1 |
jlec 14/09/28 18:12:28 |
2 |
|
3 |
Modified: openvassd.init openvassd.service |
4 |
Added: openvassd.conf |
5 |
openvas-scanner-4.0.3-mkcertclient.patch |
6 |
openvas-scanner-4.0.3-rulesdir.patch |
7 |
openvassd-daemon.conf openvas-nvt-sync-cron |
8 |
openvassd.logrotate |
9 |
openvas-scanner-4.0.3-bsdsource.patch |
10 |
Log: |
11 |
net-analyzer/openvas-scanner: Import fedora patches |
12 |
|
13 |
(Portage version: 2.2.14_rc1/cvs/Linux x86_64, signed Manifest commit with key B9D4F231BD1558AB!) |
14 |
|
15 |
Revision Changes Path |
16 |
1.2 net-analyzer/openvas-scanner/files/openvassd.init |
17 |
|
18 |
file : http://sources.gentoo.org/viewvc.cgi/gentoo-x86/net-analyzer/openvas-scanner/files/openvassd.init?rev=1.2&view=markup |
19 |
plain: http://sources.gentoo.org/viewvc.cgi/gentoo-x86/net-analyzer/openvas-scanner/files/openvassd.init?rev=1.2&content-type=text/plain |
20 |
diff : http://sources.gentoo.org/viewvc.cgi/gentoo-x86/net-analyzer/openvas-scanner/files/openvassd.init?r1=1.1&r2=1.2 |
21 |
|
22 |
Index: openvassd.init |
23 |
=================================================================== |
24 |
RCS file: /var/cvsroot/gentoo-x86/net-analyzer/openvas-scanner/files/openvassd.init,v |
25 |
retrieving revision 1.1 |
26 |
retrieving revision 1.2 |
27 |
diff -u -r1.1 -r1.2 |
28 |
--- openvassd.init 28 Sep 2014 15:40:44 -0000 1.1 |
29 |
+++ openvassd.init 28 Sep 2014 18:12:28 -0000 1.2 |
30 |
@@ -3,22 +3,10 @@ |
31 |
# Distributed under the terms of the GNU General Public License v2 |
32 |
# $Header: |
33 |
|
34 |
+name="OpenVAS Scanner" |
35 |
+command="/usr/sbin/openvassd" |
36 |
+command_args="${SCANNER_LISTEN} ${SCANNER_PORT} ${SCANNER_SRCIP}" |
37 |
+ |
38 |
depend() { |
39 |
need net |
40 |
} |
41 |
- |
42 |
-start() { |
43 |
- ebegin "Starting openvassd (scanner)" |
44 |
- checkpath -d -q /var/cache/openvassd |
45 |
- start-stop-daemon --start --name openvassd \ |
46 |
- --exec /usr/sbin/openvassd \ |
47 |
- --pidfile /run/openvassd.pid |
48 |
- eend $? |
49 |
-} |
50 |
- |
51 |
-stop() { |
52 |
- ebegin "Stop openvassd (scanner)" |
53 |
- start-stop-daemon --stop --name openvassd \ |
54 |
- --pidfile /run/openvassd.pid |
55 |
- eend $? |
56 |
-} |
57 |
|
58 |
|
59 |
|
60 |
1.2 net-analyzer/openvas-scanner/files/openvassd.service |
61 |
|
62 |
file : http://sources.gentoo.org/viewvc.cgi/gentoo-x86/net-analyzer/openvas-scanner/files/openvassd.service?rev=1.2&view=markup |
63 |
plain: http://sources.gentoo.org/viewvc.cgi/gentoo-x86/net-analyzer/openvas-scanner/files/openvassd.service?rev=1.2&content-type=text/plain |
64 |
diff : http://sources.gentoo.org/viewvc.cgi/gentoo-x86/net-analyzer/openvas-scanner/files/openvassd.service?r1=1.1&r2=1.2 |
65 |
|
66 |
Index: openvassd.service |
67 |
=================================================================== |
