i##! test ssh" $PWD/scripts/base/protocols/ssh/__load__.zeek + sed -i "1i##! test ssl" $PWD/scripts/base/protocols/ssl/__load__.zeek + sed -i "1i##! test syslog" $PWD/scripts/base/protocols/syslog/__load__.zeek + sed -i "1i##! test xmpp" $PWD/scripts/base/protocols/xmpp/__load__.zeek + sed -i "1i##! test unified2" $PWD/scripts/policy/files/unified2/__load__.zeek + sed -i "1i##! test intel-seen" $PWD/scripts/policy/frameworks/intel/seen/__load__.zeek + sed -i "1i##! test notice" $PWD/scripts/policy/frameworks/notice/__load__.zeek + sed -i "1i##! test barnyard2" $PWD/scripts/policy/integration/barnyard2/__load__.zeek + sed -i "1i##! test collective-intel" $PWD/scripts/policy/integration/collective-intel/__load__.zeek + sed -i "1i##! test detect-traceroute" $PWD/scripts/policy/misc/detect-traceroute/__load__.zeek +'' |