* [gentoo-commits] repo/gentoo:master commit in: net-analyzer/openvas-scanner/files/, net-analyzer/openvas-scanner/
@ 2019-03-13 14:59 Patrice Clement
0 siblings, 0 replies; 8+ messages in thread
From: Patrice Clement @ 2019-03-13 14:59 UTC (permalink / raw
To: gentoo-commits
commit: 87057ce7dbb83050472c6ee39f083a229aee2eed
Author: Hasan ÇALIŞIR <hasan.calisir <AT> psauxit <DOT> com>
AuthorDate: Thu Feb 7 01:51:45 2019 +0000
Commit: Patrice Clement <monsieurp <AT> gentoo <DOT> org>
CommitDate: Wed Mar 13 14:58:51 2019 +0000
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=87057ce7
net-analyzer/openvas-scanner: version bump to 5.1.3.
Bump to 5.1.3.
This also brings new improvements and introduces the new USE flag 'extras'.
Introduces three new patches which fixes build and QA issues:
- gcc8.patch fixes gcc-8 build issue.
- nvt.patch fixes nvt category issue.
- cachedir.patch fixes unnecessary directory install QA issue.
Introduces two new useful scripts:
- first-start script checks setup and ready it for first time use.
- openvas-feed-sync script updates OpenVAS feeds from cron.
Introduces one new example file for proper redis configuration.
redis.conf.example is proper example config file for package.
systemd & init script files updated.
Because of new dependencies ~arm ~ppc keywords have been dropped.
This package is part of net-analyzer/openvas.
Reported-by: NP-Hardass <np-hardass <AT> gentoo.org>
Acked-by: Hasan ÇALIŞIR <hasan.calisir <AT> psauxit.com>
Tested-by: Hasan ÇALIŞIR <hasan.calisir <AT> psauxit.com>
Signed-off-by: Hasan ÇALIŞIR <hasan.calisir <AT> psauxit.com>
Package-Manager: Portage-2.3.51, Repoman-2.3.11
Signed-off-by: Patrice Clement <monsieurp <AT> gentoo.org>
net-analyzer/openvas-scanner/Manifest | 1 +
net-analyzer/openvas-scanner/files/first-start | 634 +++++++++++++++++++++
.../openvas-scanner/files/openvas-feed-sync | 627 ++++++++++++++++++++
.../files/openvas-scanner-5.1.3-cachedir.patch | 42 ++
.../files/openvas-scanner-5.1.3-gcc8.patch | 42 ++
.../files/openvas-scanner-5.1.3-nvt.patch | 93 +++
.../files/openvas-scanner-daemon.conf | 9 +
.../openvas-scanner/files/openvas-scanner.init | 25 +
.../files/openvas-scanner.logrotate | 11 +
.../openvas-scanner/files/openvas-scanner.service | 21 +
.../files/openvas-scanner.tmpfiles.d | 1 +
net-analyzer/openvas-scanner/files/openvassd.conf | 123 +---
.../openvas-scanner/files/redis.conf.example | 57 ++
net-analyzer/openvas-scanner/metadata.xml | 12 +-
.../openvas-scanner/openvas-scanner-5.1.3.ebuild | 97 ++++
15 files changed, 1700 insertions(+), 95 deletions(-)
diff --git a/net-analyzer/openvas-scanner/Manifest b/net-analyzer/openvas-scanner/Manifest
index db79fe5dc71..2bb7d462564 100644
--- a/net-analyzer/openvas-scanner/Manifest
+++ b/net-analyzer/openvas-scanner/Manifest
@@ -1 +1,2 @@
DIST openvas-scanner-5.0.4.tar.gz 236282 BLAKE2B 3105afe0fd819773b33c8194e0addaad70af4692578fe3bfbd76166004ca99e25f2f22a946810fe52da747242f1e45bae00766c4687676ec70df2d7349fa4509 SHA512 51267f832a104897a497b5dc71d1b804de4db77742e2234d111a00b1e0e01536613b16ff48d23a37013178b016b39408a25d18a694980c7e6fc600824e05e149
+DIST openvas-scanner-5.1.3.tar.gz 254159 BLAKE2B d90fa15e143ead53abce66f933a3a4cac327176cca0f23bd88fe771ed7726b1891784ae980644c8335e560d348753115e43cfae83af9704e2d1d02827163563f SHA512 5712ab275058877cfd656e268ed09c81db6617ae247c17092f1fcd037f692f2018daf21b09b82401f99a7361bb485f0e0f7d63f8ff2387839cfdd5a3aaf8424e
diff --git a/net-analyzer/openvas-scanner/files/first-start b/net-analyzer/openvas-scanner/files/first-start
new file mode 100755
index 00000000000..95811a56b19
--- /dev/null
+++ b/net-analyzer/openvas-scanner/files/first-start
@@ -0,0 +1,634 @@
+#!/bin/bash
+# Copyright 1999-2019 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+# This is OpenVAS first-start/check-setup script which make things automatically for first time use.
+
+
+##################################################################################################
+# If you use systemd or init.d(open-rc) for OpenVAS daemons you don't need to set below settings.#
+# If you don't use any of them you can set the below command args to start daemons manually. #
+##################################################################################################
+
+# OpenVAS Manager command args
+OPENVAS_MANAGER_OPTIONS="" # e.g --foreground
+OPENVAS_MANAGER_PORT="--port=9390" # Manager listen port
+OPENVAS_MANAGER_LISTEN_ADDRESS="--listen=127.0.0.1" # Manager listen address
+OPENVAS_MANAGER_SCANNER_HOST="--scanner-host=/var/run/openvassd.sock" # Scanner unix socket
+OPENVAS_MANAGER_GNUTLS_PRIORITIES="--gnutls-priorities=SECURE256:+SUITEB192:+SECURE192:+SECURE128:+SUITEB128:-MD5:-SHA1:-VERS-TLS1.0:-VERS-TLS1.1:-VERS-SSL3.0"
+
+# OpenVAS Scanner command args
+OPENVAS_SCANNER_OPTIONS="" # e.g --foreground
+OPENVAS_SCANNER_LISTEN_SOCKET="--unix-socket=/var/run/openvassd.sock" # Scanner listen socket
+
+# OpenVAS Security Assistant command args for reverse proxying | SSL PassThrough
+OPENVAS_SECURITY_ASSISTANT_OPTIONS="--no-redirect" # Don't listen port 80 anymore for reverse proxy
+OPENVAS_SECURITY_ASSISTANT_LISTEN_ADDRESS="--listen=127.0.0.1" # WebUI adress
+OPENVAS_SECURITY_ASSISTANT_LISTEN_PORT="--port=9392" # WebUI Port
+OPENVAS_SECURITY_ASSISTANT_MANAGER_LISTEN_ADDRESS="--mlisten=127.0.0.1" # WebUI Manager Address
+OPENVAS_SECURITY_ASSISTANT_MANAGER_PORT="--mport=9390" # WebUI Manager Port
+OPENVAS_SECURITY_ASSISTANT_GNUTLS_PRIORITIES="--gnutls-priorities=NORMAL" # TLS Settings
+
+#####################################################################################################
+
+# Update Environment
+source /etc/profile &>/dev/null
+source /etc/environment &>/dev/null
+source ~/.bash_profile &>/dev/null
+
+# Check the needed executables.They are in our environment and have +x?
+if ! [ -x "$(command -v openvasmd)" ] ||
+ ! [ -x "$(command -v openvassd)" ] ||
+ ! [ -x "$(command -v redis-server)" ] ||
+ ! [ -x "$(command -v openvas-manage-certs)" ] ||
+ ! [ -x "$(command -v greenbone-nvt-sync)" ] ||
+ ! [ -x "$(command -v greenbone-scapdata-sync)" ] ||
+ ! [ -x "$(command -v greenbone-certdata-sync)" ]; then
+ path="1"
+ else
+ path="0"
+fi
+
+# Check Security-Assistant is exist
+if ! [ -x "$(command -v gsad)" ]; then
+ gsad="1"
+ else
+ gsad="0"
+fi
+# Executables are not in our environment
+if [ $path -eq 1 ]; then
+ echo "Can't find executables! If you installed OpenVAS to specific location e.g. /opt"
+ echo "please add these PATHS to /etc/profile,also sure that they are executable"
+ exit 1
+fi
+
+# Check systemd and enable services for Gentoo/Linux
+if command -v systemctl &>/dev/null; then
+ systemctl="0"
+ echo "systemd found."
+ systemctl enable openvas-scanner.service &>/dev/null
+ if [ $? -eq 0 ]; then
+ echo "systemd.Gentoo --> openvas-scanner.service enabled."
+ fi
+ systemctl enable gvmd.service &>/dev/null
+ if [ $? -eq 0 ]; then
+ echo "systemd.Gentoo --> gvmd.service enabled."
+ fi
+ systemctl enable gsa.service &>/dev/null
+ if [ $? -eq 0 ]; then
+ echo "systemd.Gentoo --> gsa.service enabled."
+ fi
+ else
+ systemctl="1"
+fi
+
+# Check open-rc if exist
+if command -v rc-service &>/dev/null; then
+ open_rc="0"
+ else
+ open_rc="1"
+fi
+
+# open-rc variables
+if [ $systemctl -eq 1 ] && [ $open_rc -eq 0 ]; then
+ echo "open-rc found."
