jlec 14/09/28 18:12:28
Modified: openvassd.init openvassd.service
Added: openvassd.conf
openvas-scanner-4.0.3-mkcertclient.patch
openvas-scanner-4.0.3-rulesdir.patch
openvassd-daemon.conf openvas-nvt-sync-cron
openvassd.logrotate
openvas-scanner-4.0.3-bsdsource.patch
Log:
net-analyzer/openvas-scanner: Import fedora patches
(Portage version: 2.2.14_rc1/cvs/Linux x86_64, signed Manifest commit with
key B9D4F231BD1558AB!)
Revision Changes Path
1.2 net-analyzer/openvas-scanner/files/openvassd.init
file :
http://sources.gentoo.org/viewvc.cgi/gentoo-x86/net-analyzer/openvas-scanner/files/openvassd.init?rev=1.2&view=markup
plain:
http://sources.gentoo.org/viewvc.cgi/gentoo-x86/net-analyzer/openvas-scanner/files/openvassd.init?rev=1.2&content-type=text/plain
diff :
http://sources.gentoo.org/viewvc.cgi/gentoo-x86/net-analyzer/openvas-scanner/files/openvassd.init?r1=1.1&r2=1.2
Index: openvassd.init
===================================================================
RCS file:
/var/cvsroot/gentoo-x86/net-analyzer/openvas-scanner/files/openvassd.init,v
retrieving revision 1.1
retrieving revision 1.2
diff -u -r1.1 -r1.2
--- openvassd.init 28 Sep 2014 15:40:44 -0000 1.1
+++ openvassd.init 28 Sep 2014 18:12:28 -0000 1.2
@@ -3,22 +3,10 @@
# Distributed under the terms of the GNU General Public License v2
# $Header:
+name="OpenVAS Scanner"
+command="/usr/sbin/openvassd"
+command_args="${SCANNER_LISTEN} ${SCANNER_PORT} ${SCANNER_SRCIP}"
+
depend() {
need net
}
-
-start() {
- ebegin "Starting openvassd (scanner)"
- checkpath -d -q /var/cache/openvassd
- start-stop-daemon --start --name openvassd \
- --exec /usr/sbin/openvassd \
- --pidfile /run/openvassd.pid
- eend $?
-}
-
-stop() {
- ebegin "Stop openvassd (scanner)"
- start-stop-daemon --stop --name openvassd \
- --pidfile /run/openvassd.pid
- eend $?
-}
1.2 net-analyzer/openvas-scanner/files/openvassd.service
file :
http://sources.gentoo.org/viewvc.cgi/gentoo-x86/net-analyzer/openvas-scanner/files/openvassd.service?rev=1.2&view=markup
plain:
http://sources.gentoo.org/viewvc.cgi/gentoo-x86/net-analyzer/openvas-scanner/files/openvassd.service?rev=1.2&content-type=text/plain
diff :
http://sources.gentoo.org/viewvc.cgi/gentoo-x86/net-analyzer/openvas-scanner/files/openvassd.service?r1=1.1&r2=1.2
Index: openvassd.service
===================================================================
RCS file:
/var/cvsroot/gentoo-x86/net-analyzer/openvas-scanner/files/openvassd.service,v
retrieving revision 1.1
retrieving revision 1.2
diff -u -r1.1 -r1.2
--- openvassd.service 28 Sep 2014 15:40:44 -0000 1.1
+++ openvassd.service 28 Sep 2014 18:12:28 -0000 1.2
@@ -1,6 +1,16 @@
[Unit]
Description=OpenVAS Scanner
After=network.target
+Before=openvasmd.service
[Service]
-ExecStart=/usr/sbin/openvassd -f
+EnvironmentFile=-/etc/openvas/openvassd-daemon.conf
+ExecStart=/usr/sbin/openvassd -f $SCANNER_PORT $SCANNER_LISTEN $SCANNER_SRCIP
+Restart=always
+RestartSec=1
+User=root
+Group=root
+TimeoutSec=1200
+
+[Install]
+WantedBy=multi-user.target
1.1 net-analyzer/openvas-scanner/files/openvassd.conf
file :
http://sources.gentoo.org/viewvc.cgi/gentoo-x86/net-analyzer/openvas-scanner/files/openvassd.conf?rev=1.1&view=markup
plain:
http://sources.gentoo.org/viewvc.cgi/gentoo-x86/net-analyzer/openvas-scanner/files/openvassd.conf?rev=1.1&content-type=text/plain
Index: openvassd.conf
===================================================================
# Configuration file of the OpenVAS Security Scanner
# Every line starting with a '#' is a comment
[Misc]