68 |
RCS file: /var/cvsroot/gentoo-x86/net-analyzer/openvas-scanner/files/openvassd.service,v |
69 |
retrieving revision 1.1 |
70 |
retrieving revision 1.2 |
71 |
diff -u -r1.1 -r1.2 |
72 |
--- openvassd.service 28 Sep 2014 15:40:44 -0000 1.1 |
73 |
+++ openvassd.service 28 Sep 2014 18:12:28 -0000 1.2 |
74 |
@@ -1,6 +1,16 @@ |
75 |
[Unit] |
76 |
Description=OpenVAS Scanner |
77 |
After=network.target |
78 |
+Before=openvasmd.service |
79 |
|
80 |
[Service] |
81 |
-ExecStart=/usr/sbin/openvassd -f |
82 |
+EnvironmentFile=-/etc/openvas/openvassd-daemon.conf |
83 |
+ExecStart=/usr/sbin/openvassd -f $SCANNER_PORT $SCANNER_LISTEN $SCANNER_SRCIP |
84 |
+Restart=always |
85 |
+RestartSec=1 |
86 |
+User=root |
87 |
+Group=root |
88 |
+TimeoutSec=1200 |
89 |
+ |
90 |
+[Install] |
91 |
+WantedBy=multi-user.target |
92 |
|
93 |
|
94 |
|
95 |
1.1 net-analyzer/openvas-scanner/files/openvassd.conf |
96 |
|
97 |
file : http://sources.gentoo.org/viewvc.cgi/gentoo-x86/net-analyzer/openvas-scanner/files/openvassd.conf?rev=1.1&view=markup |
98 |
plain: http://sources.gentoo.org/viewvc.cgi/gentoo-x86/net-analyzer/openvas-scanner/files/openvassd.conf?rev=1.1&content-type=text/plain |
99 |
|
100 |
Index: openvassd.conf |
101 |
=================================================================== |
102 |
# Configuration file of the OpenVAS Security Scanner |
103 |
|
104 |
# Every line starting with a '#' is a comment |
105 |
|
106 |
[Misc] |
107 |
|
108 |
# Path to the security checks folder: |
109 |
plugins_folder = /var/lib/openvas/plugins |
110 |
|
111 |
# Path to OpenVAS caching folder: |
112 |
cache_folder = /var/cache/openvas |
113 |
|
114 |
# Path to OpenVAS include directories: |
115 |
# (multiple entries are separated with colon ':') |
116 |
include_folders = /var/lib/openvas/plugins |
117 |
|
118 |
# Maximum number of simultaneous hosts tested : |
119 |
max_hosts = 30 |
120 |
|
121 |
# Maximum number of simultaneous checks against each host tested : |
122 |
max_checks = 10 |
123 |
|
124 |
# Niceness. If set to 'yes', openvassd will renice itself to 10. |
125 |
be_nice = no |
126 |
|
127 |
# Log file (or 'syslog') : |
128 |
logfile = /var/log/openvas/openvassd.log |
129 |
|
130 |
# Shall we log every details of the attack ? (disk intensive) |
131 |
log_whole_attack = no |
132 |
|
133 |
# Log the name of the plugins that are loaded by the server ? |
134 |
log_plugins_name_at_load = no |
135 |
|
136 |
# Dump file for debugging output, use `-' for stdout |
137 |
dumpfile = /var/log/openvas/openvassd.dump |
138 |
|
139 |
# Rules file : |
140 |
rules = /etc/openvas/openvassd.rules |
141 |
|
142 |
# CGI paths to check for (cgi-bin:/cgi-aws:/ can do) |
143 |
cgi_path = /cgi-bin:/scripts |
144 |
|
145 |
# Range of the ports the port scanners will scan : |
146 |
