1 |
commit: 87057ce7dbb83050472c6ee39f083a229aee2eed |
2 |
Author: Hasan ÇALIŞIR <hasan.calisir <AT> psauxit <DOT> com> |
3 |
AuthorDate: Thu Feb 7 01:51:45 2019 +0000 |
4 |
Commit: Patrice Clement <monsieurp <AT> gentoo <DOT> org> |
5 |
CommitDate: Wed Mar 13 14:58:51 2019 +0000 |
6 |
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=87057ce7 |
7 |
|
8 |
net-analyzer/openvas-scanner: version bump to 5.1.3. |
9 |
|
10 |
Bump to 5.1.3. |
11 |
|
12 |
This also brings new improvements and introduces the new USE flag 'extras'. |
13 |
|
14 |
Introduces three new patches which fixes build and QA issues: |
15 |
- gcc8.patch fixes gcc-8 build issue. |
16 |
- nvt.patch fixes nvt category issue. |
17 |
- cachedir.patch fixes unnecessary directory install QA issue. |
18 |
|
19 |
Introduces two new useful scripts: |
20 |
- first-start script checks setup and ready it for first time use. |
21 |
- openvas-feed-sync script updates OpenVAS feeds from cron. |
22 |
|
23 |
Introduces one new example file for proper redis configuration. |
24 |
redis.conf.example is proper example config file for package. |
25 |
|
26 |
systemd & init script files updated. |
27 |
|
28 |
Because of new dependencies ~arm ~ppc keywords have been dropped. |
29 |
|
30 |
This package is part of net-analyzer/openvas. |
31 |
|
32 |
Reported-by: NP-Hardass <np-hardass <AT> gentoo.org> |
33 |
Acked-by: Hasan ÇALIŞIR <hasan.calisir <AT> psauxit.com> |
34 |
Tested-by: Hasan ÇALIŞIR <hasan.calisir <AT> psauxit.com> |
35 |
Signed-off-by: Hasan ÇALIŞIR <hasan.calisir <AT> psauxit.com> |
36 |
Package-Manager: Portage-2.3.51, Repoman-2.3.11 |
37 |
Signed-off-by: Patrice Clement <monsieurp <AT> gentoo.org> |
38 |
|
39 |
net-analyzer/openvas-scanner/Manifest | 1 + |
40 |
net-analyzer/openvas-scanner/files/first-start | 634 +++++++++++++++++++++ |
41 |
.../openvas-scanner/files/openvas-feed-sync | 627 ++++++++++++++++++++ |
42 |
.../files/openvas-scanner-5.1.3-cachedir.patch | 42 ++ |
43 |
.../files/openvas-scanner-5.1.3-gcc8.patch | 42 ++ |
44 |
.../files/openvas-scanner-5.1.3-nvt.patch | 93 +++ |
45 |
.../files/openvas-scanner-daemon.conf | 9 + |
46 |
.../openvas-scanner/files/openvas-scanner.init | 25 + |
47 |
.../files/openvas-scanner.logrotate | 11 + |
48 |
.../openvas-scanner/files/openvas-scanner.service | 21 + |
49 |
.../files/openvas-scanner.tmpfiles.d | 1 + |
50 |
net-analyzer/openvas-scanner/files/openvassd.conf | 123 +--- |
51 |
.../openvas-scanner/files/redis.conf.example | 57 ++ |
52 |
net-analyzer/openvas-scanner/metadata.xml | 12 +- |
53 |
.../openvas-scanner/openvas-scanner-5.1.3.ebuild | 97 ++++ |
54 |
15 files changed, 1700 insertions(+), 95 deletions(-) |
55 |
|
56 |
diff --git a/net-analyzer/openvas-scanner/Manifest b/net-analyzer/openvas-scanner/Manifest |
57 |
index db79fe5dc71..2bb7d462564 100644 |
58 |
--- a/net-analyzer/openvas-scanner/Manifest |
59 |
+++ b/net-analyzer/openvas-scanner/Manifest |
60 |
@@ -1 +1,2 @@ |
61 |
DIST openvas-scanner-5.0.4.tar.gz 236282 BLAKE2B 3105afe0fd819773b33c8194e0addaad70af4692578fe3bfbd76166004ca99e25f2f22a946810fe52da747242f1e45bae00766c4687676ec70df2d7349fa4509 SHA512 51267f832a104897a497b5dc71d1b804de4db77742e2234d111a00b1e0e01536613b16ff48d23a37013178b016b39408a25d18a694980c7e6fc600824e05e149 |
62 |
+DIST openvas-scanner-5.1.3.tar.gz 254159 BLAKE2B d90fa15e143ead53abce66f933a3a4cac327176cca0f23bd88fe771ed7726b1891784ae980644c8335e560d348753115e43cfae83af9704e2d1d02827163563f SHA512 5712ab275058877cfd656e268ed09c81db6617ae247c17092f1fcd037f692f2018daf21b09b82401f99a7361bb485f0e0f7d63f8ff2387839cfdd5a3aaf8424e |
63 |
|
64 |
diff --git a/net-analyzer/openvas-scanner/files/first-start b/net-analyzer/openvas-scanner/files/first-start |
65 |
new file mode 100755 |
66 |
index 00000000000..95811a56b19 |
67 |
--- /dev/null |
68 |
+++ b/net-analyzer/openvas-scanner/files/first-start |
69 |
@@ -0,0 +1,634 @@ |
70 |
+#!/bin/bash |
71 |
+# Copyright 1999-2019 Gentoo Authors |
72 |
+# Distributed under the terms of the GNU General Public License v2 |
73 |
+# This is OpenVAS first-start/check-setup script which make things automatically for first time use. |
74 |
+ |
75 |
+ |
76 |
+################################################################################################## |
77 |
+# If you use systemd or init.d(open-rc) for OpenVAS daemons you don't need to set below settings.# |
78 |
+# If you don't use any of them you can set the below command args to start daemons manually. # |
79 |
+################################################################################################## |
80 |
+ |
81 |
+# OpenVAS Manager command args |
82 |
+OPENVAS_MANAGER_OPTIONS="" # e.g --foreground |
83 |
+OPENVAS_MANAGER_PORT="--port=9390" # Manager listen port |
84 |
+OPENVAS_MANAGER_LISTEN_ADDRESS="--listen=127.0.0.1" # Manager listen address |
85 |
+OPENVAS_MANAGER_SCANNER_HOST="--scanner-host=/var/run/openvassd.sock" # Scanner unix socket |
86 |
+OPENVAS_MANAGER_GNUTLS_PRIORITIES="--gnutls-priorities=SECURE256:+SUITEB192:+SECURE192:+SECURE128:+SUITEB128:-MD5:-SHA1:-VERS-TLS1.0:-VERS-TLS1.1:-VERS-SSL3.0" |
87 |
+ |
88 |
+# OpenVAS Scanner command args |
89 |
+OPENVAS_SCANNER_OPTIONS="" # e.g --foreground |
90 |
+OPENVAS_SCANNER_LISTEN_SOCKET="--unix-socket=/var/run/openvassd.sock" # Scanner listen socket |
91 |
+ |
92 |
+# OpenVAS Security Assistant command args for reverse proxying | SSL PassThrough |
93 |
+OPENVAS_SECURITY_ASSISTANT_OPTIONS="--no-redirect" # Don't listen port 80 anymore for reverse proxy |
94 |
+OPENVAS_SECURITY_ASSISTANT_LISTEN_ADDRESS="--listen=127.0.0.1" # WebUI adress |
95 |
+OPENVAS_SECURITY_ASSISTANT_LISTEN_PORT="--port=9392" # WebUI Port |
96 |
+OPENVAS_SECURITY_ASSISTANT_MANAGER_LISTEN_ADDRESS="--mlisten=127.0.0.1" # WebUI Manager Address |
97 |
+OPENVAS_SECURITY_ASSISTANT_MANAGER_PORT="--mport=9390" # WebUI Manager Port |
98 |
+OPENVAS_SECURITY_ASSISTANT_GNUTLS_PRIORITIES="--gnutls-priorities=NORMAL" # TLS Settings |
99 |
+ |
100 |
+##################################################################################################### |
101 |
+ |
102 |
+# Update Environment |
103 |
+source /etc/profile &>/dev/null |
104 |
+source /etc/environment &>/dev/null |
105 |
+source ~/.bash_profile &>/dev/null |
106 |
+ |
107 |
+# Check the needed executables.They are in our environment and have +x? |
108 |
+if ! [ -x "$(command -v openvasmd)" ] || |
109 |
+ ! [ -x "$(command -v openvassd)" ] || |
110 |
+ ! [ -x "$(command -v redis-server)" ] || |
111 |
+ ! [ -x "$(command -v openvas-manage-certs)" ] || |
112 |
+ ! [ -x "$(command -v greenbone-nvt-sync)" ] || |
113 |
+ ! [ -x "$(command -v greenbone-scapdata-sync)" ] || |
114 |
+ ! [ -x "$(command -v greenbone-certdata-sync)" ]; then |
115 |
+ path="1" |
116 |
+ else |
117 |
+ path="0" |
118 |
+fi |
119 |
+ |
120 |
+# Check Security-Assistant is exist |
121 |
+if ! [ -x "$(command -v gsad)" ]; then |
122 |
+ gsad="1" |
123 |
+ else |
124 |
+ gsad="0" |
125 |
+fi |
126 |
+# Executables are not in our environment |
127 |
+if [ $path -eq 1 ]; then |
128 |
+ echo "Can't find executables! If you installed OpenVAS to specific location e.g. /opt" |
129 |
+ echo "please add these PATHS to /etc/profile,also sure that they are executable" |
130 |
+ exit 1 |
131 |
+fi |
132 |
+ |
133 |
+# Check systemd and enable services for Gentoo/Linux |
134 |
+if command -v systemctl &>/dev/null; then |
135 |
+ systemctl="0" |
136 |
+ echo "systemd found." |
137 |
+ systemctl enable openvas-scanner.service &>/dev/null |
138 |
+ if [ $? -eq 0 ]; then |
139 |
+ echo "systemd.Gentoo --> openvas-scanner.service enabled." |
140 |
+ fi |
141 |
+ systemctl enable gvmd.service &>/dev/null |
142 |
+ if [ $? -eq 0 ]; then |
143 |
+ echo "systemd.Gentoo --> gvmd.service enabled." |
144 |
+ fi |
145 |
+ systemctl enable gsa.service &>/dev/null |
146 |
+ if [ $? -eq 0 ]; then |
147 |
+ echo "systemd.Gentoo --> gsa.service enabled." |
148 |
+ fi |
149 |
+ else |
150 |
+ systemctl="1" |
151 |
+fi |
152 |
+ |
153 |
+# Check open-rc if exist |
154 |
+if command -v rc-service &>/dev/null; then |
155 |
+ open_rc="0" |
156 |
+ else |
157 |
+ open_rc="1" |
158 |
+fi |
159 |
+ |
160 |
+# open-rc variables |
161 |
+if [ $systemctl -eq 1 ] && [ $open_rc -eq 0 ]; then |
162 |
+ echo "open-rc found." |
163 |
+ scanner_init="0" |
164 |
+ manager_init="0" |
165 |
+ assistant_init="0" |
166 |
+ redis_init="0" |
167 |
+fi |
168 |
+ |
169 |
+# Check status of OpenVAS-Scanner systemd unit |
170 |
+if [ $systemctl -eq 0 ] && |
171 |
+ ([ "$(systemctl is-active openvas-scanner.service)" = "active" ] || |
172 |
+ [ "$(systemctl list-unit-files | grep 'enabled' | grep 'openvas-scanner.service' | awk '{print $1}')" = "openvas-scanner.service" ]); then |
173 |
+ scanner="0" |
174 |
+ else |
175 |
+ scanner="1" |
176 |
+fi |
177 |
+ |
178 |
+# Check status of OpenVAS-Manager systemd unit |
179 |
+if [ $systemctl -eq 0 ] && |
180 |
+ ([ "$(systemctl is-active gvmd.service)" = "active" ] || |
181 |
+ [ "$(systemctl list-unit-files | grep 'enabled' | grep 'gvmd.service' | awk '{print $1}')" = "gvmd.service" ]); then |
182 |
+ manager="0" |
183 |
+ else |
184 |
+ manager="1" |
185 |
+fi |
186 |
+ |
187 |
+# Check status of OpenVAS-Assistant systemd unit |
188 |
+if [ $systemctl -eq 0 ] && |
189 |
+ ([ "$(systemctl is-active gsa.service)" = "active" ] || |
190 |
+ [ "$(systemctl list-unit-files | grep 'enabled' | grep 'gsa.service' | awk '{print $1}')" = "gsa.service" ]); then |
191 |
+ assistant="0" |
192 |
+ else |
193 |
+ assistant="1" |
194 |
+fi |
195 |
+ |
196 |
+# Check status of Redis systemd unit |
197 |
+if [ $systemctl -eq 0 ] && |
198 |
+ ([ "$(systemctl is-active redis.service)" = "active" ] || |
199 |
+ [ "$(systemctl list-unit-files | grep 'enabled' | grep 'redis.service' | awk '{print $1}')" = "redis.service" ]); then |
200 |
+ redis="0" |
201 |
+ else |
202 |
+ redis="1" |
203 |
+fi |
204 |
+ |
205 |
+# We need to find correct service name for restarting. |
206 |
+if [ $scanner -eq 1 ] || [ $manager -eq 1 ] || [ $assistant -eq 1 ] || [ $redis -eq 1 ]; then |
207 |
+ WHICHM="ExecStart=$(type openvasmd | awk '{print $3}')" |
208 |
+ WHICHS="ExecStart=$(type openvassd | awk '{print $3}')" |
209 |
+ WHICHA="ExecStart=$(type gsad | awk '{print $3}')" |
210 |
+ WHICHR="ExecStart=$(type redis-server | awk '{print $3}')" |
211 |
+ |
212 |
+ # If you have unordinary systemd path you can add here |
213 |
+ DIR="/lib/systemd/system/ |
214 |
+ /etc/systemd/system/ |
215 |
+ /usr/lib/systemd/system/ |
216 |
+ /usr/local/lib/systemd/system/" |
217 |
+ |
218 |
+ # Find OpenVAS daemons systemd files if exist |
219 |
+ for i in $DIR; do |
220 |
+ if [ -d "$i" ]; then |
221 |
+ grep -rilnw "$i" -e "$WHICHM" | cut -d: -f1 | grep -oP "$i\K.*" &>>/tmp/openvas_GVM_manager_service.out |
222 |
+ grep -rilnw "$i" -e "$WHICHS" | cut -d: -f1 | grep -oP "$i\K.*" &>>/tmp/openvas_GVM_scanner_service.out |
223 |
+ grep -rilnw "$i" -e "$WHICHA" | cut -d: -f1 | grep -oP "$i\K.*" &>>/tmp/openvas_GVM_assistant_service.out |