# Path to the security checks folder:
plugins_folder = /var/lib/openvas/plugins
# Path to OpenVAS caching folder:
cache_folder = /var/cache/openvas
# Path to OpenVAS include directories:
# (multiple entries are separated with colon ':')
include_folders = /var/lib/openvas/plugins
# Maximum number of simultaneous hosts tested :
max_hosts = 30
# Maximum number of simultaneous checks against each host tested :
max_checks = 10
# Niceness. If set to 'yes', openvassd will renice itself to 10.
be_nice = no
# Log file (or 'syslog') :
logfile = /var/log/openvas/openvassd.log
# Shall we log every details of the attack ? (disk intensive)
log_whole_attack = no
# Log the name of the plugins that are loaded by the server ?
log_plugins_name_at_load = no
# Dump file for debugging output, use `-' for stdout
dumpfile = /var/log/openvas/openvassd.dump
# Rules file :
rules = /etc/openvas/openvassd.rules
# CGI paths to check for (cgi-bin:/cgi-aws:/ can do)
cgi_path = /cgi-bin:/scripts
# Range of the ports the port scanners will scan :
# 'default' means that OpenVAS will scan ports found in its
# services file.
port_range = default
# Optimize the test (recommended) :
optimize_test = yes
# Optimization :
# Read timeout for the sockets of the tests :
checks_read_timeout = 5
# Ports against which two plugins should not be run simultaneously :
# non_simult_ports = Services/www, 139, Services/finger
non_simult_ports = 139, 445
# Maximum lifetime of a plugin (in seconds) :
plugins_timeout = 320
# Safe checks rely on banner grabbing :
safe_checks = yes
# Automatically activate the plugins that are depended on
auto_enable_dependencies = yes
# Do not echo data from plugins which have been automatically enabled
silent_dependencies = no
# Designate hosts by MAC address, not IP address (useful for DHCP networks)
use_mac_addr = no
#--- Knowledge base saving (can be configured by the client) :
# Save the knowledge base on disk :
save_knowledge_base = no
# Restore the KB for each test :
kb_restore = no
# Only test hosts whose KB we do not have :
only_test_hosts_whose_kb_we_dont_have = no
# Only test hosts whose KB we already have :
only_test_hosts_whose_kb_we_have = no
# KB test replay :
kb_dont_replay_scanners = no
kb_dont_replay_info_gathering = no
kb_dont_replay_attacks = no
kb_dont_replay_denials = no
kb_max_age = 864000
#--- end of the KB section
# If this option is set, OpenVAS will not scan a network incrementally
# (10.0.0.1, then 10.0.0.2, 10.0.0.3 and so on..) but will attempt to
# slice the workload throughout the whole network (ie: it will scan
# 10.0.0.1, then 10.0.0.127, then 10.0.0.2, then 10.0.0.128 and so on...
slice_network_addresses = no
# Should consider all the NASL scripts as being signed ? (unsafe if set to
'yes')
nasl_no_signature_check = yes
#Certificates
cert_file=/var/lib/openvas/CA/servercert.pem
key_file=/var/lib/openvas/private/CA/serverkey.pem
ca_file=/var/lib/openvas/CA/cacert.pem
# If you decide to protect your private key with a password,
# uncomment and change next line
# pem_password=password
# If you want to force the use of a client certificate, uncomment next line
# force_pubkey_auth = yes
#end.
