[gentoo-commits] gentoo-x86 commit in net-analyzer/openvas-scanner/files: openvassd.conf openvas-scanner-4.0.3-mkcertclient.patch openvas-scanner-4.0.3-rulesdir.patch openvassd-daemon.conf openvas-nvt-sync-cron openvassd.logrotate openvassd.init openvas-scanner-4.0.3-bsdsource.patch openvassd.service - gentoo-commits

From:	"Justin Lecher (jlec)" <jlec@g.o>
To:	gentoo-commits@l.g.o
Subject:	[gentoo-commits] gentoo-x86 commit in net-analyzer/openvas-scanner/files: openvassd.conf openvas-scanner-4.0.3-mkcertclient.patch openvas-scanner-4.0.3-rulesdir.patch openvassd-daemon.conf openvas-nvt-sync-cron openvassd.logrotate openvassd.init openvas-scanner-4.0.3-bsdsource.patch openvassd.service
Date:	Sun, 28 Sep 2014 18:12:32
Message-Id:	`20140928181228.5580B13A7@oystercatcher.gentoo.org`

1

jlec        14/09/28 18:12:28

2

3

  Modified:             openvassd.init openvassd.service

4

  Added:                openvassd.conf

5

                        openvas-scanner-4.0.3-mkcertclient.patch

6

                        openvas-scanner-4.0.3-rulesdir.patch

7

                        openvassd-daemon.conf openvas-nvt-sync-cron

8

                        openvassd.logrotate

9

                        openvas-scanner-4.0.3-bsdsource.patch

10

  Log:

11

  net-analyzer/openvas-scanner: Import fedora patches

12

13

  (Portage version: 2.2.14_rc1/cvs/Linux x86_64, signed Manifest commit with key B9D4F231BD1558AB!)

14

15

Revision  Changes    Path

16

1.2                  net-analyzer/openvas-scanner/files/openvassd.init

17

18

file : http://sources.gentoo.org/viewvc.cgi/gentoo-x86/net-analyzer/openvas-scanner/files/openvassd.init?rev=1.2&view=markup

19

plain: http://sources.gentoo.org/viewvc.cgi/gentoo-x86/net-analyzer/openvas-scanner/files/openvassd.init?rev=1.2&content-type=text/plain

20

diff : http://sources.gentoo.org/viewvc.cgi/gentoo-x86/net-analyzer/openvas-scanner/files/openvassd.init?r1=1.1&r2=1.2

21

22

Index: openvassd.init

23

===================================================================

24

RCS file: /var/cvsroot/gentoo-x86/net-analyzer/openvas-scanner/files/openvassd.init,v

25

retrieving revision 1.1

26

retrieving revision 1.2

27

diff -u -r1.1 -r1.2

28

--- openvassd.init	28 Sep 2014 15:40:44 -0000	1.1

29

+++ openvassd.init	28 Sep 2014 18:12:28 -0000	1.2

30

@@ -3,22 +3,10 @@

31

 # Distributed under the terms of the GNU General Public License v2

32

 # $Header:

33

34

+name="OpenVAS Scanner"

35

+command="/usr/sbin/openvassd"

36

+command_args="${SCANNER_LISTEN} ${SCANNER_PORT} ${SCANNER_SRCIP}"

37

+

38

 depend() {

39

 	need net

40

}

41

-

42

-start() {

43

-	ebegin "Starting openvassd (scanner)"

44

-	checkpath -d -q /var/cache/openvassd

45

-	start-stop-daemon --start --name openvassd \

46

-		--exec /usr/sbin/openvassd \

47

-		--pidfile /run/openvassd.pid

48

-	eend $?

49

-}

50

-

51

-stop() {

52

-	ebegin "Stop openvassd (scanner)"

53

-	start-stop-daemon --stop --name openvassd \

54

-		--pidfile /run/openvassd.pid

55

-	eend $?

56

-}

1.2                  net-analyzer/openvas-scanner/files/openvassd.service

61

62

file : http://sources.gentoo.org/viewvc.cgi/gentoo-x86/net-analyzer/openvas-scanner/files/openvassd.service?rev=1.2&view=markup

63

plain: http://sources.gentoo.org/viewvc.cgi/gentoo-x86/net-analyzer/openvas-scanner/files/openvassd.service?rev=1.2&content-type=text/plain

64

diff : http://sources.gentoo.org/viewvc.cgi/gentoo-x86/net-analyzer/openvas-scanner/files/openvassd.service?r1=1.1&r2=1.2

65

66

Index: openvassd.service

67

===================================================================

68

RCS file: /var/cvsroot/gentoo-x86/net-analyzer/openvas-scanner/files/openvassd.service,v

69

retrieving revision 1.1

70

retrieving revision 1.2

71

diff -u -r1.1 -r1.2

72

--- openvassd.service	28 Sep 2014 15:40:44 -0000	1.1

73

+++ openvassd.service	28 Sep 2014 18:12:28 -0000	1.2

74

@@ -1,6 +1,16 @@

75

 [Unit]

76

 Description=OpenVAS Scanner

77

 After=network.target

78

+Before=openvasmd.service

79

80

 [Service]

