Get Gentoo!
gentoo.org sites
gentoo.org Wiki Bugs Forums Packages
Planet Archives Sources
Infra Status

Gentoo Archives: gentoo-commits

From: Patrice Clement <monsieurp@g.o>
To: gentoo-commits@l.g.o
Subject: [gentoo-commits] repo/gentoo:master commit in: net-analyzer/openvas-scanner/files/, net-analyzer/openvas-scanner/
Date: Wed, 13 Mar 2019 14:59:17
Message-Id: 1552489131.87057ce7dbb83050472c6ee39f083a229aee2eed.monsieurp@gentoo
1 commit: 87057ce7dbb83050472c6ee39f083a229aee2eed
2 Author: Hasan ÇALIŞIR <hasan.calisir <AT> psauxit <DOT> com>
3 AuthorDate: Thu Feb 7 01:51:45 2019 +0000
4 Commit: Patrice Clement <monsieurp <AT> gentoo <DOT> org>
5 CommitDate: Wed Mar 13 14:58:51 2019 +0000
6 URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=87057ce7
7
8 net-analyzer/openvas-scanner: version bump to 5.1.3.
9
10 Bump to 5.1.3.
11
12 This also brings new improvements and introduces the new USE flag 'extras'.
13
14 Introduces three new patches which fixes build and QA issues:
15 - gcc8.patch fixes gcc-8 build issue.
16 - nvt.patch fixes nvt category issue.
17 - cachedir.patch fixes unnecessary directory install QA issue.
18
19 Introduces two new useful scripts:
20 - first-start script checks setup and ready it for first time use.
21 - openvas-feed-sync script updates OpenVAS feeds from cron.
22
23 Introduces one new example file for proper redis configuration.
24 redis.conf.example is proper example config file for package.
25
26 systemd & init script files updated.
27
28 Because of new dependencies ~arm ~ppc keywords have been dropped.
29
30 This package is part of net-analyzer/openvas.
31
32 Reported-by: NP-Hardass <np-hardass <AT> gentoo.org>
33 Acked-by: Hasan ÇALIŞIR <hasan.calisir <AT> psauxit.com>
34 Tested-by: Hasan ÇALIŞIR <hasan.calisir <AT> psauxit.com>
35 Signed-off-by: Hasan ÇALIŞIR <hasan.calisir <AT> psauxit.com>
36 Package-Manager: Portage-2.3.51, Repoman-2.3.11
37 Signed-off-by: Patrice Clement <monsieurp <AT> gentoo.org>
38
39 net-analyzer/openvas-scanner/Manifest | 1 +
40 net-analyzer/openvas-scanner/files/first-start | 634 +++++++++++++++++++++
41 .../openvas-scanner/files/openvas-feed-sync | 627 ++++++++++++++++++++
42 .../files/openvas-scanner-5.1.3-cachedir.patch | 42 ++
43 .../files/openvas-scanner-5.1.3-gcc8.patch | 42 ++
44 .../files/openvas-scanner-5.1.3-nvt.patch | 93 +++
45 .../files/openvas-scanner-daemon.conf | 9 +
46 .../openvas-scanner/files/openvas-scanner.init | 25 +
47 .../files/openvas-scanner.logrotate | 11 +
48 .../openvas-scanner/files/openvas-scanner.service | 21 +
49 .../files/openvas-scanner.tmpfiles.d | 1 +
50 net-analyzer/openvas-scanner/files/openvassd.conf | 123 +---
51 .../openvas-scanner/files/redis.conf.example | 57 ++
52 net-analyzer/openvas-scanner/metadata.xml | 12 +-
53 .../openvas-scanner/openvas-scanner-5.1.3.ebuild | 97 ++++
54 15 files changed, 1700 insertions(+), 95 deletions(-)
55
56 diff --git a/net-analyzer/openvas-scanner/Manifest b/net-analyzer/openvas-scanner/Manifest
57 index db79fe5dc71..2bb7d462564 100644
58 --- a/net-analyzer/openvas-scanner/Manifest
59 +++ b/net-analyzer/openvas-scanner/Manifest
60 @@ -1 +1,2 @@
61 DIST openvas-scanner-5.0.4.tar.gz 236282 BLAKE2B 3105afe0fd819773b33c8194e0addaad70af4692578fe3bfbd76166004ca99e25f2f22a946810fe52da747242f1e45bae00766c4687676ec70df2d7349fa4509 SHA512 51267f832a104897a497b5dc71d1b804de4db77742e2234d111a00b1e0e01536613b16ff48d23a37013178b016b39408a25d18a694980c7e6fc600824e05e149
62 +DIST openvas-scanner-5.1.3.tar.gz 254159 BLAKE2B d90fa15e143ead53abce66f933a3a4cac327176cca0f23bd88fe771ed7726b1891784ae980644c8335e560d348753115e43cfae83af9704e2d1d02827163563f SHA512 5712ab275058877cfd656e268ed09c81db6617ae247c17092f1fcd037f692f2018daf21b09b82401f99a7361bb485f0e0f7d63f8ff2387839cfdd5a3aaf8424e
63
64 diff --git a/net-analyzer/openvas-scanner/files/first-start b/net-analyzer/openvas-scanner/files/first-start
65 new file mode 100755
66 index 00000000000..95811a56b19
67 --- /dev/null
68 +++ b/net-analyzer/openvas-scanner/files/first-start
69 @@ -0,0 +1,634 @@
70 +#!/bin/bash
71 +# Copyright 1999-2019 Gentoo Authors
72 +# Distributed under the terms of the GNU General Public License v2
73 +# This is OpenVAS first-start/check-setup script which make things automatically for first time use.
74 +
75 +
76 +##################################################################################################
77 +# If you use systemd or init.d(open-rc) for OpenVAS daemons you don't need to set below settings.#
78 +# If you don't use any of them you can set the below command args to start daemons manually. #
79 +##################################################################################################
80 +
81 +# OpenVAS Manager command args
82 +OPENVAS_MANAGER_OPTIONS="" # e.g --foreground
83 +OPENVAS_MANAGER_PORT="--port=9390" # Manager listen port
84 +OPENVAS_MANAGER_LISTEN_ADDRESS="--listen=127.0.0.1" # Manager listen address
85 +OPENVAS_MANAGER_SCANNER_HOST="--scanner-host=/var/run/openvassd.sock" # Scanner unix socket
86 +OPENVAS_MANAGER_GNUTLS_PRIORITIES="--gnutls-priorities=SECURE256:+SUITEB192:+SECURE192:+SECURE128:+SUITEB128:-MD5:-SHA1:-VERS-TLS1.0:-VERS-TLS1.1:-VERS-SSL3.0"
87 +
88 +# OpenVAS Scanner command args
89 +OPENVAS_SCANNER_OPTIONS="" # e.g --foreground
90 +OPENVAS_SCANNER_LISTEN_SOCKET="--unix-socket=/var/run/openvassd.sock" # Scanner listen socket
91 +
92 +# OpenVAS Security Assistant command args for reverse proxying | SSL PassThrough
93 +OPENVAS_SECURITY_ASSISTANT_OPTIONS="--no-redirect" # Don't listen port 80 anymore for reverse proxy
94 +OPENVAS_SECURITY_ASSISTANT_LISTEN_ADDRESS="--listen=127.0.0.1" # WebUI adress
95 +OPENVAS_SECURITY_ASSISTANT_LISTEN_PORT="--port=9392" # WebUI Port
96 +OPENVAS_SECURITY_ASSISTANT_MANAGER_LISTEN_ADDRESS="--mlisten=127.0.0.1" # WebUI Manager Address
97 +OPENVAS_SECURITY_ASSISTANT_MANAGER_PORT="--mport=9390" # WebUI Manager Port
98 +OPENVAS_SECURITY_ASSISTANT_GNUTLS_PRIORITIES="--gnutls-priorities=NORMAL" # TLS Settings
99 +
100 +#####################################################################################################
101 +
102 +# Update Environment
103 +source /etc/profile &>/dev/null
104 +source /etc/environment &>/dev/null
105 +source ~/.bash_profile &>/dev/null
106 +
107 +# Check the needed executables.They are in our environment and have +x?
108 +if ! [ -x "$(command -v openvasmd)" ] ||
109 + ! [ -x "$(command -v openvassd)" ] ||
110 + ! [ -x "$(command -v redis-server)" ] ||
111 + ! [ -x "$(command -v openvas-manage-certs)" ] ||
112 + ! [ -x "$(command -v greenbone-nvt-sync)" ] ||
113 + ! [ -x "$(command -v greenbone-scapdata-sync)" ] ||
114 + ! [ -x "$(command -v greenbone-certdata-sync)" ]; then
115 + path="1"
116 + else
117 + path="0"
118 +fi
119 +
120 +# Check Security-Assistant is exist
121 +if ! [ -x "$(command -v gsad)" ]; then
122 + gsad="1"
123 + else
124 + gsad="0"
125 +fi
126 +# Executables are not in our environment
127 +if [ $path -eq 1 ]; then
128 + echo "Can't find executables! If you installed OpenVAS to specific location e.g. /opt"
129 + echo "please add these PATHS to /etc/profile,also sure that they are executable"
130 + exit 1
131 +fi
132 +
133 +# Check systemd and enable services for Gentoo/Linux
134 +if command -v systemctl &>/dev/null; then
135 + systemctl="0"
136 + echo "systemd found."
137 + systemctl enable openvas-scanner.service &>/dev/null
138 + if [ $? -eq 0 ]; then
139 + echo "systemd.Gentoo --> openvas-scanner.service enabled."
140 + fi
141 + systemctl enable gvmd.service &>/dev/null
142 + if [ $? -eq 0 ]; then
143 + echo "systemd.Gentoo --> gvmd.service enabled."
144 + fi
145 + systemctl enable gsa.service &>/dev/null
146 + if [ $? -eq 0 ]; then
147 + echo "systemd.Gentoo --> gsa.service enabled."
148 + fi
149 + else
150 + systemctl="1"
151 +fi
152 +
153 +# Check open-rc if exist
154 +if command -v rc-service &>/dev/null; then
155 + open_rc="0"
156 + else
157 + open_rc="1"
158 +fi
159 +
160 +# open-rc variables
161 +if [ $systemctl -eq 1 ] && [ $open_rc -eq 0 ]; then
162 + echo "open-rc found."
163 + scanner_init="0"
164 + manager_init="0"
165 + assistant_init="0"
166 + redis_init="0"
167 +fi
168 +
169 +# Check status of OpenVAS-Scanner systemd unit
170 +if [ $systemctl -eq 0 ] &&
171 + ([ "$(systemctl is-active openvas-scanner.service)" = "active" ] ||
172 + [ "$(systemctl list-unit-files | grep 'enabled' | grep 'openvas-scanner.service' | awk '{print $1}')" = "openvas-scanner.service" ]); then
173 + scanner="0"
174 + else
175 + scanner="1"
176 +fi
177 +
178 +# Check status of OpenVAS-Manager systemd unit
179 +if [ $systemctl -eq 0 ] &&
180 + ([ "$(systemctl is-active gvmd.service)" = "active" ] ||
181 + [ "$(systemctl list-unit-files | grep 'enabled' | grep 'gvmd.service' | awk '{print $1}')" = "gvmd.service" ]); then
182 + manager="0"
183 + else
184 + manager="1"
185 +fi
186 +
187 +# Check status of OpenVAS-Assistant systemd unit
188 +if [ $systemctl -eq 0 ] &&
189 + ([ "$(systemctl is-active gsa.service)" = "active" ] ||
190 + [ "$(systemctl list-unit-files | grep 'enabled' | grep 'gsa.service' | awk '{print $1}')" = "gsa.service" ]); then
191 + assistant="0"
192 + else
193 + assistant="1"
194 +fi
195 +
196 +# Check status of Redis systemd unit
197 +if [ $systemctl -eq 0 ] &&
198 + ([ "$(systemctl is-active redis.service)" = "active" ] ||
199 + [ "$(systemctl list-unit-files | grep 'enabled' | grep 'redis.service' | awk '{print $1}')" = "redis.service" ]); then
200 + redis="0"
201 + else
202 + redis="1"
203 +fi
204 +
205 +# We need to find correct service name for restarting.