+ scanner_init="0"
+ manager_init="0"
+ assistant_init="0"
+ redis_init="0"
+fi
+
+# Check status of OpenVAS-Scanner systemd unit
+if [ $systemctl -eq 0 ] &&
+ ([ "$(systemctl is-active openvas-scanner.service)" = "active" ] ||
+ [ "$(systemctl list-unit-files | grep 'enabled' | grep 'openvas-scanner.service' | awk '{print $1}')" = "openvas-scanner.service" ]); then
+ scanner="0"
+ else
+ scanner="1"
+fi
+
+# Check status of OpenVAS-Manager systemd unit
+if [ $systemctl -eq 0 ] &&
+ ([ "$(systemctl is-active gvmd.service)" = "active" ] ||
+ [ "$(systemctl list-unit-files | grep 'enabled' | grep 'gvmd.service' | awk '{print $1}')" = "gvmd.service" ]); then
+ manager="0"
+ else
+ manager="1"
+fi
+
+# Check status of OpenVAS-Assistant systemd unit
+if [ $systemctl -eq 0 ] &&
+ ([ "$(systemctl is-active gsa.service)" = "active" ] ||
+ [ "$(systemctl list-unit-files | grep 'enabled' | grep 'gsa.service' | awk '{print $1}')" = "gsa.service" ]); then
+ assistant="0"
+ else
+ assistant="1"
+fi
+
+# Check status of Redis systemd unit
+if [ $systemctl -eq 0 ] &&
+ ([ "$(systemctl is-active redis.service)" = "active" ] ||
+ [ "$(systemctl list-unit-files | grep 'enabled' | grep 'redis.service' | awk '{print $1}')" = "redis.service" ]); then
+ redis="0"
+ else
+ redis="1"
+fi
+
+# We need to find correct service name for restarting.
+if [ $scanner -eq 1 ] || [ $manager -eq 1 ] || [ $assistant -eq 1 ] || [ $redis -eq 1 ]; then
+ WHICHM="ExecStart=$(type openvasmd | awk '{print $3}')"
+ WHICHS="ExecStart=$(type openvassd | awk '{print $3}')"
+ WHICHA="ExecStart=$(type gsad | awk '{print $3}')"
+ WHICHR="ExecStart=$(type redis-server | awk '{print $3}')"
+
+ # If you have unordinary systemd path you can add here
+ DIR="/lib/systemd/system/
+ /etc/systemd/system/
+ /usr/lib/systemd/system/
+ /usr/local/lib/systemd/system/"
+
+ # Find OpenVAS daemons systemd files if exist
+ for i in $DIR; do
+ if [ -d "$i" ]; then
+ grep -rilnw "$i" -e "$WHICHM" | cut -d: -f1 | grep -oP "$i\K.*" &>>/tmp/openvas_GVM_manager_service.out
+ grep -rilnw "$i" -e "$WHICHS" | cut -d: -f1 | grep -oP "$i\K.*" &>>/tmp/openvas_GVM_scanner_service.out
+ grep -rilnw "$i" -e "$WHICHA" | cut -d: -f1 | grep -oP "$i\K.*" &>>/tmp/openvas_GVM_assistant_service.out
+ grep -rilnw "$i" -e "$WHICHR" | cut -d: -f1 | grep -oP "$i\K.*" &>>/tmp/openvas_GVM_redis_service.out
+ fi
+ done
+
+ manager_service="$(while IFS= read -r service; do
+ systemctl list-unit-files | grep -P "(^|\s)\K$service(?=\s|$)" | awk '{print $1}'
+ done < /tmp/openvas_GVM_manager_service.out)"
+ scanner_service="$(while IFS= read -r service; do
+ systemctl list-unit-files | grep -P "(^|\s)\K$service(?=\s|$)" | awk '{print $1}'
+ done < /tmp/openvas_GVM_scanner_service.out)"
+ assistant_service="$(while IFS= read -r service; do
+ systemctl list-unit-files | grep -P "(^|\s)\K$service(?=\s|$)" | awk '{print $1}'
+ done < /tmp/openvas_GVM_assistant_service.out)"
+ redis_service="$(while IFS= read -r service; do
+ systemctl list-unit-files | grep -P "(^|\s)\K$service(?=\s|$)" | awk '{print $1}'
+ done < /tmp/openvas_GVM_redis_service.out)"
+
+ rm -rf /tmp/openvas_GVM*
+ COUNTM=$(wc -w <<< "${manager_service}")
+ COUNTS=$(wc -w <<< "${scanner_service}")
+ COUNTA=$(wc -w <<< "${assistant_service}")
+ COUNTR=$(wc -w <<< "${redis_service}")
+
+ if [ -n "$manager_service" ] && [ $manager -eq 1 ]; then
+ if [ "$(systemctl list-unit-files | grep 'enabled' | grep $manager_service | awk '{print $1}')" = "$manager_service" ]; then
+ echo "systemd --> OpenVAS Manager '$manager_service' found."
+ else
+ echo "systemd --> '$manager_service' found but not enabled."
+ echo "are you sure this is the correct systemd service for Openvas Manager"
+ while true; do
+ read -n 1 -p "do you want to enable '$manager_service'? --> (Y)es | (N)o | (Q)uit" answer
+ echo
+ case $answer in
+ [Yy]* ) systemctl enable "$manager_service" &>/dev/null; echo "systemd --> '$manager_service' enabled"; break;;
+ [Nn]* ) manager_service=""; echo "it seems you are not sure.ok i don't use $manager_service"; break;;
+ [Qq]* ) exit;;
+ * ) echo "Please answer yes,no or quit.";;
+ esac
+ done
+ fi
+ fi
+
+ if [ -n "$scanner_service" ] && [ $scanner -eq 1 ]; then
+ if [ "$(systemctl list-unit-files | grep 'enabled' | grep $scanner_service | awk '{print $1}')" = "$scanner_service" ]; then
+ echo "systemd --> OpenVAS Scanner '$scanner_service' found."
+ else
+ echo "systemd --> '$scanner_service' found but not enabled."
+ echo "are you sure this is the correct systemd service for Openvas Scanner"
+ while true; do
+ read -n 1 -p "do you want to enable '$scanner_service'? --> (Y)es | (N)o | (Q)uit" answer
+ echo
+ case $answer in
+ [Yy]* ) systemctl enable "$scanner_service" &>/dev/null; echo "systemd --> '$scanner_service' enabled"; break;;
+ [Nn]* ) scanner_service=""; echo "it seems you are not sure.ok i don't use $scanner_service"; break;;
+ [Qq]* ) exit;;
+ * ) echo "Please answer yes,no or quit.";;
+ esac
+ done
+ fi
+ fi
+
+ if [ -n "$assistant_service" ] && [ $scanner -eq 1 ]; then
+ if [ "$(systemctl list-unit-files | grep 'enabled' | grep $assistant_service | awk '{print $1}')" = "$assistant_service" ]; then
+ echo "systemd --> GSA '$assistant_service' found."
+ else
+ echo "systemd --> '$assistant_service' found but not enabled."
+ echo "are you sure this is the correct systemd service for Greenbone Security Assistant"
+ while true; do
+ read -n 1 -p "do you want to enable '$assistant_service'? --> (Y)es | (N)o | (Q)uit" answer
+ echo
+ case $answer in
+ [Yy]* ) systemctl enable "$assistant_service" &>/dev/null; echo "systemd --> '$assistant_service' enabled"; break;;
+ [Nn]* ) assistant_service=""; echo "it seems you are not sure.ok i don't use $assistant_service"; break;;
+ [Qq]* ) exit;;
+ * ) echo "please answer yes,no or quit.";;
+ esac
+ done
+ fi
+ fi
+
+ if [ -n "$redis_service" ] && [ $scanner -eq 1 ]; then
+ if [ "$(systemctl list-unit-files | grep 'enabled' | grep $redis_service | awk '{print $1}')" = "$redis_service" ]; then
+ echo "systemd --> redis '$redis_service' found."
+ else
+ echo "systemd --> '$redis_service' found but not enabled."
+ echo "are you sure this is the correct systemd service for redis-server"
+ while true; do
+ read -n 1 -p "do you want to enable '$redis_service'? --> (Y)es | (N)o | (Q)uit" answer
+ echo
+ case $answer in
+ [Yy]* ) systemctl enable "$redis_service" &>/dev/null; echo "systemd --> '$redis_service' enabled"; break;;
+ [Nn]* ) redis_service=""; echo "it seems you are not sure.ok i don't use $redis_service"; break;;
+ [Qq]* ) exit;;
+ * ) echo "please answer yes,no or quit.";;
+ esac
+ done
+ fi
+ fi
+
+ if [ $COUNTM -gt 1 ] || [ $COUNTS -gt 1 ] || [ $COUNTR -gt 1 ]; then
+ echo "you have more than one enabled systemd service for single daemon"
+ echo " check OpenVAS and Redis systemd unit files to fix it"
+ exit 1
+ fi
+fi
+
+restart_redis () {
+if [ $redis -eq 0 ]; then
+ systemctl restart redis.service &>/dev/null
+ if [ $? -eq 0 ]; then
+ echo "systemd --> redis.service is restarted."