81

-ExecStart=/usr/sbin/openvassd -f

82

+EnvironmentFile=-/etc/openvas/openvassd-daemon.conf

83

+ExecStart=/usr/sbin/openvassd -f $SCANNER_PORT $SCANNER_LISTEN $SCANNER_SRCIP

84

+Restart=always

85

+RestartSec=1

86

+User=root

87

+Group=root

88

+TimeoutSec=1200

89

+

90

+[Install]

91

+WantedBy=multi-user.target

1.1                  net-analyzer/openvas-scanner/files/openvassd.conf

96

97

file : http://sources.gentoo.org/viewvc.cgi/gentoo-x86/net-analyzer/openvas-scanner/files/openvassd.conf?rev=1.1&view=markup

98

plain: http://sources.gentoo.org/viewvc.cgi/gentoo-x86/net-analyzer/openvas-scanner/files/openvassd.conf?rev=1.1&content-type=text/plain

99

100

Index: openvassd.conf

101

===================================================================

102

# Configuration file of the OpenVAS Security Scanner

103

104

# Every line starting with a '#' is a comment

105

106

[Misc]

107

108

# Path to the security checks folder:

109

plugins_folder = /var/lib/openvas/plugins

110

111

# Path to OpenVAS caching folder:

112

cache_folder = /var/cache/openvas

113

114

# Path to OpenVAS include directories:

115

# (multiple entries are separated with colon ':')

116

include_folders = /var/lib/openvas/plugins

117

118

# Maximum number of simultaneous hosts tested :

119

max_hosts = 30

120

121

# Maximum number of simultaneous checks against each host tested :

122

max_checks = 10

123

124

# Niceness. If set to 'yes', openvassd will renice itself to 10.

125

be_nice = no

126

127

# Log file (or 'syslog') :

128

logfile = /var/log/openvas/openvassd.log

129

130

# Shall we log every details of the attack ? (disk intensive)

131

log_whole_attack = no

132

133

# Log the name of the plugins that are loaded by the server ?

134

log_plugins_name_at_load = no

135

136

# Dump file for debugging output, use `-' for stdout

137

dumpfile = /var/log/openvas/openvassd.dump

138

139

# Rules file :

140

rules = /etc/openvas/openvassd.rules

141

142

# CGI paths to check for (cgi-bin:/cgi-aws:/ can do)

143

cgi_path = /cgi-bin:/scripts

144

145

# Range of the ports the port scanners will scan :

146

# 'default' means that OpenVAS will scan ports found in its

147

# services file.

148

port_range = default

149

150

# Optimize the test (recommended) :

151

optimize_test = yes

152

153

# Optimization :

154

# Read timeout for the sockets of the tests :

155

checks_read_timeout = 5

156

157

# Ports against which two plugins should not be run simultaneously :

158

# non_simult_ports = Services/www, 139, Services/finger

159

non_simult_ports = 139, 445

160

161

# Maximum lifetime of a plugin (in seconds) :

162

plugins_timeout = 320

163

164

# Safe checks rely on banner grabbing :

165

safe_checks = yes

166

167

# Automatically activate the plugins that are depended on

168

auto_enable_dependencies = yes

169

170

# Do not echo data from plugins which have been automatically enabled

171

silent_dependencies = no

172

173

# Designate hosts by MAC address, not IP address (useful for DHCP networks)

174

use_mac_addr = no

175

176

177

#--- Knowledge base saving (can be configured by the client) :

178

# Save the knowledge base on disk :

179

save_knowledge_base = no

180

181

# Restore the KB for each test :

182

kb_restore = no

183

184

# Only test hosts whose KB we do not have :

185

only_test_hosts_whose_kb_we_dont_have = no

186

187

# Only test hosts whose KB we already have :

188

only_test_hosts_whose_kb_we_have = no

189

190

# KB test replay :

191

kb_dont_replay_scanners = no

192

kb_dont_replay_info_gathering = no

193

kb_dont_replay_attacks = no

194

kb_dont_replay_denials = no

195

kb_max_age = 864000

196

#--- end of the KB section

197

198

199

# If this option is set, OpenVAS will not scan a network incrementally

200

# (10.0.0.1, then 10.0.0.2, 10.0.0.3 and so on..) but will attempt to

201

# slice the workload throughout the whole network (ie: it will scan

202

# 10.0.0.1, then 10.0.0.127, then 10.0.0.2, then 10.0.0.128 and so on...

203

slice_network_addresses = no

204

205

# Should consider all the NASL scripts as being signed ? (unsafe if set to 'yes')

206

nasl_no_signature_check = yes

207

208

#Certificates

209

cert_file=/var/lib/openvas/CA/servercert.pem

210

key_file=/var/lib/openvas/private/CA/serverkey.pem

211

ca_file=/var/lib/openvas/CA/cacert.pem

212

213

# If you decide to protect your private key with a password,

214

# uncomment and change next line

215

# pem_password=password

216

# If you want to force the use of a client certificate, uncomment next line

217

# force_pubkey_auth = yes

218

219

#end.