206 +if [ $scanner -eq 1 ] || [ $manager -eq 1 ] || [ $assistant -eq 1 ] || [ $redis -eq 1 ]; then
207 + WHICHM="ExecStart=$(type openvasmd | awk '{print $3}')"
208 + WHICHS="ExecStart=$(type openvassd | awk '{print $3}')"
209 + WHICHA="ExecStart=$(type gsad | awk '{print $3}')"
210 + WHICHR="ExecStart=$(type redis-server | awk '{print $3}')"
211 +
212 + # If you have unordinary systemd path you can add here
213 + DIR="/lib/systemd/system/
214 + /etc/systemd/system/
215 + /usr/lib/systemd/system/
216 + /usr/local/lib/systemd/system/"
217 +
218 + # Find OpenVAS daemons systemd files if exist
219 + for i in $DIR; do
220 + if [ -d "$i" ]; then
221 + grep -rilnw "$i" -e "$WHICHM" | cut -d: -f1 | grep -oP "$i\K.*" &>>/tmp/openvas_GVM_manager_service.out
222 + grep -rilnw "$i" -e "$WHICHS" | cut -d: -f1 | grep -oP "$i\K.*" &>>/tmp/openvas_GVM_scanner_service.out
223 + grep -rilnw "$i" -e "$WHICHA" | cut -d: -f1 | grep -oP "$i\K.*" &>>/tmp/openvas_GVM_assistant_service.out
224 + grep -rilnw "$i" -e "$WHICHR" | cut -d: -f1 | grep -oP "$i\K.*" &>>/tmp/openvas_GVM_redis_service.out
225 + fi
226 + done
227 +
228 + manager_service="$(while IFS= read -r service; do
229 + systemctl list-unit-files | grep -P "(^|\s)\K$service(?=\s|$)" | awk '{print $1}'
230 + done < /tmp/openvas_GVM_manager_service.out)"
231 + scanner_service="$(while IFS= read -r service; do
232 + systemctl list-unit-files | grep -P "(^|\s)\K$service(?=\s|$)" | awk '{print $1}'
233 + done < /tmp/openvas_GVM_scanner_service.out)"
234 + assistant_service="$(while IFS= read -r service; do
235 + systemctl list-unit-files | grep -P "(^|\s)\K$service(?=\s|$)" | awk '{print $1}'
236 + done < /tmp/openvas_GVM_assistant_service.out)"
237 + redis_service="$(while IFS= read -r service; do
238 + systemctl list-unit-files | grep -P "(^|\s)\K$service(?=\s|$)" | awk '{print $1}'
239 + done < /tmp/openvas_GVM_redis_service.out)"
240 +
241 + rm -rf /tmp/openvas_GVM*
242 + COUNTM=$(wc -w <<< "${manager_service}")
243 + COUNTS=$(wc -w <<< "${scanner_service}")
244 + COUNTA=$(wc -w <<< "${assistant_service}")
245 + COUNTR=$(wc -w <<< "${redis_service}")
246 +
247 + if [ -n "$manager_service" ] && [ $manager -eq 1 ]; then
248 + if [ "$(systemctl list-unit-files | grep 'enabled' | grep $manager_service | awk '{print $1}')" = "$manager_service" ]; then
249 + echo "systemd --> OpenVAS Manager '$manager_service' found."
250 + else
251 + echo "systemd --> '$manager_service' found but not enabled."
252 + echo "are you sure this is the correct systemd service for Openvas Manager"
253 + while true; do
254 + read -n 1 -p "do you want to enable '$manager_service'? --> (Y)es | (N)o | (Q)uit" answer
255 + echo
256 + case $answer in
257 + [Yy]* ) systemctl enable "$manager_service" &>/dev/null; echo "systemd --> '$manager_service' enabled"; break;;
258 + [Nn]* ) manager_service=""; echo "it seems you are not sure.ok i don't use $manager_service"; break;;
259 + [Qq]* ) exit;;
260 + * ) echo "Please answer yes,no or quit.";;
261 + esac
262 + done
263 + fi
264 + fi
265 +
266 + if [ -n "$scanner_service" ] && [ $scanner -eq 1 ]; then
267 + if [ "$(systemctl list-unit-files | grep 'enabled' | grep $scanner_service | awk '{print $1}')" = "$scanner_service" ]; then
268 + echo "systemd --> OpenVAS Scanner '$scanner_service' found."
269 + else
270 + echo "systemd --> '$scanner_service' found but not enabled."
271 + echo "are you sure this is the correct systemd service for Openvas Scanner"
272 + while true; do
273 + read -n 1 -p "do you want to enable '$scanner_service'? --> (Y)es | (N)o | (Q)uit" answer
274 + echo
275 + case $answer in
276 + [Yy]* ) systemctl enable "$scanner_service" &>/dev/null; echo "systemd --> '$scanner_service' enabled"; break;;
277 + [Nn]* ) scanner_service=""; echo "it seems you are not sure.ok i don't use $scanner_service"; break;;
278 + [Qq]* ) exit;;
279 + * ) echo "Please answer yes,no or quit.";;
280 + esac
281 + done
282 + fi
283 + fi
284 +
285 + if [ -n "$assistant_service" ] && [ $scanner -eq 1 ]; then
286 + if [ "$(systemctl list-unit-files | grep 'enabled' | grep $assistant_service | awk '{print $1}')" = "$assistant_service" ]; then
287 + echo "systemd --> GSA '$assistant_service' found."
288 + else
289 + echo "systemd --> '$assistant_service' found but not enabled."
290 + echo "are you sure this is the correct systemd service for Greenbone Security Assistant"
291 + while true; do
292 + read -n 1 -p "do you want to enable '$assistant_service'? --> (Y)es | (N)o | (Q)uit" answer
293 + echo
294 + case $answer in
295 + [Yy]* ) systemctl enable "$assistant_service" &>/dev/null; echo "systemd --> '$assistant_service' enabled"; break;;
296 + [Nn]* ) assistant_service=""; echo "it seems you are not sure.ok i don't use $assistant_service"; break;;
297 + [Qq]* ) exit;;
298 + * ) echo "please answer yes,no or quit.";;
299 + esac
300 + done
301 + fi
302 + fi
303 +
304 + if [ -n "$redis_service" ] && [ $scanner -eq 1 ]; then
305 + if [ "$(systemctl list-unit-files | grep 'enabled' | grep $redis_service | awk '{print $1}')" = "$redis_service" ]; then
306 + echo "systemd --> redis '$redis_service' found."
307 + else
308 + echo "systemd --> '$redis_service' found but not enabled."
309 + echo "are you sure this is the correct systemd service for redis-server"
310 + while true; do
311 + read -n 1 -p "do you want to enable '$redis_service'? --> (Y)es | (N)o | (Q)uit" answer
312 + echo
313 + case $answer in
314 + [Yy]* ) systemctl enable "$redis_service" &>/dev/null; echo "systemd --> '$redis_service' enabled"; break;;
315 + [Nn]* ) redis_service=""; echo "it seems you are not sure.ok i don't use $redis_service"; break;;
316 + [Qq]* ) exit;;
317 + * ) echo "please answer yes,no or quit.";;
318 + esac
319 + done
320 + fi
321 + fi
322 +
323 + if [ $COUNTM -gt 1 ] || [ $COUNTS -gt 1 ] || [ $COUNTR -gt 1 ]; then
324 + echo "you have more than one enabled systemd service for single daemon"
325 + echo " check OpenVAS and Redis systemd unit files to fix it"
326 + exit 1
327 + fi
328 +fi
329 +
330 +restart_redis () {
331 +if [ $redis -eq 0 ]; then
332 + systemctl restart redis.service &>/dev/null
333 + if [ $? -eq 0 ]; then
334 + echo "systemd --> redis.service is restarted."
335 + else
336 + echo "systemd --> redis.service cannot restarted."
337 + exit 1
338 + fi
339 +elif [[ -n "$redis_service" ]]; then
340 + systemctl restart "$redis_service" &>/dev/null
341 + if [ $? -eq 0 ]; then
342 + echo "systemd --> $redis_service is restarted."
343 + else
344 + echo "systemd --> $redis_service cannot restarted."
345 + exit 1
346 + fi
347 +elif [[ -n "$redis_init" ]]; then
348 + rc-service redis stop
349 + sleep 5
350 + rc-service redis start
351 + if [ $? -eq 0 ]; then
352 + echo "open-rc --> redis is restarted."
353 + else
354 + echo "open-rc --> redis cannot restarted."
355 + exit 1
356 + fi
357 +fi
358 +}
359 +
360 +build_nvt () {
361 +if ps aux | grep -v "grep" | grep -P "(^|\s)\Kopenvassd:(?=\s|$)" &>/dev/null; then
362 + ps aux | grep -v "grep" | grep -P "(^|\s)\Kopenvassd:(?=\s|$)" | awk '{print $2}' | xargs kill -9 &>/dev/null
363 + openvassd --foreground --only-cache &>/dev/null
364 + if [ $? -eq 0 ]; then
365 + echo "building NVT cache is done."
366 + else
367 + echo "building NVT cache is failed.."
368 + exit 1
369 + fi
370 + else
371 + openvassd --foreground --only-cache &>/dev/null
372 + if [ $? -eq 0 ]; then
373 + echo "building NVT cache is done."
374 + else
375 + echo "building NVT cache is failed.."
376 + exit 1
377 + fi
378 +fi
379 +}
380 +
381 +create_user () {
382 +GREEN="`tput setaf 2`"
383 +RED="`tput setaf 1`"
384 +norm="`tput sgr0`"
385 +echo "creating WebUI User.."
386 +openvasmd --create-user=admin --role=Admin &>/tmp/openvas_user.out
387 +if [ $? -eq 0 ]; then
388 + username="admin"
389 + password="$(cat /tmp/openvas_user.out | awk '{print $5}' | cut -c2-)"
390 + echo "${RED}!WebUI Address : ${GREEN}127.0.0.1:9392"
391 + echo "${RED}!WebUI Username: ${GREEN}$username"
392 + echo "${RED}!WebUI Password: ${GREEN}${password%??}${norm}"
393 + else
394 + echo "$(cat /tmp/openvas_user.out)"
395 + echo "these are active users for WebUI"
396 + openvasmd --get-users
397 +fi
398 +rm -rf /tmp/openvas_user.out
399 +}
400 +
401 +# Redis & OpenVAS Scanner socket connection check for Gentoo/Linux
402 +if [[ -e /etc/redis.conf ]]; then
403 + if [ "$(openvassd -s | grep 'kb_location' | awk '{print $3}')" = "$(cat /etc/redis.conf | grep -P '(^|\s)\Kunixsocket(?=\s|$)' | awk '{print $2}')" ]; then
404 + echo "redis server properly configured."
405 + else
406 + redis_sock="$(openvassd -s | grep 'kb_location' | awk '{print $3}')"
407 + echo "redis server is not properly configured."
408 + echo "be sure redis server listening unix socket at $redis_sock"
409 + echo "you can find example redis.conf file in /etc/openvas/redis.conf.example"
410 + exit 1
411 + fi
412 +fi
413 +
414 +# Redis & OpenVAS Scanner socket connection check for other linux distros
415 +if [[ -e /etc/redis/redis.conf ]]; then
416 + if [ "$(openvassd -s | grep 'kb_location' | awk '{print $3}')" = "$(cat /etc/redis/redis.conf | grep -P '(^|\s)\Kunixsocket(?=\s|$)' | awk '{print $2}')" ]; then
417 + echo "redis server properly configured."
418 + else
419 + redis_sock="$(openvassd -s | grep 'kb_location' | awk '{print $3}')"
420 + echo "redis server is not properly configured."
421 + echo "be sure redis server listening unix socket at $redis_sock"
422 + exit 1
423 + fi
424 +fi
425 +
426 +# Create certificates for fresh install
427 +openvas-manage-certs -a &>/dev/null
428 +if [ $? -eq 0 ]; then
429 + echo "certificates created."
430 +
431 +elif [ "$(openvas-manage-certs -a | grep -ow 'Existing')" = "Existing" ]; then
432 + echo "certificates already created."
433 +
434 +else
435 + echo "certificates cannot created."
436 + exit 1
437 +fi
438 +
439 +# Start to update FEED & First NVT.
440 +try=0
441 +until [ $try -ge 5 ]; do
442 + greenbone-nvt-sync &>/dev/null && break
443 + echo "can't connected! trying to update greenbone-nvt again.."
444 + try=$[$try+1]
445 + sleep 30
446 +done
447 +
448 +# Check status
449 +if [ $? -eq 0 ]; then
450 + echo "greenbone-nvt-sync is done."
451 + # Avoid your IP temporary banned because of multiple connection
452 + sleep 5
453 + # Try to update scapdata.
454 + try=0
455 + until [ $try -ge 5 ]; do
456 + greenbone-scapdata-sync &>/dev/null && break
457 + echo "can't connected! trying to update greenbone-scapdata again.."
458 + try=$[$try+1]
459 + sleep 30
460 + done
461 + # Check status
462 + if [ $? -eq 0 ]; then
463 + echo "greenbone-scapdata-sync is done."
464 + # Avoid your IP temporary banned because of multiple connection
465 + sleep 5
466 + # Try to update certdata
467 + try=0
468 + until [ $try -ge 5 ]; do
469 + greenbone-certdata-sync &>/dev/null && break
470 + echo "can't connected! Trying to update greenbone-certdata again.."
471 + try=$[$try+1]
472 + sleep 30
473 + done
474 + # Check status
475 + if [ $? -eq 0 ]; then
476 + echo "greenbone-certdata-sync is done."
477 + echo "building NVT cache this will take some time.."
478 + build_nvt
479 + # Check OpenVAS-Scanner is running
480 + if ps aux | grep -v "grep" | grep -P "(^|\s)\Kopenvassd:(?=\s|$)" &>/dev/null; then
481 + echo "OpenVAS-Scanner is running."
482 + echo "building Database this will take some time.."
483 + openvasmd --rebuild --progress &>/dev/null
484 + elif [ $scanner -eq 0 ]; then
485 + # Start OpenVAS-Scanner systemd unit & Rebuild Cache
486 + echo "systemd --> OpenVAS-Scanner is not running! trying to up.."
487 + systemctl start openvas-scanner.service &>/dev/null
488 + if [ $? -eq 0 ]; then
489 + # Wait for initialize
490 + until [ "$(ps aux | grep -v 'grep' | grep -ow 'openvassd: Waiting')" = "openvassd: Waiting" ]; do
491 + sleep 15
492 + echo "waiting for OpenVAS-Scanner to become ready.."