# 'default' means that OpenVAS will scan ports found in its |
147 |
# services file. |
148 |
port_range = default |
149 |
|
150 |
# Optimize the test (recommended) : |
151 |
optimize_test = yes |
152 |
|
153 |
# Optimization : |
154 |
# Read timeout for the sockets of the tests : |
155 |
checks_read_timeout = 5 |
156 |
|
157 |
# Ports against which two plugins should not be run simultaneously : |
158 |
# non_simult_ports = Services/www, 139, Services/finger |
159 |
non_simult_ports = 139, 445 |
160 |
|
161 |
# Maximum lifetime of a plugin (in seconds) : |
162 |
plugins_timeout = 320 |
163 |
|
164 |
# Safe checks rely on banner grabbing : |
165 |
safe_checks = yes |
166 |
|
167 |
# Automatically activate the plugins that are depended on |
168 |
auto_enable_dependencies = yes |
169 |
|
170 |
# Do not echo data from plugins which have been automatically enabled |
171 |
silent_dependencies = no |
172 |
|
173 |
# Designate hosts by MAC address, not IP address (useful for DHCP networks) |
174 |
use_mac_addr = no |
175 |
|
176 |
|
177 |
#--- Knowledge base saving (can be configured by the client) : |
178 |
# Save the knowledge base on disk : |
179 |
save_knowledge_base = no |
180 |
|
181 |
# Restore the KB for each test : |
182 |
kb_restore = no |
183 |
|
184 |
# Only test hosts whose KB we do not have : |
185 |
only_test_hosts_whose_kb_we_dont_have = no |
186 |
|
187 |
# Only test hosts whose KB we already have : |
188 |
only_test_hosts_whose_kb_we_have = no |
189 |
|
190 |
# KB test replay : |
191 |
kb_dont_replay_scanners = no |
192 |
kb_dont_replay_info_gathering = no |
193 |
kb_dont_replay_attacks = no |
194 |
kb_dont_replay_denials = no |
195 |
kb_max_age = 864000 |
196 |
#--- end of the KB section |
197 |
|
198 |
|
199 |
# If this option is set, OpenVAS will not scan a network incrementally |
200 |
# (10.0.0.1, then 10.0.0.2, 10.0.0.3 and so on..) but will attempt to |
201 |
# slice the workload throughout the whole network (ie: it will scan |
202 |
# 10.0.0.1, then 10.0.0.127, then 10.0.0.2, then 10.0.0.128 and so on... |
203 |
slice_network_addresses = no |
204 |
|
205 |
# Should consider all the NASL scripts as being signed ? (unsafe if set to 'yes') |
206 |
nasl_no_signature_check = yes |
207 |
|
208 |
#Certificates |
209 |
cert_file=/var/lib/openvas/CA/servercert.pem |
210 |
key_file=/var/lib/openvas/private/CA/serverkey.pem |
211 |
ca_file=/var/lib/openvas/CA/cacert.pem |
212 |
|
213 |
# If you decide to protect your private key with a password, |
214 |
# uncomment and change next line |
215 |
# pem_password=password |
216 |
# If you want to force the use of a client certificate, uncomment next line |
217 |
# force_pubkey_auth = yes |
218 |
|
219 |
#end. |
220 |
|
221 |
|
222 |
|
223 |