1.1                  net-analyzer/openvas-scanner/files/openvas-scanner-4.0.3-mkcertclient.patch

224

225

file : http://sources.gentoo.org/viewvc.cgi/gentoo-x86/net-analyzer/openvas-scanner/files/openvas-scanner-4.0.3-mkcertclient.patch?rev=1.1&view=markup

226

plain: http://sources.gentoo.org/viewvc.cgi/gentoo-x86/net-analyzer/openvas-scanner/files/openvas-scanner-4.0.3-mkcertclient.patch?rev=1.1&content-type=text/plain

227

228

Index: openvas-scanner-4.0.3-mkcertclient.patch

229

===================================================================

230

diff -ru openvas-scanner-4.0.1/CMakeLists.txt openvas-scanner-4.0.1.mkcert/CMakeLists.txt

231

--- openvas-scanner-4.0.1/CMakeLists.txt	2014-04-23 16:00:47.000000000 +0200

232

+++ openvas-scanner-4.0.1.mkcert/CMakeLists.txt	2014-05-26 16:04:23.093548608 +0200

233

@@ -258,7 +258,6 @@

234

 #         DESTINATION ${OPENVAS_SYSCONF_DIR})

235

236

 install (FILES ${CMAKE_BINARY_DIR}/tools/openvas-mkcert

237

-               ${CMAKE_BINARY_DIR}/tools/openvas-mkcert-client

238

                ${CMAKE_BINARY_DIR}/tools/openvas-nvt-sync

239

          DESTINATION ${SBINDIR}

240

          PERMISSIONS OWNER_EXECUTE OWNER_READ OWNER_WRITE

241

@@ -269,7 +268,15 @@

242

          PERMISSIONS OWNER_EXECUTE OWNER_READ OWNER_WRITE

243

                      GROUP_READ GROUP_EXECUTE WORLD_READ WORLD_EXECUTE)

244

245

-install (FILES ${CMAKE_BINARY_DIR}/doc/openvassd.8

246

+install (FILES ${CMAKE_BINARY_DIR}/tools/openvas-mkcert-client

247

+         DESTINATION ${BINDIR}

248

+         PERMISSIONS OWNER_EXECUTE OWNER_READ OWNER_WRITE

249

+                     GROUP_READ GROUP_EXECUTE WORLD_READ WORLD_EXECUTE)

250

+

251

+install (FILES ${CMAKE_SOURCE_DIR}/doc/openvas-mkcert-client.1

252

+          DESTINATION ${DATADIR}/man/man1 )

253

+

254

+install (FILES ${CMAKE_BINARY_DIR}/doc/openvassd.8

255

          DESTINATION ${DATADIR}/man/man8 )

256

257

 install (FILES ${CMAKE_SOURCE_DIR}/doc/openvas-mkcert.8

258

Only in openvas-scanner-4.0.1.mkcert/: CMakeLists.txt~

1.1                  net-analyzer/openvas-scanner/files/openvas-scanner-4.0.3-rulesdir.patch

263

264

file : http://sources.gentoo.org/viewvc.cgi/gentoo-x86/net-analyzer/openvas-scanner/files/openvas-scanner-4.0.3-rulesdir.patch?rev=1.1&view=markup

265

plain: http://sources.gentoo.org/viewvc.cgi/gentoo-x86/net-analyzer/openvas-scanner/files/openvas-scanner-4.0.3-rulesdir.patch?rev=1.1&content-type=text/plain

266

267

Index: openvas-scanner-4.0.3-rulesdir.patch

268

===================================================================

269

diff -ru openvas-scanner-4.0.1/CMakeLists.txt openvas-scanner-4.0.1.rules/CMakeLists.txt

270

--- openvas-scanner-4.0.1/CMakeLists.txt	2014-04-23 16:00:47.000000000 +0200

271

+++ openvas-scanner-4.0.1.rules/CMakeLists.txt	2014-05-26 16:07:37.454116277 +0200

272

@@ -171,6 +171,10 @@

273

 set (OPENVASSD_DEBUGMSG "${OPENVAS_LOG_DIR}/openvassd.dump")

274

 set (OPENVASSD_CONF     "${OPENVAS_SYSCONF_DIR}/openvassd.conf")

275

276

+if (NOT OPENVASSD_RULES)

277

+  set (OPENVASSD_RULES    "${OPENVAS_DATA_DIR}/openvassd.rules")

278

+endif (NOT OPENVASSD_RULES)

279

+

280

 set (NVT_TIMEOUT "320")

281

282

 message ("-- Install prefix: ${CMAKE_INSTALL_PREFIX}")

1.1                  net-analyzer/openvas-scanner/files/openvassd-daemon.conf

288

289

file : http://sources.gentoo.org/viewvc.cgi/gentoo-x86/net-analyzer/openvas-scanner/files/openvassd-daemon.conf?rev=1.1&view=markup

290

plain: http://sources.gentoo.org/viewvc.cgi/gentoo-x86/net-analyzer/openvas-scanner/files/openvassd-daemon.conf?rev=1.1&content-type=text/plain

291

292

Index: openvassd-daemon.conf

293

===================================================================

294

#Listen on given address - by default scanner listens on all addresses

295

#SCANNER_LISTEN=--listen=127.0.0.1

296

297

#Listen on given port - by default 9391

298

SCANNER_PORT=--port=9391

299

300

#Send the packets with the source IP of IP1,IP2,IP3....