+ else
+ echo "systemd --> redis.service cannot restarted."
+ exit 1
+ fi
+elif [[ -n "$redis_service" ]]; then
+ systemctl restart "$redis_service" &>/dev/null
+ if [ $? -eq 0 ]; then
+ echo "systemd --> $redis_service is restarted."
+ else
+ echo "systemd --> $redis_service cannot restarted."
+ exit 1
+ fi
+elif [[ -n "$redis_init" ]]; then
+ rc-service redis stop
+ sleep 5
+ rc-service redis start
+ if [ $? -eq 0 ]; then
+ echo "open-rc --> redis is restarted."
+ else
+ echo "open-rc --> redis cannot restarted."
+ exit 1
+ fi
+fi
+}
+
+build_nvt () {
+if ps aux | grep -v "grep" | grep -P "(^|\s)\Kopenvassd:(?=\s|$)" &>/dev/null; then
+ ps aux | grep -v "grep" | grep -P "(^|\s)\Kopenvassd:(?=\s|$)" | awk '{print $2}' | xargs kill -9 &>/dev/null
+ openvassd --foreground --only-cache &>/dev/null
+ if [ $? -eq 0 ]; then
+ echo "building NVT cache is done."
+ else
+ echo "building NVT cache is failed.."
+ exit 1
+ fi
+ else
+ openvassd --foreground --only-cache &>/dev/null
+ if [ $? -eq 0 ]; then
+ echo "building NVT cache is done."
+ else
+ echo "building NVT cache is failed.."
+ exit 1
+ fi
+fi
+}
+
+create_user () {
+GREEN="`tput setaf 2`"
+RED="`tput setaf 1`"
+norm="`tput sgr0`"
+echo "creating WebUI User.."
+openvasmd --create-user=admin --role=Admin &>/tmp/openvas_user.out
+if [ $? -eq 0 ]; then
+ username="admin"
+ password="$(cat /tmp/openvas_user.out | awk '{print $5}' | cut -c2-)"
+ echo "${RED}!WebUI Address : ${GREEN}127.0.0.1:9392"
+ echo "${RED}!WebUI Username: ${GREEN}$username"
+ echo "${RED}!WebUI Password: ${GREEN}${password%??}${norm}"
+ else
+ echo "$(cat /tmp/openvas_user.out)"
+ echo "these are active users for WebUI"
+ openvasmd --get-users
+fi
+rm -rf /tmp/openvas_user.out
+}
+
+# Redis & OpenVAS Scanner socket connection check for Gentoo/Linux
+if [[ -e /etc/redis.conf ]]; then
+ if [ "$(openvassd -s | grep 'kb_location' | awk '{print $3}')" = "$(cat /etc/redis.conf | grep -P '(^|\s)\Kunixsocket(?=\s|$)' | awk '{print $2}')" ]; then
+ echo "redis server properly configured."
+ else
+ redis_sock="$(openvassd -s | grep 'kb_location' | awk '{print $3}')"
+ echo "redis server is not properly configured."
+ echo "be sure redis server listening unix socket at $redis_sock"
+ echo "you can find example redis.conf file in /etc/openvas/redis.conf.example"
+ exit 1
+ fi
+fi
+
+# Redis & OpenVAS Scanner socket connection check for other linux distros
+if [[ -e /etc/redis/redis.conf ]]; then
+ if [ "$(openvassd -s | grep 'kb_location' | awk '{print $3}')" = "$(cat /etc/redis/redis.conf | grep -P '(^|\s)\Kunixsocket(?=\s|$)' | awk '{print $2}')" ]; then
+ echo "redis server properly configured."
+ else
+ redis_sock="$(openvassd -s | grep 'kb_location' | awk '{print $3}')"
+ echo "redis server is not properly configured."
+ echo "be sure redis server listening unix socket at $redis_sock"
+ exit 1
+ fi
+fi
+
+# Create certificates for fresh install
+openvas-manage-certs -a &>/dev/null
+if [ $? -eq 0 ]; then
+ echo "certificates created."
+
+elif [ "$(openvas-manage-certs -a | grep -ow 'Existing')" = "Existing" ]; then
+ echo "certificates already created."
+
+else
+ echo "certificates cannot created."
+ exit 1
+fi
+
+# Start to update FEED & First NVT.
+try=0
+until [ $try -ge 5 ]; do
+ greenbone-nvt-sync &>/dev/null && break
+ echo "can't connected! trying to update greenbone-nvt again.."
+ try=$[$try+1]
+ sleep 30
+done
+
+# Check status
+if [ $? -eq 0 ]; then
+ echo "greenbone-nvt-sync is done."
+ # Avoid your IP temporary banned because of multiple connection
+ sleep 5
+ # Try to update scapdata.
+ try=0
+ until [ $try -ge 5 ]; do
+ greenbone-scapdata-sync &>/dev/null && break
+ echo "can't connected! trying to update greenbone-scapdata again.."
+ try=$[$try+1]
+ sleep 30
+ done
+ # Check status
+ if [ $? -eq 0 ]; then
+ echo "greenbone-scapdata-sync is done."
+ # Avoid your IP temporary banned because of multiple connection
+ sleep 5
+ # Try to update certdata
+ try=0
+ until [ $try -ge 5 ]; do
+ greenbone-certdata-sync &>/dev/null && break
+ echo "can't connected! Trying to update greenbone-certdata again.."
+ try=$[$try+1]
+ sleep 30
+ done
+ # Check status
+ if [ $? -eq 0 ]; then
+ echo "greenbone-certdata-sync is done."
+ echo "building NVT cache this will take some time.."
+ build_nvt
+ # Check OpenVAS-Scanner is running
+ if ps aux | grep -v "grep" | grep -P "(^|\s)\Kopenvassd:(?=\s|$)" &>/dev/null; then
+ echo "OpenVAS-Scanner is running."
+ echo "building Database this will take some time.."
+ openvasmd --rebuild --progress &>/dev/null
+ elif [ $scanner -eq 0 ]; then
+ # Start OpenVAS-Scanner systemd unit & Rebuild Cache
+ echo "systemd --> OpenVAS-Scanner is not running! trying to up.."
+ systemctl start openvas-scanner.service &>/dev/null
+ if [ $? -eq 0 ]; then
+ # Wait for initialize
+ until [ "$(ps aux | grep -v 'grep' | grep -ow 'openvassd: Waiting')" = "openvassd: Waiting" ]; do
+ sleep 15
+ echo "waiting for OpenVAS-Scanner to become ready.."
+ done
+ echo "systemd --> openvas-scanner.service started and waiting for connection."
+ echo "building database this will take some time.."
+ # Rebuild Cache
+ openvasmd --rebuild --progress &>/dev/null
+ else
+ echo "systemd --> openvas-scanner.service cannot started.."
+ exit 1
+ fi
+ elif [[ -n "$scanner_service" ]]; then
+ echo "systemd --> OpenVAS-Scanner is down! trying to up.."
+ systemctl start "$scanner_service" &>/dev/null
+ if [ $? -eq 0 ]; then
+ # Wait for initialize
+ until [ "$(ps aux | grep -v 'grep' | grep -ow 'openvassd: Waiting')" = "openvassd: Waiting" ]; do
+ sleep 15
+ echo "waiting for OpenVAS-Scanner to become ready.."
+ done
+ echo "systemd --> $scanner_service is started and waiting for connection."
+ echo "building database this will take some time.."
+ # Rebuild Cache
+ openvasmd --rebuild --progress &>/dev/null
+ else
+ echo "systemd --> $scanner_service cannot started.."
+ exit 1
+ fi
+ elif [[ -n "$scanner_init" ]]; then
+ # Start OpenVAS-Scanner with init.d (open-rc) & Rebuild Cache
+ echo "open-rc --> OpenVAS-Scanner is down! trying to up.."
+ rc-service openvas-scanner start &>/dev/null
+ if [ $? -eq 0 ]; then
+ # Wait for initialize
+ until [ "$(ps aux | grep -v 'grep' | grep -ow 'openvassd: Waiting')" = "openvassd: Waiting" ]; do
+ sleep 15
+ echo "waiting for OpenVAS-Scanner to become ready.."
+ done
+ echo "rc-service --> openvas-scanner started and waiting for connection."
+ echo "building database this will take some time.."
+ # Rebuild Cache
+ openvasmd --rebuild --progress &>/dev/null
+ else
+ echo "rc-service --> openvas-scanner cannot started.."
+ exit 1
+ fi
+ else
+ echo "OpenVAS-Scanner is not running! Trying to up.."
+ openvassd "$OPENVAS_SCANNER_OPTIONS" "$OPENVAS_SCANNER_LISTEN_SOCKET" &>/dev/null
+ # Wait for initialize
+ if [ $? -eq 0 ]; then
+ until [ "$(ps aux | grep -v 'grep' | grep -ow 'openvassd: Waiting')" = "openvassd: Waiting" ]; do
+ sleep 15
+ echo "waiting for OpenVAS-Scanner to become ready.."
+ done
+ else
+ echo "OpenVAS Scanner cannot started manually.."
+ exit 1
+ fi
+ echo "OpenVAS-Scanner started manually and waiting for connection."