1.1 net-analyzer/openvas-scanner/files/openvas-scanner-4.0.3-mkcertclient.patch |
224 |
|
225 |
file : http://sources.gentoo.org/viewvc.cgi/gentoo-x86/net-analyzer/openvas-scanner/files/openvas-scanner-4.0.3-mkcertclient.patch?rev=1.1&view=markup |
226 |
plain: http://sources.gentoo.org/viewvc.cgi/gentoo-x86/net-analyzer/openvas-scanner/files/openvas-scanner-4.0.3-mkcertclient.patch?rev=1.1&content-type=text/plain |
227 |
|
228 |
Index: openvas-scanner-4.0.3-mkcertclient.patch |
229 |
=================================================================== |
230 |
diff -ru openvas-scanner-4.0.1/CMakeLists.txt openvas-scanner-4.0.1.mkcert/CMakeLists.txt |
231 |
--- openvas-scanner-4.0.1/CMakeLists.txt 2014-04-23 16:00:47.000000000 +0200 |
232 |
+++ openvas-scanner-4.0.1.mkcert/CMakeLists.txt 2014-05-26 16:04:23.093548608 +0200 |
233 |
@@ -258,7 +258,6 @@ |
234 |
# DESTINATION ${OPENVAS_SYSCONF_DIR}) |
235 |
|
236 |
install (FILES ${CMAKE_BINARY_DIR}/tools/openvas-mkcert |
237 |
- ${CMAKE_BINARY_DIR}/tools/openvas-mkcert-client |
238 |
${CMAKE_BINARY_DIR}/tools/openvas-nvt-sync |
239 |
DESTINATION ${SBINDIR} |
240 |
PERMISSIONS OWNER_EXECUTE OWNER_READ OWNER_WRITE |
241 |
@@ -269,7 +268,15 @@ |
242 |
PERMISSIONS OWNER_EXECUTE OWNER_READ OWNER_WRITE |
243 |
GROUP_READ GROUP_EXECUTE WORLD_READ WORLD_EXECUTE) |
244 |
|
245 |
-install (FILES ${CMAKE_BINARY_DIR}/doc/openvassd.8 |
246 |
+install (FILES ${CMAKE_BINARY_DIR}/tools/openvas-mkcert-client |
247 |
+ DESTINATION ${BINDIR} |
248 |
+ PERMISSIONS OWNER_EXECUTE OWNER_READ OWNER_WRITE |
249 |
+ GROUP_READ GROUP_EXECUTE WORLD_READ WORLD_EXECUTE) |
250 |
+ |
251 |
+install (FILES ${CMAKE_SOURCE_DIR}/doc/openvas-mkcert-client.1 |
252 |
+ DESTINATION ${DATADIR}/man/man1 ) |
253 |
+ |
254 |
+install (FILES ${CMAKE_BINARY_DIR}/doc/openvassd.8 |
255 |
DESTINATION ${DATADIR}/man/man8 ) |
256 |
|
257 |
install (FILES ${CMAKE_SOURCE_DIR}/doc/openvas-mkcert.8 |
258 |
Only in openvas-scanner-4.0.1.mkcert/: CMakeLists.txt~ |
259 |
|
260 |
|
261 |
|
262 |
1.1 net-analyzer/openvas-scanner/files/openvas-scanner-4.0.3-rulesdir.patch |
263 |
|
264 |
file : http://sources.gentoo.org/viewvc.cgi/gentoo-x86/net-analyzer/openvas-scanner/files/openvas-scanner-4.0.3-rulesdir.patch?rev=1.1&view=markup |
265 |
plain: http://sources.gentoo.org/viewvc.cgi/gentoo-x86/net-analyzer/openvas-scanner/files/openvas-scanner-4.0.3-rulesdir.patch?rev=1.1&content-type=text/plain |
266 |
|
267 |
Index: openvas-scanner-4.0.3-rulesdir.patch |
268 |
=================================================================== |
269 |
diff -ru openvas-scanner-4.0.1/CMakeLists.txt openvas-scanner-4.0.1.rules/CMakeLists.txt |
270 |
--- openvas-scanner-4.0.1/CMakeLists.txt 2014-04-23 16:00:47.000000000 +0200 |
271 |
+++ openvas-scanner-4.0.1.rules/CMakeLists.txt 2014-05-26 16:07:37.454116277 +0200 |
