I had a question, are Zeek headers part of the ROCKNSM build? I assume they should be there somewhere so I can run Zeek plugins that require them. ~ Hiphop Anonymous
Yes! Zeek development headers are available for building plugins. You can simply do
sudo yum install zeek-devel in order to install them. We don’t install them by default because:
- It’s generally a waste of space for everyday use
- We don’t like compilers on our sensors
- We like to keep a clean house, only install what you need when you need it.
If you’re interested in packaging a Zeek plugin as an RPM, here’s an example for an RPM we created for the CommunityID plugin created by Corelight: https://github.com/rocknsm/rpms/blob/master/zeek-plugin-communityid/zeek-plugin-communityid.spec
At a minimum, you can checkout the
%build section to see how we run
cmake and specify the standard OS directories. You can also use the
./configure and it should pick up
zeek-config to populate all the values it needs.
Hope that helps! I’d love to hear what plugins you’re building!