1.1
net-analyzer/openvas-scanner/files/openvas-scanner-4.0.3-mkcertclient.patch
file :
http://sources.gentoo.org/viewvc.cgi/gentoo-x86/net-analyzer/openvas-scanner/files/openvas-scanner-4.0.3-mkcertclient.patch?rev=1.1&view=markup
plain:
http://sources.gentoo.org/viewvc.cgi/gentoo-x86/net-analyzer/openvas-scanner/files/openvas-scanner-4.0.3-mkcertclient.patch?rev=1.1&content-type=text/plain
Index: openvas-scanner-4.0.3-mkcertclient.patch
===================================================================
diff -ru openvas-scanner-4.0.1/CMakeLists.txt
openvas-scanner-4.0.1.mkcert/CMakeLists.txt
--- openvas-scanner-4.0.1/CMakeLists.txt 2014-04-23 16:00:47.000000000
+0200
+++ openvas-scanner-4.0.1.mkcert/CMakeLists.txt 2014-05-26 16:04:23.093548608
+0200
@@ -258,7 +258,6 @@
# DESTINATION ${OPENVAS_SYSCONF_DIR})
install (FILES ${CMAKE_BINARY_DIR}/tools/openvas-mkcert
- ${CMAKE_BINARY_DIR}/tools/openvas-mkcert-client
${CMAKE_BINARY_DIR}/tools/openvas-nvt-sync
DESTINATION ${SBINDIR}
PERMISSIONS OWNER_EXECUTE OWNER_READ OWNER_WRITE
@@ -269,7 +268,15 @@
PERMISSIONS OWNER_EXECUTE OWNER_READ OWNER_WRITE
GROUP_READ GROUP_EXECUTE WORLD_READ WORLD_EXECUTE)
-install (FILES ${CMAKE_BINARY_DIR}/doc/openvassd.8
+install (FILES ${CMAKE_BINARY_DIR}/tools/openvas-mkcert-client
+ DESTINATION ${BINDIR}
+ PERMISSIONS OWNER_EXECUTE OWNER_READ OWNER_WRITE
+ GROUP_READ GROUP_EXECUTE WORLD_READ WORLD_EXECUTE)
+
+install (FILES ${CMAKE_SOURCE_DIR}/doc/openvas-mkcert-client.1
+ DESTINATION ${DATADIR}/man/man1 )
+
+install (FILES ${CMAKE_BINARY_DIR}/doc/openvassd.8
DESTINATION ${DATADIR}/man/man8 )
install (FILES ${CMAKE_SOURCE_DIR}/doc/openvas-mkcert.8
Only in openvas-scanner-4.0.1.mkcert/: CMakeLists.txt~
1.1
net-analyzer/openvas-scanner/files/openvas-scanner-4.0.3-rulesdir.patch
file :
http://sources.gentoo.org/viewvc.cgi/gentoo-x86/net-analyzer/openvas-scanner/files/openvas-scanner-4.0.3-rulesdir.patch?rev=1.1&view=markup
plain:
http://sources.gentoo.org/viewvc.cgi/gentoo-x86/net-analyzer/openvas-scanner/files/openvas-scanner-4.0.3-rulesdir.patch?rev=1.1&content-type=text/plain
Index: openvas-scanner-4.0.3-rulesdir.patch
===================================================================
diff -ru openvas-scanner-4.0.1/CMakeLists.txt
openvas-scanner-4.0.1.rules/CMakeLists.txt
--- openvas-scanner-4.0.1/CMakeLists.txt 2014-04-23 16:00:47.000000000
+0200
+++ openvas-scanner-4.0.1.rules/CMakeLists.txt 2014-05-26 16:07:37.454116277
+0200
@@ -171,6 +171,10 @@
set (OPENVASSD_DEBUGMSG "${OPENVAS_LOG_DIR}/openvassd.dump")
set (OPENVASSD_CONF "${OPENVAS_SYSCONF_DIR}/openvassd.conf")
+if (NOT OPENVASSD_RULES)
+ set (OPENVASSD_RULES "${OPENVAS_DATA_DIR}/openvassd.rules")
+endif (NOT OPENVASSD_RULES)
+
set (NVT_TIMEOUT "320")
message ("-- Install prefix: ${CMAKE_INSTALL_PREFIX}")
1.1 net-analyzer/openvas-scanner/files/openvassd-daemon.conf
file :
http://sources.gentoo.org/viewvc.cgi/gentoo-x86/net-analyzer/openvas-scanner/files/openvassd-daemon.conf?rev=1.1&view=markup
plain:
http://sources.gentoo.org/viewvc.cgi/gentoo-x86/net-analyzer/openvas-scanner/files/openvassd-daemon.conf?rev=1.1&content-type=text/plain
Index: openvassd-daemon.conf
===================================================================
#Listen on given address - by default scanner listens on all addresses
#SCANNER_LISTEN=--listen=127.0.0.1
#Listen on given port - by default 9391
SCANNER_PORT=--port=9391
#Send the packets with the source IP of IP1,IP2,IP3....