272 |
@@ -171,6 +171,10 @@ |
273 |
set (OPENVASSD_DEBUGMSG "${OPENVAS_LOG_DIR}/openvassd.dump") |
274 |
set (OPENVASSD_CONF "${OPENVAS_SYSCONF_DIR}/openvassd.conf") |
275 |
|
276 |
+if (NOT OPENVASSD_RULES) |
277 |
+ set (OPENVASSD_RULES "${OPENVAS_DATA_DIR}/openvassd.rules") |
278 |
+endif (NOT OPENVASSD_RULES) |
279 |
+ |
280 |
set (NVT_TIMEOUT "320") |
281 |
|
282 |
message ("-- Install prefix: ${CMAKE_INSTALL_PREFIX}") |
283 |
|
284 |
|
285 |
|
286 |
|
287 |
1.1 net-analyzer/openvas-scanner/files/openvassd-daemon.conf |
288 |
|
289 |
file : http://sources.gentoo.org/viewvc.cgi/gentoo-x86/net-analyzer/openvas-scanner/files/openvassd-daemon.conf?rev=1.1&view=markup |
290 |
plain: http://sources.gentoo.org/viewvc.cgi/gentoo-x86/net-analyzer/openvas-scanner/files/openvassd-daemon.conf?rev=1.1&content-type=text/plain |
291 |
|
292 |
Index: openvassd-daemon.conf |
293 |
=================================================================== |
294 |
#Listen on given address - by default scanner listens on all addresses |
295 |
#SCANNER_LISTEN=--listen=127.0.0.1 |
296 |
|
297 |
#Listen on given port - by default 9391 |
298 |
SCANNER_PORT=--port=9391 |
299 |
|
300 |
#Send the packets with the source IP of IP1,IP2,IP3.... |
301 |
#SCANNER_SRCIP=--src-ip=127.0.0.1,192.168.1.2 |
302 |
|
303 |
# Set to yes if plugins should be automatically updated via a cron job |
304 |
auto_plugin_update=no |
305 |
|
306 |
# Notify OpenVAS scanner after update by seding it SIGHUP? |
307 |
notify_openvas_scanner=yes |
308 |
|
309 |
# Method to use to get updates. The default is via rsync |
310 |
# Note that only wget and curl support retrieval via proxy |
311 |
# update_method=rsync|wget|curl |
312 |
|
313 |
# Additionaly, you can specify the following variables |
314 |
#NVT_DIR where to extract plugins (absolute path) |
315 |
#OV_RSYNC_FEED URL of rsync feed |
316 |
#OV_HTTP_FEED URL of http feed |
317 |
|
318 |
|
319 |
|
320 |
|
321 |
1.1 net-analyzer/openvas-scanner/files/openvas-nvt-sync-cron |
322 |
|
323 |
file : http://sources.gentoo.org/viewvc.cgi/gentoo-x86/net-analyzer/openvas-scanner/files/openvas-nvt-sync-cron?rev=1.1&view=markup |
324 |
plain: http://sources.gentoo.org/viewvc.cgi/gentoo-x86/net-analyzer/openvas-scanner/files/openvas-nvt-sync-cron?rev=1.1&content-type=text/plain |
325 |
|
326 |
Index: openvas-nvt-sync-cron |
327 |
=================================================================== |
328 |
#!/bin/sh |
329 |
|
330 |
if [ -f /etc/openvas/openvassd.conf ]; then |
331 |
. /etc/openvas/openvassd.conf |
332 |
fi |
333 |
|
334 |
if [ "$auto_plugin_update" != "yes" ]; then |
335 |
exit 0 |
336 |
fi |
337 |
|
338 |
opts="" |
339 |
case "$update_method" in |
340 |
rsync) |
341 |
opts = "$opts --rsync" |
342 |
;; |
343 |
wget) |
344 |