493 + done
494 + echo "systemd --> openvas-scanner.service started and waiting for connection."
495 + echo "building database this will take some time.."
496 + # Rebuild Cache
497 + openvasmd --rebuild --progress &>/dev/null
498 + else
499 + echo "systemd --> openvas-scanner.service cannot started.."
500 + exit 1
501 + fi
502 + elif [[ -n "$scanner_service" ]]; then
503 + echo "systemd --> OpenVAS-Scanner is down! trying to up.."
504 + systemctl start "$scanner_service" &>/dev/null
505 + if [ $? -eq 0 ]; then
506 + # Wait for initialize
507 + until [ "$(ps aux | grep -v 'grep' | grep -ow 'openvassd: Waiting')" = "openvassd: Waiting" ]; do
508 + sleep 15
509 + echo "waiting for OpenVAS-Scanner to become ready.."
510 + done
511 + echo "systemd --> $scanner_service is started and waiting for connection."
512 + echo "building database this will take some time.."
513 + # Rebuild Cache
514 + openvasmd --rebuild --progress &>/dev/null
515 + else
516 + echo "systemd --> $scanner_service cannot started.."
517 + exit 1
518 + fi
519 + elif [[ -n "$scanner_init" ]]; then
520 + # Start OpenVAS-Scanner with init.d (open-rc) & Rebuild Cache
521 + echo "open-rc --> OpenVAS-Scanner is down! trying to up.."
522 + rc-service openvas-scanner start &>/dev/null
523 + if [ $? -eq 0 ]; then
524 + # Wait for initialize
525 + until [ "$(ps aux | grep -v 'grep' | grep -ow 'openvassd: Waiting')" = "openvassd: Waiting" ]; do
526 + sleep 15
527 + echo "waiting for OpenVAS-Scanner to become ready.."
528 + done
529 + echo "rc-service --> openvas-scanner started and waiting for connection."
530 + echo "building database this will take some time.."
531 + # Rebuild Cache
532 + openvasmd --rebuild --progress &>/dev/null
533 + else
534 + echo "rc-service --> openvas-scanner cannot started.."
535 + exit 1
536 + fi
537 + else
538 + echo "OpenVAS-Scanner is not running! Trying to up.."
539 + openvassd "$OPENVAS_SCANNER_OPTIONS" "$OPENVAS_SCANNER_LISTEN_SOCKET" &>/dev/null
540 + # Wait for initialize
541 + if [ $? -eq 0 ]; then
542 + until [ "$(ps aux | grep -v 'grep' | grep -ow 'openvassd: Waiting')" = "openvassd: Waiting" ]; do
543 + sleep 15
544 + echo "waiting for OpenVAS-Scanner to become ready.."
545 + done
546 + else
547 + echo "OpenVAS Scanner cannot started manually.."
548 + exit 1
549 + fi
550 + echo "OpenVAS-Scanner started manually and waiting for connection."
551 + echo "building database this will take some time.."
552 + # Rebuild Cache
553 + openvasmd --rebuild --progress &>/dev/null
554 + fi
555 + # Check status
556 + if [ $? -eq 0 ]; then
557 + echo "building database is done"
558 + create_user
559 + # Restart OpenVAS-Scanner
560 + if [ $scanner -eq 0 ]; then
561 + ps aux | grep -v "grep" | grep -P "(^|\s)\Kopenvassd:(?=\s|$)" | awk '{print $2}' | xargs kill -9 &>/dev/null
562 + restart_redis
563 + sleep 3
564 + systemctl restart openvas-scanner.service &>/dev/null
565 + elif [[ -n "$scanner_service" ]]; then
566 + ps aux | grep -v "grep" | grep -P "(^|\s)\Kopenvassd:(?=\s|$)" | awk '{print $2}' | xargs kill -9 &>/dev/null
567 + restart_redis
568 + sleep 3
569 + systemctl restart "$scanner_service" &>/dev/null
570 + elif [[ -n "$scanner_init" ]]; then
571 + ps aux | grep -v "grep" | grep -P "(^|\s)\Kopenvassd:(?=\s|$)" | awk '{print $2}' | xargs kill -9 &>/dev/null
572 + restart_redis
573 + sleep 3
574 + rc-service openvas-scanner start &>/dev/null
575 + else
576 + ps aux | grep -v "grep" | grep -P "(^|\s)\Kopenvassd:(?=\s|$)" | awk '{print $2}' | xargs kill -9 &>/dev/null
577 + restart_redis
578 + sleep 3
579 + openvassd "$OPENVAS_SCANNER_OPTIONS" "$OPENVAS_SCANNER_LISTEN_SOCKET" &>/dev/null
580 + fi
581 + if [ $? -eq 0 ]; then
582 + until [ "$(ps aux | grep -v 'grep' | grep -ow 'openvassd: Waiting')" = "openvassd: Waiting" ]; do
583 + sleep 10
584 + echo "waiting for OpenVAS-Scanner to become ready.."
585 + done
586 + echo "OpenVAS-Scanner is restarted."
587 + # Restart OpenVAS-Manager
588 + if [ $manager -eq 0 ]; then
589 + ps aux | grep -v "grep" | grep -P "(^|\s)\Kopenvasmd(?=\s|$)" | awk '{print $2}' | xargs kill -9 &>/dev/null
590 + sleep 5
591 + systemctl restart gvmd.service &>/dev/null
592 + if [ $? -eq 0 ]; then
593 + success="0"
594 + echo "systemd --> gvmd.service is restarted."
595 + echo "OpenVAS setup is ok."
596 + else
597 + echo "systemd --> gvmd.service cannot restarted."
598 + echo "OpenVAS setup is not ok!"
599 + exit 1
600 + fi
601 + elif [[ -n "$manager_service" ]]; then
602 + ps aux | grep -v "grep" | grep -P "(^|\s)\Kopenvasmd(?=\s|$)" | awk '{print $2}' | xargs kill -9 &>/dev/null
603 + sleep 5
604 + systemctl restart "$manager_service" &>/dev/null
605 + if [ $? -eq 0 ]; then
606 + success="0"
607 + echo "systemd --> $manager_service is restarted"
608 + echo "OpenVAS setup is ok."
609 + else
610 + echo "systemd --> $manager_service cannot restarted"
611 + echo "OpenVAS setup is not ok!"
612 + exit 1
613 + fi
614 + elif [[ -n "$manager_init" ]]; then
615 + ps aux | grep -v "grep" | grep -P "(^|\s)\Kopenvasmd(?=\s|$)" | awk '{print $2}' | xargs kill -9 &>/dev/null
616 + sleep 5
617 + rc-service gvmd start &>/dev/null
618 + if [ $? -eq 0 ]; then
619 + success="0"
620 + echo "open-rc --> gvmd is restarted"
621 + echo "OpenVAS setup is ok."
622 + else
623 + echo "open-rc --> gvmd cannot restarted"
624 + echo "OpenVAS setup is not ok!"
625 + exit 1
626 + fi
627 + else
628 + ps aux | grep -v "grep" | grep -P "(^|\s)\Kopenvasmd(?=\s|$)" | awk '{print $2}' | xargs kill -9 &>/dev/null
629 + sleep 5
630 + openvasmd "$OPENVAS_MANAGER_OPTIONS" "$OPENVAS_MANAGER_PORT" "$OPENVAS_MANAGER_LISTEN_ADDRESS" "$OPENVAS_MANAGER_SCANNER_HOST" "$OPENVAS_MANAGER_GNUTLS_PRIORITIES" &>/dev/null
631 + if [ $? -eq 0 ]; then
632 + success="0"
633 + echo "OpenVAS-Manager is restarted manually"
634 + echo "OpenVAS setup is ok."
635 + else
636 + echo "OpenVAS-Manager cannot restarted"
637 + echo "OpenVAS setup is not ok!"
638 + exit 1
639 + fi
640 + fi
641 + else
642 + echo "OpenVAS setup is not ok! OpenVAS-scanner cannot restarted."
643 + fi
644 + else
645 + echo "OpenVAS setup is not ok! OpenVAS database build failed."
646 + fi
647 + else
648 + echo "OpenVAS setup is not ok! OpenVAS Certdata sync failed."
649 + fi
650 + else
651 + echo "OpenVAS setup is not ok! OpenVAS Scapdata sync failed."
652 + fi
653 + else
654 + echo "OpenVAS setup is not ok! OpenVAS NVT sync update failed."
655 +fi
656 +
657 +# Restart WebUI
658 +if [[ -n "$success" ]] && [ $gsad -eq 0 ]; then
659 + WHICHA="$(type gsad | awk '{print $3}')"
660 + if [ $assistant -eq 0 ]; then
661 + # Time to restart OpenVAS-Security Assistant
662 + ps aux | grep -v "grep" | grep -P "(^|\s)\K$WHICHA(?=\s|$)" | awk '{print $2}' | xargs kill -9 &>/dev/null
663 + sleep 5
664 + systemctl restart gsa.service &>/dev/null
665 + if [ $? -eq 0 ]; then
666 + echo "systemd --> gsa.service (OpenVAS WebUI) is restarted and ready for connection"
667 + else
668 + echo "systemd --> gsa.service (OpenVAS-WebUI) cannot restarted"
669 + fi
670 + elif [[ -n "$assistant_service" ]]; then
671 + if [ $COUNTA -eq 1 ]; then
672 + ps aux | grep -v "grep" | grep -P "(^|\s)\K$WHICHA(?=\s|$)" | awk '{print $2}' | xargs kill -9 &>/dev/null
673 + sleep 5
674 + systemctl restart "$assistant_service" &>/dev/null
675 + if [ $? -eq 0 ]; then
676 + echo "systemd --> $assistant_service (OpenVAS WebUI) is restarted and ready for connection"
677 + else
678 + echo "systemd --> $assistan_service (OpenVAS WebUI) cannot restarted."
679 + fi
680 + else
681 + echo "systemd --> OpenVAS WebUI cannot restarted! you have multiple enabled systemd services ($assistant_service)"
682 + exit 1
683 + fi
684 + elif [[ -n "$assistant_init" ]]; then
685 + ps aux | grep -v "grep" | grep -P "(^|\s)\K$WHICHA(?=\s|$)" | awk '{print $2}' | xargs kill -9 &>/dev/null
686 + sleep 5
687 + rc-service gsa start &>/dev/null
688 + if [ $? -eq 0 ]; then
689 + echo "open-rc --> gsa (OpenVAS WebUI) is restarted"
690 + else
691 + echo "open-rc --> gsa (OpenVAS WebUI) cannot restarted."
692 + fi
693 + else
694 + ps aux | grep -v "grep" | grep -P "(^|\s)\K$WHICHA(?=\s|$)" | awk '{print $2}' | xargs kill -9 &>/dev/null
695 + sleep 5
696 + gsad "$OPENVAS_SECURITY_ASSISTANT_OPTIONS" "$OPENVAS_SECURITY_ASSISTANT_LISTEN_ADDRESS" "$OPENVAS_SECURITY_ASSISTANT_LISTEN_PORT" "$OPENVAS_SECURITY_ASSISTANT_MANAGER_LISTEN_ADDRESS" "$OPENVAS_SECURITY_ASSISTANT_MANAGER_LISTEN_PORT" "$OPENVAS_SECURITY_ASSISTANT_GNUTLS_PRIORITIES" &>/dev/null
697 + if [ $? -eq 0 ]; then
698 + echo "OpenVAS WebUI is restarted"
699 + else
700 + echo "OpenVAS WebUI cannot restarted"
701 + fi
702 + fi
703 +fi
704
705 diff --git a/net-analyzer/openvas-scanner/files/openvas-feed-sync b/net-analyzer/openvas-scanner/files/openvas-feed-sync
706 new file mode 100755
707 index 00000000000..de1c69038ab
708 --- /dev/null
709 +++ b/net-analyzer/openvas-scanner/files/openvas-feed-sync
710 @@ -0,0 +1,627 @@
711 +#!/bin/bash
712 +# Copyright 1999-2019 Gentoo Authors
713 +# Distributed under the terms of the GNU General Public License v2
714 +# This is OpenVAS cron script that updates feed and reload daemons.
715 +# Hasan ÇALIŞIR hsntgm@×××××.com | proxy maintainer
716 +
717 +# Mail settings
718 +MAIL_TO="root"
719 +MAIL_SUBJECT="CronJob-OpenVAS"
720 +
721 +# If you don't use systemd or open-rc for OpenVAS daemons you can set start command args here
722 +# while we manually start/restart them.
