pkgs/applications/networking/ids/zeek/default.nix

   1 {
   2   lib,
   3   stdenv,
   4   callPackage,
   5   fetchurl,
   6   cmake,
   7   flex,
   8   bison,
   9   openssl,
  10   libkqueue,
  11   libpcap,
  12   zlib,
  13   file,
  14   curl,
  15   libmaxminddb,
  16   gperftools,
  17   python3,
  18   swig,
  19   gettext,
  20   coreutils,
  21   ncurses,
  22 }:
  23
  24 let
  25   broker = callPackage ./broker { };
  26   python = python3.withPackages (p: [
  27     p.gitpython
  28     p.semantic-version
  29   ]);
  30 in
  31 stdenv.mkDerivation rec {
  32   pname = "zeek";
  33   version = "6.2.1";
  34
  35   src = fetchurl {
  36     url = "https://download.zeek.org/zeek-${version}.tar.gz";
  37     hash = "sha256-ZOOlK9mfZVrfxvgFREgqcRcSs18EMpADD8Y4Ev391Bw=";
  38   };
  39
  40   strictDeps = true;
  41
  42   patches = [
  43     ./fix-installation.patch
  44   ];
  45
  46   nativeBuildInputs = [
  47     bison
  48     cmake
  49     file
  50     flex
  51     python
  52     swig
  53   ];
  54
  55   buildInputs =
  56     [
  57       broker
  58       curl
  59       gperftools
  60       libmaxminddb
  61       libpcap
  62       ncurses
  63       openssl
  64       zlib
  65       python
  66     ]
  67     ++ lib.optionals stdenv.hostPlatform.isLinux [
  68       libkqueue
  69     ]
  70     ++ lib.optionals stdenv.hostPlatform.isDarwin [
  71       gettext
  72     ];
  73
  74   postPatch = ''
  75     patchShebangs ./ci/collect-repo-info.py
  76     patchShebangs ./auxil/spicy/scripts
  77   '';
  78
  79   cmakeFlags =
  80     [
  81       "-DBroker_ROOT=${broker}"
  82       "-DENABLE_PERFTOOLS=true"
  83       "-DINSTALL_AUX_TOOLS=true"
  84       "-DZEEK_ETC_INSTALL_DIR=/etc/zeek"
  85       "-DZEEK_LOG_DIR=/var/log/zeek"
  86       "-DZEEK_STATE_DIR=/var/lib/zeek"
  87       "-DZEEK_SPOOL_DIR=/var/spool/zeek"
  88       "-DDISABLE_JAVASCRIPT=ON"
  89     ]
  90     ++ lib.optionals stdenv.hostPlatform.isLinux [
  91       "-DLIBKQUEUE_ROOT_DIR=${libkqueue}"
  92     ];
  93
  94   postInstall = ''
  95     for file in $out/share/zeek/base/frameworks/notice/actions/pp-alarms.zeek $out/share/zeek/base/frameworks/notice/main.zeek; do
  96       substituteInPlace $file \
  97          --replace "/bin/rm" "${coreutils}/bin/rm" \
  98          --replace "/bin/cat" "${coreutils}/bin/cat"
  99     done
 100
 101     for file in $out/share/zeek/policy/misc/trim-trace-file.zeek $out/share/zeek/base/frameworks/logging/postprocessors/scp.zeek $out/share/zeek/base/frameworks/logging/postprocessors/sftp.zeek; do
 102       substituteInPlace $file --replace "/bin/rm" "${coreutils}/bin/rm"
 103     done
 104   '';
 105
 106   passthru = {
 107     inherit broker;
 108   };
 109
 110   meta = with lib; {
 111     description = "Network analysis framework much different from a typical IDS";
 112     homepage = "https://www.zeek.org";
 113     changelog = "https://github.com/zeek/zeek/blob/v${version}/CHANGES";
 114     license = licenses.bsd3;
 115     maintainers = with maintainers; [
 116       pSub
 117       tobim
 118     ];
 119     platforms = platforms.unix;
 120   };
 121 }