224 |
+ grep -rilnw "$i" -e "$WHICHR" | cut -d: -f1 | grep -oP "$i\K.*" &>>/tmp/openvas_GVM_redis_service.out |
225 |
+ fi |
226 |
+ done |
227 |
+ |
228 |
+ manager_service="$(while IFS= read -r service; do |
229 |
+ systemctl list-unit-files | grep -P "(^|\s)\K$service(?=\s|$)" | awk '{print $1}' |
230 |
+ done < /tmp/openvas_GVM_manager_service.out)" |
231 |
+ scanner_service="$(while IFS= read -r service; do |
232 |
+ systemctl list-unit-files | grep -P "(^|\s)\K$service(?=\s|$)" | awk '{print $1}' |
233 |
+ done < /tmp/openvas_GVM_scanner_service.out)" |
234 |
+ assistant_service="$(while IFS= read -r service; do |
235 |
+ systemctl list-unit-files | grep -P "(^|\s)\K$service(?=\s|$)" | awk '{print $1}' |
236 |
+ done < /tmp/openvas_GVM_assistant_service.out)" |
237 |
+ redis_service="$(while IFS= read -r service; do |
238 |
+ systemctl list-unit-files | grep -P "(^|\s)\K$service(?=\s|$)" | awk '{print $1}' |
239 |
+ done < /tmp/openvas_GVM_redis_service.out)" |
240 |
+ |
241 |
+ rm -rf /tmp/openvas_GVM* |
242 |
+ COUNTM=$(wc -w <<< "${manager_service}") |
243 |
+ COUNTS=$(wc -w <<< "${scanner_service}") |
244 |
+ COUNTA=$(wc -w <<< "${assistant_service}") |
245 |
+ COUNTR=$(wc -w <<< "${redis_service}") |
246 |
+ |
247 |
+ if [ -n "$manager_service" ] && [ $manager -eq 1 ]; then |
248 |
+ if [ "$(systemctl list-unit-files | grep 'enabled' | grep $manager_service | awk '{print $1}')" = "$manager_service" ]; then |
249 |
+ echo "systemd --> OpenVAS Manager '$manager_service' found." |
250 |
+ else |
251 |
+ echo "systemd --> '$manager_service' found but not enabled." |
252 |
+ echo "are you sure this is the correct systemd service for Openvas Manager" |
253 |
+ while true; do |
254 |
+ read -n 1 -p "do you want to enable '$manager_service'? --> (Y)es | (N)o | (Q)uit" answer |
255 |
+ echo |
256 |
+ case $answer in |
257 |
+ [Yy]* ) systemctl enable "$manager_service" &>/dev/null; echo "systemd --> '$manager_service' enabled"; break;; |
258 |
+ [Nn]* ) manager_service=""; echo "it seems you are not sure.ok i don't use $manager_service"; break;; |
259 |
+ [Qq]* ) exit;; |
260 |
+ * ) echo "Please answer yes,no or quit.";; |
261 |
+ esac |
262 |
+ done |
263 |
+ fi |
264 |
+ fi |
265 |
+ |
266 |
+ if [ -n "$scanner_service" ] && [ $scanner -eq 1 ]; then |
267 |
+ if [ "$(systemctl list-unit-files | grep 'enabled' | grep $scanner_service | awk '{print $1}')" = "$scanner_service" ]; then |
268 |
+ echo "systemd --> OpenVAS Scanner '$scanner_service' found." |
269 |
+ else |
270 |
+ echo "systemd --> '$scanner_service' found but not enabled." |
271 |
+ echo "are you sure this is the correct systemd service for Openvas Scanner" |
272 |
+ while true; do |
273 |
+ read -n 1 -p "do you want to enable '$scanner_service'? --> (Y)es | (N)o | (Q)uit" answer |
274 |
+ echo |
275 |
+ case $answer in |
276 |
+ [Yy]* ) systemctl enable "$scanner_service" &>/dev/null; echo "systemd --> '$scanner_service' enabled"; break;; |
277 |
+ [Nn]* ) scanner_service=""; echo "it seems you are not sure.ok i don't use $scanner_service"; break;; |
278 |
+ [Qq]* ) exit;; |
279 |
+ * ) echo "Please answer yes,no or quit.";; |
280 |
+ esac |
281 |
+ done |
282 |
+ fi |
283 |
+ fi |
284 |
+ |
285 |
+ if [ -n "$assistant_service" ] && [ $scanner -eq 1 ]; then |
286 |
+ if [ "$(systemctl list-unit-files | grep 'enabled' | grep $assistant_service | awk '{print $1}')" = "$assistant_service" ]; then |
287 |
+ echo "systemd --> GSA '$assistant_service' found." |
288 |
+ else |
289 |
+ echo "systemd --> '$assistant_service' found but not enabled." |
290 |
+ echo "are you sure this is the correct systemd service for Greenbone Security Assistant" |
291 |
+ while true; do |
292 |
+ read -n 1 -p "do you want to enable '$assistant_service'? --> (Y)es | (N)o | (Q)uit" answer |
293 |
+ echo |
294 |
+ case $answer in |
295 |
+ [Yy]* ) systemctl enable "$assistant_service" &>/dev/null; echo "systemd --> '$assistant_service' enabled"; break;; |
296 |
+ [Nn]* ) assistant_service=""; echo "it seems you are not sure.ok i don't use $assistant_service"; break;; |
297 |
+ [Qq]* ) exit;; |
298 |
+ * ) echo "please answer yes,no or quit.";; |
299 |
+ esac |
300 |
+ done |
301 |
+ fi |
302 |
+ fi |
303 |
+ |
304 |
+ if [ -n "$redis_service" ] && [ $scanner -eq 1 ]; then |
305 |
+ if [ "$(systemctl list-unit-files | grep 'enabled' | grep $redis_service | awk '{print $1}')" = "$redis_service" ]; then |
306 |
+ echo "systemd --> redis '$redis_service' found." |
307 |
+ else |
308 |
+ echo "systemd --> '$redis_service' found but not enabled." |
309 |
+ echo "are you sure this is the correct systemd service for redis-server" |
310 |
+ while true; do |
311 |
+ read -n 1 -p "do you want to enable '$redis_service'? --> (Y)es | (N)o | (Q)uit" answer |
312 |
+ echo |
313 |
+ case $answer in |
314 |
+ [Yy]* ) systemctl enable "$redis_service" &>/dev/null; echo "systemd --> '$redis_service' enabled"; break;; |
315 |
+ [Nn]* ) redis_service=""; echo "it seems you are not sure.ok i don't use $redis_service"; break;; |
316 |
+ [Qq]* ) exit;; |
317 |
+ * ) echo "please answer yes,no or quit.";; |
318 |
+ esac |
319 |
+ done |
320 |
+ fi |
321 |
+ fi |
322 |
+ |
323 |
+ if [ $COUNTM -gt 1 ] || [ $COUNTS -gt 1 ] || [ $COUNTR -gt 1 ]; then |
324 |
+ echo "you have more than one enabled systemd service for single daemon" |
325 |
+ echo " check OpenVAS and Redis systemd unit files to fix it" |
326 |
+ exit 1 |
327 |
+ fi |
328 |
+fi |
329 |
+ |
330 |
+restart_redis () { |
331 |
+if [ $redis -eq 0 ]; then |
332 |
+ systemctl restart redis.service &>/dev/null |
333 |
+ if [ $? -eq 0 ]; then |
334 |
+ echo "systemd --> redis.service is restarted." |
335 |
+ else |
336 |
+ echo "systemd --> redis.service cannot restarted." |
337 |
+ exit 1 |
338 |
+ fi |
339 |
+elif [[ -n "$redis_service" ]]; then |
340 |
+ systemctl restart "$redis_service" &>/dev/null |
341 |
+ if [ $? -eq 0 ]; then |
342 |
+ echo "systemd --> $redis_service is restarted." |
343 |
+ else |
344 |
+ echo "systemd --> $redis_service cannot restarted." |
345 |
+ exit 1 |
346 |
+ fi |
347 |
+elif [[ -n "$redis_init" ]]; then |
348 |
+ rc-service redis stop |
349 |
+ sleep 5 |
350 |
+ rc-service redis start |
351 |
+ if [ $? -eq 0 ]; then |
352 |
+ echo "open-rc --> redis is restarted." |
353 |
+ else |
354 |
+ echo "open-rc --> redis cannot restarted." |
355 |
+ exit 1 |
356 |
+ fi |
357 |
+fi |
358 |
+} |
359 |
+ |
360 |
+build_nvt () { |
361 |
+if ps aux | grep -v "grep" | grep -P "(^|\s)\Kopenvassd:(?=\s|$)" &>/dev/null; then |
362 |
+ ps aux | grep -v "grep" | grep -P "(^|\s)\Kopenvassd:(?=\s|$)" | awk '{print $2}' | xargs kill -9 &>/dev/null |
363 |
+ openvassd --foreground --only-cache &>/dev/null |
364 |
+ if [ $? -eq 0 ]; then |
365 |
+ echo "building NVT cache is done." |
366 |
+ else |
367 |
+ echo "building NVT cache is failed.." |
368 |
+ exit 1 |
369 |
+ fi |
370 |
+ else |
371 |
+ openvassd --foreground --only-cache &>/dev/null |
372 |
+ if [ $? -eq 0 ]; then |
373 |
+ echo "building NVT cache is done." |
374 |
+ else |
375 |
+ echo "building NVT cache is failed.." |
376 |
+ exit 1 |
377 |
+ fi |
378 |
+fi |
379 |
+} |
380 |
+ |
381 |
+create_user () { |
382 |
+GREEN="`tput setaf 2`" |
383 |
+RED="`tput setaf 1`" |
384 |
+norm="`tput sgr0`" |
385 |
+echo "creating WebUI User.." |
386 |
+openvasmd --create-user=admin --role=Admin &>/tmp/openvas_user.out |
387 |
+if [ $? -eq 0 ]; then |
388 |
+ username="admin" |
389 |
+ password="$(cat /tmp/openvas_user.out | awk '{print $5}' | cut -c2-)" |
390 |
+ echo "${RED}!WebUI Address : ${GREEN}127.0.0.1:9392" |
391 |
+ echo "${RED}!WebUI Username: ${GREEN}$username" |
392 |
+ echo "${RED}!WebUI Password: ${GREEN}${password%??}${norm}" |
393 |
+ else |
394 |
+ echo "$(cat /tmp/openvas_user.out)" |
395 |
+ echo "these are active users for WebUI" |
396 |
+ openvasmd --get-users |
397 |
+fi |
398 |
+rm -rf /tmp/openvas_user.out |
399 |
+} |
400 |
+ |
401 |
+# Redis & OpenVAS Scanner socket connection check for Gentoo/Linux |
402 |
+if [[ -e /etc/redis.conf ]]; then |
403 |
+ if [ "$(openvassd -s | grep 'kb_location' | awk '{print $3}')" = "$(cat /etc/redis.conf | grep -P '(^|\s)\Kunixsocket(?=\s|$)' | awk '{print $2}')" ]; then |
404 |
+ echo "redis server properly configured." |
405 |
+ else |
406 |
+ redis_sock="$(openvassd -s | grep 'kb_location' | awk '{print $3}')" |
407 |
+ echo "redis server is not properly configured." |
408 |
+ echo "be sure redis server listening unix socket at $redis_sock" |
409 |
+ echo "you can find example redis.conf file in /etc/openvas/redis.conf.example" |
410 |
+ exit 1 |
411 |
+ fi |
412 |
+fi |
413 |
+ |
414 |
+# Redis & OpenVAS Scanner socket connection check for other linux distros |
415 |
+if [[ -e /etc/redis/redis.conf ]]; then |
416 |
+ if [ "$(openvassd -s | grep 'kb_location' | awk '{print $3}')" = "$(cat /etc/redis/redis.conf | grep -P '(^|\s)\Kunixsocket(?=\s|$)' | awk '{print $2}')" ]; then |
417 |
+ echo "redis server properly configured." |
418 |
+ else |
419 |
+ redis_sock="$(openvassd -s | grep 'kb_location' | awk '{print $3}')" |
420 |
+ echo "redis server is not properly configured." |
421 |
+ echo "be sure redis server listening unix socket at $redis_sock" |
422 |
+ exit 1 |
423 |
+ fi |
424 |
+fi |
425 |
+ |
426 |
+# Create certificates for fresh install |
427 |
+openvas-manage-certs -a &>/dev/null |
428 |
+if [ $? -eq 0 ]; then |
429 |
+ echo "certificates created." |
430 |
+ |
431 |
+elif [ "$(openvas-manage-certs -a | grep -ow 'Existing')" = "Existing" ]; then |
432 |
+ echo "certificates already created." |
433 |
+ |
434 |
+else |
435 |
+ echo "certificates cannot created." |
436 |
+ exit 1 |
437 |
+fi |
438 |
+ |
439 |
+# Start to update FEED & First NVT. |
440 |
+try=0 |
441 |
+until [ $try -ge 5 ]; do |
442 |
+ greenbone-nvt-sync &>/dev/null && break |
443 |
+ echo "can't connected! trying to update greenbone-nvt again.." |
444 |
+ try=$[$try+1] |
445 |
+ sleep 30 |
446 |
+done |
447 |
+ |
448 |
+# Check status |
449 |
+if [ $? -eq 0 ]; then |
450 |
+ echo "greenbone-nvt-sync is done." |
451 |
+ # Avoid your IP temporary banned because of multiple connection |
452 |
+ sleep 5 |
453 |
+ # Try to update scapdata. |
454 |
+ try=0 |
455 |
+ until [ $try -ge 5 ]; do |
456 |
+ greenbone-scapdata-sync &>/dev/null && break |
457 |
+ echo "can't connected! trying to update greenbone-scapdata again.." |
458 |
+ try=$[$try+1] |
459 |
+ sleep 30 |
460 |
+ done |
461 |
+ # Check status |
462 |
+ if [ $? -eq 0 ]; then |
463 |
+ echo "greenbone-scapdata-sync is done." |
464 |
+ # Avoid your IP temporary banned because of multiple connection |
465 |
+ sleep 5 |
466 |
+ # Try to update certdata |
467 |
+ try=0 |
468 |
+ until [ $try -ge 5 ]; do |
469 |
+ greenbone-certdata-sync &>/dev/null && break |
470 |
+ echo "can't connected! Trying to update greenbone-certdata again.." |
471 |
+ try=$[$try+1] |
472 |
+ sleep 30 |
473 |
+ done |