723 +####################################################################################################
724 +
725 +# OpenVAS Manager command args
726 +OPENVAS_MANAGER_OPTIONS="" # e.g --foreground
727 +OPENVAS_MANAGER_PORT="--port=9390" # Manager listen port
728 +OPENVAS_MANAGER_LISTEN_ADDRESS="--listen=127.0.0.1" # Manager listen address
729 +OPENVAS_MANAGER_SCANNER_HOST="--scanner-host=/var/run/openvassd.sock" # Scanner unix socket
730 +OPENVAS_MANAGER_GNUTLS_PRIORITIES="--gnutls-priorities=SECURE256:+SUITEB192:+SECURE192:+SECURE128:+SUITEB128:-MD5:-SHA1:-VERS-TLS1.0:-VERS-TLS1.1:-VERS-SSL3.0"
731 +
732 +# OpenVAS Scanner command args
733 +OPENVAS_SCANNER_OPTIONS="" # e.g --foreground
734 +OPENVAS_SCANNER_LISTEN_SOCKET="--unix-socket=/var/run/openvassd.sock" # Scanner listen socket
735 +
736 +# OpenVAS Security Assistant command args for reverse proxying | SSL PassThrough
737 +OPENVAS_SECURITY_ASSISTANT_OPTIONS="--no-redirect" # Don't listen port 80 anymore
738 +OPENVAS_SECURITY_ASSISTANT_LISTEN_ADDRESS="--listen=127.0.0.1" # WebUI adress
739 +OPENVAS_SECURITY_ASSISTANT_LISTEN_PORT="--port=9392" # WebUI Port
740 +OPENVAS_SECURITY_ASSISTANT_MANAGER_LISTEN_ADDRESS="--mlisten=127.0.0.1" # WebUI Manager Address
741 +OPENVAS_SECURITY_ASSISTANT_MANAGER_PORT="--mport=9390" # WebUI Manager Port
742 +OPENVAS_SECURITY_ASSISTANT_GNUTLS_PRIORITIES="--gnutls-priorities=NORMAL" # TLS Settings
743 +
744 +#####################################################################################################
745 +
746 +# Update Environment
747 +source /etc/profile &>/dev/null
748 +source /etc/environment &>/dev/null
749 +source ~/.bash_profile &>/dev/null
750 +
751 +# Check the needed executables if they are in our environment and have +x
752 +if ! [ -x "$(command -v openvasmd)" ] || ! [ -x "$(command -v openvassd)" ] || ! [ -x "$(command -v redis-server)" ]; then
753 + path="1"
754 + else
755 + path="0"
756 +fi
757 +
758 +# Check Security-Assistant is exist
759 +if ! [ -x "$(command -v gsad)" ]; then
760 + gsad="1"
761 + else
762 + gsad="0"
763 +fi
764 +
765 +# Executables are not in our environment
766 +if [ $path -eq 1 ]; then
767 + echo "OpenVAS CronJob Failed! If you installed OpenVAS to specific location e.g. /opt" | tee -a /tmp/openvas_mail.out
768 + echo "please add these PATHS to /etc/profile e.g. 'PATH=$PATH:/opt/openvas/bin:/opt/openvas/sbin'" | tee -a /tmp/openvas_mail.out
769 + echo "also sure that they are executable e.g. 'chmod +x /opt/openvas/sbin/openvassd'" | tee -a /tmp/openvas_mail.out
770 + echo -e "Subject:$MAIL_SUBJECT\n$(cat /tmp/openvas_mail.out)" | sendmail -t "$MAIL_TO" &>/dev/null
771 + exit 1
772 +fi
773 +
774 +# Check systemd if exist
775 +if command -v systemctl &>/dev/null; then
776 + systemctl="0"
777 + else
778 + systemctl="1"
779 +fi
780 +
781 +# Check open-rc if exist
782 +if command -v rc-service &>/dev/null; then
783 + open_rc="0"
784 + else
785 + open_rc="1"
786 +fi
787 +
788 +# open-rc variables
789 +if [ $systemctl -eq 1 ] && [ $open_rc -eq 0 ]; then
790 + scanner_init="0"
791 + manager_init="0"
792 + assistant_init="0"
793 + redis_init="0"
794 +fi
795 +
796 +# Check OpenVAS-Scanner systemd unit(common name) is active or enabled
797 +if [ $systemctl -eq 0 ] && ([ "$(systemctl is-active openvassd.service)" = "active" ] || [ "$(systemctl list-unit-files | grep 'enabled' | grep 'openvassd.service' | awk '{print $1}')" = "openvassd.service" ]); then
798 + scanner="0"
799 + else
800 + scanner="1"
801 +fi
802 +
803 +# Check OpenVAS-Manager systemd unit(common name) is active or enabled
804 +if [ $systemctl -eq 0 ] && ([ "$(systemctl is-active openvasmd.service)" = "active" ] || [ "$(systemctl list-unit-files | grep 'enabled' | grep 'openvasmd.service' | awk '{print $1}')" = "openvasmd.service" ]); then
805 + manager="0"
806 + else
807 + manager="1"
808 +fi
809 +
810 +# Check OpenVAS-Assistant systemd unit(common name) is active or not
811 +if [ $systemctl -eq 0 ] && ([ "$(systemctl is-active gsad.service)" = "active" ] || [ "$(systemctl list-unit-files | grep 'enabled' | grep 'gsad.service' | awk '{print $1}')" = "gsad.service" ]); then
812 + assistant="0"
813 + else
814 + assistant="1"
815 +fi
816 +
817 +# Check Redis systemd unit(common name) is active or not
818 +if [ $systemctl -eq 0 ] && ([ "$(systemctl is-active redis.service)" = "active" ] || [ "$(systemctl list-unit-files | grep 'enabled' | grep 'redis.service' | awk '{print $1}')" = "redis.service" ]); then
819 + redis="0"
820 + else
821 + redis="1"
822 +fi
823 +
824 +# If you don't use common systemd service names for OpenVAS
825 +# We need to find correct service name for restarting.
826 +if [ $scanner -eq 1 ] || [ $manager -eq 1 ]; then
827 + WHICHM="ExecStart=$(type openvasmd | awk '{print $3}')"
828 + WHICHS="ExecStart=$(type openvassd | awk '{print $3}')"
829 + WHICHA="ExecStart=$(type gsad | awk '{print $3}')"
830 + WHICHR="ExecStart=$(type redis-server | awk '{print $3}')"
831 +
832 + # If you have unordinary systemd services PATH you can add here
833 + DIR="/lib/systemd/system/
834 + /etc/systemd/system/
835 + /usr/lib/systemd/system/
836 + /usr/local/lib/systemd/system/"
837 +
838 + # Find OpenVAS daemons systemd files
839 + for i in $DIR; do
840 + if [ -d "$i" ]; then
841 + grep -rilnw "$i" -e "$WHICHM" | cut -d: -f1 | grep -oP "$i\K.*" &>>/tmp/openvas_GVM_manager_service.out
842 + grep -rilnw "$i" -e "$WHICHS" | cut -d: -f1 | grep -oP "$i\K.*" &>>/tmp/openvas_GVM_scanner_service.out
843 + grep -rilnw "$i" -e "$WHICHA" | cut -d: -f1 | grep -oP "$i\K.*" &>>/tmp/openvas_GVM_assistant_service.out
844 + grep -rilnw "$i" -e "$WHICHR" | cut -d: -f1 | grep -oP "$i\K.*" &>>/tmp/openvas_GVM_redis_service.out
845 + fi
846 + done
847 +
848 + # Time to get our exact systemd service searching in enabled services
849 + manager_service="$(while IFS= read -r service; do
850 + systemctl list-unit-files | grep "enabled" | grep -P "(^|\s)\K$service(?=\s|$)" | awk '{print $1}'
851 + done < /tmp/openvas_GVM_manager_service.out)"
852 +
853 + scanner_service="$(while IFS= read -r service; do
854 + systemctl list-unit-files | grep "enabled" | grep -P "(^|\s)\K$service(?=\s|$)" | awk '{print $1}'
855 + done < /tmp/openvas_GVM_scanner_service.out)"
856 +
857 + assistant_service="$(while IFS= read -r service; do
858 + systemctl list-unit-files | grep "enabled" | grep -P "(^|\s)\K$service(?=\s|$)" | awk '{print $1}'
859 + done < /tmp/openvas_GVM_assistant_service.out)"
860 +
861 + redis_service="$(while IFS= read -r service; do
862 + systemctl list-unit-files | grep "enabled" | grep -P "(^|\s)\K$service(?=\s|$)" | awk '{print $1}'
863 + done < /tmp/openvas_GVM_redis_service.out)"
864 +
865 + rm -rf /tmp/openvas_GVM*
866 + COUNTM=$(wc -w <<< "${manager_service}")
867 + COUNTS=$(wc -w <<< "${scanner_service}")
868 + COUNTA=$(wc -w <<< "${assistant_service}")
869 + COUNTR=$(wc -w <<< "${redis_service}")
870 +
871 + if [ $COUNTM -gt 1 ] || [ $COUNTS -gt 1 ] || [ $COUNTR -gt 1 ]; then
872 + echo "OpenVAS CronJob Failed! You have multiple enabled systemd service for single OpenVAS daemon or redis" | tee -a /tmp/openvas_mail.out
873 + echo -e "Subject:$MAIL_SUBJECT\n$(cat /tmp/openvas_mail.out)" | sendmail -t "$MAIL_TO" &>/dev/null
874 + exit 1
875 + fi
876 +fi
877 +
878 +# Start to update FEED & First NVT.
879 +try=0
880 +until [ $try -ge 5 ]; do
881 + greenbone-nvt-sync &>/dev/null && break
882 + echo "Can't connected! Trying to update greenbone-nvt again.." &>>/tmp/openvas_mail.out
883 + try=$[$try+1]
884 + sleep 30
885 +done
886 +
887 +# Check status
888 +if [ $? -eq 0 ]; then
889 + echo "greenbone-nvt-sync is done" &>>/tmp/openvas_mail.out
890 + # Avoid your IP temporary banned because of multiple connection
891 + sleep 5
892 + # Try to update scapdata.
893 + try=0
894 + until [ $try -ge 5 ]; do
895 + greenbone-scapdata-sync &>/dev/null && break
896 + echo "Can't connected! Trying to update greenbone-scapdata again.." &>>/tmp/openvas_mail.out
897 + try=$[$try+1]
898 + sleep 30
899 + done
900 +
901 + # Check status
902 + if [ $? -eq 0 ]; then
903 + echo "greenbone-scapdata-sync is done" &>>/tmp/openvas_mail.out
904 + # Avoid your IP temporary banned because of multiple connection
905 + sleep 5
906 + # Try to update certdata
907 + try=0
908 + until [ $try -ge 5 ]; do
909 + greenbone-certdata-sync &>/dev/null && break
910 + echo "Can't connected! Trying to update greenbone-certdata again.." &>>/tmp/openvas_mail.out
911 + try=$[$try+1]
912 + sleep 30
913 + done
914 +
915 + # Check status
916 + if [ $? -eq 0 ]; then
917 + echo "greenbone-certdata-sync is done" &>>/tmp/openvas_mail.out
918 +
919 + # Check OpenVAS-Scanner is running
920 + if ps aux | grep -v "grep" | grep -P "(^|\s)\Kopenvassd:(?=\s|$)" &>/dev/null; then
921 + echo "OpenVAS-Scanner is running." &>>/tmp/openvas_mail.out
922 + openvasmd --update --progress &>/dev/null
923 +
924 + elif [ $scanner -eq 0 ]; then
925 + # Start OpenVAS-Scanner systemd unit & Rebuild Cache
926 + echo "OpenVAS-Scanner is down! Trying to up.." &>>/tmp/openvas_mail.out
927 + systemctl start openvassd.service &>/dev/null
928 +
929 + if [ $? -eq 0 ]; then
930 + # Wait for initialize
931 + until [ "$(ps aux | grep -v 'grep' | grep -ow 'openvassd: Waiting')" = "openvassd: Waiting" ]; do
932 + sleep 15
933 + echo "Waiting for OpenVAS-Scanner to become ready.." &>>/tmp/openvas_mail.out
934 + done
935 + echo "openvassd.service started and waiting for connection." &>>/tmp/openvas_mail.out
936 + # Rebuild Cache
937 + openvasmd --update --progress &>/dev/null
938 + else
939 + echo "openvassd.service cannot started.." | tee -a /tmp/openvas_mail.out
940 + echo -e "Subject:$MAIL_SUBJECT\n$(cat /tmp/openvas_mail.out)" | sendmail -t "$MAIL_TO" &>/dev/null
941 + exit 1
942 + fi
943 +
944 + elif [[ -n "$scanner_service" ]]; then