#SCANNER_SRCIP=--src-ip=127.0.0.1,192.168.1.2
# Set to yes if plugins should be automatically updated via a cron job
auto_plugin_update=no
# Notify OpenVAS scanner after update by seding it SIGHUP?
notify_openvas_scanner=yes
# Method to use to get updates. The default is via rsync
# Note that only wget and curl support retrieval via proxy
# update_method=rsync|wget|curl
# Additionaly, you can specify the following variables
#NVT_DIR where to extract plugins (absolute path)
#OV_RSYNC_FEED URL of rsync feed
#OV_HTTP_FEED URL of http feed
1.1 net-analyzer/openvas-scanner/files/openvas-nvt-sync-cron
file :
http://sources.gentoo.org/viewvc.cgi/gentoo-x86/net-analyzer/openvas-scanner/files/openvas-nvt-sync-cron?rev=1.1&view=markup
plain:
http://sources.gentoo.org/viewvc.cgi/gentoo-x86/net-analyzer/openvas-scanner/files/openvas-nvt-sync-cron?rev=1.1&content-type=text/plain
Index: openvas-nvt-sync-cron
===================================================================
#!/bin/sh
if [ -f /etc/openvas/openvassd.conf ]; then
. /etc/openvas/openvassd.conf
fi
if [ "$auto_plugin_update" != "yes" ]; then
exit 0
fi
opts=""
case "$update_method" in
rsync)
opts = "$opts --rsync"
;;
wget)
opts = "$opts --wget"
;;
curl)
opts = "$opts --curl"
;;
esac
# Export openvas-nvt-sync's environment variables if they are defined
[ \! -z "$NVT_DIR" ] && export NVT_DIR
[ \! -z "$OV_RSYNC_FEED" ] && export OV_RSYNC_FEED
[ \! -z "$OV_HTTP_FEED" ] && export OV_HTTP_FEED
/usr/sbin/openvas-nvt-sync $opts >& /dev/null
if [ $? -ne 0 ]; then
echo "Error updating OpenVAS plugins. Please run openvas-nvt-sync
manually."
exit 1
fi
if [ "$notify_openvas_scanner" == "yes" ]; then
/etc/init.d/openvas-scanner reloadplugins
fi
1.1 net-analyzer/openvas-scanner/files/openvassd.logrotate
file :
http://sources.gentoo.org/viewvc.cgi/gentoo-x86/net-analyzer/openvas-scanner/files/openvassd.logrotate?rev=1.1&view=markup
plain:
http://sources.gentoo.org/viewvc.cgi/gentoo-x86/net-analyzer/openvas-scanner/files/openvassd.logrotate?rev=1.1&content-type=text/plain
Index: openvassd.logrotate
===================================================================
# logrotate for openvas
/var/log/openvas/openvassd.log {
rotate 4
weekly
compress
delaycompress
missingok
postrotate
/bin/kill -HUP `pidof openvassd`
endscript
}
1.1
net-analyzer/openvas-scanner/files/openvas-scanner-4.0.3-bsdsource.patch
file :
http://sources.gentoo.org/viewvc.cgi/gentoo-x86/net-analyzer/openvas-scanner/files/openvas-scanner-4.0.3-bsdsource.patch?rev=1.1&view=markup
plain:
http://sources.gentoo.org/viewvc.cgi/gentoo-x86/net-analyzer/openvas-scanner/files/openvas-scanner-4.0.3-bsdsource.patch?rev=1.1&content-type=text/plain
Index: openvas-scanner-4.0.3-bsdsource.patch
===================================================================
diff -ru openvas-scanner-4.0.1/CMakeLists.txt
openvas-scanner-4.0.1.bsdsource/CMakeLists.txt
--- openvas-scanner-4.0.1/CMakeLists.txt 2014-04-23 16:00:47.000000000
+0200
+++ openvas-scanner-4.0.1.bsdsource/CMakeLists.txt 2014-05-26
16:11:23.018940789 +0200
@@ -235,7 +235,7 @@
set (HARDENING_FLAGS "-Wformat -Wformat-security -O2
-D_FORTIFY_SOURCE=2 -fstack-protector -Wl,-z,relro -Wl,-z,now")
set (CMAKE_C_FLAGS_DEBUG "${CMAKE_C_FLAGS_DEBUG} -Werror")
-set (CMAKE_C_FLAGS "${CMAKE_C_FLAGS} ${HARDENING_FLAGS} -Wall
-D_BSD_SOURCE -D_ISOC99_SOURCE -D_SVID_SOURCE")
+set (CMAKE_C_FLAGS "${CMAKE_C_FLAGS} ${HARDENING_FLAGS} -Wall
-D_DEFAULT_SOURCE -D_ISOC99_SOURCE")
add_subdirectory (src)
