# -*- coding: utf-8; mode: tcl; tab-width: 4; indent-tabs-mode: nil; c-basic-offset: 4 -*- vim:fenc=utf-8:ft=tcl:et:sw=4:ts=4:sts=4 PortSystem 1.0 PortGroup cmake 1.1 PortGroup github 1.0 github.setup osquery osquery 4.3.0 description SQL powered operating system instrumentation, monitoring, \ and analytics. long_description osquery exposes an operating system as a high-performance \ relational database. This allows you to write SQL-based \ queries to explore operating system data. With osquery, \ SQL tables represent abstract concepts such as running \ processes, loaded kernel modules, open network \ connections, browser plugins, hardware events or file \ hashes. maintainers {gmail.com:herby.gillot @herbygillot} openmaintainer homepage https://osquery.io categories sysutils license Apache-2 \ GPL-2 platforms darwin # The osquery build process requires the git repository as it pulls in a # large amount of its dependencies as git submodules. fetch.type git configure.args-append \ -DOSQUERY_VERSION="${version}" depends_build-append \ port:python38 patchfiles \ patch-default_paths.h.diff \ patch-lenses-path-augeas.cpp.diff \ patch-macports-cmake-packaging.cmake.diff set osq_data_dir ${prefix}/var/db/${name} set osq_conf_dir ${prefix}/etc/${name} set osq_log_dir ${prefix}/var/log/${name} set osq_run_dir ${prefix}/var/run/${name} set osq_share_dir ${prefix}/share/${name} set osq_plist_dir org.macports.${name} set osq_plist_file org.macports.${name}.plist set osq_flags_file ${name}.flags destroot.keepdirs-append \ ${osq_data_dir} \ ${osq_conf_dir} \ ${osq_log_dir} \ ${osq_run_dir} post-patch { reinplace "s|@SHAREPATH@|${osq_share_dir}|g" \ ${worksrcpath}/osquery/tables/system/posix/augeas.cpp reinplace "s|@CONFPATH@|${osq_conf_dir}|g" \ ${worksrcpath}/osquery/utils/config/default_paths.h reinplace "s|@DATAPATH@|${osq_data_dir}|g" \ ${worksrcpath}/osquery/utils/config/default_paths.h reinplace "s|@RUNPATH@|${osq_run_dir}|g" \ ${worksrcpath}/osquery/utils/config/default_paths.h reinplace "s|@LOGPATH@|${osq_log_dir}|g" \ ${worksrcpath}/osquery/utils/config/default_paths.h reinplace "s|@SHAREPATH@|${osq_share_dir}|g" \ ${worksrcpath}/osquery/utils/config/default_paths.h copy ${filespath}/${osq_plist_file} ${workpath}/ reinplace "s|@PREFIX@|${prefix}|g" ${workpath}/${osq_plist_file} reinplace "s|@CONFPATH@|${osq_conf_dir}|g" ${workpath}/${osq_plist_file} copy ${filespath}/${osq_flags_file} ${workpath}/ reinplace "s|@CONFPATH@|${osq_conf_dir}|g" ${workpath}/${osq_flags_file} } post-destroot { xinstall -m 755 -o root -g wheel -d ${destroot}${osq_conf_dir} xinstall -m 755 -o root -g wheel -d ${destroot}${osq_data_dir} xinstall -m 755 -o root -g wheel -d ${destroot}${osq_log_dir} xinstall -m 755 -o root -g wheel -d ${destroot}${osq_run_dir} copy ${workpath}/${osq_flags_file} ${destroot}${osq_share_dir}/ xinstall -d -m 755 ${destroot}${prefix}/etc/LaunchDaemons/${osq_plist_dir} xinstall -m 0644 -o root -W ${workpath} ${osq_plist_file} \ ${destroot}${prefix}/etc/LaunchDaemons/${osq_plist_dir}/ xinstall -d -m 755 ${destroot}/Library/LaunchDaemons ln -s ${prefix}/etc/LaunchDaemons/${osq_plist_dir}/${osq_plist_file} \ ${destroot}/Library/LaunchDaemons/${osq_plist_file} } post-activate { if {![file exists ${osq_conf_dir}/osquery.conf]} { copy ${osq_share_dir}/osquery.example.conf ${osq_conf_dir}/osquery.conf } if {![file exists ${osq_conf_dir}/${osq_flags_file}]} { copy ${osq_share_dir}/${osq_flags_file} ${osq_conf_dir}/ } } notes " osquery's configuration can be found in: ${osq_conf_dir} ...and query packs can be found in: ${osq_share_dir}/packs To enable the osquery service, use `port load`: \$ sudo port load osquery ...and use `port unload` to disable: \$ sudo port unload osquery Once running, logs can be found in: ${osq_log_dir} "