945 + echo "OpenVAS-Scanner is down! Trying to up.." &>>/tmp/openvas_mail.out
946 + systemctl start "$scanner_service" &>/dev/null
947 +
948 + if [ $? -eq 0 ]; then
949 + # Wait for initialize
950 + until [ "$(ps aux | grep -v 'grep' | grep -ow 'openvassd: Waiting')" = "openvassd: Waiting" ]; do
951 + sleep 15
952 + echo "Waiting for OpenVAS-Scanner to become ready.." &>>/tmp/openvas_mail.out
953 + done
954 + echo "$scanner_service is started and waiting for connection." &>>/tmp/openvas_mail.out
955 + # Rebuild Cache
956 + openvasmd --update --progress &>/dev/null
957 + else
958 + echo "$scanner_service cannot started.." | tee -a /tmp/openvas_mail.out
959 + echo -e "Subject:$MAIL_SUBJECT\n$(cat /tmp/openvas_mail.out)" | sendmail -t "$MAIL_TO" &>/dev/null
960 + exit 1
961 + fi
962 +
963 + elif [[ -n "$scanner_init" ]]; then
964 + # Start OpenVAS-Scanner with init.d (open-rc) & Rebuild Cache
965 + echo "OpenVAS-Scanner is down! Trying to up.." &>>/tmp/openvas_mail.out
966 + rc-service openvassd start &>/dev/null
967 +
968 + if [ $? -eq 0 ]; then
969 + # Wait for initialize
970 + until [ "$(ps aux | grep -v 'grep' | grep -ow 'openvassd: Waiting')" = "openvassd: Waiting" ]; do
971 + sleep 15
972 + echo "Waiting for OpenVAS-Scanner to become ready.." &>>/tmp/openvas_mail.out
973 + done
974 + echo "rc-service --> openvassd started and waiting for connection." &>>/tmp/openvas_mail.out
975 + # Rebuild Cache
976 + openvasmd --update --progress &>/dev/null
977 + else
978 + echo "rc-service --> openvassd cannot started.." | tee -a /tmp/openvas_mail.out
979 + echo -e "Subject:$MAIL_SUBJECT\n$(cat /tmp/openvas_mail.out)" | sendmail -t "$MAIL_TO" &>/dev/null
980 + exit 1
981 + fi
982 +
983 + else
984 + echo "OpenVAS-Scanner is down! Trying to up.." &>>/tmp/openvas_mail.out
985 + openvassd "$OPENVAS_SCANNER_OPTIONS" "$OPENVAS_SCANNER_LISTEN_SOCKET" &>/dev/null
986 + # Wait for initialize
987 + if [ $? -eq 0 ]; then
988 + until [ "$(ps aux | grep -v 'grep' | grep -ow 'openvassd: Waiting')" = "openvassd: Waiting" ]; do
989 + sleep 15
990 + echo "Waiting for OpenVAS-Scanner to become ready.." &>>/tmp/openvas_mail.out
991 + done
992 + else
993 + echo "OpenVAS Scanner cannot started manually.." | tee -a /tmp/openvas_mail.out
994 + echo -e "Subject:$MAIL_SUBJECT\n$(cat /tmp/openvas_mail.out)" | sendmail -t "$MAIL_TO" &>/dev/null
995 + exit 1
996 + fi
997 + echo "OpenVAS-Scanner started manually and waiting for connection." &>>/tmp/openvas_mail.out
998 + # Rebuild Cache
999 + openvasmd --update --progress &>/dev/null
1000 + fi
1001 +
1002 + # Check status
1003 + if [ $? -eq 0 ]; then
1004 + echo "Updating NVT cache is done" &>>/tmp/openvas_mail.out
1005 +
1006 + # Restart OpenVAS-Scanner
1007 + if [ $scanner -eq 0 ]; then
1008 + ps aux | grep -v "grep" | grep -P "(^|\s)\Kopenvassd:(?=\s|$)" | awk '{print $2}' | xargs kill -9 &>/dev/null
1009 + sleep 3
1010 +
1011 + # Try to restart redis service before OpenVAS-Scanner
1012 + if [ $redis -eq 0 ]; then
1013 + systemctl restart redis.service &>/dev/null
1014 +
1015 + if [ $? -eq 0 ]; then
1016 + echo "systemd --> redis.service is restarted." &>>/tmp/openvas_mail.out
1017 + else
1018 + echo "systemd --> redis.service cannot restarted." | tee -a /tmp/openvas_mail.out
1019 + echo -e "Subject:$MAIL_SUBJECT\n$(cat /tmp/openvas_mail.out)" | sendmail -t "$MAIL_TO" &>/dev/null
1020 + exit 1
1021 + fi
1022 +
1023 + elif [[ -n "$redis_service" ]]; then
1024 + systemctl restart "$redis_service" &>/dev/null
1025 +
1026 + if [ $? -eq 0 ]; then
1027 + echo "systemd --> $redis_service is restarted." &>>/tmp/openvas_mail.out
1028 + else
1029 + echo "systemd --> $redis_service cannot restarted." | tee -a /tmp/openvas_mail.out
1030 + echo -e "Subject:$MAIL_SUBJECT\n$(cat /tmp/openvas_mail.out)" | sendmail -t "$MAIL_TO" &>/dev/null
1031 + exit 1
1032 + fi
1033 +
1034 + elif [[ -n "$redis_init" ]]; then
1035 + rc-service redis stop
1036 + sleep 5
1037 + rc-service redis start
1038 +
1039 + if [ $? -eq 0 ]; then
1040 + echo "open-rc --> redis is restarted." &>>/tmp/openvas_mail.out
1041 + else
1042 + echo "open-rc --> redis cannot restarted." | tee -a /tmp/openvas_mail.out
1043 + echo -e "Subject:$MAIL_SUBJECT\n$(cat /tmp/openvas_mail.out)" | sendmail -t "$MAIL_TO" &>/dev/null
1044 + exit 1
1045 + fi
1046 + fi
1047 + systemctl restart openvassd.service &>/dev/null
1048 +
1049 + elif [[ -n "$scanner_service" ]]; then
1050 + ps aux | grep -v "grep" | grep -P "(^|\s)\Kopenvassd:(?=\s|$)" | awk '{print $2}' | xargs kill -9 &>/dev/null
1051 + sleep 3
1052 +
1053 + # Try to restart redis service before OpenVAS-Scanner
1054 + if [ $redis -eq 0 ]; then
1055 + systemctl restart redis.service &>/dev/null
1056 +
1057 + if [ $? -eq 0 ]; then
1058 + echo "systemd --> redis.service is restarted." &>>/tmp/openvas_mail.out
1059 + else
1060 + echo "systemd --> redis.service cannot restarted." | tee -a /tmp/openvas_mail.out
1061 + echo -e "Subject:$MAIL_SUBJECT\n$(cat /tmp/openvas_mail.out)" | sendmail -t "$MAIL_TO" &>/dev/null
1062 + exit 1
1063 + fi
1064 +
1065 + elif [[ -n "$redis_service" ]]; then
1066 + systemctl restart "$redis_service" &>/dev/null
1067 +
1068 + if [ $? -eq 0 ]; then
1069 + echo "systemd --> $redis_service is restarted." &>>/tmp/openvas_mail.out
1070 + else
1071 + echo "systemd --> $redis_service cannot restarted." | tee -a /tmp/openvas_mail.out
1072 + echo -e "Subject:$MAIL_SUBJECT\n$(cat /tmp/openvas_mail.out)" | sendmail -t "$MAIL_TO" &>/dev/null
1073 + exit 1
1074 + fi
1075 +
1076 + elif [[ -n "$redis_init" ]]; then
1077 + rc-service redis stop
1078 + sleep 5
1079 + rc-service redis start
1080 +
1081 + if [ $? -eq 0 ]; then
1082 + echo "open-rc --> redis is restarted." &>>/tmp/openvas_mail.out
1083 + else
1084 + echo "open-rc --> redis cannot restarted." | tee -a /tmp/openvas_mail.out
1085 + echo -e "Subject:$MAIL_SUBJECT\n$(cat /tmp/openvas_mail.out)" | sendmail -t "$MAIL_TO" &>/dev/null
1086 + exit 1
1087 + fi
1088 + fi
1089 + systemctl restart "$scanner_service" &>/dev/null
1090 +
1091 + elif [[ -n "$scanner_init" ]]; then
1092 + ps aux | grep -v "grep" | grep -P "(^|\s)\Kopenvassd:(?=\s|$)" | awk '{print $2}' | xargs kill -9 &>/dev/null
1093 + sleep 3
1094 +
1095 + # Try to restart redis service before OpenVAS-Scanner
1096 + if [ $redis -eq 0 ]; then
1097 + systemctl restart redis.service &>/dev/null
1098 +
1099 + if [ $? -eq 0 ]; then
1100 + echo "systemd --> redis.service is restarted." &>>/tmp/openvas_mail.out
1101 + else
1102 + echo "systemd --> redis.service cannot restarted." | tee -a /tmp/openvas_mail.out
1103 + echo -e "Subject:$MAIL_SUBJECT\n$(cat /tmp/openvas_mail.out)" | sendmail -t "$MAIL_TO" &>/dev/null
1104 + exit 1
1105 + fi
1106 +
1107 + elif [[ -n "$redis_service" ]]; then
1108 + systemctl restart "$redis_service" &>/dev/null
1109 +
1110 + if [ $? -eq 0 ]; then
1111 + echo "systemd --> $redis_service is restarted." &>>/tmp/openvas_mail.out
1112 + else
1113 + echo "systemd --> $redis_service cannot restarted." | tee -a /tmp/openvas_mail.out
1114 + echo -e "Subject:$MAIL_SUBJECT\n$(cat /tmp/openvas_mail.out)" | sendmail -t "$MAIL_TO" &>/dev/null
1115 + exit 1
1116 + fi
1117 +
1118 + elif [[ -n "$redis_init" ]]; then
1119 + rc-service redis stop
1120 + sleep 5
1121 + rc-service redis start
1122 +
1123 + if [ $? -eq 0 ]; then
1124 + echo "open-rc --> redis is restarted." &>>/tmp/openvas_mail.out
1125 + else
1126 + echo "open-rc --> redis cannot restarted." | tee -a /tmp/openvas_mail.out
1127 + echo -e "Subject:$MAIL_SUBJECT\n$(cat /tmp/openvas_mail.out)" | sendmail -t "$MAIL_TO" &>/dev/null
1128 + exit 1
1129 + fi
1130 + fi
1131 + rc-service openvassd start &>/dev/null
1132 +
1133 + else
1134 + ps aux | grep -v "grep" | grep -P "(^|\s)\Kopenvassd:(?=\s|$)" | awk '{print $2}' | xargs kill -9 &>/dev/null
1135 + sleep 3
1136 +
1137 + # Try to restart redis service before OpenVAS-Scanner
1138 + if [ $redis -eq 0 ]; then
1139 + systemctl restart redis.service &>/dev/null
1140 +
1141 + if [ $? -eq 0 ]; then
1142 + echo "systemd --> redis.service is restarted." &>>/tmp/openvas_mail.out
1143 + else
1144 + echo "systemd --> redis.service cannot restarted." | tee -a /tmp/openvas_mail.out
1145 + echo -e "Subject:$MAIL_SUBJECT\n$(cat /tmp/openvas_mail.out)" | sendmail -t "$MAIL_TO" &>/dev/null
1146 + exit 1
1147 + fi
1148 +
1149 + elif [[ -n "$redis_service" ]]; then
1150 + systemctl restart "$redis_service" &>/dev/null
1151 +
1152 + if [ $? -eq 0 ]; then
1153 + echo "systemd --> $redis_service is restarted." &>>/tmp/openvas_mail.out
1154 + else
1155 + echo "systemd --> $redis_service cannot restarted." | tee -a /tmp/openvas_mail.out
1156 + echo -e "Subject:$MAIL_SUBJECT\n$(cat /tmp/openvas_mail.out)" | sendmail -t "$MAIL_TO" &>/dev/null
1157 + exit 1
1158 + fi
1159 +
1160 + elif [[ -n "$redis_init" ]]; then
1161 + rc-service redis stop
1162 + sleep 5
1163 + rc-service redis start
1164 +
1165 + if [ $? -eq 0 ]; then
1166 + echo "open-rc --> redis is restarted." &>>/tmp/openvas_mail.out
1167 + else
1168 + echo "open-rc --> redis cannot restarted." | tee -a /tmp/openvas_mail.out
1169 + echo -e "Subject:$MAIL_SUBJECT\n$(cat /tmp/openvas_mail.out)" | sendmail -t "$MAIL_TO" &>/dev/null
1170 + exit 1
1171 + fi
1172 + fi
1173 + openvassd "$OPENVAS_SCANNER_OPTIONS" "$OPENVAS_SCANNER_LISTEN_SOCKET" &>/dev/null
1174 + fi
1175 +
1176 + if [ $? -eq 0 ]; then
1177 + until [ "$(ps aux | grep -v 'grep' | grep -ow 'openvassd: Waiting')" = "openvassd: Waiting" ]; do
1178 + sleep 10
1179 + echo "Waiting for OpenVAS-Scanner to become ready.." &>>/tmp/openvas_mail.out
1180 + done
1181 + echo "OpenVAS-Scanner is restarted." &>>/tmp/openvas_mail.out
1182 +
1183 + # Restart OpenVAS-Manager
1184 + if [ $manager -eq 0 ]; then
1185 + ps aux | grep -v "grep" | grep -P "(^|\s)\Kopenvasmd(?=\s|$)" | awk '{print $2}' | xargs kill -9 &>/dev/null
1186 + sleep 5