+ echo "building database this will take some time.."
+ # Rebuild Cache
+ openvasmd --rebuild --progress &>/dev/null
+ fi
+ # Check status
+ if [ $? -eq 0 ]; then
+ echo "building database is done"
+ create_user
+ # Restart OpenVAS-Scanner
+ if [ $scanner -eq 0 ]; then
+ ps aux | grep -v "grep" | grep -P "(^|\s)\Kopenvassd:(?=\s|$)" | awk '{print $2}' | xargs kill -9 &>/dev/null
+ restart_redis
+ sleep 3
+ systemctl restart openvas-scanner.service &>/dev/null
+ elif [[ -n "$scanner_service" ]]; then
+ ps aux | grep -v "grep" | grep -P "(^|\s)\Kopenvassd:(?=\s|$)" | awk '{print $2}' | xargs kill -9 &>/dev/null
+ restart_redis
+ sleep 3
+ systemctl restart "$scanner_service" &>/dev/null
+ elif [[ -n "$scanner_init" ]]; then
+ ps aux | grep -v "grep" | grep -P "(^|\s)\Kopenvassd:(?=\s|$)" | awk '{print $2}' | xargs kill -9 &>/dev/null
+ restart_redis
+ sleep 3
+ rc-service openvas-scanner start &>/dev/null
+ else
+ ps aux | grep -v "grep" | grep -P "(^|\s)\Kopenvassd:(?=\s|$)" | awk '{print $2}' | xargs kill -9 &>/dev/null
+ restart_redis
+ sleep 3
+ openvassd "$OPENVAS_SCANNER_OPTIONS" "$OPENVAS_SCANNER_LISTEN_SOCKET" &>/dev/null
+ fi
+ if [ $? -eq 0 ]; then
+ until [ "$(ps aux | grep -v 'grep' | grep -ow 'openvassd: Waiting')" = "openvassd: Waiting" ]; do
+ sleep 10
+ echo "waiting for OpenVAS-Scanner to become ready.."
+ done
+ echo "OpenVAS-Scanner is restarted."
+ # Restart OpenVAS-Manager
+ if [ $manager -eq 0 ]; then
+ ps aux | grep -v "grep" | grep -P "(^|\s)\Kopenvasmd(?=\s|$)" | awk '{print $2}' | xargs kill -9 &>/dev/null
+ sleep 5
+ systemctl restart gvmd.service &>/dev/null
+ if [ $? -eq 0 ]; then
+ success="0"
+ echo "systemd --> gvmd.service is restarted."
+ echo "OpenVAS setup is ok."
+ else
+ echo "systemd --> gvmd.service cannot restarted."
+ echo "OpenVAS setup is not ok!"
+ exit 1
+ fi
+ elif [[ -n "$manager_service" ]]; then
+ ps aux | grep -v "grep" | grep -P "(^|\s)\Kopenvasmd(?=\s|$)" | awk '{print $2}' | xargs kill -9 &>/dev/null
+ sleep 5
+ systemctl restart "$manager_service" &>/dev/null
+ if [ $? -eq 0 ]; then
+ success="0"
+ echo "systemd --> $manager_service is restarted"
+ echo "OpenVAS setup is ok."
+ else
+ echo "systemd --> $manager_service cannot restarted"
+ echo "OpenVAS setup is not ok!"
+ exit 1
+ fi
+ elif [[ -n "$manager_init" ]]; then
+ ps aux | grep -v "grep" | grep -P "(^|\s)\Kopenvasmd(?=\s|$)" | awk '{print $2}' | xargs kill -9 &>/dev/null
+ sleep 5
+ rc-service gvmd start &>/dev/null
+ if [ $? -eq 0 ]; then
+ success="0"
+ echo "open-rc --> gvmd is restarted"
+ echo "OpenVAS setup is ok."
+ else
+ echo "open-rc --> gvmd cannot restarted"
+ echo "OpenVAS setup is not ok!"
+ exit 1
+ fi
+ else
+ ps aux | grep -v "grep" | grep -P "(^|\s)\Kopenvasmd(?=\s|$)" | awk '{print $2}' | xargs kill -9 &>/dev/null
+ sleep 5
+ openvasmd "$OPENVAS_MANAGER_OPTIONS" "$OPENVAS_MANAGER_PORT" "$OPENVAS_MANAGER_LISTEN_ADDRESS" "$OPENVAS_MANAGER_SCANNER_HOST" "$OPENVAS_MANAGER_GNUTLS_PRIORITIES" &>/dev/null
+ if [ $? -eq 0 ]; then
+ success="0"
+ echo "OpenVAS-Manager is restarted manually"
+ echo "OpenVAS setup is ok."
+ else
+ echo "OpenVAS-Manager cannot restarted"
+ echo "OpenVAS setup is not ok!"
+ exit 1
+ fi
+ fi
+ else
+ echo "OpenVAS setup is not ok! OpenVAS-scanner cannot restarted."
+ fi
+ else
+ echo "OpenVAS setup is not ok! OpenVAS database build failed."
+ fi
+ else
+ echo "OpenVAS setup is not ok! OpenVAS Certdata sync failed."
+ fi
+ else
+ echo "OpenVAS setup is not ok! OpenVAS Scapdata sync failed."
+ fi
+ else
+ echo "OpenVAS setup is not ok! OpenVAS NVT sync update failed."
+fi
+
+# Restart WebUI
+if [[ -n "$success" ]] && [ $gsad -eq 0 ]; then
+ WHICHA="$(type gsad | awk '{print $3}')"
+ if [ $assistant -eq 0 ]; then
+ # Time to restart OpenVAS-Security Assistant
+ ps aux | grep -v "grep" | grep -P "(^|\s)\K$WHICHA(?=\s|$)" | awk '{print $2}' | xargs kill -9 &>/dev/null
+ sleep 5
+ systemctl restart gsa.service &>/dev/null
+ if [ $? -eq 0 ]; then
+ echo "systemd --> gsa.service (OpenVAS WebUI) is restarted and ready for connection"
+ else
+ echo "systemd --> gsa.service (OpenVAS-WebUI) cannot restarted"
+ fi
+ elif [[ -n "$assistant_service" ]]; then
+ if [ $COUNTA -eq 1 ]; then
+ ps aux | grep -v "grep" | grep -P "(^|\s)\K$WHICHA(?=\s|$)" | awk '{print $2}' | xargs kill -9 &>/dev/null
+ sleep 5
+ systemctl restart "$assistant_service" &>/dev/null
+ if [ $? -eq 0 ]; then
+ echo "systemd --> $assistant_service (OpenVAS WebUI) is restarted and ready for connection"
+ else
+ echo "systemd --> $assistan_service (OpenVAS WebUI) cannot restarted."
+ fi
+ else
+ echo "systemd --> OpenVAS WebUI cannot restarted! you have multiple enabled systemd services ($assistant_service)"
+ exit 1
+ fi
+ elif [[ -n "$assistant_init" ]]; then
+ ps aux | grep -v "grep" | grep -P "(^|\s)\K$WHICHA(?=\s|$)" | awk '{print $2}' | xargs kill -9 &>/dev/null
+ sleep 5
+ rc-service gsa start &>/dev/null
+ if [ $? -eq 0 ]; then
+ echo "open-rc --> gsa (OpenVAS WebUI) is restarted"
+ else
+ echo "open-rc --> gsa (OpenVAS WebUI) cannot restarted."
+ fi
+ else
+ ps aux | grep -v "grep" | grep -P "(^|\s)\K$WHICHA(?=\s|$)" | awk '{print $2}' | xargs kill -9 &>/dev/null
+ sleep 5
+ gsad "$OPENVAS_SECURITY_ASSISTANT_OPTIONS" "$OPENVAS_SECURITY_ASSISTANT_LISTEN_ADDRESS" "$OPENVAS_SECURITY_ASSISTANT_LISTEN_PORT" "$OPENVAS_SECURITY_ASSISTANT_MANAGER_LISTEN_ADDRESS" "$OPENVAS_SECURITY_ASSISTANT_MANAGER_LISTEN_PORT" "$OPENVAS_SECURITY_ASSISTANT_GNUTLS_PRIORITIES" &>/dev/null
+ if [ $? -eq 0 ]; then
+ echo "OpenVAS WebUI is restarted"
+ else
+ echo "OpenVAS WebUI cannot restarted"
+ fi
+ fi
+fi
diff --git a/net-analyzer/openvas-scanner/files/openvas-feed-sync b/net-analyzer/openvas-scanner/files/openvas-feed-sync
new file mode 100755
index 00000000000..de1c69038ab
--- /dev/null
+++ b/net-analyzer/openvas-scanner/files/openvas-feed-sync
@@ -0,0 +1,627 @@
+#!/bin/bash
+# Copyright 1999-2019 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+# This is OpenVAS cron script that updates feed and reload daemons.
+# Hasan ÇALIŞIR hsntgm@gmail.com | proxy maintainer
+
+# Mail settings
+MAIL_TO="root"
+MAIL_SUBJECT="CronJob-OpenVAS"
+
+# If you don't use systemd or open-rc for OpenVAS daemons you can set start command args here
+# while we manually start/restart them.