474 |
+ # Check status |
475 |
+ if [ $? -eq 0 ]; then |
476 |
+ echo "greenbone-certdata-sync is done." |
477 |
+ echo "building NVT cache this will take some time.." |
478 |
+ build_nvt |
479 |
+ # Check OpenVAS-Scanner is running |
480 |
+ if ps aux | grep -v "grep" | grep -P "(^|\s)\Kopenvassd:(?=\s|$)" &>/dev/null; then |
481 |
+ echo "OpenVAS-Scanner is running." |
482 |
+ echo "building Database this will take some time.." |
483 |
+ openvasmd --rebuild --progress &>/dev/null |
484 |
+ elif [ $scanner -eq 0 ]; then |
485 |
+ # Start OpenVAS-Scanner systemd unit & Rebuild Cache |
486 |
+ echo "systemd --> OpenVAS-Scanner is not running! trying to up.." |
487 |
+ systemctl start openvas-scanner.service &>/dev/null |
488 |
+ if [ $? -eq 0 ]; then |
489 |
+ # Wait for initialize |
490 |
+ until [ "$(ps aux | grep -v 'grep' | grep -ow 'openvassd: Waiting')" = "openvassd: Waiting" ]; do |
491 |
+ sleep 15 |
492 |
+ echo "waiting for OpenVAS-Scanner to become ready.." |
493 |
+ done |
494 |
+ echo "systemd --> openvas-scanner.service started and waiting for connection." |
495 |
+ echo "building database this will take some time.." |
496 |
+ # Rebuild Cache |
497 |
+ openvasmd --rebuild --progress &>/dev/null |
498 |
+ else |
499 |
+ echo "systemd --> openvas-scanner.service cannot started.." |
500 |
+ exit 1 |
501 |
+ fi |
502 |
+ elif [[ -n "$scanner_service" ]]; then |
503 |
+ echo "systemd --> OpenVAS-Scanner is down! trying to up.." |
504 |
+ systemctl start "$scanner_service" &>/dev/null |
505 |
+ if [ $? -eq 0 ]; then |
506 |
+ # Wait for initialize |
507 |
+ until [ "$(ps aux | grep -v 'grep' | grep -ow 'openvassd: Waiting')" = "openvassd: Waiting" ]; do |
508 |
+ sleep 15 |
509 |
+ echo "waiting for OpenVAS-Scanner to become ready.." |
510 |
+ done |
511 |
+ echo "systemd --> $scanner_service is started and waiting for connection." |
512 |
+ echo "building database this will take some time.." |
513 |
+ # Rebuild Cache |
514 |
+ openvasmd --rebuild --progress &>/dev/null |
515 |
+ else |
516 |
+ echo "systemd --> $scanner_service cannot started.." |
517 |
+ exit 1 |
518 |
+ fi |
519 |
+ elif [[ -n "$scanner_init" ]]; then |
520 |
+ # Start OpenVAS-Scanner with init.d (open-rc) & Rebuild Cache |
521 |
+ echo "open-rc --> OpenVAS-Scanner is down! trying to up.." |
522 |
+ rc-service openvas-scanner start &>/dev/null |
523 |
+ if [ $? -eq 0 ]; then |
524 |
+ # Wait for initialize |
525 |
+ until [ "$(ps aux | grep -v 'grep' | grep -ow 'openvassd: Waiting')" = "openvassd: Waiting" ]; do |
526 |
+ sleep 15 |
527 |
+ echo "waiting for OpenVAS-Scanner to become ready.." |
528 |
+ done |
529 |
+ echo "rc-service --> openvas-scanner started and waiting for connection." |
530 |
+ echo "building database this will take some time.." |
531 |
+ # Rebuild Cache |
532 |
+ openvasmd --rebuild --progress &>/dev/null |
533 |
+ else |
534 |
+ echo "rc-service --> openvas-scanner cannot started.." |
535 |
+ exit 1 |
536 |
+ fi |
537 |
+ else |
538 |
+ echo "OpenVAS-Scanner is not running! Trying to up.." |
539 |
+ openvassd "$OPENVAS_SCANNER_OPTIONS" "$OPENVAS_SCANNER_LISTEN_SOCKET" &>/dev/null |
540 |
+ # Wait for initialize |
541 |
+ if [ $? -eq 0 ]; then |
542 |
+ until [ "$(ps aux | grep -v 'grep' | grep -ow 'openvassd: Waiting')" = "openvassd: Waiting" ]; do |
543 |
+ sleep 15 |
544 |
+ echo "waiting for OpenVAS-Scanner to become ready.." |
545 |
+ done |
546 |
+ else |
547 |
+ echo "OpenVAS Scanner cannot started manually.." |
548 |
+ exit 1 |
549 |
+ fi |
550 |
+ echo "OpenVAS-Scanner started manually and waiting for connection." |
551 |
+ echo "building database this will take some time.." |
552 |
+ # Rebuild Cache |
553 |
+ openvasmd --rebuild --progress &>/dev/null |
554 |
+ fi |
555 |
+ # Check status |
556 |
+ if [ $? -eq 0 ]; then |
557 |
+ echo "building database is done" |
558 |
+ create_user |
559 |
+ # Restart OpenVAS-Scanner |
560 |
+ if [ $scanner -eq 0 ]; then |
561 |
+ ps aux | grep -v "grep" | grep -P "(^|\s)\Kopenvassd:(?=\s|$)" | awk '{print $2}' | xargs kill -9 &>/dev/null |
562 |
+ restart_redis |
563 |
+ sleep 3 |
564 |
+ systemctl restart openvas-scanner.service &>/dev/null |
565 |
+ elif [[ -n "$scanner_service" ]]; then |
566 |
+ ps aux | grep -v "grep" | grep -P "(^|\s)\Kopenvassd:(?=\s|$)" | awk '{print $2}' | xargs kill -9 &>/dev/null |
567 |
+ restart_redis |
568 |
+ sleep 3 |
569 |
+ systemctl restart "$scanner_service" &>/dev/null |
570 |
+ elif [[ -n "$scanner_init" ]]; then |
571 |
+ ps aux | grep -v "grep" | grep -P "(^|\s)\Kopenvassd:(?=\s|$)" | awk '{print $2}' | xargs kill -9 &>/dev/null |
572 |
+ restart_redis |
573 |
+ sleep 3 |
574 |
+ rc-service openvas-scanner start &>/dev/null |
575 |
+ else |
576 |
+ ps aux | grep -v "grep" | grep -P "(^|\s)\Kopenvassd:(?=\s|$)" | awk '{print $2}' | xargs kill -9 &>/dev/null |
577 |
+ restart_redis |
578 |
+ sleep 3 |
579 |
+ openvassd "$OPENVAS_SCANNER_OPTIONS" "$OPENVAS_SCANNER_LISTEN_SOCKET" &>/dev/null |
580 |
+ fi |
581 |
+ if [ $? -eq 0 ]; then |
582 |
+ until [ "$(ps aux | grep -v 'grep' | grep -ow 'openvassd: Waiting')" = "openvassd: Waiting" ]; do |
583 |
+ sleep 10 |
584 |
+ echo "waiting for OpenVAS-Scanner to become ready.." |
585 |
+ done |
586 |
+ echo "OpenVAS-Scanner is restarted." |
587 |
+ # Restart OpenVAS-Manager |
588 |
+ if [ $manager -eq 0 ]; then |
589 |
+ ps aux | grep -v "grep" | grep -P "(^|\s)\Kopenvasmd(?=\s|$)" | awk '{print $2}' | xargs kill -9 &>/dev/null |
590 |
+ sleep 5 |
591 |
+ systemctl restart gvmd.service &>/dev/null |
592 |
+ if [ $? -eq 0 ]; then |
593 |
+ success="0" |
594 |
+ echo "systemd --> gvmd.service is restarted." |
595 |
+ echo "OpenVAS setup is ok." |
596 |
+ else |
597 |
+ echo "systemd --> gvmd.service cannot restarted." |
598 |
+ echo "OpenVAS setup is not ok!" |
599 |
+ exit 1 |
600 |
+ fi |
601 |
+ elif [[ -n "$manager_service" ]]; then |
602 |
+ ps aux | grep -v "grep" | grep -P "(^|\s)\Kopenvasmd(?=\s|$)" | awk '{print $2}' | xargs kill -9 &>/dev/null |
603 |
+ sleep 5 |
604 |
+ systemctl restart "$manager_service" &>/dev/null |
605 |
+ if [ $? -eq 0 ]; then |
606 |
+ success="0" |
607 |
+ echo "systemd --> $manager_service is restarted" |
608 |
+ echo "OpenVAS setup is ok." |
609 |
+ else |
610 |
+ echo "systemd --> $manager_service cannot restarted" |
611 |
+ echo "OpenVAS setup is not ok!" |
612 |
+ exit 1 |
613 |
+ fi |
614 |
+ elif [[ -n "$manager_init" ]]; then |
615 |
+ ps aux | grep -v "grep" | grep -P "(^|\s)\Kopenvasmd(?=\s|$)" | awk '{print $2}' | xargs kill -9 &>/dev/null |
616 |
+ sleep 5 |
617 |
+ rc-service gvmd start &>/dev/null |
618 |
+ if [ $? -eq 0 ]; then |
619 |
+ success="0" |
620 |
+ echo "open-rc --> gvmd is restarted" |
621 |
+ echo "OpenVAS setup is ok." |
622 |
+ else |
623 |
+ echo "open-rc --> gvmd cannot restarted" |
624 |
+ echo "OpenVAS setup is not ok!" |
625 |
+ exit 1 |
626 |
+ fi |
627 |
+ else |
628 |
+ ps aux | grep -v "grep" | grep -P "(^|\s)\Kopenvasmd(?=\s|$)" | awk '{print $2}' | xargs kill -9 &>/dev/null |
629 |
+ sleep 5 |
630 |
+ openvasmd "$OPENVAS_MANAGER_OPTIONS" "$OPENVAS_MANAGER_PORT" "$OPENVAS_MANAGER_LISTEN_ADDRESS" "$OPENVAS_MANAGER_SCANNER_HOST" "$OPENVAS_MANAGER_GNUTLS_PRIORITIES" &>/dev/null |
631 |
+ if [ $? -eq 0 ]; then |
632 |
+ success="0" |
633 |
+ echo "OpenVAS-Manager is restarted manually" |
634 |
+ echo "OpenVAS setup is ok." |
635 |
+ else |
636 |
+ echo "OpenVAS-Manager cannot restarted" |
637 |
+ echo "OpenVAS setup is not ok!" |
638 |
+ exit 1 |
639 |
+ fi |
640 |
+ fi |
641 |
+ else |
642 |
+ echo "OpenVAS setup is not ok! OpenVAS-scanner cannot restarted." |
643 |
+ fi |
644 |
+ else |
645 |
+ echo "OpenVAS setup is not ok! OpenVAS database build failed." |
646 |
+ fi |
647 |
+ else |
648 |
+ echo "OpenVAS setup is not ok! OpenVAS Certdata sync failed." |
649 |
+ fi |
650 |
+ else |
651 |
+ echo "OpenVAS setup is not ok! OpenVAS Scapdata sync failed." |
652 |
+ fi |
653 |
+ else |
654 |
+ echo "OpenVAS setup is not ok! OpenVAS NVT sync update failed." |
655 |
+fi |
656 |
+ |
657 |
+# Restart WebUI |
658 |
+if [[ -n "$success" ]] && [ $gsad -eq 0 ]; then |
659 |
+ WHICHA="$(type gsad | awk '{print $3}')" |
660 |
+ if [ $assistant -eq 0 ]; then |
661 |
+ # Time to restart OpenVAS-Security Assistant |
662 |
+ ps aux | grep -v "grep" | grep -P "(^|\s)\K$WHICHA(?=\s|$)" | awk '{print $2}' | xargs kill -9 &>/dev/null |
663 |
+ sleep 5 |
664 |
+ systemctl restart gsa.service &>/dev/null |
665 |
+ if [ $? -eq 0 ]; then |
666 |
+ echo "systemd --> gsa.service (OpenVAS WebUI) is restarted and ready for connection" |
667 |
+ else |
668 |
+ echo "systemd --> gsa.service (OpenVAS-WebUI) cannot restarted" |
669 |
+ fi |
670 |
+ elif [[ -n "$assistant_service" ]]; then |
671 |
+ if [ $COUNTA -eq 1 ]; then |
672 |
+ ps aux | grep -v "grep" | grep -P "(^|\s)\K$WHICHA(?=\s|$)" | awk '{print $2}' | xargs kill -9 &>/dev/null |
673 |
+ sleep 5 |
674 |
+ systemctl restart "$assistant_service" &>/dev/null |
675 |
+ if [ $? -eq 0 ]; then |
676 |
+ echo "systemd --> $assistant_service (OpenVAS WebUI) is restarted and ready for connection" |
677 |
+ else |
678 |
+ echo "systemd --> $assistan_service (OpenVAS WebUI) cannot restarted." |
679 |
+ fi |
680 |
+ else |
681 |
+ echo "systemd --> OpenVAS WebUI cannot restarted! you have multiple enabled systemd services ($assistant_service)" |
682 |
+ exit 1 |
683 |
+ fi |
684 |
+ elif [[ -n "$assistant_init" ]]; then |
685 |
+ ps aux | grep -v "grep" | grep -P "(^|\s)\K$WHICHA(?=\s|$)" | awk '{print $2}' | xargs kill -9 &>/dev/null |
686 |
+ sleep 5 |
687 |
+ rc-service gsa start &>/dev/null |
688 |
+ if [ $? -eq 0 ]; then |
689 |
+ echo "open-rc --> gsa (OpenVAS WebUI) is restarted" |
690 |
+ else |
691 |
+ echo "open-rc --> gsa (OpenVAS WebUI) cannot restarted." |
692 |
+ fi |
693 |
+ else |
694 |
+ ps aux | grep -v "grep" | grep -P "(^|\s)\K$WHICHA(?=\s|$)" | awk '{print $2}' | xargs kill -9 &>/dev/null |
695 |
+ sleep 5 |
696 |
+ gsad "$OPENVAS_SECURITY_ASSISTANT_OPTIONS" "$OPENVAS_SECURITY_ASSISTANT_LISTEN_ADDRESS" "$OPENVAS_SECURITY_ASSISTANT_LISTEN_PORT" "$OPENVAS_SECURITY_ASSISTANT_MANAGER_LISTEN_ADDRESS" "$OPENVAS_SECURITY_ASSISTANT_MANAGER_LISTEN_PORT" "$OPENVAS_SECURITY_ASSISTANT_GNUTLS_PRIORITIES" &>/dev/null |
697 |
+ if [ $? -eq 0 ]; then |
698 |
+ echo "OpenVAS WebUI is restarted" |
699 |
+ else |
700 |
+ echo "OpenVAS WebUI cannot restarted" |
701 |
+ fi |
702 |
+ fi |
703 |
+fi |
704 |
|
705 |
diff --git a/net-analyzer/openvas-scanner/files/openvas-feed-sync b/net-analyzer/openvas-scanner/files/openvas-feed-sync |
706 |
new file mode 100755 |
707 |
index 00000000000..de1c69038ab |
708 |
--- /dev/null |
709 |
+++ b/net-analyzer/openvas-scanner/files/openvas-feed-sync |
710 |
@@ -0,0 +1,627 @@ |
711 |
+#!/bin/bash |
712 |
+# Copyright 1999-2019 Gentoo Authors |
713 |
+# Distributed under the terms of the GNU General Public License v2 |
714 |
+# This is OpenVAS cron script that updates feed and reload daemons. |
715 |