1187 + systemctl restart openvasmd.service &>/dev/null
1188 +
1189 + if [ $? -eq 0 ]; then
1190 + success="0"
1191 + echo "systemd --> openvasmd.service is restarted" &>>/tmp/openvas_mail.out
1192 + echo "OpenVAS CronJob Success!" | tee -a /tmp/openvas_mail.out
1193 + echo -e "Subject:$MAIL_SUBJECT\n$(cat /tmp/openvas_mail.out)" | sendmail -t "$MAIL_TO" &>/dev/null
1194 + else
1195 + echo "systemd --> openvasmd.service cannot restarted" &>>/tmp/openvas_mail.out
1196 + echo "OpenVAS CronJob Failed!" | tee -a /tmp/openvas_mail.out
1197 + echo -e "Subject:$MAIL_SUBJECT\n$(cat /tmp/openvas_mail.out)" | sendmail -t "$MAIL_TO" &>/dev/null
1198 + exit 1
1199 + fi
1200 +
1201 + elif [[ -n "$manager_service" ]]; then
1202 + ps aux | grep -v "grep" | grep -P "(^|\s)\Kopenvasmd(?=\s|$)" | awk '{print $2}' | xargs kill -9 &>/dev/null
1203 + sleep 5
1204 + systemctl restart "$manager_service" &>/dev/null
1205 +
1206 + if [ $? -eq 0 ]; then
1207 + success="0"
1208 + echo "systemd --> $manager_service is restarted" &>>/tmp/openvas_mail.out
1209 + echo "OpenVAS CronJob Success!" | tee -a /tmp/openvas_mail.out
1210 + echo -e "Subject:$MAIL_SUBJECT\n$(cat /tmp/openvas_mail.out)" | sendmail -t "$MAIL_TO" &>/dev/null
1211 + else
1212 + echo "systemd --> $manager_service cannot restarted" &>>/tmp/openvas_mail.out
1213 + echo "OpenVAS CronJob Failed!" | tee -a /tmp/openvas_mail.out
1214 + echo -e "Subject:$MAIL_SUBJECT\n$(cat /tmp/openvas_mail.out)" | sendmail -t "$MAIL_TO" &>/dev/null
1215 + exit 1
1216 + fi
1217 +
1218 + elif [[ -n "$manager_init" ]]; then
1219 + ps aux | grep -v "grep" | grep -P "(^|\s)\Kopenvasmd(?=\s|$)" | awk '{print $2}' | xargs kill -9 &>/dev/null
1220 + sleep 5
1221 + rc-service openvasmd start &>/dev/null
1222 +
1223 + if [ $? -eq 0 ]; then
1224 + success="0"
1225 + echo "open-rc --> openvasmd is restarted" &>>/tmp/openvas_mail.out
1226 + echo "OpenVAS CronJob Success!" | tee -a /tmp/openvas_mail.out
1227 + echo -e "Subject:$MAIL_SUBJECT\n$(cat /tmp/openvas_mail.out)" | sendmail -t "$MAIL_TO" &>/dev/null
1228 + else
1229 + echo "open-rc --> openvasmd cannot restarted" &>>/tmp/openvas_mail.out
1230 + echo "OpenVAS CronJob Failed!" | tee -a /tmp/openvas_mail.out
1231 + echo -e "Subject:$MAIL_SUBJECT\n$(cat /tmp/openvas_mail.out)" | sendmail -t "$MAIL_TO" &>/dev/null
1232 + exit 1
1233 + fi
1234 +
1235 + else
1236 + ps aux | grep -v "grep" | grep -P "(^|\s)\Kopenvasmd(?=\s|$)" | awk '{print $2}' | xargs kill -9 &>/dev/null
1237 + sleep 5
1238 + openvasmd "$OPENVAS_MANAGER_OPTIONS" "$OPENVAS_MANAGER_PORT" "$OPENVAS_MANAGER_LISTEN_ADDRESS" "$OPENVAS_MANAGER_SCANNER_HOST" "$OPENVAS_MANAGER_GNUTLS_PRIORITIES" &>/dev/null
1239 +
1240 + if [ $? -eq 0 ]; then
1241 + success="0"
1242 + echo "OpenVAS-Manager is restarted manually" &>>/tmp/openvas_mail.out
1243 + echo "OpenVAS CronJob Success!" | tee -a /tmp/openvas_mail.out
1244 + echo -e "Subject:$MAIL_SUBJECT\n$(cat /tmp/openvas_mail.out)" | sendmail -t "$MAIL_TO" &>/dev/null
1245 + else
1246 + echo "OpenVAS-Manager cannot restarted" &>>/tmp/openvas_mail.out
1247 + echo "OpenVAS CronJob Failed!" | tee -a /tmp/openvas_mail.out
1248 + echo -e "Subject:$MAIL_SUBJECT\n$(cat /tmp/openvas_mail.out)" | sendmail -t "$MAIL_TO" &>/dev/null
1249 + exit 1
1250 + fi
1251 + fi
1252 + else
1253 + echo "OpenVAS CronJob Failed! openvas-scanner cannot restarted" | tee -a /tmp/openvas_mail.out
1254 + echo -e "Subject:$MAIL_SUBJECT\n$(cat /tmp/openvas_mail.out)" | sendmail -t "$MAIL_TO" &>/dev/null
1255 + fi
1256 + else
1257 + echo "OpenVAS CronJob Failed! OpenVAS NVT cache build failed" | tee -a /tmp/openvas_mail.out
1258 + echo -e "Subject:$MAIL_SUBJECT\n$(cat /tmp/openvas_mail.out)" | sendmail -t "$MAIL_TO" &>/dev/null
1259 + fi
1260 + else
1261 + echo "OpenVAS CronJob Failed! OpenVAS Certdata sync failed!" | tee -a /tmp/openvas_mail.out
1262 + echo -e "Subject:$MAIL_SUBJECT\n$(cat /tmp/openvas_mail.out)" | sendmail -t "$MAIL_TO" &>/dev/null
1263 + fi
1264 + else
1265 + echo "OpenVAS CronJob Failed! OpenVAS Scapdata sync failed!" | tee -a /tmp/openvas_mail.out
1266 + echo -e "Subject:$MAIL_SUBJECT\n$(cat /tmp/openvas_mail.out)" | sendmail -t "$MAIL_TO" &>/dev/null
1267 + fi
1268 + else
1269 + echo "OpenVAS CronJob Failed! OpenVAS NVT sync update failed!" | tee -a /tmp/openvas_mail.out
1270 + echo -e "Subject:$MAIL_SUBJECT\n$(cat /tmp/openvas_mail.out)" | sendmail -t "$MAIL_TO" &>/dev/null
1271 +fi
1272 +rm -rf /tmp/openvas_mail.out
1273 +
1274 +# Restart WebUI
1275 +if [[ -n "$success" ]] && [ $gsad -eq 0 ]; then
1276 + WHICHA="$(type gsad | awk '{print $3}')"
1277 +
1278 + if [ $assistant -eq 0 ]; then
1279 + # Time to restart OpenVAS-Security Assistant
1280 + ps aux | grep -v "grep" | grep -P "(^|\s)\K$WHICHA(?=\s|$)" | awk '{print $2}' | xargs kill -9 &>/dev/null
1281 + sleep 5
1282 + systemctl restart gsad.service &>/dev/null
1283 +
1284 + if [ $? -eq 0 ]; then
1285 + echo "systemd --> gsad.service (OpenVAS WebUI) is restarted" | tee -a /tmp/openvas_mail.out
1286 + echo -e "Subject:$MAIL_SUBJECT\n$(cat /tmp/openvas_mail.out)" | sendmail -t "$MAIL_TO" &>/dev/null
1287 + else
1288 + echo "systemd --> gsad.service (OpenVAS-WebUI) cannot restarted" | tee -a /tmp/openvas_mail.out
1289 + echo -e "Subject:$MAIL_SUBJECT\n$(cat /tmp/openvas_mail.out)" | sendmail -t "$MAIL_TO" &>/dev/null
1290 + fi
1291 +
1292 + elif [[ -n "$assistant_service" ]]; then
1293 + if [ $COUNTA -eq 1 ]; then
1294 + ps aux | grep -v "grep" | grep -P "(^|\s)\K$WHICHA(?=\s|$)" | awk '{print $2}' | xargs kill -9 &>/dev/null
1295 + sleep 5
1296 + systemctl restart "$assistant_service" &>/dev/null
1297 +
1298 + if [ $? -eq 0 ]; then
1299 + echo "systemd --> $assistant_service (OpenVAS WebUI) is restarted" | tee -a /tmp/openvas_mail.out
1300 + echo -e "Subject:$MAIL_SUBJECT\n$(cat /tmp/openvas_mail.out)" | sendmail -t "$MAIL_TO" &>/dev/null
1301 + else
1302 + echo "systemd --> $assistan_service (OpenVAS WebUI) cannot restarted." | tee -a /tmp/openvas_mail.out
1303 + echo -e "Subject:$MAIL_SUBJECT\n$(cat /tmp/openvas_mail.out)" | sendmail -t "$MAIL_TO" &>/dev/null
1304 + fi
1305 + else
1306 + echo "systemd --> OpenVAS WebUI cannot restarted! You have multiple enabled systemd services ($assistant_service)" | tee -a /tmp/openvas_mail.out
1307 + echo -e "Subject:$MAIL_SUBJECT\n$(cat /tmp/openvas_mail.out)" | sendmail -t "$MAIL_TO" &>/dev/null
1308 + exit 1
1309 + fi
1310 +
1311 + elif [[ -n "$assistant_init" ]]; then
1312 + ps aux | grep -v "grep" | grep -P "(^|\s)\K$WHICHA(?=\s|$)" | awk '{print $2}' | xargs kill -9 &>/dev/null
1313 + sleep 5
1314 + rc-service gsad start &>/dev/null
1315 +
1316 + if [ $? -eq 0 ]; then
1317 + echo "open-rc --> gsad (OpenVAS WebUI) is restarted" | tee -a /tmp/openvas_mail.out
1318 + echo -e "Subject:$MAIL_SUBJECT\n$(cat /tmp/openvas_mail.out)" | sendmail -t "$MAIL_TO" &>/dev/null
1319 + else
1320 + echo "open-rc --> gsad (OpenVAS WebUI) cannot restarted." | tee -a /tmp/openvas_mail.out
1321 + echo -e "Subject:$MAIL_SUBJECT\n$(cat /tmp/openvas_mail.out)" | sendmail -t "$MAIL_TO" &>/dev/null
1322 + fi
1323 + else
1324 + ps aux | grep -v "grep" | grep -P "(^|\s)\K$WHICHA(?=\s|$)" | awk '{print $2}' | xargs kill -9 &>/dev/null
1325 + sleep 5
1326 + gsad "$OPENVAS_SECURITY_ASSISTANT_OPTIONS" "$OPENVAS_SECURITY_ASSISTANT_LISTEN_ADDRESS" "$OPENVAS_SECURITY_ASSISTANT_LISTEN_PORT" "$OPENVAS_SECURITY_ASSISTANT_MANAGER_LISTEN_ADDRESS" "$OPENVAS_SECURITY_ASSISTANT_MANAGER_LISTEN_PORT" "$OPENVAS_SECURITY_ASSISTANT_GNUTLS_PRIORITIES" &>/dev/null
1327 +
1328 + if [ $? -eq 0 ]; then
1329 + echo "OpenVAS WebUI is restarted" | tee -a /tmp/openvas_mail.out
1330 + echo -e "Subject:$MAIL_SUBJECT\n$(cat /tmp/openvas_mail.out)" | sendmail -t "$MAIL_TO" &>/dev/null
1331 + else
1332 + echo "OpenVAS WebUI cannot restarted" | tee -a /tmp/openvas_mail.out
1333 + echo -e "Subject:$MAIL_SUBJECT\n$(cat /tmp/openvas_mail.out)" | sendmail -t "$MAIL_TO" &>/dev/null
1334 + fi
1335 + fi
1336 + rm -rf /tmp/openvas_mail.out
1337 +fi
1338
1339 diff --git a/net-analyzer/openvas-scanner/files/openvas-scanner-5.1.3-cachedir.patch b/net-analyzer/openvas-scanner/files/openvas-scanner-5.1.3-cachedir.patch
1340 new file mode 100644
1341 index 00000000000..98c65725019
1342 --- /dev/null
1343 +++ b/net-analyzer/openvas-scanner/files/openvas-scanner-5.1.3-cachedir.patch
1344 @@ -0,0 +1,42 @@
1345 +--- openvas-scanner-5.1.3/src/openvassd.c 2018-08-29 19:27:26.000000000 +0300
1346 ++++ openvas-scanner-5.1.3/src/openvassd.c 2019-02-04 03:28:24.635539266 +0300
1347 +@@ -103,7 +103,6 @@
1348 + */
1349 + static openvassd_option openvassd_defaults[] = {
1350 + {"plugins_folder", OPENVAS_NVT_DIR},
1351 +- {"cache_folder", OPENVAS_CACHE_DIR},
1352 + {"include_folders", OPENVAS_NVT_DIR},
1353 + {"max_hosts", "30"},
1354 + {"max_checks", "10"},
1355 +--- openvas-scanner-5.1.3/src/CMakeLists.txt 2018-08-29 19:27:26.000000000 +0300
1356 ++++ openvas-scanner-5.1.3/src/CMakeLists.txt 2019-02-04 03:22:20.078824664 +0300
1357 +@@ -68,10 +68,6 @@
1358 + add_definitions (-DOPENVAS_NVT_DIR=\\\"${OPENVAS_NVT_DIR}\\\")
1359 + endif (OPENVAS_NVT_DIR)
1360 +
1361 +-if (OPENVAS_CACHE_DIR)
1362 +- add_definitions (-DOPENVAS_CACHE_DIR=\\\"${OPENVAS_CACHE_DIR}\\\")
1363 +-endif (OPENVAS_CACHE_DIR)
1364 +-
1365 + if (OPENVAS_LOG_DIR)
1366 + add_definitions (-DOPENVAS_LOG_DIR=\\\"${OPENVAS_LOG_DIR}\\\")
1367 + endif (OPENVAS_LOG_DIR)
1368 +--- openvas-scanner-5.1.3/CMakeLists.txt 2018-08-29 19:27:26.000000000 +0300
1369 ++++ openvas-scanner-5.1.3/CMakeLists.txt 2019-02-04 03:18:37.889999639 +0300
1370 +@@ -166,7 +166,6 @@
1371 + set (OPENVAS_DATA_DIR "${DATADIR}/openvas")
1372 + set (OPENVAS_STATE_DIR "${LOCALSTATEDIR}/lib/openvas")
1373 + set (OPENVAS_LOG_DIR "${LOCALSTATEDIR}/log/openvas")
1374 +-set (OPENVAS_CACHE_DIR "${LOCALSTATEDIR}/cache/openvas")
1375 + set (OPENVAS_SYSCONF_DIR "${SYSCONFDIR}/openvas")