+####################################################################################################
+
+# OpenVAS Manager command args
+OPENVAS_MANAGER_OPTIONS="" # e.g --foreground
+OPENVAS_MANAGER_PORT="--port=9390" # Manager listen port
+OPENVAS_MANAGER_LISTEN_ADDRESS="--listen=127.0.0.1" # Manager listen address
+OPENVAS_MANAGER_SCANNER_HOST="--scanner-host=/var/run/openvassd.sock" # Scanner unix socket
+OPENVAS_MANAGER_GNUTLS_PRIORITIES="--gnutls-priorities=SECURE256:+SUITEB192:+SECURE192:+SECURE128:+SUITEB128:-MD5:-SHA1:-VERS-TLS1.0:-VERS-TLS1.1:-VERS-SSL3.0"
+
+# OpenVAS Scanner command args
+OPENVAS_SCANNER_OPTIONS="" # e.g --foreground
+OPENVAS_SCANNER_LISTEN_SOCKET="--unix-socket=/var/run/openvassd.sock" # Scanner listen socket
+
+# OpenVAS Security Assistant command args for reverse proxying | SSL PassThrough
+OPENVAS_SECURITY_ASSISTANT_OPTIONS="--no-redirect" # Don't listen port 80 anymore
+OPENVAS_SECURITY_ASSISTANT_LISTEN_ADDRESS="--listen=127.0.0.1" # WebUI adress
+OPENVAS_SECURITY_ASSISTANT_LISTEN_PORT="--port=9392" # WebUI Port
+OPENVAS_SECURITY_ASSISTANT_MANAGER_LISTEN_ADDRESS="--mlisten=127.0.0.1" # WebUI Manager Address
+OPENVAS_SECURITY_ASSISTANT_MANAGER_PORT="--mport=9390" # WebUI Manager Port
+OPENVAS_SECURITY_ASSISTANT_GNUTLS_PRIORITIES="--gnutls-priorities=NORMAL" # TLS Settings
+
+#####################################################################################################
+
+# Update Environment
+source /etc/profile &>/dev/null
+source /etc/environment &>/dev/null
+source ~/.bash_profile &>/dev/null
+
+# Check the needed executables if they are in our environment and have +x
+if ! [ -x "$(command -v openvasmd)" ] || ! [ -x "$(command -v openvassd)" ] || ! [ -x "$(command -v redis-server)" ]; then
+ path="1"
+ else
+ path="0"
+fi
+
+# Check Security-Assistant is exist
+if ! [ -x "$(command -v gsad)" ]; then
+ gsad="1"
+ else
+ gsad="0"
+fi
+
+# Executables are not in our environment
+if [ $path -eq 1 ]; then
+ echo "OpenVAS CronJob Failed! If you installed OpenVAS to specific location e.g. /opt" | tee -a /tmp/openvas_mail.out
+ echo "please add these PATHS to /etc/profile e.g. 'PATH=$PATH:/opt/openvas/bin:/opt/openvas/sbin'" | tee -a /tmp/openvas_mail.out
+ echo "also sure that they are executable e.g. 'chmod +x /opt/openvas/sbin/openvassd'" | tee -a /tmp/openvas_mail.out
+ echo -e "Subject:$MAIL_SUBJECT\n$(cat /tmp/openvas_mail.out)" | sendmail -t "$MAIL_TO" &>/dev/null
+ exit 1
+fi
+
+# Check systemd if exist
+if command -v systemctl &>/dev/null; then
+ systemctl="0"
+ else
+ systemctl="1"
+fi
+
+# Check open-rc if exist
+if command -v rc-service &>/dev/null; then
+ open_rc="0"
+ else
+ open_rc="1"
+fi
+
+# open-rc variables
+if [ $systemctl -eq 1 ] && [ $open_rc -eq 0 ]; then
+ scanner_init="0"
+ manager_init="0"
+ assistant_init="0"
+ redis_init="0"
+fi
+
+# Check OpenVAS-Scanner systemd unit(common name) is active or enabled
+if [ $systemctl -eq 0 ] && ([ "$(systemctl is-active openvassd.service)" = "active" ] || [ "$(systemctl list-unit-files | grep 'enabled' | grep 'openvassd.service' | awk '{print $1}')" = "openvassd.service" ]); then
+ scanner="0"
+ else
+ scanner="1"
+fi
+
+# Check OpenVAS-Manager systemd unit(common name) is active or enabled
+if [ $systemctl -eq 0 ] && ([ "$(systemctl is-active openvasmd.service)" = "active" ] || [ "$(systemctl list-unit-files | grep 'enabled' | grep 'openvasmd.service' | awk '{print $1}')" = "openvasmd.service" ]); then
+ manager="0"
+ else
+ manager="1"
+fi
+
+# Check OpenVAS-Assistant systemd unit(common name) is active or not
+if [ $systemctl -eq 0 ] && ([ "$(systemctl is-active gsad.service)" = "active" ] || [ "$(systemctl list-unit-files | grep 'enabled' | grep 'gsad.service' | awk '{print $1}')" = "gsad.service" ]); then
+ assistant="0"
+ else
+ assistant="1"
+fi
+
+# Check Redis systemd unit(common name) is active or not
+if [ $systemctl -eq 0 ] && ([ "$(systemctl is-active redis.service)" = "active" ] || [ "$(systemctl list-unit-files | grep 'enabled' | grep 'redis.service' | awk '{print $1}')" = "redis.service" ]); then
+ redis="0"
+ else
+ redis="1"
+fi
+
+# If you don't use common systemd service names for OpenVAS
+# We need to find correct service name for restarting.
+if [ $scanner -eq 1 ] || [ $manager -eq 1 ]; then
+ WHICHM="ExecStart=$(type openvasmd | awk '{print $3}')"
+ WHICHS="ExecStart=$(type openvassd | awk '{print $3}')"
+ WHICHA="ExecStart=$(type gsad | awk '{print $3}')"
+ WHICHR="ExecStart=$(type redis-server | awk '{print $3}')"
+
+ # If you have unordinary systemd services PATH you can add here
+ DIR="/lib/systemd/system/
+ /etc/systemd/system/
+ /usr/lib/systemd/system/
+ /usr/local/lib/systemd/system/"
+
+ # Find OpenVAS daemons systemd files
+ for i in $DIR; do
+ if [ -d "$i" ]; then
+ grep -rilnw "$i" -e "$WHICHM" | cut -d: -f1 | grep -oP "$i\K.*" &>>/tmp/openvas_GVM_manager_service.out
+ grep -rilnw "$i" -e "$WHICHS" | cut -d: -f1 | grep -oP "$i\K.*" &>>/tmp/openvas_GVM_scanner_service.out
+ grep -rilnw "$i" -e "$WHICHA" | cut -d: -f1 | grep -oP "$i\K.*" &>>/tmp/openvas_GVM_assistant_service.out
+ grep -rilnw "$i" -e "$WHICHR" | cut -d: -f1 | grep -oP "$i\K.*" &>>/tmp/openvas_GVM_redis_service.out
+ fi
+ done
+
+ # Time to get our exact systemd service searching in enabled services
+ manager_service="$(while IFS= read -r service; do
+ systemctl list-unit-files | grep "enabled" | grep -P "(^|\s)\K$service(?=\s|$)" | awk '{print $1}'
+ done < /tmp/openvas_GVM_manager_service.out)"
+
+ scanner_service="$(while IFS= read -r service; do
+ systemctl list-unit-files | grep "enabled" | grep -P "(^|\s)\K$service(?=\s|$)" | awk '{print $1}'
+ done < /tmp/openvas_GVM_scanner_service.out)"
+
+ assistant_service="$(while IFS= read -r service; do
+ systemctl list-unit-files | grep "enabled" | grep -P "(^|\s)\K$service(?=\s|$)" | awk '{print $1}'
+ done < /tmp/openvas_GVM_assistant_service.out)"
+
+ redis_service="$(while IFS= read -r service; do
+ systemctl list-unit-files | grep "enabled" | grep -P "(^|\s)\K$service(?=\s|$)" | awk '{print $1}'
+ done < /tmp/openvas_GVM_redis_service.out)"
+
+ rm -rf /tmp/openvas_GVM*
+ COUNTM=$(wc -w <<< "${manager_service}")
+ COUNTS=$(wc -w <<< "${scanner_service}")
+ COUNTA=$(wc -w <<< "${assistant_service}")
+ COUNTR=$(wc -w <<< "${redis_service}")
+
+ if [ $COUNTM -gt 1 ] || [ $COUNTS -gt 1 ] || [ $COUNTR -gt 1 ]; then
+ echo "OpenVAS CronJob Failed! You have multiple enabled systemd service for single OpenVAS daemon or redis" | tee -a /tmp/openvas_mail.out
+ echo -e "Subject:$MAIL_SUBJECT\n$(cat /tmp/openvas_mail.out)" | sendmail -t "$MAIL_TO" &>/dev/null
+ exit 1
+ fi
+fi
+
+# Start to update FEED & First NVT.
+try=0
+until [ $try -ge 5 ]; do
+ greenbone-nvt-sync &>/dev/null && break
+ echo "Can't connected! Trying to update greenbone-nvt again.." &>>/tmp/openvas_mail.out
+ try=$[$try+1]
+ sleep 30
+done
+
+# Check status
+if [ $? -eq 0 ]; then
+ echo "greenbone-nvt-sync is done" &>>/tmp/openvas_mail.out
+ # Avoid your IP temporary banned because of multiple connection
+ sleep 5
+ # Try to update scapdata.