301

#SCANNER_SRCIP=--src-ip=127.0.0.1,192.168.1.2

302

303

# Set to yes if plugins should be automatically updated via a cron job

304

auto_plugin_update=no

305

306

# Notify OpenVAS scanner after update by seding it SIGHUP?

307

notify_openvas_scanner=yes

308

309

# Method to use to get updates. The default is via rsync

310

# Note that only wget and curl support retrieval via proxy

311

# update_method=rsync|wget|curl

312

313

# Additionaly, you can specify the following variables

314

#NVT_DIR		where to extract plugins (absolute path)

315

#OV_RSYNC_FEED		URL of rsync feed

316

#OV_HTTP_FEED		URL of http feed

1.1                  net-analyzer/openvas-scanner/files/openvas-nvt-sync-cron

322

323

file : http://sources.gentoo.org/viewvc.cgi/gentoo-x86/net-analyzer/openvas-scanner/files/openvas-nvt-sync-cron?rev=1.1&view=markup

324

plain: http://sources.gentoo.org/viewvc.cgi/gentoo-x86/net-analyzer/openvas-scanner/files/openvas-nvt-sync-cron?rev=1.1&content-type=text/plain

325

326

Index: openvas-nvt-sync-cron

327

===================================================================

328

#!/bin/sh

329

330

if [ -f /etc/openvas/openvassd.conf ]; then

331

	. /etc/openvas/openvassd.conf

332

fi

333

334

if [ "$auto_plugin_update" != "yes" ]; then

335

	exit 0

336

fi

337

338

opts=""

339

case "$update_method" in

340

	rsync)

341

		opts = "$opts --rsync"

342

;;

343

	wget)

344

		opts = "$opts --wget"

345

;;

346

	curl)

347

		opts = "$opts --curl"

348

;;

349

esac

350

351

# Export openvas-nvt-sync's environment variables if they are defined

352

[ \! -z "$NVT_DIR" ] && export NVT_DIR

353

[ \! -z "$OV_RSYNC_FEED" ] && export OV_RSYNC_FEED

354

[ \! -z "$OV_HTTP_FEED" ] && export OV_HTTP_FEED

355

356

/usr/sbin/openvas-nvt-sync $opts >& /dev/null

357

358

if [ $? -ne 0 ]; then

359

	echo "Error updating OpenVAS plugins. Please run openvas-nvt-sync manually."

360

	exit 1

361

fi

362

363

if [ "$notify_openvas_scanner" == "yes" ]; then

364

	/etc/init.d/openvas-scanner reloadplugins

365

fi

1.1                  net-analyzer/openvas-scanner/files/openvassd.logrotate

371

372

file : http://sources.gentoo.org/viewvc.cgi/gentoo-x86/net-analyzer/openvas-scanner/files/openvassd.logrotate?rev=1.1&view=markup

373

plain: http://sources.gentoo.org/viewvc.cgi/gentoo-x86/net-analyzer/openvas-scanner/files/openvassd.logrotate?rev=1.1&content-type=text/plain

374

375

Index: openvassd.logrotate

376

===================================================================

377

# logrotate for openvas

378

/var/log/openvas/openvassd.log {

379

        rotate 4

380

        weekly

381

        compress

382

        delaycompress

383

        missingok

384

	postrotate

385

	    /bin/kill -HUP `pidof openvassd`

386

	endscript

387

}

1.1                  net-analyzer/openvas-scanner/files/openvas-scanner-4.0.3-bsdsource.patch

392

393

file : http://sources.gentoo.org/viewvc.cgi/gentoo-x86/net-analyzer/openvas-scanner/files/openvas-scanner-4.0.3-bsdsource.patch?rev=1.1&view=markup

394

plain: http://sources.gentoo.org/viewvc.cgi/gentoo-x86/net-analyzer/openvas-scanner/files/openvas-scanner-4.0.3-bsdsource.patch?rev=1.1&content-type=text/plain

395

396

Index: openvas-scanner-4.0.3-bsdsource.patch

397

===================================================================

398

diff -ru openvas-scanner-4.0.1/CMakeLists.txt openvas-scanner-4.0.1.bsdsource/CMakeLists.txt

399

--- openvas-scanner-4.0.1/CMakeLists.txt	2014-04-23 16:00:47.000000000 +0200

400

+++ openvas-scanner-4.0.1.bsdsource/CMakeLists.txt	2014-05-26 16:11:23.018940789 +0200

401

@@ -235,7 +235,7 @@

402

 set (HARDENING_FLAGS            "-Wformat -Wformat-security -O2 -D_FORTIFY_SOURCE=2 -fstack-protector -Wl,-z,relro -Wl,-z,now")

403

404

 set (CMAKE_C_FLAGS_DEBUG        "${CMAKE_C_FLAGS_DEBUG} -Werror")