1376 +
1377 + if (NOT OPENVAS_NVT_DIR)
1378 +@@ -265,7 +264,6 @@
1379 + DESTINATION ${DATADIR}/doc/openvas-scanner/ )
1380 +
1381 + install (DIRECTORY DESTINATION ${OPENVAS_NVT_DIR})
1382 +-install (DIRECTORY DESTINATION ${OPENVAS_CACHE_DIR})
1383 +
1384 + ## Tests
1385 +
1386 +
1387
1388 diff --git a/net-analyzer/openvas-scanner/files/openvas-scanner-5.1.3-gcc8.patch b/net-analyzer/openvas-scanner/files/openvas-scanner-5.1.3-gcc8.patch
1389 new file mode 100644
1390 index 00000000000..4ec2e786e12
1391 --- /dev/null
1392 +++ b/net-analyzer/openvas-scanner/files/openvas-scanner-5.1.3-gcc8.patch
1393 @@ -0,0 +1,42 @@
1394 +--- openvas-scanner-5.1.3/src/ntp.c 2018-08-29 19:27:26.000000000 +0300
1395 ++++ openvas-scanner-5.1.3/src/ntp.c 2019-02-02 00:57:56.832878754 +0300
1396 +@@ -361,9 +361,7 @@
1397 + }
1398 +
1399 + /*----------------------------------------------------------
1400 +-
1401 + Communication protocol: timestamps
1402 +-
1403 + ----------------------------------------------------------*/
1404 +
1405 +
1406 +@@ -391,7 +389,7 @@
1407 + static int
1408 + __ntp_timestamp_scan_host (int soc, char *msg, char *host)
1409 + {
1410 +- char timestr[1024];
1411 ++ char timestr[64];
1412 + char *tmp;
1413 + time_t t;
1414 + int len;
1415 +--- openvas-scanner-5.1.3/src/pluginload.c 2018-08-29 19:27:26.000000000 +0300
1416 ++++ openvas-scanner-5.1.3/src/pluginload.c 2019-02-02 00:59:24.494774959 +0300
1417 +@@ -250,7 +250,7 @@
1418 + g_slist_free_full (oids, g_free);
1419 + }
1420 +
1421 +-static int
1422 ++static void
1423 + plugins_reload_from_dir (void *folder)
1424 + {
1425 + GSList *files = NULL, *f;
1426 +--- openvas-scanner-5.1.3/src/processes.h 2018-08-29 19:27:26.000000000 +0300
1427 ++++ openvas-scanner-5.1.3/src/processes.h 2019-02-02 01:06:42.772908314 +0300
1428 +@@ -28,7 +28,7 @@
1429 + #ifndef _OPENVAS_THREADS_H
1430 + #define _OPENVAS_THREADS_H
1431 +
1432 +-typedef int (*process_func_t) (void *);
1433 ++typedef void (*process_func_t) (void *);
1434 + pid_t create_process (process_func_t, void *);
1435 + int terminate_process (pid_t);
1436
1437 diff --git a/net-analyzer/openvas-scanner/files/openvas-scanner-5.1.3-nvt.patch b/net-analyzer/openvas-scanner/files/openvas-scanner-5.1.3-nvt.patch
1438 new file mode 100644
1439 index 00000000000..67091fcf3e3
1440 --- /dev/null
1441 +++ b/net-analyzer/openvas-scanner/files/openvas-scanner-5.1.3-nvt.patch
1442 @@ -0,0 +1,93 @@
1443 +--- openvas-scanner-5.1.3/src/attack.c 2018-08-29 19:27:26.000000000 +0300
1444 ++++ openvas-scanner-5.1.3/src/attack.c 2019-02-02 00:44:12.834888067 +0300
1445 +@@ -97,9 +97,7 @@
1446 + };
1447 +
1448 + /*******************************************************
1449 +-
1450 + PRIVATE FUNCTIONS
1451 +-
1452 + ********************************************************/
1453 +
1454 + /**
1455 +@@ -996,6 +994,14 @@
1456 + sched = plugins_scheduler_init
1457 + (prefs_get ("plugin_set"), prefs_get_bool ("auto_enable_dependencies"),
1458 + network_phase);
1459 ++ if (sched == NULL)
1460 ++ {
1461 ++ error_message_to_client (global_socket,
1462 ++ "Failed to initialize the plugins scheduler.",
1463 ++ NULL, NULL);
1464 ++ return;
1465 ++ }
1466 ++
1467 +
1468 + max_hosts = get_max_hosts_number ();
1469 + max_checks = get_max_checks_number ();
1470 +--- openvas-scanner-5.1.3/src/pluginscheduler.c 2018-08-29 19:27:26.000000000 +0300
1471 ++++ openvas-scanner-5.1.3/src/pluginscheduler.c 2019-02-02 00:48:03.799598381 +0300
1472 +@@ -486,7 +486,7 @@
1473 + }
1474 + }
1475 +
1476 +-static void
1477 ++static int
1478 + plugins_scheduler_fill (plugins_scheduler_t sched)
1479 + {
1480 + int i;
1481 +@@ -500,6 +500,15 @@
1482 + int category;
1483 +
1484 + category = nvticache_get_category (element->data);
1485 ++ if (category < 0)
1486 ++ {
1487 ++ log_write ("The NVT with oid %s has not category assigned. This is "
1488 ++ "considered a fatal error, since the NVTI Cache "
1489 ++ "structure stored in Redis is out dated or corrupted.",
1490 ++ (char *) element->data);
1491 ++ g_slist_free_full (list, g_free);
1492 ++ return 1;
1493 ++ }
1494 + scheduler_plugin = g_malloc0 (sizeof (struct scheduler_plugin));
1495 + scheduler_plugin->running_state = PLUGIN_STATUS_UNRUN;
1496 + scheduler_plugin->oid = g_strdup (element->data);
1497 +@@ -529,6 +538,7 @@
1498 + }
1499 + }
1500 +
1501 ++ return 0;
1502 + }
1503 +
1504 + plugins_scheduler_t
1505 +@@ -540,7 +550,11 @@
1506 + /* Fill our lists */
1507 + ret = g_malloc0 (sizeof (*ret));
1508 + ret->hash = hash_init ();
1509 +- plugins_scheduler_fill (ret);
1510 ++ if (plugins_scheduler_fill (ret))
1511 ++ {
1512 ++ plugins_scheduler_free (ret);
1513 ++ return NULL;
1514 ++ }
1515 +
1516 + plugins_scheduler_enable (ret, plugins_list, autoload);
1517 +
1518 +@@ -729,9 +743,12 @@
1519 + void
1520 + plugins_scheduler_free (plugins_scheduler_t sched)
1521 + {
1522 +- int i;
1523 +- hash_destroy (sched->hash);
1524 +- for (i = ACT_FIRST; i <= ACT_LAST; i++)
1525 +- list_destroy (sched->list[i]);
1526 +- g_free (sched);
1527 ++ if (sched)
1528 ++ {
1529 ++ int i;
1530 ++ hash_destroy (sched->hash);
1531 ++ for (i = ACT_FIRST; i <= ACT_LAST; i++)
1532 ++ list_destroy (sched->list[i]);
1533 ++ g_free (sched);
1534 ++ }
1535 + }
1536
1537 diff --git a/net-analyzer/openvas-scanner/files/openvas-scanner-daemon.conf b/net-analyzer/openvas-scanner/files/openvas-scanner-daemon.conf
1538 new file mode 100644
1539 index 00000000000..f14b5aae6f1
1540 --- /dev/null
1541 +++ b/net-analyzer/openvas-scanner/files/openvas-scanner-daemon.conf
1542 @@ -0,0 +1,9 @@
1543 +# OpenVAS Scanner command args
1544 +
1545 +# e.g --foreground
1546 +OPENVAS_SCANNER_OPTIONS=""
1547 +
1548 +# Scanner listen socket
1549 +OPENVAS_SCANNER_LISTEN_SOCKET="--unix-socket=/var/run/openvassd.sock"
1550 +
1551 +
1552
1553 diff --git a/net-analyzer/openvas-scanner/files/openvas-scanner.init b/net-analyzer/openvas-scanner/files/openvas-scanner.init
1554 new file mode 100644
1555 index 00000000000..757b5801f29
1556 --- /dev/null
1557 +++ b/net-analyzer/openvas-scanner/files/openvas-scanner.init
1558 @@ -0,0 +1,25 @@
1559 +#!/sbin/openrc-run
1560 +# Copyright 1999-2019 Gentoo Authors
1561 +# Distributed under the terms of the GNU General Public License v2
1562 +
1563 +name="OpenVAS Scanner"
1564 +command="/usr/sbin/openvassd"
1565 +command_args="${OPENVAS_SCANNER_OPTIONS} ${OPENVAS_SCANNER_LISTEN_SOCKET}"
1566 +pidfile="/var/run/openvassd.pid"
1567 +command_background="true"
1568 +
1569 +depend() {
1570 + after bootmisc
1571 + need localmount net redis
1572 +}
1573 +
1574 +start_pre() {
1575 + checkpath --directory --mode 0775 --quiet /var/cache/openvas
1576 +}
1577 +
1578 +create_cache() {
1579 + checkpath --directory --mode 0775 --quiet /var/cache/openvas
1580 + ebegin "Generating initial Cache"
1581 + /usr/sbin/openvassd --foreground --only-cache
1582 + eend $?
1583 +}
1584
1585 diff --git a/net-analyzer/openvas-scanner/files/openvas-scanner.logrotate b/net-analyzer/openvas-scanner/files/openvas-scanner.logrotate
1586 new file mode 100644
1587 index 00000000000..89f9e6d264d
1588 --- /dev/null
1589 +++ b/net-analyzer/openvas-scanner/files/openvas-scanner.logrotate
1590 @@ -0,0 +1,11 @@
1591 +# logrotate for openvas scanner
1592 +/var/log/openvas/openvassd.messages {
1593 + rotate 4
1594 + weekly
1595 + compress
1596 + delaycompress
1597 + missingok
1598 + postrotate
1599 + /bin/kill -HUP `pidof openvassd`
1600 + endscript
1601 +}
1602
1603 diff --git a/net-analyzer/openvas-scanner/files/openvas-scanner.service b/net-analyzer/openvas-scanner/files/openvas-scanner.service
1604 new file mode 100644
1605 index 00000000000..4f30586ab51
1606 --- /dev/null
1607 +++ b/net-analyzer/openvas-scanner/files/openvas-scanner.service
1608 @@ -0,0 +1,21 @@
1609 +[Unit]
1610 +Description=OpenVAS Scanner
1611 +After=network.target
1612 +After=redis.service
1613 +Before=gvmd.service
1614 +Requires=redis.service
1615 +
1616 +[Service]
1617 +Type=forking
1618 +EnvironmentFile=-/etc/openvas/sysconfig/openvas-scanner-daemon.conf
1619 +ExecStart=/usr/sbin/openvassd $OPENVAS_SCANNER_OPTIONS $OPENVAS_SCANNER_LISTEN_SOCKET
1620 +ExecReload=/bin/kill -HUP $MAINPID
1621 +Restart=on-failure
1622 +RestartSec=10
1623 +KillMode=mixed
1624 +User=root
1625 +Group=root
1626 +TimeoutSec=1200
1627 +
1628 +[Install]
1629 +WantedBy=multi-user.target
1630
1631 diff --git a/net-analyzer/openvas-scanner/files/openvas-scanner.tmpfiles.d b/net-analyzer/openvas-scanner/files/openvas-scanner.tmpfiles.d
1632 new file mode 100644
1633 index 00000000000..18e820caec1
1634 --- /dev/null
1635 +++ b/net-analyzer/openvas-scanner/files/openvas-scanner.tmpfiles.d
1636 @@ -0,0 +1 @@
1637 +d /var/cache/openvassd 0775
1638
1639 diff --git a/net-analyzer/openvas-scanner/files/openvassd.conf b/net-analyzer/openvas-scanner/files/openvassd.conf
1640 index 88f83f4bed9..b218a4a27b0 100644
1641 --- a/net-analyzer/openvas-scanner/files/openvassd.conf
1642 +++ b/net-analyzer/openvas-scanner/files/openvassd.conf
1643 @@ -1,118 +1,53 @@
1644 -# Configuration file of the OpenVAS Security Scanner
1645 +#You can get detailed informations from https://linux.die.net/man/8/openvassd
1646
1647 -# Every line starting with a '#' is a comment
1648 -
1649 -[Misc]
1650 -
1651 -# Path to the security checks folder:
1652 plugins_folder = /var/lib/openvas/plugins
1653 -
1654 -# Path to OpenVAS caching folder:
1655 -cache_folder = /var/cache/openvas
1656 -
1657 -# Path to OpenVAS include directories:
1658 -# (multiple entries are separated with colon ':')
1659 include_folders = /var/lib/openvas/plugins
1660 -
1661 -# Maximum number of simultaneous hosts tested :
1662 max_hosts = 30
1663 -
1664 -# Maximum number of simultaneous checks against each host tested :
1665 max_checks = 10
1666
1667 -# Niceness. If set to 'yes', openvassd will renice itself to 10.