+ try=0
+ until [ $try -ge 5 ]; do
+ greenbone-scapdata-sync &>/dev/null && break
+ echo "Can't connected! Trying to update greenbone-scapdata again.." &>>/tmp/openvas_mail.out
+ try=$[$try+1]
+ sleep 30
+ done
+
+ # Check status
+ if [ $? -eq 0 ]; then
+ echo "greenbone-scapdata-sync is done" &>>/tmp/openvas_mail.out
+ # Avoid your IP temporary banned because of multiple connection
+ sleep 5
+ # Try to update certdata
+ try=0
+ until [ $try -ge 5 ]; do
+ greenbone-certdata-sync &>/dev/null && break
+ echo "Can't connected! Trying to update greenbone-certdata again.." &>>/tmp/openvas_mail.out
+ try=$[$try+1]
+ sleep 30
+ done
+
+ # Check status
+ if [ $? -eq 0 ]; then
+ echo "greenbone-certdata-sync is done" &>>/tmp/openvas_mail.out
+
+ # Check OpenVAS-Scanner is running
+ if ps aux | grep -v "grep" | grep -P "(^|\s)\Kopenvassd:(?=\s|$)" &>/dev/null; then
+ echo "OpenVAS-Scanner is running." &>>/tmp/openvas_mail.out
+ openvasmd --update --progress &>/dev/null
+
+ elif [ $scanner -eq 0 ]; then
+ # Start OpenVAS-Scanner systemd unit & Rebuild Cache
+ echo "OpenVAS-Scanner is down! Trying to up.." &>>/tmp/openvas_mail.out
+ systemctl start openvassd.service &>/dev/null
+
+ if [ $? -eq 0 ]; then
+ # Wait for initialize
+ until [ "$(ps aux | grep -v 'grep' | grep -ow 'openvassd: Waiting')" = "openvassd: Waiting" ]; do
+ sleep 15
+ echo "Waiting for OpenVAS-Scanner to become ready.." &>>/tmp/openvas_mail.out
+ done
+ echo "openvassd.service started and waiting for connection." &>>/tmp/openvas_mail.out
+ # Rebuild Cache
+ openvasmd --update --progress &>/dev/null
+ else
+ echo "openvassd.service cannot started.." | tee -a /tmp/openvas_mail.out
+ echo -e "Subject:$MAIL_SUBJECT\n$(cat /tmp/openvas_mail.out)" | sendmail -t "$MAIL_TO" &>/dev/null
+ exit 1
+ fi
+
+ elif [[ -n "$scanner_service" ]]; then
+ echo "OpenVAS-Scanner is down! Trying to up.." &>>/tmp/openvas_mail.out
+ systemctl start "$scanner_service" &>/dev/null
+
+ if [ $? -eq 0 ]; then
+ # Wait for initialize
+ until [ "$(ps aux | grep -v 'grep' | grep -ow 'openvassd: Waiting')" = "openvassd: Waiting" ]; do
+ sleep 15
+ echo "Waiting for OpenVAS-Scanner to become ready.." &>>/tmp/openvas_mail.out
+ done
+ echo "$scanner_service is started and waiting for connection." &>>/tmp/openvas_mail.out
+ # Rebuild Cache
+ openvasmd --update --progress &>/dev/null
+ else
+ echo "$scanner_service cannot started.." | tee -a /tmp/openvas_mail.out
+ echo -e "Subject:$MAIL_SUBJECT\n$(cat /tmp/openvas_mail.out)" | sendmail -t "$MAIL_TO" &>/dev/null
+ exit 1
+ fi
+
+ elif [[ -n "$scanner_init" ]]; then
+ # Start OpenVAS-Scanner with init.d (open-rc) & Rebuild Cache
+ echo "OpenVAS-Scanner is down! Trying to up.." &>>/tmp/openvas_mail.out
+ rc-service openvassd start &>/dev/null
+
+ if [ $? -eq 0 ]; then
+ # Wait for initialize
+ until [ "$(ps aux | grep -v 'grep' | grep -ow 'openvassd: Waiting')" = "openvassd: Waiting" ]; do
+ sleep 15
+ echo "Waiting for OpenVAS-Scanner to become ready.." &>>/tmp/openvas_mail.out
+ done
+ echo "rc-service --> openvassd started and waiting for connection." &>>/tmp/openvas_mail.out
+ # Rebuild Cache
+ openvasmd --update --progress &>/dev/null
+ else
+ echo "rc-service --> openvassd cannot started.." | tee -a /tmp/openvas_mail.out
+ echo -e "Subject:$MAIL_SUBJECT\n$(cat /tmp/openvas_mail.out)" | sendmail -t "$MAIL_TO" &>/dev/null
+ exit 1
+ fi
+
+ else
+ echo "OpenVAS-Scanner is down! Trying to up.." &>>/tmp/openvas_mail.out
+ openvassd "$OPENVAS_SCANNER_OPTIONS" "$OPENVAS_SCANNER_LISTEN_SOCKET" &>/dev/null
+ # Wait for initialize
+ if [ $? -eq 0 ]; then
+ until [ "$(ps aux | grep -v 'grep' | grep -ow 'openvassd: Waiting')" = "openvassd: Waiting" ]; do
+ sleep 15
+ echo "Waiting for OpenVAS-Scanner to become ready.." &>>/tmp/openvas_mail.out
+ done
+ else
+ echo "OpenVAS Scanner cannot started manually.." | tee -a /tmp/openvas_mail.out
+ echo -e "Subject:$MAIL_SUBJECT\n$(cat /tmp/openvas_mail.out)" | sendmail -t "$MAIL_TO" &>/dev/null
+ exit 1
+ fi
+ echo "OpenVAS-Scanner started manually and waiting for connection." &>>/tmp/openvas_mail.out
+ # Rebuild Cache
+ openvasmd --update --progress &>/dev/null
+ fi
+
+ # Check status
+ if [ $? -eq 0 ]; then
+ echo "Updating NVT cache is done" &>>/tmp/openvas_mail.out
+
+ # Restart OpenVAS-Scanner
+ if [ $scanner -eq 0 ]; then
+ ps aux | grep -v "grep" | grep -P "(^|\s)\Kopenvassd:(?=\s|$)" | awk '{print $2}' | xargs kill -9 &>/dev/null
+ sleep 3
+
+ # Try to restart redis service before OpenVAS-Scanner
+ if [ $redis -eq 0 ]; then
+ systemctl restart redis.service &>/dev/null
+
+ if [ $? -eq 0 ]; then
+ echo "systemd --> redis.service is restarted." &>>/tmp/openvas_mail.out
+ else
+ echo "systemd --> redis.service cannot restarted." | tee -a /tmp/openvas_mail.out
+ echo -e "Subject:$MAIL_SUBJECT\n$(cat /tmp/openvas_mail.out)" | sendmail -t "$MAIL_TO" &>/dev/null
+ exit 1
+ fi
+
+ elif [[ -n "$redis_service" ]]; then
+ systemctl restart "$redis_service" &>/dev/null
+
+ if [ $? -eq 0 ]; then
+ echo "systemd --> $redis_service is restarted." &>>/tmp/openvas_mail.out
+ else
+ echo "systemd --> $redis_service cannot restarted." | tee -a /tmp/openvas_mail.out
+ echo -e "Subject:$MAIL_SUBJECT\n$(cat /tmp/openvas_mail.out)" | sendmail -t "$MAIL_TO" &>/dev/null
+ exit 1
+ fi
+
+ elif [[ -n "$redis_init" ]]; then
+ rc-service redis stop
+ sleep 5
+ rc-service redis start
+
+ if [ $? -eq 0 ]; then
+ echo "open-rc --> redis is restarted." &>>/tmp/openvas_mail.out
+ else
+ echo "open-rc --> redis cannot restarted." | tee -a /tmp/openvas_mail.out
+ echo -e "Subject:$MAIL_SUBJECT\n$(cat /tmp/openvas_mail.out)" | sendmail -t "$MAIL_TO" &>/dev/null
+ exit 1
+ fi
+ fi
+ systemctl restart openvassd.service &>/dev/null
+
+ elif [[ -n "$scanner_service" ]]; then
+ ps aux | grep -v "grep" | grep -P "(^|\s)\Kopenvassd:(?=\s|$)" | awk '{print $2}' | xargs kill -9 &>/dev/null
+ sleep 3
+
+ # Try to restart redis service before OpenVAS-Scanner
+ if [ $redis -eq 0 ]; then
+ systemctl restart redis.service &>/dev/null
+
+ if [ $? -eq 0 ]; then
+ echo "systemd --> redis.service is restarted." &>>/tmp/openvas_mail.out
+ else