405

-set (CMAKE_C_FLAGS              "${CMAKE_C_FLAGS} ${HARDENING_FLAGS} -Wall -D_BSD_SOURCE -D_ISOC99_SOURCE -D_SVID_SOURCE")

406

+set (CMAKE_C_FLAGS              "${CMAKE_C_FLAGS} ${HARDENING_FLAGS} -Wall -D_DEFAULT_SOURCE -D_ISOC99_SOURCE")

407

408

 add_subdirectory (src)

1	jlec 14/09/28 18:12:28
2
3	Modified: openvassd.init openvassd.service
4	Added: openvassd.conf
5	openvas-scanner-4.0.3-mkcertclient.patch
6	openvas-scanner-4.0.3-rulesdir.patch
7	openvassd-daemon.conf openvas-nvt-sync-cron
8	openvassd.logrotate
9	openvas-scanner-4.0.3-bsdsource.patch
10	Log:
11	net-analyzer/openvas-scanner: Import fedora patches
12
13	(Portage version: 2.2.14_rc1/cvs/Linux x86_64, signed Manifest commit with key B9D4F231BD1558AB!)
14
15	Revision Changes Path
16	1.2 net-analyzer/openvas-scanner/files/openvassd.init
17
18	file : http://sources.gentoo.org/viewvc.cgi/gentoo-x86/net-analyzer/openvas-scanner/files/openvassd.init?rev=1.2&view=markup
19	plain: http://sources.gentoo.org/viewvc.cgi/gentoo-x86/net-analyzer/openvas-scanner/files/openvassd.init?rev=1.2&content-type=text/plain
20	diff : http://sources.gentoo.org/viewvc.cgi/gentoo-x86/net-analyzer/openvas-scanner/files/openvassd.init?r1=1.1&r2=1.2
21
22	Index: openvassd.init
23	===================================================================
24	RCS file: /var/cvsroot/gentoo-x86/net-analyzer/openvas-scanner/files/openvassd.init,v
25	retrieving revision 1.1
26	retrieving revision 1.2
27	diff -u -r1.1 -r1.2
28	--- openvassd.init 28 Sep 2014 15:40:44 -0000 1.1
29	+++ openvassd.init 28 Sep 2014 18:12:28 -0000 1.2
30	@@ -3,22 +3,10 @@
31	# Distributed under the terms of the GNU General Public License v2
32	# $Header:
33
34	+name="OpenVAS Scanner"
35	+command="/usr/sbin/openvassd"
36	+command_args="${SCANNER_LISTEN} ${SCANNER_PORT} ${SCANNER_SRCIP}"
37	+
38	depend() {
39	need net
40	}
41	-
42	-start() {
43	- ebegin "Starting openvassd (scanner)"
44	- checkpath -d -q /var/cache/openvassd
45	- start-stop-daemon --start --name openvassd \
46	- --exec /usr/sbin/openvassd \
47	- --pidfile /run/openvassd.pid
48	- eend $?
49	-}
50	-
51	-stop() {
52	- ebegin "Stop openvassd (scanner)"
53	- start-stop-daemon --stop --name openvassd \
54	- --pidfile /run/openvassd.pid
55	- eend $?
56	-}
57
58
59
60	1.2 net-analyzer/openvas-scanner/files/openvassd.service
61
62	file : http://sources.gentoo.org/viewvc.cgi/gentoo-x86/net-analyzer/openvas-scanner/files/openvassd.service?rev=1.2&view=markup
63	plain: http://sources.gentoo.org/viewvc.cgi/gentoo-x86/net-analyzer/openvas-scanner/files/openvassd.service?rev=1.2&content-type=text/plain
64	diff : http://sources.gentoo.org/viewvc.cgi/gentoo-x86/net-analyzer/openvas-scanner/files/openvassd.service?r1=1.1&r2=1.2
65
66	Index: openvassd.service
67	===================================================================
68	RCS file: /var/cvsroot/gentoo-x86/net-analyzer/openvas-scanner/files/openvassd.service,v
69	retrieving revision 1.1
70	retrieving revision 1.2
71	diff -u -r1.1 -r1.2
72	--- openvassd.service 28 Sep 2014 15:40:44 -0000 1.1
73	+++ openvassd.service 28 Sep 2014 18:12:28 -0000 1.2
74	@@ -1,6 +1,16 @@
75	[Unit]
76	Description=OpenVAS Scanner
77	After=network.target
78	+Before=openvasmd.service
79
80	[Service]
81	-ExecStart=/usr/sbin/openvassd -f
82	+EnvironmentFile=-/etc/openvas/openvassd-daemon.conf
83	+ExecStart=/usr/sbin/openvassd -f $SCANNER_PORT $SCANNER_LISTEN $SCANNER_SRCIP
84	+Restart=always
85	+RestartSec=1
86	+User=root
87	+Group=root
88	+TimeoutSec=1200
89	+
90	+[Install]
91	+WantedBy=multi-user.target
92
93
94
95	1.1 net-analyzer/openvas-scanner/files/openvassd.conf
96
97	file : http://sources.gentoo.org/viewvc.cgi/gentoo-x86/net-analyzer/openvas-scanner/files/openvassd.conf?rev=1.1&view=markup
98	plain: http://sources.gentoo.org/viewvc.cgi/gentoo-x86/net-analyzer/openvas-scanner/files/openvassd.conf?rev=1.1&content-type=text/plain