+# Hasan ÇALIŞIR hsntgm@×××××.com | proxy maintainer |
716 |
+ |
717 |
+# Mail settings |
718 |
+MAIL_TO="root" |
719 |
+MAIL_SUBJECT="CronJob-OpenVAS" |
720 |
+ |
721 |
+# If you don't use systemd or open-rc for OpenVAS daemons you can set start command args here |
722 |
+# while we manually start/restart them. |
723 |
+#################################################################################################### |
724 |
+ |
725 |
+# OpenVAS Manager command args |
726 |
+OPENVAS_MANAGER_OPTIONS="" # e.g --foreground |
727 |
+OPENVAS_MANAGER_PORT="--port=9390" # Manager listen port |
728 |
+OPENVAS_MANAGER_LISTEN_ADDRESS="--listen=127.0.0.1" # Manager listen address |
729 |
+OPENVAS_MANAGER_SCANNER_HOST="--scanner-host=/var/run/openvassd.sock" # Scanner unix socket |
730 |
+OPENVAS_MANAGER_GNUTLS_PRIORITIES="--gnutls-priorities=SECURE256:+SUITEB192:+SECURE192:+SECURE128:+SUITEB128:-MD5:-SHA1:-VERS-TLS1.0:-VERS-TLS1.1:-VERS-SSL3.0" |
731 |
+ |
732 |
+# OpenVAS Scanner command args |
733 |
+OPENVAS_SCANNER_OPTIONS="" # e.g --foreground |
734 |
+OPENVAS_SCANNER_LISTEN_SOCKET="--unix-socket=/var/run/openvassd.sock" # Scanner listen socket |
735 |
+ |
736 |
+# OpenVAS Security Assistant command args for reverse proxying | SSL PassThrough |
737 |
+OPENVAS_SECURITY_ASSISTANT_OPTIONS="--no-redirect" # Don't listen port 80 anymore |
738 |
+OPENVAS_SECURITY_ASSISTANT_LISTEN_ADDRESS="--listen=127.0.0.1" # WebUI adress |
739 |
+OPENVAS_SECURITY_ASSISTANT_LISTEN_PORT="--port=9392" # WebUI Port |
740 |
+OPENVAS_SECURITY_ASSISTANT_MANAGER_LISTEN_ADDRESS="--mlisten=127.0.0.1" # WebUI Manager Address |
741 |
+OPENVAS_SECURITY_ASSISTANT_MANAGER_PORT="--mport=9390" # WebUI Manager Port |
742 |
+OPENVAS_SECURITY_ASSISTANT_GNUTLS_PRIORITIES="--gnutls-priorities=NORMAL" # TLS Settings |
743 |
+ |
744 |
+##################################################################################################### |
745 |
+ |
746 |
+# Update Environment |
747 |
+source /etc/profile &>/dev/null |
748 |
+source /etc/environment &>/dev/null |
749 |
+source ~/.bash_profile &>/dev/null |
750 |
+ |
751 |
+# Check the needed executables if they are in our environment and have +x |
752 |
+if ! [ -x "$(command -v openvasmd)" ] || ! [ -x "$(command -v openvassd)" ] || ! [ -x "$(command -v redis-server)" ]; then |
753 |
+ path="1" |
754 |
+ else |
755 |
+ path="0" |
756 |
+fi |
757 |
+ |
758 |
+# Check Security-Assistant is exist |
759 |
+if ! [ -x "$(command -v gsad)" ]; then |
760 |
+ gsad="1" |
761 |
+ else |
762 |
+ gsad="0" |
763 |
+fi |
764 |
+ |
765 |
+# Executables are not in our environment |
766 |
+if [ $path -eq 1 ]; then |
767 |
+ echo "OpenVAS CronJob Failed! If you installed OpenVAS to specific location e.g. /opt" | tee -a /tmp/openvas_mail.out |
768 |
+ echo "please add these PATHS to /etc/profile e.g. 'PATH=$PATH:/opt/openvas/bin:/opt/openvas/sbin'" | tee -a /tmp/openvas_mail.out |
769 |
+ echo "also sure that they are executable e.g. 'chmod +x /opt/openvas/sbin/openvassd'" | tee -a /tmp/openvas_mail.out |
770 |
+ echo -e "Subject:$MAIL_SUBJECT\n$(cat /tmp/openvas_mail.out)" | sendmail -t "$MAIL_TO" &>/dev/null |
771 |
+ exit 1 |
772 |
+fi |
773 |
+ |
774 |
+# Check systemd if exist |
775 |
+if command -v systemctl &>/dev/null; then |
776 |
+ systemctl="0" |
777 |
+ else |
778 |
+ systemctl="1" |
779 |
+fi |
780 |
+ |
781 |
+# Check open-rc if exist |
782 |
+if command -v rc-service &>/dev/null; then |
783 |
+ open_rc="0" |
784 |
+ else |
785 |
+ open_rc="1" |
786 |
+fi |
787 |
+ |
788 |
+# open-rc variables |
789 |
+if [ $systemctl -eq 1 ] && [ $open_rc -eq 0 ]; then |
790 |
+ scanner_init="0" |
791 |
+ manager_init="0" |
792 |
+ assistant_init="0" |
793 |
+ redis_init="0" |
794 |
+fi |
795 |
+ |
796 |
+# Check OpenVAS-Scanner systemd unit(common name) is active or enabled |
797 |
+if [ $systemctl -eq 0 ] && ([ "$(systemctl is-active openvassd.service)" = "active" ] || [ "$(systemctl list-unit-files | grep 'enabled' | grep 'openvassd.service' | awk '{print $1}')" = "openvassd.service" ]); then |
798 |
+ scanner="0" |
799 |
+ else |
800 |
+ scanner="1" |
801 |
+fi |
802 |
+ |
803 |
+# Check OpenVAS-Manager systemd unit(common name) is active or enabled |
804 |
+if [ $systemctl -eq 0 ] && ([ "$(systemctl is-active openvasmd.service)" = "active" ] || [ "$(systemctl list-unit-files | grep 'enabled' | grep 'openvasmd.service' | awk '{print $1}')" = "openvasmd.service" ]); then |
805 |
+ manager="0" |
806 |
+ else |
807 |
+ manager="1" |
808 |
+fi |
809 |
+ |
810 |
+# Check OpenVAS-Assistant systemd unit(common name) is active or not |
811 |
+if [ $systemctl -eq 0 ] && ([ "$(systemctl is-active gsad.service)" = "active" ] || [ "$(systemctl list-unit-files | grep 'enabled' | grep 'gsad.service' | awk '{print $1}')" = "gsad.service" ]); then |
812 |
+ assistant="0" |
813 |
+ else |
814 |
+ assistant="1" |
815 |
+fi |
816 |
+ |
817 |
+# Check Redis systemd unit(common name) is active or not |
818 |
+if [ $systemctl -eq 0 ] && ([ "$(systemctl is-active redis.service)" = "active" ] || [ "$(systemctl list-unit-files | grep 'enabled' | grep 'redis.service' | awk '{print $1}')" = "redis.service" ]); then |
819 |
+ redis="0" |
820 |
+ else |
821 |
+ redis="1" |
822 |
+fi |
823 |
+ |
824 |
+# If you don't use common systemd service names for OpenVAS |
825 |
+# We need to find correct service name for restarting. |
826 |
+if [ $scanner -eq 1 ] || [ $manager -eq 1 ]; then |
827 |
+ WHICHM="ExecStart=$(type openvasmd | awk '{print $3}')" |
828 |
+ WHICHS="ExecStart=$(type openvassd | awk '{print $3}')" |
829 |
+ WHICHA="ExecStart=$(type gsad | awk '{print $3}')" |
830 |
+ WHICHR="ExecStart=$(type redis-server | awk '{print $3}')" |
831 |
+ |
832 |
+ # If you have unordinary systemd services PATH you can add here |
833 |
+ DIR="/lib/systemd/system/ |
834 |
+ /etc/systemd/system/ |
835 |
+ /usr/lib/systemd/system/ |
836 |
+ /usr/local/lib/systemd/system/" |
837 |
+ |
838 |
+ # Find OpenVAS daemons systemd files |
839 |
+ for i in $DIR; do |
840 |
+ if [ -d "$i" ]; then |
841 |
+ grep -rilnw "$i" -e "$WHICHM" | cut -d: -f1 | grep -oP "$i\K.*" &>>/tmp/openvas_GVM_manager_service.out |
842 |
+ grep -rilnw "$i" -e "$WHICHS" | cut -d: -f1 | grep -oP "$i\K.*" &>>/tmp/openvas_GVM_scanner_service.out |
843 |
+ grep -rilnw "$i" -e "$WHICHA" | cut -d: -f1 | grep -oP "$i\K.*" &>>/tmp/openvas_GVM_assistant_service.out |
844 |
+ grep -rilnw "$i" -e "$WHICHR" | cut -d: -f1 | grep -oP "$i\K.*" &>>/tmp/openvas_GVM_redis_service.out |
845 |
+ fi |
846 |
+ done |
847 |
+ |
848 |
+ # Time to get our exact systemd service searching in enabled services |
849 |
+ manager_service="$(while IFS= read -r service; do |
850 |
+ systemctl list-unit-files | grep "enabled" | grep -P "(^|\s)\K$service(?=\s|$)" | awk '{print $1}' |
851 |
+ done < /tmp/openvas_GVM_manager_service.out)" |
852 |
+ |
853 |
+ scanner_service="$(while IFS= read -r service; do |
854 |
+ systemctl list-unit-files | grep "enabled" | grep -P "(^|\s)\K$service(?=\s|$)" | awk '{print $1}' |
855 |
+ done < /tmp/openvas_GVM_scanner_service.out)" |
856 |
+ |
857 |
+ assistant_service="$(while IFS= read -r service; do |
858 |
+ systemctl list-unit-files | grep "enabled" | grep -P "(^|\s)\K$service(?=\s|$)" | awk '{print $1}' |
859 |
+ done < /tmp/openvas_GVM_assistant_service.out)" |
860 |
+ |
861 |
+ redis_service="$(while IFS= read -r service; do |
862 |
+ systemctl list-unit-files | grep "enabled" | grep -P "(^|\s)\K$service(?=\s|$)" | awk '{print $1}' |
863 |
+ done < /tmp/openvas_GVM_redis_service.out)" |
864 |
+ |
865 |
+ rm -rf /tmp/openvas_GVM* |
866 |
+ COUNTM=$(wc -w <<< "${manager_service}") |
867 |
+ COUNTS=$(wc -w <<< "${scanner_service}") |
868 |
+ COUNTA=$(wc -w <<< "${assistant_service}") |
869 |
+ COUNTR=$(wc -w <<< "${redis_service}") |
870 |
+ |
871 |
+ if [ $COUNTM -gt 1 ] || [ $COUNTS -gt 1 ] || [ $COUNTR -gt 1 ]; then |
872 |
+ echo "OpenVAS CronJob Failed! You have multiple enabled systemd service for single OpenVAS daemon or redis" | tee -a /tmp/openvas_mail.out |
873 |
+ echo -e "Subject:$MAIL_SUBJECT\n$(cat /tmp/openvas_mail.out)" | sendmail -t "$MAIL_TO" &>/dev/null |
874 |
+ exit 1 |
875 |
+ fi |
876 |
+fi |
877 |
+ |
878 |
+# Start to update FEED & First NVT. |
879 |
+try=0 |
880 |
+until [ $try -ge 5 ]; do |
881 |
+ greenbone-nvt-sync &>/dev/null && break |
882 |
+ echo "Can't connected! Trying to update greenbone-nvt again.." &>>/tmp/openvas_mail.out |
883 |
+ try=$[$try+1] |
884 |
+ sleep 30 |
885 |
+done |
886 |
+ |
887 |
+# Check status |
888 |
+if [ $? -eq 0 ]; then |
889 |
+ echo "greenbone-nvt-sync is done" &>>/tmp/openvas_mail.out |
890 |
+ # Avoid your IP temporary banned because of multiple connection |
891 |
+ sleep 5 |
892 |
+ # Try to update scapdata. |
893 |
+ try=0 |
894 |
+ until [ $try -ge 5 ]; do |
895 |
+ greenbone-scapdata-sync &>/dev/null && break |
896 |
+ echo "Can't connected! Trying to update greenbone-scapdata again.." &>>/tmp/openvas_mail.out |
897 |
+ try=$[$try+1] |
898 |
+ sleep 30 |
899 |
+ done |
900 |
+ |
901 |
+ # Check status |
902 |
+ if [ $? -eq 0 ]; then |
903 |
+ echo "greenbone-scapdata-sync is done" &>>/tmp/openvas_mail.out |
904 |
+ # Avoid your IP temporary banned because of multiple connection |
905 |
+ sleep 5 |
906 |
+ # Try to update certdata |
907 |
+ try=0 |
908 |
+ until [ $try -ge 5 ]; do |
909 |
+ greenbone-certdata-sync &>/dev/null && break |
910 |
+ echo "Can't connected! Trying to update greenbone-certdata again.." &>>/tmp/openvas_mail.out |
911 |
+ try=$[$try+1] |
912 |
+ sleep 30 |
913 |
+ done |
914 |
+ |
915 |
+ # Check status |
916 |
+ if [ $? -eq 0 ]; then |
917 |
+ echo "greenbone-certdata-sync is done" &>>/tmp/openvas_mail.out |
918 |
+ |
919 |
+ # Check OpenVAS-Scanner is running |
920 |
+ if ps aux | grep -v "grep" | grep -P "(^|\s)\Kopenvassd:(?=\s|$)" &>/dev/null; then |
921 |
+ echo "OpenVAS-Scanner is running." &>>/tmp/openvas_mail.out |
922 |
+ openvasmd --update --progress &>/dev/null |
923 |
+ |
924 |
+ elif [ $scanner -eq 0 ]; then |
925 |
+ # Start OpenVAS-Scanner systemd unit & Rebuild Cache |
926 |
+ echo "OpenVAS-Scanner is down! Trying to up.." &>>/tmp/openvas_mail.out |
927 |
+ systemctl start openvassd.service &>/dev/null |
928 |
+ |
929 |
+ if [ $? -eq 0 ]; then |
930 |
+ # Wait for initialize |
931 |
+ until [ "$(ps aux | grep -v 'grep' | grep -ow 'openvassd: Waiting')" = "openvassd: Waiting" ]; do |
932 |
+ sleep 15 |
933 |
+ echo "Waiting for OpenVAS-Scanner to become ready.." &>>/tmp/openvas_mail.out |
934 |
+ done |
935 |
+ echo "openvassd.service started and waiting for connection." &>>/tmp/openvas_mail.out |
936 |
+ # Rebuild Cache |
937 |
+ openvasmd --update --progress &>/dev/null |
938 |
+ else |
939 |
+ echo "openvassd.service cannot started.." | tee -a /tmp/openvas_mail.out |
940 |
+ echo -e "Subject:$MAIL_SUBJECT\n$(cat /tmp/openvas_mail.out)" | sendmail -t "$MAIL_TO" &>/dev/null |
941 |
+ exit 1 |
942 |
+ fi |
943 |
+ |
944 |