+ echo "systemd --> redis.service cannot restarted." | tee -a /tmp/openvas_mail.out
+ echo -e "Subject:$MAIL_SUBJECT\n$(cat /tmp/openvas_mail.out)" | sendmail -t "$MAIL_TO" &>/dev/null
+ exit 1
+ fi
+
+ elif [[ -n "$redis_service" ]]; then
+ systemctl restart "$redis_service" &>/dev/null
+
+ if [ $? -eq 0 ]; then
+ echo "systemd --> $redis_service is restarted." &>>/tmp/openvas_mail.out
+ else
+ echo "systemd --> $redis_service cannot restarted." | tee -a /tmp/openvas_mail.out
+ echo -e "Subject:$MAIL_SUBJECT\n$(cat /tmp/openvas_mail.out)" | sendmail -t "$MAIL_TO" &>/dev/null
+ exit 1
+ fi
+
+ elif [[ -n "$redis_init" ]]; then
+ rc-service redis stop
+ sleep 5
+ rc-service redis start
+
+ if [ $? -eq 0 ]; then
+ echo "open-rc --> redis is restarted." &>>/tmp/openvas_mail.out
+ else
+ echo "open-rc --> redis cannot restarted." | tee -a /tmp/openvas_mail.out
+ echo -e "Subject:$MAIL_SUBJECT\n$(cat /tmp/openvas_mail.out)" | sendmail -t "$MAIL_TO" &>/dev/null
+ exit 1
+ fi
+ fi
+ systemctl restart "$scanner_service" &>/dev/null
+
+ elif [[ -n "$scanner_init" ]]; then
+ ps aux | grep -v "grep" | grep -P "(^|\s)\Kopenvassd:(?=\s|$)" | awk '{print $2}' | xargs kill -9 &>/dev/null
+ sleep 3
+
+ # Try to restart redis service before OpenVAS-Scanner
+ if [ $redis -eq 0 ]; then
+ systemctl restart redis.service &>/dev/null
+
+ if [ $? -eq 0 ]; then
+ echo "systemd --> redis.service is restarted." &>>/tmp/openvas_mail.out
+ else
+ echo "systemd --> redis.service cannot restarted." | tee -a /tmp/openvas_mail.out
+ echo -e "Subject:$MAIL_SUBJECT\n$(cat /tmp/openvas_mail.out)" | sendmail -t "$MAIL_TO" &>/dev/null
+ exit 1
+ fi
+
+ elif [[ -n "$redis_service" ]]; then
+ systemctl restart "$redis_service" &>/dev/null
+
+ if [ $? -eq 0 ]; then
+ echo "systemd --> $redis_service is restarted." &>>/tmp/openvas_mail.out
+ else
+ echo "systemd --> $redis_service cannot restarted." | tee -a /tmp/openvas_mail.out
+ echo -e "Subject:$MAIL_SUBJECT\n$(cat /tmp/openvas_mail.out)" | sendmail -t "$MAIL_TO" &>/dev/null
+ exit 1
+ fi
+
+ elif [[ -n "$redis_init" ]]; then
+ rc-service redis stop
+ sleep 5
+ rc-service redis start
+
+ if [ $? -eq 0 ]; then
+ echo "open-rc --> redis is restarted." &>>/tmp/openvas_mail.out
+ else
+ echo "open-rc --> redis cannot restarted." | tee -a /tmp/openvas_mail.out
+ echo -e "Subject:$MAIL_SUBJECT\n$(cat /tmp/openvas_mail.out)" | sendmail -t "$MAIL_TO" &>/dev/null
+ exit 1
+ fi
+ fi
+ rc-service openvassd start &>/dev/null
+
+ else
+ ps aux | grep -v "grep" | grep -P "(^|\s)\Kopenvassd:(?=\s|$)" | awk '{print $2}' | xargs kill -9 &>/dev/null
+ sleep 3
+
+ # Try to restart redis service before OpenVAS-Scanner
+ if [ $redis -eq 0 ]; then
+ systemctl restart redis.service &>/dev/null
+
+ if [ $? -eq 0 ]; then
+ echo "systemd --> redis.service is restarted." &>>/tmp/openvas_mail.out
+ else
+ echo "systemd --> redis.service cannot restarted." | tee -a /tmp/openvas_mail.out
+ echo -e "Subject:$MAIL_SUBJECT\n$(cat /tmp/openvas_mail.out)" | sendmail -t "$MAIL_TO" &>/dev/null
+ exit 1
+ fi
+
+ elif [[ -n "$redis_service" ]]; then
+ systemctl restart "$redis_service" &>/dev/null
+
+ if [ $? -eq 0 ]; then
+ echo "systemd --> $redis_service is restarted." &>>/tmp/openvas_mail.out
+ else
+ echo "systemd --> $redis_service cannot restarted." | tee -a /tmp/openvas_mail.out
+ echo -e "Subject:$MAIL_SUBJECT\n$(cat /tmp/openvas_mail.out)" | sendmail -t "$MAIL_TO" &>/dev/null
+ exit 1
+ fi
+
+ elif [[ -n "$redis_init" ]]; then
+ rc-service redis stop
+ sleep 5
+ rc-service redis start
+
+ if [ $? -eq 0 ]; then
+ echo "open-rc --> redis is restarted." &>>/tmp/openvas_mail.out
+ else
+ echo "open-rc --> redis cannot restarted." | tee -a /tmp/openvas_mail.out
+ echo -e "Subject:$MAIL_SUBJECT\n$(cat /tmp/openvas_mail.out)" | sendmail -t "$MAIL_TO" &>/dev/null
+ exit 1
+ fi
+ fi
+ openvassd "$OPENVAS_SCANNER_OPTIONS" "$OPENVAS_SCANNER_LISTEN_SOCKET" &>/dev/null
+ fi
+
+ if [ $? -eq 0 ]; then
+ until [ "$(ps aux | grep -v 'grep' | grep -ow 'openvassd: Waiting')" = "openvassd: Waiting" ]; do
+ sleep 10
+ echo "Waiting for OpenVAS-Scanner to become ready.." &>>/tmp/openvas_mail.out
+ done
+ echo "OpenVAS-Scanner is restarted." &>>/tmp/openvas_mail.out
+
+ # Restart OpenVAS-Manager
+ if [ $manager -eq 0 ]; then
+ ps aux | grep -v "grep" | grep -P "(^|\s)\Kopenvasmd(?=\s|$)" | awk '{print $2}' | xargs kill -9 &>/dev/null
+ sleep 5
+ systemctl restart openvasmd.service &>/dev/null
+
+ if [ $? -eq 0 ]; then
+ success="0"
+ echo "systemd --> openvasmd.service is restarted" &>>/tmp/openvas_mail.out
+ echo "OpenVAS CronJob Success!" | tee -a /tmp/openvas_mail.out
+ echo -e "Subject:$MAIL_SUBJECT\n$(cat /tmp/openvas_mail.out)" | sendmail -t "$MAIL_TO" &>/dev/null
+ else
+ echo "systemd --> openvasmd.service cannot restarted" &>>/tmp/openvas_mail.out
+ echo "OpenVAS CronJob Failed!" | tee -a /tmp/openvas_mail.out
+ echo -e "Subject:$MAIL_SUBJECT\n$(cat /tmp/openvas_mail.out)" | sendmail -t "$MAIL_TO" &>/dev/null
+ exit 1
+ fi
+
+ elif [[ -n "$manager_service" ]]; then
+ ps aux | grep -v "grep" | grep -P "(^|\s)\Kopenvasmd(?=\s|$)" | awk '{print $2}' | xargs kill -9 &>/dev/null
+ sleep 5
+ systemctl restart "$manager_service" &>/dev/null
+
+ if [ $? -eq 0 ]; then
+ success="0"
+ echo "systemd --> $manager_service is restarted" &>>/tmp/openvas_mail.out
+ echo "OpenVAS CronJob Success!" | tee -a /tmp/openvas_mail.out
+ echo -e "Subject:$MAIL_SUBJECT\n$(cat /tmp/openvas_mail.out)" | sendmail -t "$MAIL_TO" &>/dev/null
+ else
+ echo "systemd --> $manager_service cannot restarted" &>>/tmp/openvas_mail.out
+ echo "OpenVAS CronJob Failed!" | tee -a /tmp/openvas_mail.out
+ echo -e "Subject:$MAIL_SUBJECT\n$(cat /tmp/openvas_mail.out)" | sendmail -t "$MAIL_TO" &>/dev/null
+ exit 1
+ fi
+
+ elif [[ -n "$manager_init" ]]; then
+ ps aux | grep -v "grep" | grep -P "(^|\s)\Kopenvasmd(?=\s|$)" | awk '{print $2}' | xargs kill -9 &>/dev/null
+ sleep 5
+ rc-service openvasmd start &>/dev/null
+
+ if [ $? -eq 0 ]; then
+ success="0"
+ echo "open-rc --> openvasmd is restarted" &>>/tmp/openvas_mail.out
+ echo "OpenVAS CronJob Success!" | tee -a /tmp/openvas_mail.out