1668 +#Resource friendly
1669 be_nice = no
1670
1671 -# Log file (or 'syslog') :
1672 -logfile = /var/log/openvas/openvassd.log
1673 +#Logfile
1674 +logfile = /var/log/openvas/openvassd.messages
1675
1676 -# Shall we log every details of the attack ? (disk intensive)
1677 log_whole_attack = no
1678 -
1679 -# Log the name of the plugins that are loaded by the server ?
1680 log_plugins_name_at_load = no
1681 -
1682 -# Dump file for debugging output, use `-' for stdout
1683 dumpfile = /var/log/openvas/openvassd.dump
1684 -
1685 -# Rules file :
1686 -rules = /etc/openvas/openvassd.rules
1687 -
1688 -# CGI paths to check for (cgi-bin:/cgi-aws:/ can do)
1689 cgi_path = /cgi-bin:/scripts
1690
1691 -# Range of the ports the port scanners will scan :
1692 -# 'default' means that OpenVAS will scan ports found in its
1693 -# services file.
1694 -port_range = default
1695 -
1696 -# Optimize the test (recommended) :
1697 +#Turn off for push hard but increase false positive and slow down scans
1698 optimize_test = yes
1699
1700 -# Optimization :
1701 -# Read timeout for the sockets of the tests :
1702 checks_read_timeout = 5
1703 -
1704 -# Ports against which two plugins should not be run simultaneously :
1705 -# non_simult_ports = Services/www, 139, Services/finger
1706 +network_scan = no
1707 non_simult_ports = 139, 445
1708 -
1709 -# Maximum lifetime of a plugin (in seconds) :
1710 plugins_timeout = 320
1711 +scanner_plugins_timeout = 36000
1712
1713 -# Safe checks rely on banner grabbing :
1714 -safe_checks = yes
1715 +#Push harder to target
1716 +safe_checks = no
1717
1718 -# Automatically activate the plugins that are depended on
1719 auto_enable_dependencies = yes
1720 -
1721 -# Do not echo data from plugins which have been automatically enabled
1722 -silent_dependencies = no
1723 -
1724 -# Designate hosts by MAC address, not IP address (useful for DHCP networks)
1725 use_mac_addr = no
1726 -
1727 -
1728 -#--- Knowledge base saving (can be configured by the client) :
1729 -# Save the knowledge base on disk :
1730 -save_knowledge_base = no
1731 -
1732 -# Restore the KB for each test :
1733 -kb_restore = no
1734 -
1735 -# Only test hosts whose KB we do not have :
1736 -only_test_hosts_whose_kb_we_dont_have = no
1737 -
1738 -# Only test hosts whose KB we already have :
1739 -only_test_hosts_whose_kb_we_have = no
1740 -
1741 -# KB test replay :
1742 -kb_dont_replay_scanners = no
1743 -kb_dont_replay_info_gathering = no
1744 -kb_dont_replay_attacks = no
1745 -kb_dont_replay_denials = no
1746 -kb_max_age = 864000
1747 -#--- end of the KB section
1748 -
1749 -
1750 -# If this option is set, OpenVAS will not scan a network incrementally
1751 -# (10.0.0.1, then 10.0.0.2, 10.0.0.3 and so on..) but will attempt to
1752 -# slice the workload throughout the whole network (ie: it will scan
1753 -# 10.0.0.1, then 10.0.0.127, then 10.0.0.2, then 10.0.0.128 and so on...
1754 -slice_network_addresses = no
1755 -
1756 -# Should consider all the NASL scripts as being signed ? (unsafe if set to 'yes')
1757 nasl_no_signature_check = yes
1758 -
1759 -#Certificates
1760 -cert_file=/var/lib/openvas/CA/servercert.pem
1761 -key_file=/var/lib/openvas/private/CA/serverkey.pem
1762 -ca_file=/var/lib/openvas/CA/cacert.pem
1763 -
1764 -# If you decide to protect your private key with a password,
1765 -# uncomment and change next line
1766 -# pem_password=password
1767 -# If you want to force the use of a client certificate, uncomment next line
1768 -# force_pubkey_auth = yes
1769 -
1770 -#end.
1771 +drop_privileges = no
1772 +unscanned_closed = yes
1773 +unscanned_closed_udp = yes
1774 +vhosts =
1775 +vhosts_ip =
1776 +report_host_details = yes
1777 +
1778 +#Redis listening socket (must be same with redis socket)
1779 +kb_location = /tmp/redis.sock
1780 +
1781 +timeout_retry = 3
1782 +time_between_request = 0
1783 +
1784 +#Config File
1785 +config_file = /etc/openvas/openvassd.conf
1786 +
1787 +#Certificates (default these are not needed here but setup-check script looking for them)
1788 +cert_file = /var/lib/openvas/CA/servercert.pem
1789 +key_file = /var/lib/openvas/private/CA/serverkey.pem
1790 +ca_file = /var/lib/openvas/CA/cacert.pem
1791
1792 diff --git a/net-analyzer/openvas-scanner/files/redis.conf.example b/net-analyzer/openvas-scanner/files/redis.conf.example
1793 new file mode 100644
1794 index 00000000000..6a41211aaae
1795 --- /dev/null
1796 +++ b/net-analyzer/openvas-scanner/files/redis.conf.example
1797 @@ -0,0 +1,57 @@
1798 +bind 127.0.0.1
1799 +protected-mode yes
1800 +port 0
1801 +tcp-backlog 511
1802 +unixsocket /tmp/redis.sock
1803 +unixsocketperm 700
1804 +timeout 0
1805 +tcp-keepalive 300
1806 +daemonize no
1807 +supervised no
1808 +pidfile /run/redis/redis.pid
1809 +loglevel notice
1810 +logfile /var/log/redis/redis.log
1811 +databases 16
1812 +always-show-logo yes
1813 +stop-writes-on-bgsave-error yes
1814 +rdbcompression yes
1815 +rdbchecksum yes
1816 +dbfilename dump.rdb
1817 +dir /var/lib/redis/
1818 +slave-serve-stale-data yes
1819 +slave-read-only yes
1820 +repl-diskless-sync no
1821 +repl-diskless-sync-delay 5
1822 +repl-disable-tcp-nodelay no
1823 +slave-priority 100
1824 +lazyfree-lazy-eviction no
1825 +lazyfree-lazy-expire no
1826 +lazyfree-lazy-server-del no
1827 +slave-lazy-flush no
1828 +appendonly no
1829 +appendfilename "appendonly.aof"
1830 +appendfsync everysec
1831 +no-appendfsync-on-rewrite no
1832 +auto-aof-rewrite-percentage 100
1833 +auto-aof-rewrite-min-size 64mb
1834 +aof-load-truncated yes
1835 +aof-use-rdb-preamble no
1836 +lua-time-limit 5000
1837 +slowlog-log-slower-than 10000
1838 +slowlog-max-len 128
1839 +latency-monitor-threshold 0
1840 +notify-keyspace-events ""
1841 +hash-max-ziplist-entries 512
1842 +hash-max-ziplist-value 64
1843 +list-max-ziplist-size -2
1844 +list-compress-depth 0
1845 +set-max-intset-entries 512
1846 +zset-max-ziplist-entries 128
1847 +zset-max-ziplist-value 64
1848 +hll-sparse-max-bytes 3000
1849 +activerehashing yes
1850 +client-output-buffer-limit normal 0 0 0
1851 +client-output-buffer-limit slave 256mb 64mb 60
1852 +client-output-buffer-limit pubsub 32mb 8mb 60
1853 +hz 10
1854 +aof-rewrite-incremental-fsync yes
1855
1856 diff --git a/net-analyzer/openvas-scanner/metadata.xml b/net-analyzer/openvas-scanner/metadata.xml
1857 index 6f49eba8f49..fa26aa942e1 100644
1858 --- a/net-analyzer/openvas-scanner/metadata.xml
1859 +++ b/net-analyzer/openvas-scanner/metadata.xml
1860 @@ -1,5 +1,15 @@
1861 <?xml version="1.0" encoding="UTF-8"?>
1862 <!DOCTYPE pkgmetadata SYSTEM "http://www.gentoo.org/dtd/metadata.dtd">
1863 <pkgmetadata>
1864 -<!-- maintainer-needed -->
1865 + <maintainer type="person">
1866 + <email>hasan.calisir@×××××××.com</email>
1867 + <name>Hasan ÇALIŞIR</name>
1868 + </maintainer>
1869 + <maintainer type="project">
1870 + <email>proxy-maint@g.o</email>
1871 + <name>Proxy Maintainers</name>
1872 + </maintainer>
1873 + <use>
1874 + <flag name="extras">Html docs support</flag>
1875 + </use>
1876 </pkgmetadata>
1877
1878 diff --git a/net-analyzer/openvas-scanner/openvas-scanner-5.1.3.ebuild b/net-analyzer/openvas-scanner/openvas-scanner-5.1.3.ebuild
1879 new file mode 100644
1880 index 00000000000..c0e59479a72
1881 --- /dev/null
1882 +++ b/net-analyzer/openvas-scanner/openvas-scanner-5.1.3.ebuild
1883 @@ -0,0 +1,97 @@
1884 +# Copyright 1999-2019 Gentoo Authors
1885 +# Distributed under the terms of the GNU General Public License v2
1886 +
1887 +EAPI=7
1888 +
1889 +CMAKE_MAKEFILE_GENERATOR="emake"
1890 +inherit cmake-utils systemd
1891 +MY_PN="openvas-scanner"
1892 +
1893 +DESCRIPTION="A remote security scanner for Linux (OpenVAS-scanner)"
1894 +HOMEPAGE="http://www.openvas.org/"
1895 +SRC_URI="https://github.com/greenbone/${MY_PN}/archive/v${PV}.tar.gz -> ${P}.tar.gz"
1896 +
1897 +SLOT="0"
1898 +LICENSE="GPL-2"
1899 +KEYWORDS="~amd64 ~x86"
1900 +IUSE="extras"
1901 +
1902 +DEPEND="
1903 + dev-db/redis
1904 + dev-libs/libgcrypt:0=
1905 + >=net-analyzer/openvas-libraries-9.0.3
1906 + net-libs/gnutls:=[tools]
1907 + net-libs/libssh:=
1908 + extras? ( dev-perl/CGI )"
1909 +
1910 +RDEPEND="
1911 + ${DEPEND}
1912 + !net-analyzer/openvas-tools"
1913 +
1914 +BDEPEND="
1915 + sys-devel/bison
1916 + sys-devel/flex
1917 + virtual/pkgconfig
1918 + extras? ( app-doc/doxygen[dot]
1919 + app-doc/xmltoman
1920 + app-text/htmldoc
1921 + dev-perl/SQL-Translator
1922 + )"
1923 +
1924 +PATCHES=(
1925 + "${FILESDIR}/${P}-gcc8.patch"
1926 + "${FILESDIR}/${P}-nvt.patch"
1927 + "${FILESDIR}/${P}-cachedir.patch"
1928 +)
1929 +
1930 +src_prepare() {
1931 + cmake-utils_src_prepare
1932 + # Fix for correct FHS/Gentoo policy paths for 5.1.3
1933 + sed -i "s*/doc/openvas-scanner/*/doc/openvas-scanner-${PV}/*g" "$S"/CMakeLists.txt || die
1934 + if use extras; then
1935 + doxygen -u "$S"/doc/Doxyfile_full.in || die
1936 + fi
1937 +}
1938 +
1939 +src_configure() {
1940 + local mycmakeargs=(
1941 + "-DCMAKE_INSTALL_PREFIX=${EPREFIX}/usr"
1942 + "-DLOCALSTATEDIR=${EPREFIX}/var"
1943 + "-DSYSCONFDIR=${EPREFIX}/etc"
1944 + )
1945 + cmake-utils_src_configure
1946 +}
1947 +
1948 +src_compile() {
1949 + cmake-utils_src_compile
1950 + if use extras; then
1951 + cmake-utils_src_make -C "${BUILD_DIR}" doc
1952 + cmake-utils_src_make doc-full -C "${BUILD_DIR}" doc
1953 + HTML_DOCS=( "${BUILD_DIR}"/doc/generated/html/. )
1954 + fi
1955 +}
1956 +
1957 +src_install() {
1958 + cmake-utils_src_install
1959 +
1960 + insinto /etc/openvas
1961 + doins "${FILESDIR}"/openvassd.conf "${FILESDIR}"/redis.conf.example
1962 +
1963 + insinto /etc/openvas/sysconfig
1964 + doins "${FILESDIR}"/${MY_PN}-daemon.conf
1965 +
1966 + insinto /etc/openvas/scripts
1967 + doins "${FILESDIR}"/openvas-feed-sync "${FILESDIR}"/first-start
1968 + fperms 0755 /etc/openvas/scripts/{openvas-feed-sync,first-start}
1969 +
1970 + newinitd "${FILESDIR}/${MY_PN}.init" ${MY_PN}
1971 + newconfd "${FILESDIR}/${MY_PN}-daemon.conf" ${MY_PN}
1972 +
1973 + insinto /etc/logrotate.d
1974 + newins "${FILESDIR}/${MY_PN}.logrotate" ${MY_PN}
1975 +
1976 + systemd_newtmpfilesd "${FILESDIR}/${MY_PN}.tmpfiles.d" ${MY_PN}.conf
1977 + systemd_dounit "${FILESDIR}"/${MY_PN}.service
1978 +
1979 + keepdir /var/lib/openvas/plugins
1980 +}
Report Message
Find on MARC Find on Google Groups