opts = "$opts --wget" |
345 |
;; |
346 |
curl) |
347 |
opts = "$opts --curl" |
348 |
;; |
349 |
esac |
350 |
|
351 |
# Export openvas-nvt-sync's environment variables if they are defined |
352 |
[ \! -z "$NVT_DIR" ] && export NVT_DIR |
353 |
[ \! -z "$OV_RSYNC_FEED" ] && export OV_RSYNC_FEED |
354 |
[ \! -z "$OV_HTTP_FEED" ] && export OV_HTTP_FEED |
355 |
|
356 |
/usr/sbin/openvas-nvt-sync $opts >& /dev/null |
357 |
|
358 |
if [ $? -ne 0 ]; then |
359 |
echo "Error updating OpenVAS plugins. Please run openvas-nvt-sync manually." |
360 |
exit 1 |
361 |
fi |
362 |
|
363 |
if [ "$notify_openvas_scanner" == "yes" ]; then |
364 |
/etc/init.d/openvas-scanner reloadplugins |
365 |
fi |
366 |
|
367 |
|
368 |
|
369 |
|
370 |
1.1 net-analyzer/openvas-scanner/files/openvassd.logrotate |
371 |
|
372 |
file : http://sources.gentoo.org/viewvc.cgi/gentoo-x86/net-analyzer/openvas-scanner/files/openvassd.logrotate?rev=1.1&view=markup |
373 |
plain: http://sources.gentoo.org/viewvc.cgi/gentoo-x86/net-analyzer/openvas-scanner/files/openvassd.logrotate?rev=1.1&content-type=text/plain |
374 |
|
375 |
Index: openvassd.logrotate |
376 |
=================================================================== |
377 |
# logrotate for openvas |
378 |
/var/log/openvas/openvassd.log { |
379 |
rotate 4 |
380 |
weekly |
381 |
compress |
382 |
delaycompress |
383 |
missingok |
384 |
postrotate |
385 |
/bin/kill -HUP `pidof openvassd` |
386 |
endscript |
387 |
} |
388 |
|
389 |
|
390 |
|
391 |
1.1 net-analyzer/openvas-scanner/files/openvas-scanner-4.0.3-bsdsource.patch |
392 |
|
393 |
file : http://sources.gentoo.org/viewvc.cgi/gentoo-x86/net-analyzer/openvas-scanner/files/openvas-scanner-4.0.3-bsdsource.patch?rev=1.1&view=markup |
394 |
plain: http://sources.gentoo.org/viewvc.cgi/gentoo-x86/net-analyzer/openvas-scanner/files/openvas-scanner-4.0.3-bsdsource.patch?rev=1.1&content-type=text/plain |
395 |
|
396 |
Index: openvas-scanner-4.0.3-bsdsource.patch |
397 |
=================================================================== |
398 |
diff -ru openvas-scanner-4.0.1/CMakeLists.txt openvas-scanner-4.0.1.bsdsource/CMakeLists.txt |
399 |
--- openvas-scanner-4.0.1/CMakeLists.txt 2014-04-23 16:00:47.000000000 +0200 |
400 |
+++ openvas-scanner-4.0.1.bsdsource/CMakeLists.txt 2014-05-26 16:11:23.018940789 +0200 |
401 |
@@ -235,7 +235,7 @@ |
402 |
set (HARDENING_FLAGS "-Wformat -Wformat-security -O2 -D_FORTIFY_SOURCE=2 -fstack-protector -Wl,-z,relro -Wl,-z,now") |
403 |
|
404 |
set (CMAKE_C_FLAGS_DEBUG "${CMAKE_C_FLAGS_DEBUG} -Werror") |
405 |
-set (CMAKE_C_FLAGS "${CMAKE_C_FLAGS} ${HARDENING_FLAGS} -Wall -D_BSD_SOURCE -D_ISOC99_SOURCE -D_SVID_SOURCE") |
406 |
+set (CMAKE_C_FLAGS "${CMAKE_C_FLAGS} ${HARDENING_FLAGS} -Wall -D_DEFAULT_SOURCE -D_ISOC99_SOURCE") |
407 |
|
408 |
add_subdirectory (src) |