+ elif [[ -n "$scanner_service" ]]; then |
945 |
+ echo "OpenVAS-Scanner is down! Trying to up.." &>>/tmp/openvas_mail.out |
946 |
+ systemctl start "$scanner_service" &>/dev/null |
947 |
+ |
948 |
+ if [ $? -eq 0 ]; then |
949 |
+ # Wait for initialize |
950 |
+ until [ "$(ps aux | grep -v 'grep' | grep -ow 'openvassd: Waiting')" = "openvassd: Waiting" ]; do |
951 |
+ sleep 15 |
952 |
+ echo "Waiting for OpenVAS-Scanner to become ready.." &>>/tmp/openvas_mail.out |
953 |
+ done |
954 |
+ echo "$scanner_service is started and waiting for connection." &>>/tmp/openvas_mail.out |
955 |
+ # Rebuild Cache |
956 |
+ openvasmd --update --progress &>/dev/null |
957 |
+ else |
958 |
+ echo "$scanner_service cannot started.." | tee -a /tmp/openvas_mail.out |
959 |
+ echo -e "Subject:$MAIL_SUBJECT\n$(cat /tmp/openvas_mail.out)" | sendmail -t "$MAIL_TO" &>/dev/null |
960 |
+ exit 1 |
961 |
+ fi |
962 |
+ |
963 |
+ elif [[ -n "$scanner_init" ]]; then |
964 |
+ # Start OpenVAS-Scanner with init.d (open-rc) & Rebuild Cache |
965 |
+ echo "OpenVAS-Scanner is down! Trying to up.." &>>/tmp/openvas_mail.out |
966 |
+ rc-service openvassd start &>/dev/null |
967 |
+ |
968 |
+ if [ $? -eq 0 ]; then |
969 |
+ # Wait for initialize |
970 |
+ until [ "$(ps aux | grep -v 'grep' | grep -ow 'openvassd: Waiting')" = "openvassd: Waiting" ]; do |
971 |
+ sleep 15 |
972 |
+ echo "Waiting for OpenVAS-Scanner to become ready.." &>>/tmp/openvas_mail.out |
973 |
+ done |
974 |
+ echo "rc-service --> openvassd started and waiting for connection." &>>/tmp/openvas_mail.out |
975 |
+ # Rebuild Cache |
976 |
+ openvasmd --update --progress &>/dev/null |
977 |
+ else |
978 |
+ echo "rc-service --> openvassd cannot started.." | tee -a /tmp/openvas_mail.out |
979 |
+ echo -e "Subject:$MAIL_SUBJECT\n$(cat /tmp/openvas_mail.out)" | sendmail -t "$MAIL_TO" &>/dev/null |
980 |
+ exit 1 |
981 |
+ fi |
982 |
+ |
983 |
+ else |
984 |
+ echo "OpenVAS-Scanner is down! Trying to up.." &>>/tmp/openvas_mail.out |
985 |
+ openvassd "$OPENVAS_SCANNER_OPTIONS" "$OPENVAS_SCANNER_LISTEN_SOCKET" &>/dev/null |
986 |
+ # Wait for initialize |
987 |
+ if [ $? -eq 0 ]; then |
988 |
+ until [ "$(ps aux | grep -v 'grep' | grep -ow 'openvassd: Waiting')" = "openvassd: Waiting" ]; do |
989 |
+ sleep 15 |
990 |
+ echo "Waiting for OpenVAS-Scanner to become ready.." &>>/tmp/openvas_mail.out |
991 |
+ done |
992 |
+ else |
993 |
+ echo "OpenVAS Scanner cannot started manually.." | tee -a /tmp/openvas_mail.out |
994 |
+ echo -e "Subject:$MAIL_SUBJECT\n$(cat /tmp/openvas_mail.out)" | sendmail -t "$MAIL_TO" &>/dev/null |
995 |
+ exit 1 |
996 |
+ fi |
997 |
+ echo "OpenVAS-Scanner started manually and waiting for connection." &>>/tmp/openvas_mail.out |
998 |
+ # Rebuild Cache |
999 |
+ openvasmd --update --progress &>/dev/null |
1000 |
+ fi |
1001 |
+ |
1002 |
+ # Check status |
1003 |
+ if [ $? -eq 0 ]; then |
1004 |
+ echo "Updating NVT cache is done" &>>/tmp/openvas_mail.out |
1005 |
+ |
1006 |
+ # Restart OpenVAS-Scanner |
1007 |
+ if [ $scanner -eq 0 ]; then |
1008 |
+ ps aux | grep -v "grep" | grep -P "(^|\s)\Kopenvassd:(?=\s|$)" | awk '{print $2}' | xargs kill -9 &>/dev/null |
1009 |
+ sleep 3 |
1010 |
+ |
1011 |
+ # Try to restart redis service before OpenVAS-Scanner |
1012 |
+ if [ $redis -eq 0 ]; then |
1013 |
+ systemctl restart redis.service &>/dev/null |
1014 |
+ |
1015 |
+ if [ $? -eq 0 ]; then |
1016 |
+ echo "systemd --> redis.service is restarted." &>>/tmp/openvas_mail.out |
1017 |
+ else |
1018 |
+ echo "systemd --> redis.service cannot restarted." | tee -a /tmp/openvas_mail.out |
1019 |
+ echo -e "Subject:$MAIL_SUBJECT\n$(cat /tmp/openvas_mail.out)" | sendmail -t "$MAIL_TO" &>/dev/null |
1020 |
+ exit 1 |
1021 |
+ fi |
1022 |
+ |
1023 |
+ elif [[ -n "$redis_service" ]]; then |
1024 |
+ systemctl restart "$redis_service" &>/dev/null |
1025 |
+ |
1026 |
+ if [ $? -eq 0 ]; then |
1027 |
+ echo "systemd --> $redis_service is restarted." &>>/tmp/openvas_mail.out |
1028 |
+ else |
1029 |
+ echo "systemd --> $redis_service cannot restarted." | tee -a /tmp/openvas_mail.out |
1030 |
+ echo -e "Subject:$MAIL_SUBJECT\n$(cat /tmp/openvas_mail.out)" | sendmail -t "$MAIL_TO" &>/dev/null |
1031 |
+ exit 1 |
1032 |
+ fi |
1033 |
+ |
1034 |
+ elif [[ -n "$redis_init" ]]; then |
1035 |
+ rc-service redis stop |
1036 |
+ sleep 5 |
1037 |
+ rc-service redis start |
1038 |
+ |
1039 |
+ if [ $? -eq 0 ]; then |
1040 |
+ echo "open-rc --> redis is restarted." &>>/tmp/openvas_mail.out |
1041 |
+ else |
1042 |
+ echo "open-rc --> redis cannot restarted." | tee -a /tmp/openvas_mail.out |
1043 |
+ echo -e "Subject:$MAIL_SUBJECT\n$(cat /tmp/openvas_mail.out)" | sendmail -t "$MAIL_TO" &>/dev/null |
1044 |
+ exit 1 |
1045 |
+ fi |
1046 |
+ fi |
1047 |
+ systemctl restart openvassd.service &>/dev/null |
1048 |
+ |
1049 |
+ elif [[ -n "$scanner_service" ]]; then |
1050 |
+ ps aux | grep -v "grep" | grep -P "(^|\s)\Kopenvassd:(?=\s|$)" | awk '{print $2}' | xargs kill -9 &>/dev/null |
1051 |
+ sleep 3 |
1052 |
+ |
1053 |
+ # Try to restart redis service before OpenVAS-Scanner |
1054 |
+ if [ $redis -eq 0 ]; then |
1055 |
+ systemctl restart redis.service &>/dev/null |
1056 |
+ |
1057 |
+ if [ $? -eq 0 ]; then |
1058 |
+ echo "systemd --> redis.service is restarted." &>>/tmp/openvas_mail.out |
1059 |
+ else |
1060 |
+ echo "systemd --> redis.service cannot restarted." | tee -a /tmp/openvas_mail.out |
1061 |
+ echo -e "Subject:$MAIL_SUBJECT\n$(cat /tmp/openvas_mail.out)" | sendmail -t "$MAIL_TO" &>/dev/null |
1062 |
+ exit 1 |
1063 |
+ fi |
1064 |
+ |
1065 |
+ elif [[ -n "$redis_service" ]]; then |
1066 |
+ systemctl restart "$redis_service" &>/dev/null |
1067 |
+ |
1068 |
+ if [ $? -eq 0 ]; then |
1069 |
+ echo "systemd --> $redis_service is restarted." &>>/tmp/openvas_mail.out |
1070 |
+ else |
1071 |
+ echo "systemd --> $redis_service cannot restarted." | tee -a /tmp/openvas_mail.out |
1072 |
+ echo -e "Subject:$MAIL_SUBJECT\n$(cat /tmp/openvas_mail.out)" | sendmail -t "$MAIL_TO" &>/dev/null |
1073 |
+ exit 1 |
1074 |
+ fi |
1075 |
+ |
1076 |
+ elif [[ -n "$redis_init" ]]; then |
1077 |
+ rc-service redis stop |
1078 |
+ sleep 5 |
1079 |
+ rc-service redis start |
1080 |
+ |
1081 |
+ if [ $? -eq 0 ]; then |
1082 |
+ echo "open-rc --> redis is restarted." &>>/tmp/openvas_mail.out |
1083 |
+ else |
1084 |
+ echo "open-rc --> redis cannot restarted." | tee -a /tmp/openvas_mail.out |
1085 |
+ echo -e "Subject:$MAIL_SUBJECT\n$(cat /tmp/openvas_mail.out)" | sendmail -t "$MAIL_TO" &>/dev/null |
1086 |
+ exit 1 |
1087 |
+ fi |
1088 |
+ fi |
1089 |
+ systemctl restart "$scanner_service" &>/dev/null |
1090 |
+ |
1091 |
+ elif [[ -n "$scanner_init" ]]; then |
1092 |
+ ps aux | grep -v "grep" | grep -P "(^|\s)\Kopenvassd:(?=\s|$)" | awk '{print $2}' | xargs kill -9 &>/dev/null |
1093 |
+ sleep 3 |
1094 |
+ |
1095 |
+ # Try to restart redis service before OpenVAS-Scanner |
1096 |
+ if [ $redis -eq 0 ]; then |
1097 |
+ systemctl restart redis.service &>/dev/null |
1098 |
+ |
1099 |
+ if [ $? -eq 0 ]; then |
1100 |
+ echo "systemd --> redis.service is restarted." &>>/tmp/openvas_mail.out |
1101 |
+ else |
1102 |
+ echo "systemd --> redis.service cannot restarted." | tee -a /tmp/openvas_mail.out |
1103 |
+ echo -e "Subject:$MAIL_SUBJECT\n$(cat /tmp/openvas_mail.out)" | sendmail -t "$MAIL_TO" &>/dev/null |
1104 |
+ exit 1 |
1105 |
+ fi |
1106 |
+ |
1107 |
+ elif [[ -n "$redis_service" ]]; then |
1108 |
+ systemctl restart "$redis_service" &>/dev/null |
1109 |
+ |
1110 |
+ if [ $? -eq 0 ]; then |
1111 |
+ echo "systemd --> $redis_service is restarted." &>>/tmp/openvas_mail.out |
1112 |
+ else |
1113 |
+ echo "systemd --> $redis_service cannot restarted." | tee -a /tmp/openvas_mail.out |
1114 |
+ echo -e "Subject:$MAIL_SUBJECT\n$(cat /tmp/openvas_mail.out)" | sendmail -t "$MAIL_TO" &>/dev/null |
1115 |
+ exit 1 |
1116 |
+ fi |
1117 |
+ |
1118 |
+ elif [[ -n "$redis_init" ]]; then |
1119 |
+ rc-service redis stop |
1120 |
+ sleep 5 |
1121 |
+ rc-service redis start |
1122 |
+ |
1123 |
+ if [ $? -eq 0 ]; then |
1124 |
+ echo "open-rc --> redis is restarted." &>>/tmp/openvas_mail.out |
1125 |
+ else |
1126 |
+ echo "open-rc --> redis cannot restarted." | tee -a /tmp/openvas_mail.out |
1127 |
+ echo -e "Subject:$MAIL_SUBJECT\n$(cat /tmp/openvas_mail.out)" | sendmail -t "$MAIL_TO" &>/dev/null |
1128 |
+ exit 1 |
1129 |
+ fi |
1130 |
+ fi |
1131 |
+ rc-service openvassd start &>/dev/null |
1132 |
+ |
1133 |
+ else |
1134 |
+ ps aux | grep -v "grep" | grep -P "(^|\s)\Kopenvassd:(?=\s|$)" | awk '{print $2}' | xargs kill -9 &>/dev/null |
1135 |
+ sleep 3 |
1136 |
+ |
1137 |
+ # Try to restart redis service before OpenVAS-Scanner |
1138 |
+ if [ $redis -eq 0 ]; then |
1139 |
+ systemctl restart redis.service &>/dev/null |
1140 |
+ |
1141 |
+ if [ $? -eq 0 ]; then |
1142 |
+ echo "systemd --> redis.service is restarted." &>>/tmp/openvas_mail.out |
1143 |
+ else |
1144 |
+ echo "systemd --> redis.service cannot restarted." | tee -a /tmp/openvas_mail.out |
1145 |
+ echo -e "Subject:$MAIL_SUBJECT\n$(cat /tmp/openvas_mail.out)" | sendmail -t "$MAIL_TO" &>/dev/null |
1146 |
+ exit 1 |
1147 |
+ fi |
1148 |
+ |
1149 |
+ elif [[ -n "$redis_service" ]]; then |
1150 |
+ systemctl restart "$redis_service" &>/dev/null |
1151 |
+ |
1152 |
+ if [ $? -eq 0 ]; then |
1153 |
+ echo "systemd --> $redis_service is restarted." &>>/tmp/openvas_mail.out |
1154 |
+ else |
1155 |
+ echo "systemd --> $redis_service cannot restarted." | tee -a /tmp/openvas_mail.out |
1156 |
+ echo -e "Subject:$MAIL_SUBJECT\n$(cat /tmp/openvas_mail.out)" | sendmail -t "$MAIL_TO" &>/dev/null |
1157 |
+ exit 1 |
1158 |
+ fi |
1159 |
+ |
1160 |
+ elif [[ -n "$redis_init" ]]; then |
1161 |
+ rc-service redis stop |
1162 |
+ sleep 5 |
1163 |
+ rc-service redis start |
1164 |
+ |
1165 |
+ if [ $? -eq 0 ]; then |
1166 |
+ echo "open-rc --> redis is restarted." &>>/tmp/openvas_mail.out |
1167 |
+ else |
1168 |
+ echo "open-rc --> redis cannot restarted." | tee -a /tmp/openvas_mail.out |
1169 |
+ echo -e "Subject:$MAIL_SUBJECT\n$(cat /tmp/openvas_mail.out)" | sendmail -t "$MAIL_TO" &>/dev/null |
1170 |
+ exit 1 |
1171 |
+ fi |
1172 |
+ fi |
1173 |
+ openvassd "$OPENVAS_SCANNER_OPTIONS" "$OPENVAS_SCANNER_LISTEN_SOCKET" &>/dev/null |
1174 |
+ fi |
1175 |
+ |
1176 |
+ if [ $? -eq 0 ]; then |
1177 |
+ until [ "$(ps aux | grep -v 'grep' | grep -ow 'openvassd: Waiting')" = "openvassd: Waiting" ]; do |
1178 |
+ sleep 10 |
1179 |
+ echo "Waiting for OpenVAS-Scanner to become ready.." &>>/tmp/openvas_mail.out |
1180 |
+ done |
1181 |
+ echo "OpenVAS-Scanner is restarted." &>>/tmp/openvas_mail.out |
1182 |
+ |
1183 |
+ # Restart OpenVAS-Manager |
1184 |
+ if [ $manager -eq 0 ]; then |
1185 |
+ ps aux | grep -v "grep" | grep -P "(^|\s)\Kopenvasmd(?=\s|$)" | awk '{print $2}' | xargs kill -9 &>/dev/null |
1186 |
+ sleep 5 |
1187 |
+ systemctl restart openvasmd.service &>/dev/null |
1188 |
+ |
1189 |
+ if [ $? -eq 0 ]; then |
1190 |
+ success="0" |