99
100	Index: openvassd.conf
101	===================================================================
102	# Configuration file of the OpenVAS Security Scanner
103
104	# Every line starting with a '#' is a comment
105
106	[Misc]
107
108	# Path to the security checks folder:
109	plugins_folder = /var/lib/openvas/plugins
110
111	# Path to OpenVAS caching folder:
112	cache_folder = /var/cache/openvas
113
114	# Path to OpenVAS include directories:
115	# (multiple entries are separated with colon ':')
116	include_folders = /var/lib/openvas/plugins
117
118	# Maximum number of simultaneous hosts tested :
119	max_hosts = 30
120
121	# Maximum number of simultaneous checks against each host tested :
122	max_checks = 10
123
124	# Niceness. If set to 'yes', openvassd will renice itself to 10.
125	be_nice = no
126
127	# Log file (or 'syslog') :
128	logfile = /var/log/openvas/openvassd.log
129
130	# Shall we log every details of the attack ? (disk intensive)
131	log_whole_attack = no
132
133	# Log the name of the plugins that are loaded by the server ?
134	log_plugins_name_at_load = no
135
136	# Dump file for debugging output, use `-' for stdout
137	dumpfile = /var/log/openvas/openvassd.dump
138
139	# Rules file :
140	rules = /etc/openvas/openvassd.rules
141
142	# CGI paths to check for (cgi-bin:/cgi-aws:/ can do)
143	cgi_path = /cgi-bin:/scripts
144
145	# Range of the ports the port scanners will scan :
146	# 'default' means that OpenVAS will scan ports found in its
147	# services file.
148	port_range = default
149
150	# Optimize the test (recommended) :
151	optimize_test = yes
152
153	# Optimization :
154	# Read timeout for the sockets of the tests :
155	checks_read_timeout = 5
156
157	# Ports against which two plugins should not be run simultaneously :
158	# non_simult_ports = Services/www, 139, Services/finger
159	non_simult_ports = 139, 445
160
161	# Maximum lifetime of a plugin (in seconds) :
162	plugins_timeout = 320
163
164	# Safe checks rely on banner grabbing :
165	safe_checks = yes
166
167	# Automatically activate the plugins that are depended on
168	auto_enable_dependencies = yes
169
170	# Do not echo data from plugins which have been automatically enabled
171	silent_dependencies = no
172
173	# Designate hosts by MAC address, not IP address (useful for DHCP networks)
174	use_mac_addr = no
175
176
177	#--- Knowledge base saving (can be configured by the client) :
178	# Save the knowledge base on disk :
179	save_knowledge_base = no
180
181	# Restore the KB for each test :
182	kb_restore = no
183
184	# Only test hosts whose KB we do not have :
185	only_test_hosts_whose_kb_we_dont_have = no
186
187	# Only test hosts whose KB we already have :
188	only_test_hosts_whose_kb_we_have = no
189
190	# KB test replay :
191	kb_dont_replay_scanners = no
192	kb_dont_replay_info_gathering = no
193	kb_dont_replay_attacks = no
194	kb_dont_replay_denials = no
195	kb_max_age = 864000
196	#--- end of the KB section
197
198
199	# If this option is set, OpenVAS will not scan a network incrementally
200	# (10.0.0.1, then 10.0.0.2, 10.0.0.3 and so on..) but will attempt to
201	# slice the workload throughout the whole network (ie: it will scan
202	# 10.0.0.1, then 10.0.0.127, then 10.0.0.2, then 10.0.0.128 and so on...
203	slice_network_addresses = no
204
205	# Should consider all the NASL scripts as being signed ? (unsafe if set to 'yes')
206	nasl_no_signature_check = yes
207
208	#Certificates
209	cert_file=/var/lib/openvas/CA/servercert.pem
210	key_file=/var/lib/openvas/private/CA/serverkey.pem
211	ca_file=/var/lib/openvas/CA/cacert.pem
212
213	# If you decide to protect your private key with a password,
214	# uncomment and change next line
215	# pem_password=password
216	# If you want to force the use of a client certificate, uncomment next line
217	# force_pubkey_auth = yes
218
219	#end.