1191 |
+ echo "systemd --> openvasmd.service is restarted" &>>/tmp/openvas_mail.out |
1192 |
+ echo "OpenVAS CronJob Success!" | tee -a /tmp/openvas_mail.out |
1193 |
+ echo -e "Subject:$MAIL_SUBJECT\n$(cat /tmp/openvas_mail.out)" | sendmail -t "$MAIL_TO" &>/dev/null |
1194 |
+ else |
1195 |
+ echo "systemd --> openvasmd.service cannot restarted" &>>/tmp/openvas_mail.out |
1196 |
+ echo "OpenVAS CronJob Failed!" | tee -a /tmp/openvas_mail.out |
1197 |
+ echo -e "Subject:$MAIL_SUBJECT\n$(cat /tmp/openvas_mail.out)" | sendmail -t "$MAIL_TO" &>/dev/null |
1198 |
+ exit 1 |
1199 |
+ fi |
1200 |
+ |
1201 |
+ elif [[ -n "$manager_service" ]]; then |
1202 |
+ ps aux | grep -v "grep" | grep -P "(^|\s)\Kopenvasmd(?=\s|$)" | awk '{print $2}' | xargs kill -9 &>/dev/null |
1203 |
+ sleep 5 |
1204 |
+ systemctl restart "$manager_service" &>/dev/null |
1205 |
+ |
1206 |
+ if [ $? -eq 0 ]; then |
1207 |
+ success="0" |
1208 |
+ echo "systemd --> $manager_service is restarted" &>>/tmp/openvas_mail.out |
1209 |
+ echo "OpenVAS CronJob Success!" | tee -a /tmp/openvas_mail.out |
1210 |
+ echo -e "Subject:$MAIL_SUBJECT\n$(cat /tmp/openvas_mail.out)" | sendmail -t "$MAIL_TO" &>/dev/null |
1211 |
+ else |
1212 |
+ echo "systemd --> $manager_service cannot restarted" &>>/tmp/openvas_mail.out |
1213 |
+ echo "OpenVAS CronJob Failed!" | tee -a /tmp/openvas_mail.out |
1214 |
+ echo -e "Subject:$MAIL_SUBJECT\n$(cat /tmp/openvas_mail.out)" | sendmail -t "$MAIL_TO" &>/dev/null |
1215 |
+ exit 1 |
1216 |
+ fi |
1217 |
+ |
1218 |
+ elif [[ -n "$manager_init" ]]; then |
1219 |
+ ps aux | grep -v "grep" | grep -P "(^|\s)\Kopenvasmd(?=\s|$)" | awk '{print $2}' | xargs kill -9 &>/dev/null |
1220 |
+ sleep 5 |
1221 |
+ rc-service openvasmd start &>/dev/null |
1222 |
+ |
1223 |
+ if [ $? -eq 0 ]; then |
1224 |
+ success="0" |
1225 |
+ echo "open-rc --> openvasmd is restarted" &>>/tmp/openvas_mail.out |
1226 |
+ echo "OpenVAS CronJob Success!" | tee -a /tmp/openvas_mail.out |
1227 |
+ echo -e "Subject:$MAIL_SUBJECT\n$(cat /tmp/openvas_mail.out)" | sendmail -t "$MAIL_TO" &>/dev/null |
1228 |
+ else |
1229 |
+ echo "open-rc --> openvasmd cannot restarted" &>>/tmp/openvas_mail.out |
1230 |
+ echo "OpenVAS CronJob Failed!" | tee -a /tmp/openvas_mail.out |
1231 |
+ echo -e "Subject:$MAIL_SUBJECT\n$(cat /tmp/openvas_mail.out)" | sendmail -t "$MAIL_TO" &>/dev/null |
1232 |
+ exit 1 |
1233 |
+ fi |
1234 |
+ |
1235 |
+ else |
1236 |
+ ps aux | grep -v "grep" | grep -P "(^|\s)\Kopenvasmd(?=\s|$)" | awk '{print $2}' | xargs kill -9 &>/dev/null |
1237 |
+ sleep 5 |
1238 |
+ openvasmd "$OPENVAS_MANAGER_OPTIONS" "$OPENVAS_MANAGER_PORT" "$OPENVAS_MANAGER_LISTEN_ADDRESS" "$OPENVAS_MANAGER_SCANNER_HOST" "$OPENVAS_MANAGER_GNUTLS_PRIORITIES" &>/dev/null |
1239 |
+ |
1240 |
+ if [ $? -eq 0 ]; then |
1241 |
+ success="0" |
1242 |
+ echo "OpenVAS-Manager is restarted manually" &>>/tmp/openvas_mail.out |
1243 |
+ echo "OpenVAS CronJob Success!" | tee -a /tmp/openvas_mail.out |
1244 |
+ echo -e "Subject:$MAIL_SUBJECT\n$(cat /tmp/openvas_mail.out)" | sendmail -t "$MAIL_TO" &>/dev/null |
1245 |
+ else |
1246 |
+ echo "OpenVAS-Manager cannot restarted" &>>/tmp/openvas_mail.out |
1247 |
+ echo "OpenVAS CronJob Failed!" | tee -a /tmp/openvas_mail.out |
1248 |
+ echo -e "Subject:$MAIL_SUBJECT\n$(cat /tmp/openvas_mail.out)" | sendmail -t "$MAIL_TO" &>/dev/null |
1249 |
+ exit 1 |
1250 |
+ fi |
1251 |
+ fi |
1252 |
+ else |
1253 |
+ echo "OpenVAS CronJob Failed! openvas-scanner cannot restarted" | tee -a /tmp/openvas_mail.out |
1254 |
+ echo -e "Subject:$MAIL_SUBJECT\n$(cat /tmp/openvas_mail.out)" | sendmail -t "$MAIL_TO" &>/dev/null |
1255 |
+ fi |
1256 |
+ else |
1257 |
+ echo "OpenVAS CronJob Failed! OpenVAS NVT cache build failed" | tee -a /tmp/openvas_mail.out |
1258 |
+ echo -e "Subject:$MAIL_SUBJECT\n$(cat /tmp/openvas_mail.out)" | sendmail -t "$MAIL_TO" &>/dev/null |
1259 |
+ fi |
1260 |
+ else |
1261 |
+ echo "OpenVAS CronJob Failed! OpenVAS Certdata sync failed!" | tee -a /tmp/openvas_mail.out |
1262 |
+ echo -e "Subject:$MAIL_SUBJECT\n$(cat /tmp/openvas_mail.out)" | sendmail -t "$MAIL_TO" &>/dev/null |
1263 |
+ fi |
1264 |
+ else |
1265 |
+ echo "OpenVAS CronJob Failed! OpenVAS Scapdata sync failed!" | tee -a /tmp/openvas_mail.out |
1266 |
+ echo -e "Subject:$MAIL_SUBJECT\n$(cat /tmp/openvas_mail.out)" | sendmail -t "$MAIL_TO" &>/dev/null |
1267 |
+ fi |
1268 |
+ else |
1269 |
+ echo "OpenVAS CronJob Failed! OpenVAS NVT sync update failed!" | tee -a /tmp/openvas_mail.out |
1270 |
+ echo -e "Subject:$MAIL_SUBJECT\n$(cat /tmp/openvas_mail.out)" | sendmail -t "$MAIL_TO" &>/dev/null |
1271 |
+fi |
1272 |
+rm -rf /tmp/openvas_mail.out |
1273 |
+ |
1274 |
+# Restart WebUI |
1275 |
+if [[ -n "$success" ]] && [ $gsad -eq 0 ]; then |
1276 |
+ WHICHA="$(type gsad | awk '{print $3}')" |
1277 |
+ |
1278 |
+ if [ $assistant -eq 0 ]; then |
1279 |
+ # Time to restart OpenVAS-Security Assistant |
1280 |
+ ps aux | grep -v "grep" | grep -P "(^|\s)\K$WHICHA(?=\s|$)" | awk '{print $2}' | xargs kill -9 &>/dev/null |
1281 |
+ sleep 5 |
1282 |
+ systemctl restart gsad.service &>/dev/null |
1283 |
+ |
1284 |
+ if [ $? -eq 0 ]; then |
1285 |
+ echo "systemd --> gsad.service (OpenVAS WebUI) is restarted" | tee -a /tmp/openvas_mail.out |
1286 |
+ echo -e "Subject:$MAIL_SUBJECT\n$(cat /tmp/openvas_mail.out)" | sendmail -t "$MAIL_TO" &>/dev/null |
1287 |
+ else |
1288 |
+ echo "systemd --> gsad.service (OpenVAS-WebUI) cannot restarted" | tee -a /tmp/openvas_mail.out |
1289 |
+ echo -e "Subject:$MAIL_SUBJECT\n$(cat /tmp/openvas_mail.out)" | sendmail -t "$MAIL_TO" &>/dev/null |
1290 |
+ fi |
1291 |
+ |
1292 |
+ elif [[ -n "$assistant_service" ]]; then |
1293 |
+ if [ $COUNTA -eq 1 ]; then |
1294 |
+ ps aux | grep -v "grep" | grep -P "(^|\s)\K$WHICHA(?=\s|$)" | awk '{print $2}' | xargs kill -9 &>/dev/null |
1295 |
+ sleep 5 |
1296 |
+ systemctl restart "$assistant_service" &>/dev/null |
1297 |
+ |
1298 |
+ if [ $? -eq 0 ]; then |
1299 |
+ echo "systemd --> $assistant_service (OpenVAS WebUI) is restarted" | tee -a /tmp/openvas_mail.out |
1300 |
+ echo -e "Subject:$MAIL_SUBJECT\n$(cat /tmp/openvas_mail.out)" | sendmail -t "$MAIL_TO" &>/dev/null |
1301 |
+ else |
1302 |
+ echo "systemd --> $assistan_service (OpenVAS WebUI) cannot restarted." | tee -a /tmp/openvas_mail.out |
1303 |
+ echo -e "Subject:$MAIL_SUBJECT\n$(cat /tmp/openvas_mail.out)" | sendmail -t "$MAIL_TO" &>/dev/null |
1304 |
+ fi |
1305 |
+ else |
1306 |
+ echo "systemd --> OpenVAS WebUI cannot restarted! You have multiple enabled systemd services ($assistant_service)" | tee -a /tmp/openvas_mail.out |
1307 |
+ echo -e "Subject:$MAIL_SUBJECT\n$(cat /tmp/openvas_mail.out)" | sendmail -t "$MAIL_TO" &>/dev/null |
1308 |
+ exit 1 |
1309 |
+ fi |
1310 |
+ |
1311 |
+ elif [[ -n "$assistant_init" ]]; then |
1312 |
+ ps aux | grep -v "grep" | grep -P "(^|\s)\K$WHICHA(?=\s|$)" | awk '{print $2}' | xargs kill -9 &>/dev/null |
1313 |
+ sleep 5 |
1314 |
+ rc-service gsad start &>/dev/null |
1315 |
+ |
1316 |
+ if [ $? -eq 0 ]; then |
1317 |
+ echo "open-rc --> gsad (OpenVAS WebUI) is restarted" | tee -a /tmp/openvas_mail.out |
1318 |
+ echo -e "Subject:$MAIL_SUBJECT\n$(cat /tmp/openvas_mail.out)" | sendmail -t "$MAIL_TO" &>/dev/null |
1319 |
+ else |
1320 |
+ echo "open-rc --> gsad (OpenVAS WebUI) cannot restarted." | tee -a /tmp/openvas_mail.out |
1321 |
+ echo -e "Subject:$MAIL_SUBJECT\n$(cat /tmp/openvas_mail.out)" | sendmail -t "$MAIL_TO" &>/dev/null |
1322 |
+ fi |
1323 |
+ else |
1324 |
+ ps aux | grep -v "grep" | grep -P "(^|\s)\K$WHICHA(?=\s|$)" | awk '{print $2}' | xargs kill -9 &>/dev/null |
1325 |
+ sleep 5 |
1326 |
+ gsad "$OPENVAS_SECURITY_ASSISTANT_OPTIONS" "$OPENVAS_SECURITY_ASSISTANT_LISTEN_ADDRESS" "$OPENVAS_SECURITY_ASSISTANT_LISTEN_PORT" "$OPENVAS_SECURITY_ASSISTANT_MANAGER_LISTEN_ADDRESS" "$OPENVAS_SECURITY_ASSISTANT_MANAGER_LISTEN_PORT" "$OPENVAS_SECURITY_ASSISTANT_GNUTLS_PRIORITIES" &>/dev/null |
1327 |
+ |
1328 |
+ if [ $? -eq 0 ]; then |
1329 |
+ echo "OpenVAS WebUI is restarted" | tee -a /tmp/openvas_mail.out |
1330 |
+ echo -e "Subject:$MAIL_SUBJECT\n$(cat /tmp/openvas_mail.out)" | sendmail -t "$MAIL_TO" &>/dev/null |
1331 |
+ else |
1332 |
+ echo "OpenVAS WebUI cannot restarted" | tee -a /tmp/openvas_mail.out |
1333 |
+ echo -e "Subject:$MAIL_SUBJECT\n$(cat /tmp/openvas_mail.out)" | sendmail -t "$MAIL_TO" &>/dev/null |
1334 |
+ fi |
1335 |
+ fi |
1336 |
+ rm -rf /tmp/openvas_mail.out |
1337 |
+fi |
1338 |
|
1339 |
diff --git a/net-analyzer/openvas-scanner/files/openvas-scanner-5.1.3-cachedir.patch b/net-analyzer/openvas-scanner/files/openvas-scanner-5.1.3-cachedir.patch |
1340 |
new file mode 100644 |
1341 |
index 00000000000..98c65725019 |
1342 |
--- /dev/null |
1343 |
+++ b/net-analyzer/openvas-scanner/files/openvas-scanner-5.1.3-cachedir.patch |
1344 |
@@ -0,0 +1,42 @@ |
1345 |
+--- openvas-scanner-5.1.3/src/openvassd.c 2018-08-29 19:27:26.000000000 +0300 |
1346 |
++++ openvas-scanner-5.1.3/src/openvassd.c 2019-02-04 03:28:24.635539266 +0300 |
1347 |
+@@ -103,7 +103,6 @@ |
1348 |
+ */ |
1349 |
+ static openvassd_option openvassd_defaults[] = { |
1350 |
+ {"plugins_folder", OPENVAS_NVT_DIR}, |
1351 |
+- {"cache_folder", OPENVAS_CACHE_DIR}, |
1352 |
+ {"include_folders", OPENVAS_NVT_DIR}, |
1353 |
+ {"max_hosts", "30"}, |
1354 |
+ {"max_checks", "10"}, |
1355 |
+--- openvas-scanner-5.1.3/src/CMakeLists.txt 2018-08-29 19:27:26.000000000 +0300 |
1356 |
++++ openvas-scanner-5.1.3/src/CMakeLists.txt 2019-02-04 03:22:20.078824664 +0300 |
1357 |
+@@ -68,10 +68,6 @@ |
1358 |
+ add_definitions (-DOPENVAS_NVT_DIR=\\\"${OPENVAS_NVT_DIR}\\\") |
1359 |
+ endif (OPENVAS_NVT_DIR) |
1360 |
+ |
1361 |
+-if (OPENVAS_CACHE_DIR) |
1362 |
+- add_definitions (-DOPENVAS_CACHE_DIR=\\\"${OPENVAS_CACHE_DIR}\\\") |
1363 |
+-endif (OPENVAS_CACHE_DIR) |
1364 |
+- |
1365 |
+ if (OPENVAS_LOG_DIR) |
1366 |
+ add_definitions (-DOPENVAS_LOG_DIR=\\\"${OPENVAS_LOG_DIR}\\\") |
1367 |
+ endif (OPENVAS_LOG_DIR) |
1368 |
+--- openvas-scanner-5.1.3/CMakeLists.txt 2018-08-29 19:27:26.000000000 +0300 |
1369 |
++++ openvas-scanner-5.1.3/CMakeLists.txt 2019-02-04 03:18:37.889999639 +0300 |
1370 |
+@@ -166,7 +166,6 @@ |
1371 |
+ set (OPENVAS_DATA_DIR "${DATADIR}/openvas") |
1372 |
+ set (OPENVAS_STATE_DIR "${LOCALSTATEDIR}/lib/openvas") |
1373 |
+ set (OPENVAS_LOG_DIR "${LOCALSTATEDIR}/log/openvas") |
1374 |
+-set (OPENVAS_CACHE_DIR "${LOCALSTATEDIR}/cache/openvas") |
1375 |
+ set (OPENVAS_SYSCONF_DIR "${SYSCONFDIR}/openvas") |
1376 |
+ |
1377 |
+ if (NOT OPENVAS_NVT_DIR) |
1378 |
+@@ -265,7 +264,6 @@ |
1379 |
+ DESTINATION ${DATADIR}/doc/openvas-scanner/ ) |
1380 |
+ |
1381 |
+ install (DIRECTORY DESTINATION ${OPENVAS_NVT_DIR}) |
1382 |
+-install (DIRECTORY DESTINATION ${OPENVAS_CACHE_DIR}) |
1383 |
+ |
1384 |
+ ## Tests |
1385 |
+ |
1386 |
+ |
1387 |
|
1388 |
diff --git a/net-analyzer/openvas-scanner/files/openvas-scanner-5.1.3-gcc8.patch b/net-analyzer/openvas-scanner/files/openvas-scanner-5.1.3-gcc8.patch |