220
221
222
223	1.1 net-analyzer/openvas-scanner/files/openvas-scanner-4.0.3-mkcertclient.patch
224
225	file : http://sources.gentoo.org/viewvc.cgi/gentoo-x86/net-analyzer/openvas-scanner/files/openvas-scanner-4.0.3-mkcertclient.patch?rev=1.1&view=markup
226	plain: http://sources.gentoo.org/viewvc.cgi/gentoo-x86/net-analyzer/openvas-scanner/files/openvas-scanner-4.0.3-mkcertclient.patch?rev=1.1&content-type=text/plain
227
228	Index: openvas-scanner-4.0.3-mkcertclient.patch
229	===================================================================
230	diff -ru openvas-scanner-4.0.1/CMakeLists.txt openvas-scanner-4.0.1.mkcert/CMakeLists.txt
231	--- openvas-scanner-4.0.1/CMakeLists.txt 2014-04-23 16:00:47.000000000 +0200
232	+++ openvas-scanner-4.0.1.mkcert/CMakeLists.txt 2014-05-26 16:04:23.093548608 +0200
233	@@ -258,7 +258,6 @@
234	# DESTINATION ${OPENVAS_SYSCONF_DIR})
235
236	install (FILES ${CMAKE_BINARY_DIR}/tools/openvas-mkcert
237	- ${CMAKE_BINARY_DIR}/tools/openvas-mkcert-client
238	${CMAKE_BINARY_DIR}/tools/openvas-nvt-sync
239	DESTINATION ${SBINDIR}
240	PERMISSIONS OWNER_EXECUTE OWNER_READ OWNER_WRITE
241	@@ -269,7 +268,15 @@
242	PERMISSIONS OWNER_EXECUTE OWNER_READ OWNER_WRITE
243	GROUP_READ GROUP_EXECUTE WORLD_READ WORLD_EXECUTE)
244
245	-install (FILES ${CMAKE_BINARY_DIR}/doc/openvassd.8
246	+install (FILES ${CMAKE_BINARY_DIR}/tools/openvas-mkcert-client
247	+ DESTINATION ${BINDIR}
248	+ PERMISSIONS OWNER_EXECUTE OWNER_READ OWNER_WRITE
249	+ GROUP_READ GROUP_EXECUTE WORLD_READ WORLD_EXECUTE)
250	+
251	+install (FILES ${CMAKE_SOURCE_DIR}/doc/openvas-mkcert-client.1
252	+ DESTINATION ${DATADIR}/man/man1 )
253	+
254	+install (FILES ${CMAKE_BINARY_DIR}/doc/openvassd.8
255	DESTINATION ${DATADIR}/man/man8 )
256
257	install (FILES ${CMAKE_SOURCE_DIR}/doc/openvas-mkcert.8
258	Only in openvas-scanner-4.0.1.mkcert/: CMakeLists.txt~
259
260
261
262	1.1 net-analyzer/openvas-scanner/files/openvas-scanner-4.0.3-rulesdir.patch
263
264	file : http://sources.gentoo.org/viewvc.cgi/gentoo-x86/net-analyzer/openvas-scanner/files/openvas-scanner-4.0.3-rulesdir.patch?rev=1.1&view=markup
265	plain: http://sources.gentoo.org/viewvc.cgi/gentoo-x86/net-analyzer/openvas-scanner/files/openvas-scanner-4.0.3-rulesdir.patch?rev=1.1&content-type=text/plain
266
267	Index: openvas-scanner-4.0.3-rulesdir.patch
268	===================================================================
269	diff -ru openvas-scanner-4.0.1/CMakeLists.txt openvas-scanner-4.0.1.rules/CMakeLists.txt
270	--- openvas-scanner-4.0.1/CMakeLists.txt 2014-04-23 16:00:47.000000000 +0200
271	+++ openvas-scanner-4.0.1.rules/CMakeLists.txt 2014-05-26 16:07:37.454116277 +0200
272	@@ -171,6 +171,10 @@
273	set (OPENVASSD_DEBUGMSG "${OPENVAS_LOG_DIR}/openvassd.dump")
274	set (OPENVASSD_CONF "${OPENVAS_SYSCONF_DIR}/openvassd.conf")
275
276	+if (NOT OPENVASSD_RULES)
277	+ set (OPENVASSD_RULES "${OPENVAS_DATA_DIR}/openvassd.rules")
278	+endif (NOT OPENVASSD_RULES)
279	+
280	set (NVT_TIMEOUT "320")
281
282	message ("-- Install prefix: ${CMAKE_INSTALL_PREFIX}")
283
284
285
286
287	1.1 net-analyzer/openvas-scanner/files/openvassd-daemon.conf
288
289	file : http://sources.gentoo.org/viewvc.cgi/gentoo-x86/net-analyzer/openvas-scanner/files/openvassd-daemon.conf?rev=1.1&view=markup
290	plain: http://sources.gentoo.org/viewvc.cgi/gentoo-x86/net-analyzer/openvas-scanner/files/openvassd-daemon.conf?rev=1.1&content-type=text/plain
291
292	Index: openvassd-daemon.conf
293	===================================================================
294	#Listen on given address - by default scanner listens on all addresses
295	#SCANNER_LISTEN=--listen=127.0.0.1
296
297	#Listen on given port - by default 9391
298	SCANNER_PORT=--port=9391
299
300	#Send the packets with the source IP of IP1,IP2,IP3....
301	#SCANNER_SRCIP=--src-ip=127.0.0.1,192.168.1.2
302
303	# Set to yes if plugins should be automatically updated via a cron job
304	auto_plugin_update=no
305
306	# Notify OpenVAS scanner after update by seding it SIGHUP?
307	notify_openvas_scanner=yes
308
309	# Method to use to get updates. The default is via rsync
310	# Note that only wget and curl support retrieval via proxy
311	# update_method=rsync\|wget\|curl
312
313	# Additionaly, you can specify the following variables
314	#NVT_DIR where to extract plugins (absolute path)
315	#OV_RSYNC_FEED URL of rsync feed
316	#OV_HTTP_FEED URL of http feed
317
318
319
320
321	1.1 net-analyzer/openvas-scanner/files/openvas-nvt-sync-cron
322
323	file : http://sources.gentoo.org/viewvc.cgi/gentoo-x86/net-analyzer/openvas-scanner/files/openvas-nvt-sync-cron?rev=1.1&view=markup
324	plain: http://sources.gentoo.org/viewvc.cgi/gentoo-x86/net-analyzer/openvas-scanner/files/openvas-nvt-sync-cron?rev=1.1&content-type=text/plain
325
326	Index: openvas-nvt-sync-cron
327	===================================================================
328	#!/bin/sh
329
330	if [ -f /etc/openvas/openvassd.conf ]; then
331	. /etc/openvas/openvassd.conf
332	fi
333
334	if [ "$auto_plugin_update" != "yes" ]; then
335	exit 0
336	fi
337
338	opts=""
339	case "$update_method" in
340	rsync)
341	opts = "$opts --rsync"
342	;;
343	wget)
344	opts = "$opts --wget"
345	;;
346	curl)
347	opts = "$opts --curl"
348	;;
349	esac
350
351	# Export openvas-nvt-sync's environment variables if they are defined
352	[ \! -z "$NVT_DIR" ] && export NVT_DIR
353	[ \! -z "$OV_RSYNC_FEED" ] && export OV_RSYNC_FEED
354	[ \! -z "$OV_HTTP_FEED" ] && export OV_HTTP_FEED
355
356	/usr/sbin/openvas-nvt-sync $opts >& /dev/null
357
358	if [ $? -ne 0 ]; then
359	echo "Error updating OpenVAS plugins. Please run openvas-nvt-sync manually."
360	exit 1
361	fi
362
363	if [ "$notify_openvas_scanner" == "yes" ]; then
364	/etc/init.d/openvas-scanner reloadplugins
365	fi
366
367
368
369
370	1.1 net-analyzer/openvas-scanner/files/openvassd.logrotate
371
372	file : http://sources.gentoo.org/viewvc.cgi/gentoo-x86/net-analyzer/openvas-scanner/files/openvassd.logrotate?rev=1.1&view=markup
373	plain: http://sources.gentoo.org/viewvc.cgi/gentoo-x86/net-analyzer/openvas-scanner/files/openvassd.logrotate?rev=1.1&content-type=text/plain
374
375	Index: openvassd.logrotate
376	===================================================================
377	# logrotate for openvas
378	/var/log/openvas/openvassd.log {
379	rotate 4
380	weekly
381	compress
382	delaycompress
383	missingok
384	postrotate
385	/bin/kill -HUP `pidof openvassd`
386	endscript
387	}
388
389
390
391	1.1 net-analyzer/openvas-scanner/files/openvas-scanner-4.0.3-bsdsource.patch
392
393	file : http://sources.gentoo.org/viewvc.cgi/gentoo-x86/net-analyzer/openvas-scanner/files/openvas-scanner-4.0.3-bsdsource.patch?rev=1.1&view=markup
394	plain: http://sources.gentoo.org/viewvc.cgi/gentoo-x86/net-analyzer/openvas-scanner/files/openvas-scanner-4.0.3-bsdsource.patch?rev=1.1&content-type=text/plain
395
396	Index: openvas-scanner-4.0.3-bsdsource.patch
397	===================================================================
398	diff -ru openvas-scanner-4.0.1/CMakeLists.txt openvas-scanner-4.0.1.bsdsource/CMakeLists.txt
399	--- openvas-scanner-4.0.1/CMakeLists.txt 2014-04-23 16:00:47.000000000 +0200
400	+++ openvas-scanner-4.0.1.bsdsource/CMakeLists.txt 2014-05-26 16:11:23.018940789 +0200
401	@@ -235,7 +235,7 @@
402	set (HARDENING_FLAGS "-Wformat -Wformat-security -O2 -D_FORTIFY_SOURCE=2 -fstack-protector -Wl,-z,relro -Wl,-z,now")
403
404	set (CMAKE_C_FLAGS_DEBUG "${CMAKE_C_FLAGS_DEBUG} -Werror")
405	-set (CMAKE_C_FLAGS "${CMAKE_C_FLAGS} ${HARDENING_FLAGS} -Wall -D_BSD_SOURCE -D_ISOC99_SOURCE -D_SVID_SOURCE")
406	+set (CMAKE_C_FLAGS "${CMAKE_C_FLAGS} ${HARDENING_FLAGS} -Wall -D_DEFAULT_SOURCE -D_ISOC99_SOURCE")
407
408	add_subdirectory (src)

Gentoo Archives: gentoo-commits