1389 |
new file mode 100644 |
1390 |
index 00000000000..4ec2e786e12 |
1391 |
--- /dev/null |
1392 |
+++ b/net-analyzer/openvas-scanner/files/openvas-scanner-5.1.3-gcc8.patch |
1393 |
@@ -0,0 +1,42 @@ |
1394 |
+--- openvas-scanner-5.1.3/src/ntp.c 2018-08-29 19:27:26.000000000 +0300 |
1395 |
++++ openvas-scanner-5.1.3/src/ntp.c 2019-02-02 00:57:56.832878754 +0300 |
1396 |
+@@ -361,9 +361,7 @@ |
1397 |
+ } |
1398 |
+ |
1399 |
+ /*---------------------------------------------------------- |
1400 |
+- |
1401 |
+ Communication protocol: timestamps |
1402 |
+- |
1403 |
+ ----------------------------------------------------------*/ |
1404 |
+ |
1405 |
+ |
1406 |
+@@ -391,7 +389,7 @@ |
1407 |
+ static int |
1408 |
+ __ntp_timestamp_scan_host (int soc, char *msg, char *host) |
1409 |
+ { |
1410 |
+- char timestr[1024]; |
1411 |
++ char timestr[64]; |
1412 |
+ char *tmp; |
1413 |
+ time_t t; |
1414 |
+ int len; |
1415 |
+--- openvas-scanner-5.1.3/src/pluginload.c 2018-08-29 19:27:26.000000000 +0300 |
1416 |
++++ openvas-scanner-5.1.3/src/pluginload.c 2019-02-02 00:59:24.494774959 +0300 |
1417 |
+@@ -250,7 +250,7 @@ |
1418 |
+ g_slist_free_full (oids, g_free); |
1419 |
+ } |
1420 |
+ |
1421 |
+-static int |
1422 |
++static void |
1423 |
+ plugins_reload_from_dir (void *folder) |
1424 |
+ { |
1425 |
+ GSList *files = NULL, *f; |
1426 |
+--- openvas-scanner-5.1.3/src/processes.h 2018-08-29 19:27:26.000000000 +0300 |
1427 |
++++ openvas-scanner-5.1.3/src/processes.h 2019-02-02 01:06:42.772908314 +0300 |
1428 |
+@@ -28,7 +28,7 @@ |
1429 |
+ #ifndef _OPENVAS_THREADS_H |
1430 |
+ #define _OPENVAS_THREADS_H |
1431 |
+ |
1432 |
+-typedef int (*process_func_t) (void *); |
1433 |
++typedef void (*process_func_t) (void *); |
1434 |
+ pid_t create_process (process_func_t, void *); |
1435 |
+ int terminate_process (pid_t); |
1436 |
|
1437 |
diff --git a/net-analyzer/openvas-scanner/files/openvas-scanner-5.1.3-nvt.patch b/net-analyzer/openvas-scanner/files/openvas-scanner-5.1.3-nvt.patch |
1438 |
new file mode 100644 |
1439 |
index 00000000000..67091fcf3e3 |
1440 |
--- /dev/null |
1441 |
+++ b/net-analyzer/openvas-scanner/files/openvas-scanner-5.1.3-nvt.patch |
1442 |
@@ -0,0 +1,93 @@ |
1443 |
+--- openvas-scanner-5.1.3/src/attack.c 2018-08-29 19:27:26.000000000 +0300 |
1444 |
++++ openvas-scanner-5.1.3/src/attack.c 2019-02-02 00:44:12.834888067 +0300 |
1445 |
+@@ -97,9 +97,7 @@ |
1446 |
+ }; |
1447 |
+ |
1448 |
+ /******************************************************* |
1449 |
+- |
1450 |
+ PRIVATE FUNCTIONS |
1451 |
+- |
1452 |
+ ********************************************************/ |
1453 |
+ |
1454 |
+ /** |
1455 |
+@@ -996,6 +994,14 @@ |
1456 |
+ sched = plugins_scheduler_init |
1457 |
+ (prefs_get ("plugin_set"), prefs_get_bool ("auto_enable_dependencies"), |
1458 |
+ network_phase); |
1459 |
++ if (sched == NULL) |
1460 |
++ { |
1461 |
++ error_message_to_client (global_socket, |
1462 |
++ "Failed to initialize the plugins scheduler.", |
1463 |
++ NULL, NULL); |
1464 |
++ return; |
1465 |
++ } |
1466 |
++ |
1467 |
+ |
1468 |
+ max_hosts = get_max_hosts_number (); |
1469 |
+ max_checks = get_max_checks_number (); |
1470 |
+--- openvas-scanner-5.1.3/src/pluginscheduler.c 2018-08-29 19:27:26.000000000 +0300 |
1471 |
++++ openvas-scanner-5.1.3/src/pluginscheduler.c 2019-02-02 00:48:03.799598381 +0300 |
1472 |
+@@ -486,7 +486,7 @@ |
1473 |
+ } |
1474 |
+ } |
1475 |
+ |
1476 |
+-static void |
1477 |
++static int |
1478 |
+ plugins_scheduler_fill (plugins_scheduler_t sched) |
1479 |
+ { |
1480 |
+ int i; |
1481 |
+@@ -500,6 +500,15 @@ |
1482 |
+ int category; |
1483 |
+ |
1484 |
+ category = nvticache_get_category (element->data); |
1485 |
++ if (category < 0) |
1486 |
++ { |
1487 |
++ log_write ("The NVT with oid %s has not category assigned. This is " |
1488 |
++ "considered a fatal error, since the NVTI Cache " |
1489 |
++ "structure stored in Redis is out dated or corrupted.", |
1490 |
++ (char *) element->data); |
1491 |
++ g_slist_free_full (list, g_free); |
1492 |
++ return 1; |
1493 |
++ } |
1494 |
+ scheduler_plugin = g_malloc0 (sizeof (struct scheduler_plugin)); |
1495 |
+ scheduler_plugin->running_state = PLUGIN_STATUS_UNRUN; |
1496 |
+ scheduler_plugin->oid = g_strdup (element->data); |
1497 |
+@@ -529,6 +538,7 @@ |
1498 |
+ } |
1499 |
+ } |
1500 |
+ |
1501 |
++ return 0; |
1502 |
+ } |
1503 |
+ |
1504 |
+ plugins_scheduler_t |
1505 |
+@@ -540,7 +550,11 @@ |
1506 |
+ /* Fill our lists */ |
1507 |
+ ret = g_malloc0 (sizeof (*ret)); |
1508 |
+ ret->hash = hash_init (); |
1509 |
+- plugins_scheduler_fill (ret); |
1510 |
++ if (plugins_scheduler_fill (ret)) |
1511 |
++ { |
1512 |
++ plugins_scheduler_free (ret); |
1513 |
++ return NULL; |
1514 |
++ } |
1515 |
+ |
1516 |
+ plugins_scheduler_enable (ret, plugins_list, autoload); |
1517 |
+ |
1518 |
+@@ -729,9 +743,12 @@ |
1519 |
+ void |
1520 |
+ plugins_scheduler_free (plugins_scheduler_t sched) |
1521 |
+ { |
1522 |
+- int i; |
1523 |
+- hash_destroy (sched->hash); |
1524 |
+- for (i = ACT_FIRST; i <= ACT_LAST; i++) |
1525 |
+- list_destroy (sched->list[i]); |
1526 |
+- g_free (sched); |
1527 |
++ if (sched) |
1528 |
++ { |
1529 |
++ int i; |
1530 |
++ hash_destroy (sched->hash); |
1531 |
++ for (i = ACT_FIRST; i <= ACT_LAST; i++) |
1532 |
++ list_destroy (sched->list[i]); |
1533 |
++ g_free (sched); |
1534 |
++ } |
1535 |
+ } |
1536 |
|
1537 |
diff --git a/net-analyzer/openvas-scanner/files/openvas-scanner-daemon.conf b/net-analyzer/openvas-scanner/files/openvas-scanner-daemon.conf |
1538 |
new file mode 100644 |
1539 |
index 00000000000..f14b5aae6f1 |
1540 |
--- /dev/null |
1541 |
+++ b/net-analyzer/openvas-scanner/files/openvas-scanner-daemon.conf |
1542 |
@@ -0,0 +1,9 @@ |
1543 |
+# OpenVAS Scanner command args |
1544 |
+ |
1545 |
+# e.g --foreground |
1546 |
+OPENVAS_SCANNER_OPTIONS="" |
1547 |
+ |
1548 |
+# Scanner listen socket |
1549 |
+OPENVAS_SCANNER_LISTEN_SOCKET="--unix-socket=/var/run/openvassd.sock" |
1550 |
+ |
1551 |
+ |
1552 |
|
1553 |
diff --git a/net-analyzer/openvas-scanner/files/openvas-scanner.init b/net-analyzer/openvas-scanner/files/openvas-scanner.init |
1554 |
new file mode 100644 |
1555 |
index 00000000000..757b5801f29 |
1556 |
--- /dev/null |
1557 |
+++ b/net-analyzer/openvas-scanner/files/openvas-scanner.init |
1558 |
@@ -0,0 +1,25 @@ |
1559 |
+#!/sbin/openrc-run |
1560 |
+# Copyright 1999-2019 Gentoo Authors |
1561 |
+# Distributed under the terms of the GNU General Public License v2 |
1562 |
+ |
1563 |
+name="OpenVAS Scanner" |
1564 |
+command="/usr/sbin/openvassd" |
1565 |
+command_args="${OPENVAS_SCANNER_OPTIONS} ${OPENVAS_SCANNER_LISTEN_SOCKET}" |
1566 |
+pidfile="/var/run/openvassd.pid" |
1567 |
+command_background="true" |
1568 |
+ |
1569 |
+depend() { |
1570 |
+ after bootmisc |
1571 |
+ need localmount net redis |
1572 |
+} |
1573 |
+ |
1574 |
+start_pre() { |
1575 |
+ checkpath --directory --mode 0775 --quiet /var/cache/openvas |
1576 |
+} |
1577 |
+ |
1578 |
+create_cache() { |
1579 |
+ checkpath --directory --mode 0775 --quiet /var/cache/openvas |
1580 |
+ ebegin "Generating initial Cache" |
1581 |
+ /usr/sbin/openvassd --foreground --only-cache |
1582 |
+ eend $? |
1583 |
+} |
1584 |
|
1585 |
diff --git a/net-analyzer/openvas-scanner/files/openvas-scanner.logrotate b/net-analyzer/openvas-scanner/files/openvas-scanner.logrotate |
1586 |
new file mode 100644 |
1587 |
index 00000000000..89f9e6d264d |
1588 |
--- /dev/null |
1589 |
+++ b/net-analyzer/openvas-scanner/files/openvas-scanner.logrotate |
1590 |
@@ -0,0 +1,11 @@ |
1591 |
+# logrotate for openvas scanner |
1592 |
+/var/log/openvas/openvassd.messages { |
1593 |
+ rotate 4 |
1594 |
+ weekly |
1595 |
+ compress |
1596 |
+ delaycompress |
1597 |
+ missingok |
1598 |
+ postrotate |
1599 |
+ /bin/kill -HUP `pidof openvassd` |
1600 |
+ endscript |
1601 |
+} |
1602 |
|
1603 |
diff --git a/net-analyzer/openvas-scanner/files/openvas-scanner.service b/net-analyzer/openvas-scanner/files/openvas-scanner.service |
1604 |
new file mode 100644 |
1605 |
index 00000000000..4f30586ab51 |
1606 |
--- /dev/null |
1607 |
+++ b/net-analyzer/openvas-scanner/files/openvas-scanner.service |
1608 |
@@ -0,0 +1,21 @@ |
1609 |
+[Unit] |
1610 |
+Description=OpenVAS Scanner |
1611 |
+After=network.target |
1612 |
+After=redis.service |
1613 |
+Before=gvmd.service |
1614 |
+Requires=redis.service |
1615 |
+ |
1616 |
+[Service] |
1617 |
+Type=forking |
1618 |
+EnvironmentFile=-/etc/openvas/sysconfig/openvas-scanner-daemon.conf |
1619 |
+ExecStart=/usr/sbin/openvassd $OPENVAS_SCANNER_OPTIONS $OPENVAS_SCANNER_LISTEN_SOCKET |
1620 |
+ExecReload=/bin/kill -HUP $MAINPID |
1621 |
+Restart=on-failure |
1622 |
+RestartSec=10 |
1623 |
+KillMode=mixed |
1624 |
+User=root |
1625 |
+Group=root |
1626 |
+TimeoutSec=1200 |
1627 |
+ |
1628 |
+[Install] |
1629 |
+WantedBy=multi-user.target |
1630 |
|
1631 |
diff --git a/net-analyzer/openvas-scanner/files/openvas-scanner.tmpfiles.d b/net-analyzer/openvas-scanner/files/openvas-scanner.tmpfiles.d |
1632 |
new file mode 100644 |
1633 |
index 00000000000..18e820caec1 |
1634 |
--- /dev/null |
1635 |
+++ b/net-analyzer/openvas-scanner/files/openvas-scanner.tmpfiles.d |
1636 |
@@ -0,0 +1 @@ |
1637 |
+d /var/cache/openvassd 0775 |
1638 |
|
1639 |
diff --git a/net-analyzer/openvas-scanner/files/openvassd.conf b/net-analyzer/openvas-scanner/files/openvassd.conf |
1640 |
index 88f83f4bed9..b218a4a27b0 100644 |
1641 |
--- a/net-analyzer/openvas-scanner/files/openvassd.conf |
1642 |
+++ b/net-analyzer/openvas-scanner/files/openvassd.conf |
1643 |
@@ -1,118 +1,53 @@ |
1644 |
-# Configuration file of the OpenVAS Security Scanner |
1645 |
+#You can get detailed informations from https://linux.die.net/man/8/openvassd |
1646 |
|
1647 |
-# Every line starting with a '#' is a comment |
1648 |
- |
1649 |
-[Misc] |
1650 |
- |
1651 |
-# Path to the security checks folder: |
1652 |
plugins_folder = /var/lib/openvas/plugins |
1653 |
- |
1654 |
-# Path to OpenVAS caching folder: |
1655 |
-cache_folder = /var/cache/openvas |
1656 |
- |
1657 |
-# Path to OpenVAS include directories: |
1658 |
-# (multiple entries are separated with colon ':') |
1659 |
include_folders = /var/lib/openvas/plugins |
1660 |
- |
1661 |
-# Maximum number of simultaneous hosts tested : |
1662 |
max_hosts = 30 |
1663 |
- |
1664 |
-# Maximum number of simultaneous checks against each host tested : |
1665 |
max_checks = 10 |
1666 |
|
1667 |
-# Niceness. If set to 'yes', openvassd will renice itself to 10. |
1668 |
+#Resource friendly |
1669 |
be_nice = no |
1670 |
|
1671 |
-# Log file (or 'syslog') : |
1672 |
-logfile = /var/log/openvas/openvassd.log |
1673 |
+#Logfile |
1674 |
+logfile = /var/log/openvas/openvassd.messages |
1675 |
|
1676 |
-# Shall we log every details of the attack ? (disk intensive) |
1677 |
log_whole_attack = no |
1678 |
- |
1679 |
-# Log the name of the plugins that are loaded by the server ? |
1680 |
log_plugins_name_at_load = no |
1681 |
- |
1682 |
-# Dump file for debugging output, use `-' for stdout |
1683 |
dumpfile = /var/log/openvas/openvassd.dump |
1684 |
- |
1685 |
-# Rules file : |
1686 |
-rules = /etc/openvas/openvassd.rules |
1687 |
- |
1688 |
-# CGI paths to check for (cgi-bin:/cgi-aws:/ can do) |
1689 |
cgi_path = /cgi-bin:/scripts |
1690 |
|
1691 |
-# Range of the ports the port scanners will scan : |
1692 |
-# 'default' means that OpenVAS will scan ports found in its |
1693 |
-# services file. |
1694 |
-port_range = default |
1695 |
- |
1696 |
-# Optimize the test (recommended) : |
1697 |
+#Turn off for push hard but increase false positive and slow down scans |
1698 |
optimize_test = yes |
1699 |
|
1700 |
-# Optimization : |
1701 |
-# Read timeout for the sockets of the tests : |
1702 |
checks_read_timeout = 5 |
1703 |
- |
1704 |
-# Ports against which two plugins should not be run simultaneously : |
1705 |
-# non_simult_ports = Services/www, 139, Services/finger |
1706 |
+network_scan = no |
1707 |
non_simult_ports = 139, 445 |
1708 |
- |
1709 |
-# Maximum lifetime of a plugin (in seconds) : |
1710 |
plugins_timeout = 320 |
1711 |
+scanner_plugins_timeout = 36000 |
1712 |
|
1713 |
-# Safe checks rely on banner grabbing : |
1714 |
-safe_checks = yes |
1715 |
+#Push harder to target |
1716 |
+safe_checks = no |
1717 |
|
1718 |
-# Automatically activate the plugins that are depended on |
1719 |
auto_enable_dependencies = yes |
1720 |
- |
1721 |
-# Do not echo data from plugins which have been automatically enabled |
1722 |
-silent_dependencies = no |
1723 |
- |
1724 |
-# Designate hosts by MAC address, not IP address (useful for DHCP networks) |
1725 |
use_mac_addr = no |
1726 |
- |
1727 |
- |
1728 |
-#--- Knowledge base saving (can be configured by the client) : |
1729 |
-# Save the knowledge base on disk : |
1730 |
-save_knowledge_base = no |
1731 |
- |
1732 |
-# Restore the KB for each test : |
1733 |
-kb_restore = no |
1734 |
- |
1735 |
-# Only test hosts whose KB we do not have : |
1736 |
-only_test_hosts_whose_kb_we_dont_have = no |
1737 |
- |
1738 |
-# Only test hosts whose KB we already have : |
1739 |
-only_test_hosts_whose_kb_we_have = no |
1740 |
- |
1741 |
-# KB test replay : |
1742 |
-kb_dont_replay_scanners = no |
1743 |
-kb_dont_replay_info_gathering = no |
1744 |
-kb_dont_replay_attacks = no |
1745 |
-kb_dont_replay_denials = no |
1746 |
-kb_max_age = 864000 |
1747 |
-#--- end of the KB section |
1748 |
- |
1749 |
- |
1750 |
-# If this option is set, OpenVAS will not scan a network incrementally |
1751 |
-# (10.0.0.1, then 10.0.0.2, 10.0.0.3 and so on..) but will attempt to |
1752 |
-# slice the workload throughout the whole network (ie: it will scan |
1753 |
-# 10.0.0.1, then 10.0.0.127, then 10.0.0.2, then 10.0.0.128 and so on... |
1754 |
-slice_network_addresses = no |
1755 |
- |
1756 |
-# Should consider all the NASL scripts as being signed ? (unsafe if set to 'yes') |
1757 |
nasl_no_signature_check = yes |
1758 |
- |
1759 |
-#Certificates |
1760 |
-cert_file=/var/lib/openvas/CA/servercert.pem |
1761 |
-key_file=/var/lib/openvas/private/CA/serverkey.pem |
1762 |
-ca_file=/var/lib/openvas/CA/cacert.pem |
1763 |
- |
1764 |
-# If you decide to protect your private key with a password, |
1765 |
-# uncomment and change next line |
1766 |
-# pem_password=password |
1767 |
-# If you want to force the use of a client certificate, uncomment next line |
1768 |
-# force_pubkey_auth = yes |
1769 |
- |
1770 |
-#end. |
1771 |
+drop_privileges = no |
1772 |
+unscanned_closed = yes |
1773 |
+unscanned_closed_udp = yes |
1774 |
+vhosts = |
1775 |
+vhosts_ip = |
1776 |
+report_host_details = yes |
1777 |
+ |
1778 |
+#Redis listening socket (must be same with redis socket) |
1779 |
+kb_location = /tmp/redis.sock |
1780 |
+ |
1781 |
+timeout_retry = 3 |
1782 |
+time_between_request = 0 |
1783 |
+ |
1784 |
+#Config File |
1785 |
+config_file = /etc/openvas/openvassd.conf |
1786 |
+ |
1787 |
+#Certificates (default these are not needed here but setup-check script looking for them) |
1788 |
+cert_file = /var/lib/openvas/CA/servercert.pem |
1789 |
+key_file = /var/lib/openvas/private/CA/serverkey.pem |
1790 |
+ca_file = /var/lib/openvas/CA/cacert.pem |
1791 |
|
1792 |
diff --git a/net-analyzer/openvas-scanner/files/redis.conf.example b/net-analyzer/openvas-scanner/files/redis.conf.example |
1793 |
new file mode 100644 |
1794 |
index 00000000000..6a41211aaae |
1795 |
--- /dev/null |
1796 |
+++ b/net-analyzer/openvas-scanner/files/redis.conf.example |
1797 |
@@ -0,0 +1,57 @@ |
1798 |
+bind 127.0.0.1 |
1799 |
+protected-mode yes |
1800 |
+port 0 |
1801 |
+tcp-backlog 511 |
1802 |
+unixsocket /tmp/redis.sock |
1803 |
+unixsocketperm 700 |
1804 |
+timeout 0 |
1805 |
+tcp-keepalive 300 |
1806 |
+daemonize no |
1807 |
+supervised no |
1808 |
+pidfile /run/redis/redis.pid |
1809 |
+loglevel notice |
1810 |
+logfile /var/log/redis/redis.log |
1811 |
+databases 16 |
1812 |
+always-show-logo yes |
1813 |
+stop-writes-on-bgsave-error yes |
1814 |
+rdbcompression yes |
1815 |
+rdbchecksum yes |
1816 |
+dbfilename dump.rdb |
1817 |
+dir /var/lib/redis/ |
1818 |
+slave-serve-stale-data yes |
1819 |
+slave-read-only yes |
1820 |
+repl-diskless-sync no |
1821 |
+repl-diskless-sync-delay 5 |
1822 |
+repl-disable-tcp-nodelay no |
1823 |
+slave-priority 100 |
1824 |
+lazyfree-lazy-eviction no |
1825 |
+lazyfree-lazy-expire no |
1826 |
+lazyfree-lazy-server-del no |
1827 |
+slave-lazy-flush no |
1828 |
+appendonly no |
1829 |
+appendfilename "appendonly.aof" |
1830 |
+appendfsync everysec |
1831 |
+no-appendfsync-on-rewrite no |
1832 |
+auto-aof-rewrite-percentage 100 |
1833 |
+auto-aof-rewrite-min-size 64mb |
1834 |
+aof-load-truncated yes |
1835 |
+aof-use-rdb-preamble no |
1836 |
+lua-time-limit 5000 |
1837 |
+slowlog-log-slower-than 10000 |
1838 |
+slowlog-max-len 128 |
1839 |
+latency-monitor-threshold 0 |
1840 |
+notify-keyspace-events "" |
1841 |
+hash-max-ziplist-entries 512 |
1842 |
+hash-max-ziplist-value 64 |
1843 |
+list-max-ziplist-size -2 |
1844 |
+list-compress-depth 0 |
1845 |
+set-max-intset-entries 512 |
1846 |
+zset-max-ziplist-entries 128 |
1847 |
+zset-max-ziplist-value 64 |
1848 |
+hll-sparse-max-bytes 3000 |
1849 |
+activerehashing yes |
1850 |
+client-output-buffer-limit normal 0 0 0 |
1851 |
+client-output-buffer-limit slave 256mb 64mb 60 |
1852 |
+client-output-buffer-limit pubsub 32mb 8mb 60 |
1853 |
+hz 10 |
1854 |
+aof-rewrite-incremental-fsync yes |
1855 |
|
1856 |
diff --git a/net-analyzer/openvas-scanner/metadata.xml b/net-analyzer/openvas-scanner/metadata.xml |
1857 |
index 6f49eba8f49..fa26aa942e1 100644 |
1858 |
--- a/net-analyzer/openvas-scanner/metadata.xml |
1859 |
+++ b/net-analyzer/openvas-scanner/metadata.xml |
1860 |
@@ -1,5 +1,15 @@ |
1861 |
<?xml version="1.0" encoding="UTF-8"?> |
1862 |
<!DOCTYPE pkgmetadata SYSTEM "http://www.gentoo.org/dtd/metadata.dtd"> |
1863 |
<pkgmetadata> |
1864 |
-<!-- maintainer-needed --> |
1865 |
+ <maintainer type="person"> |
1866 |
+ <email>hasan.calisir@×××××××.com</email> |
1867 |
+ <name>Hasan ÇALIŞIR</name> |
1868 |
+ </maintainer> |
1869 |
+ <maintainer type="project"> |
1870 |
+ <email>proxy-maint@g.o</email> |
1871 |
+ <name>Proxy Maintainers</name> |
1872 |
+ </maintainer> |
1873 |
+ <use> |
1874 |
+ <flag name="extras">Html docs support</flag> |
1875 |
+ </use> |
1876 |
</pkgmetadata> |
1877 |
|
1878 |
diff --git a/net-analyzer/openvas-scanner/openvas-scanner-5.1.3.ebuild b/net-analyzer/openvas-scanner/openvas-scanner-5.1.3.ebuild |
1879 |
new file mode 100644 |
1880 |
index 00000000000..c0e59479a72 |
1881 |
--- /dev/null |
1882 |
+++ b/net-analyzer/openvas-scanner/openvas-scanner-5.1.3.ebuild |
1883 |
@@ -0,0 +1,97 @@ |
1884 |
+# Copyright 1999-2019 Gentoo Authors |
1885 |
+# Distributed under the terms of the GNU General Public License v2 |
1886 |
+ |
1887 |
+EAPI=7 |
1888 |
+ |
1889 |
+CMAKE_MAKEFILE_GENERATOR="emake" |
1890 |
+inherit cmake-utils systemd |
1891 |
+MY_PN="openvas-scanner" |
1892 |
+ |
1893 |
+DESCRIPTION="A remote security scanner for Linux (OpenVAS-scanner)" |
1894 |
+HOMEPAGE="http://www.openvas.org/" |
1895 |
+SRC_URI="https://github.com/greenbone/${MY_PN}/archive/v${PV}.tar.gz -> ${P}.tar.gz" |
1896 |
+ |
1897 |
+SLOT="0" |
1898 |
+LICENSE="GPL-2" |
1899 |
+KEYWORDS="~amd64 ~x86" |
1900 |
+IUSE="extras" |
1901 |
+ |
1902 |
+DEPEND=" |
1903 |
+ dev-db/redis |
1904 |
+ dev-libs/libgcrypt:0= |
1905 |
+ >=net-analyzer/openvas-libraries-9.0.3 |
1906 |
+ net-libs/gnutls:=[tools] |
1907 |
+ net-libs/libssh:= |
1908 |
+ extras? ( dev-perl/CGI )" |
1909 |
+ |
1910 |
+RDEPEND=" |
1911 |
+ ${DEPEND} |
1912 |
+ !net-analyzer/openvas-tools" |
1913 |
+ |
1914 |
+BDEPEND=" |
1915 |
+ sys-devel/bison |
1916 |
+ sys-devel/flex |
1917 |
+ virtual/pkgconfig |
1918 |
+ extras? ( app-doc/doxygen[dot] |
1919 |
+ app-doc/xmltoman |
1920 |
+ app-text/htmldoc |
1921 |
+ dev-perl/SQL-Translator |
1922 |
+ )" |
1923 |
+ |
1924 |
+PATCHES=( |
1925 |
+ "${FILESDIR}/${P}-gcc8.patch" |
1926 |
+ "${FILESDIR}/${P}-nvt.patch" |
1927 |
+ "${FILESDIR}/${P}-cachedir.patch" |
1928 |
+) |
1929 |
+ |
1930 |
+src_prepare() { |
1931 |
+ cmake-utils_src_prepare |
1932 |
+ # Fix for correct FHS/Gentoo policy paths for 5.1.3 |
1933 |
+ sed -i "s*/doc/openvas-scanner/*/doc/openvas-scanner-${PV}/*g" "$S"/CMakeLists.txt || die |
1934 |
+ if use extras; then |
1935 |
+ doxygen -u "$S"/doc/Doxyfile_full.in || die |
1936 |
+ fi |
1937 |
+} |
1938 |
+ |
1939 |
+src_configure() { |
1940 |
+ local mycmakeargs=( |
1941 |
+ "-DCMAKE_INSTALL_PREFIX=${EPREFIX}/usr" |
1942 |
+ "-DLOCALSTATEDIR=${EPREFIX}/var" |
1943 |
+ "-DSYSCONFDIR=${EPREFIX}/etc" |
1944 |
+ ) |
1945 |
+ cmake-utils_src_configure |
1946 |
+} |
1947 |
+ |
1948 |
+src_compile() { |
1949 |
+ cmake-utils_src_compile |
1950 |
+ if use extras; then |
1951 |
+ cmake-utils_src_make -C "${BUILD_DIR}" doc |
1952 |
+ cmake-utils_src_make doc-full -C "${BUILD_DIR}" doc |
1953 |
+ HTML_DOCS=( "${BUILD_DIR}"/doc/generated/html/. ) |
1954 |
+ fi |
1955 |
+} |
1956 |
+ |
1957 |
+src_install() { |
1958 |
+ cmake-utils_src_install |
1959 |
+ |
1960 |
+ insinto /etc/openvas |
1961 |
+ doins "${FILESDIR}"/openvassd.conf "${FILESDIR}"/redis.conf.example |
1962 |
+ |
1963 |
+ insinto /etc/openvas/sysconfig |
1964 |
+ doins "${FILESDIR}"/${MY_PN}-daemon.conf |
1965 |
+ |
1966 |
+ insinto /etc/openvas/scripts |
1967 |
+ doins "${FILESDIR}"/openvas-feed-sync "${FILESDIR}"/first-start |
1968 |
+ fperms 0755 /etc/openvas/scripts/{openvas-feed-sync,first-start} |
1969 |
+ |
1970 |
+ newinitd "${FILESDIR}/${MY_PN}.init" ${MY_PN} |
1971 |
+ newconfd "${FILESDIR}/${MY_PN}-daemon.conf" ${MY_PN} |
1972 |
+ |
1973 |
+ insinto /etc/logrotate.d |
1974 |
+ newins "${FILESDIR}/${MY_PN}.logrotate" ${MY_PN} |
1975 |
+ |
1976 |
+ systemd_newtmpfilesd "${FILESDIR}/${MY_PN}.tmpfiles.d" ${MY_PN}.conf |
1977 |
+ systemd_dounit "${FILESDIR}"/${MY_PN}.service |
1978 |
+ |
1979 |
+ keepdir /var/lib/openvas/plugins |
1980 |
+} |