+ echo -e "Subject:$MAIL_SUBJECT\n$(cat /tmp/openvas_mail.out)" | sendmail -t "$MAIL_TO" &>/dev/null
+ else
+ echo "open-rc --> openvasmd cannot restarted" &>>/tmp/openvas_mail.out
+ echo "OpenVAS CronJob Failed!" | tee -a /tmp/openvas_mail.out
+ echo -e "Subject:$MAIL_SUBJECT\n$(cat /tmp/openvas_mail.out)" | sendmail -t "$MAIL_TO" &>/dev/null
+ exit 1
+ fi
+
+ else
+ ps aux | grep -v "grep" | grep -P "(^|\s)\Kopenvasmd(?=\s|$)" | awk '{print $2}' | xargs kill -9 &>/dev/null
+ sleep 5
+ openvasmd "$OPENVAS_MANAGER_OPTIONS" "$OPENVAS_MANAGER_PORT" "$OPENVAS_MANAGER_LISTEN_ADDRESS" "$OPENVAS_MANAGER_SCANNER_HOST" "$OPENVAS_MANAGER_GNUTLS_PRIORITIES" &>/dev/null
+
+ if [ $? -eq 0 ]; then
+ success="0"
+ echo "OpenVAS-Manager is restarted manually" &>>/tmp/openvas_mail.out
+ echo "OpenVAS CronJob Success!" | tee -a /tmp/openvas_mail.out
+ echo -e "Subject:$MAIL_SUBJECT\n$(cat /tmp/openvas_mail.out)" | sendmail -t "$MAIL_TO" &>/dev/null
+ else
+ echo "OpenVAS-Manager cannot restarted" &>>/tmp/openvas_mail.out
+ echo "OpenVAS CronJob Failed!" | tee -a /tmp/openvas_mail.out
+ echo -e "Subject:$MAIL_SUBJECT\n$(cat /tmp/openvas_mail.out)" | sendmail -t "$MAIL_TO" &>/dev/null
+ exit 1
+ fi
+ fi
+ else
+ echo "OpenVAS CronJob Failed! openvas-scanner cannot restarted" | tee -a /tmp/openvas_mail.out
+ echo -e "Subject:$MAIL_SUBJECT\n$(cat /tmp/openvas_mail.out)" | sendmail -t "$MAIL_TO" &>/dev/null
+ fi
+ else
+ echo "OpenVAS CronJob Failed! OpenVAS NVT cache build failed" | tee -a /tmp/openvas_mail.out
+ echo -e "Subject:$MAIL_SUBJECT\n$(cat /tmp/openvas_mail.out)" | sendmail -t "$MAIL_TO" &>/dev/null
+ fi
+ else
+ echo "OpenVAS CronJob Failed! OpenVAS Certdata sync failed!" | tee -a /tmp/openvas_mail.out
+ echo -e "Subject:$MAIL_SUBJECT\n$(cat /tmp/openvas_mail.out)" | sendmail -t "$MAIL_TO" &>/dev/null
+ fi
+ else
+ echo "OpenVAS CronJob Failed! OpenVAS Scapdata sync failed!" | tee -a /tmp/openvas_mail.out
+ echo -e "Subject:$MAIL_SUBJECT\n$(cat /tmp/openvas_mail.out)" | sendmail -t "$MAIL_TO" &>/dev/null
+ fi
+ else
+ echo "OpenVAS CronJob Failed! OpenVAS NVT sync update failed!" | tee -a /tmp/openvas_mail.out
+ echo -e "Subject:$MAIL_SUBJECT\n$(cat /tmp/openvas_mail.out)" | sendmail -t "$MAIL_TO" &>/dev/null
+fi
+rm -rf /tmp/openvas_mail.out
+
+# Restart WebUI
+if [[ -n "$success" ]] && [ $gsad -eq 0 ]; then
+ WHICHA="$(type gsad | awk '{print $3}')"
+
+ if [ $assistant -eq 0 ]; then
+ # Time to restart OpenVAS-Security Assistant
+ ps aux | grep -v "grep" | grep -P "(^|\s)\K$WHICHA(?=\s|$)" | awk '{print $2}' | xargs kill -9 &>/dev/null
+ sleep 5
+ systemctl restart gsad.service &>/dev/null
+
+ if [ $? -eq 0 ]; then
+ echo "systemd --> gsad.service (OpenVAS WebUI) is restarted" | tee -a /tmp/openvas_mail.out
+ echo -e "Subject:$MAIL_SUBJECT\n$(cat /tmp/openvas_mail.out)" | sendmail -t "$MAIL_TO" &>/dev/null
+ else
+ echo "systemd --> gsad.service (OpenVAS-WebUI) cannot restarted" | tee -a /tmp/openvas_mail.out
+ echo -e "Subject:$MAIL_SUBJECT\n$(cat /tmp/openvas_mail.out)" | sendmail -t "$MAIL_TO" &>/dev/null
+ fi
+
+ elif [[ -n "$assistant_service" ]]; then
+ if [ $COUNTA -eq 1 ]; then
+ ps aux | grep -v "grep" | grep -P "(^|\s)\K$WHICHA(?=\s|$)" | awk '{print $2}' | xargs kill -9 &>/dev/null
+ sleep 5
+ systemctl restart "$assistant_service" &>/dev/null
+
+ if [ $? -eq 0 ]; then
+ echo "systemd --> $assistant_service (OpenVAS WebUI) is restarted" | tee -a /tmp/openvas_mail.out
+ echo -e "Subject:$MAIL_SUBJECT\n$(cat /tmp/openvas_mail.out)" | sendmail -t "$MAIL_TO" &>/dev/null
+ else
+ echo "systemd --> $assistan_service (OpenVAS WebUI) cannot restarted." | tee -a /tmp/openvas_mail.out
+ echo -e "Subject:$MAIL_SUBJECT\n$(cat /tmp/openvas_mail.out)" | sendmail -t "$MAIL_TO" &>/dev/null
+ fi
+ else
+ echo "systemd --> OpenVAS WebUI cannot restarted! You have multiple enabled systemd services ($assistant_service)" | tee -a /tmp/openvas_mail.out
+ echo -e "Subject:$MAIL_SUBJECT\n$(cat /tmp/openvas_mail.out)" | sendmail -t "$MAIL_TO" &>/dev/null
+ exit 1
+ fi
+
+ elif [[ -n "$assistant_init" ]]; then
+ ps aux | grep -v "grep" | grep -P "(^|\s)\K$WHICHA(?=\s|$)" | awk '{print $2}' | xargs kill -9 &>/dev/null
+ sleep 5
+ rc-service gsad start &>/dev/null
+
+ if [ $? -eq 0 ]; then
+ echo "open-rc --> gsad (OpenVAS WebUI) is restarted" | tee -a /tmp/openvas_mail.out
+ echo -e "Subject:$MAIL_SUBJECT\n$(cat /tmp/openvas_mail.out)" | sendmail -t "$MAIL_TO" &>/dev/null
+ else
+ echo "open-rc --> gsad (OpenVAS WebUI) cannot restarted." | tee -a /tmp/openvas_mail.out
+ echo -e "Subject:$MAIL_SUBJECT\n$(cat /tmp/openvas_mail.out)" | sendmail -t "$MAIL_TO" &>/dev/null
+ fi
+ else
+ ps aux | grep -v "grep" | grep -P "(^|\s)\K$WHICHA(?=\s|$)" | awk '{print $2}' | xargs kill -9 &>/dev/null
+ sleep 5
+ gsad "$OPENVAS_SECURITY_ASSISTANT_OPTIONS" "$OPENVAS_SECURITY_ASSISTANT_LISTEN_ADDRESS" "$OPENVAS_SECURITY_ASSISTANT_LISTEN_PORT" "$OPENVAS_SECURITY_ASSISTANT_MANAGER_LISTEN_ADDRESS" "$OPENVAS_SECURITY_ASSISTANT_MANAGER_LISTEN_PORT" "$OPENVAS_SECURITY_ASSISTANT_GNUTLS_PRIORITIES" &>/dev/null
+
+ if [ $? -eq 0 ]; then
+ echo "OpenVAS WebUI is restarted" | tee -a /tmp/openvas_mail.out
+ echo -e "Subject:$MAIL_SUBJECT\n$(cat /tmp/openvas_mail.out)" | sendmail -t "$MAIL_TO" &>/dev/null
+ else
+ echo "OpenVAS WebUI cannot restarted" | tee -a /tmp/openvas_mail.out
+ echo -e "Subject:$MAIL_SUBJECT\n$(cat /tmp/openvas_mail.out)" | sendmail -t "$MAIL_TO" &>/dev/null
+ fi
+ fi
+ rm -rf /tmp/openvas_mail.out
+fi
diff --git a/net-analyzer/openvas-scanner/files/openvas-scanner-5.1.3-cachedir.patch b/net-analyzer/openvas-scanner/files/openvas-scanner-5.1.3-cachedir.patch
new file mode 100644
index 00000000000..98c65725019
--- /dev/null
+++ b/net-analyzer/openvas-scanner/files/openvas-scanner-5.1.3-cachedir.patch
@@ -0,0 +1,42 @@
+--- openvas-scanner-5.1.3/src/openvassd.c 2018-08-29 19:27:26.000000000 +0300
++++ openvas-scanner-5.1.3/src/openvassd.c 2019-02-04 03:28:24.635539266 +0300
+@@ -103,7 +103,6 @@
+ */
+ static openvassd_option openvassd_defaults[] = {
+ {"plugins_folder", OPENVAS_NVT_DIR},
+- {"cache_folder", OPENVAS_CACHE_DIR},
+ {"include_folders", OPENVAS_NVT_DIR},
+ {"max_hosts", "30"},
+ {"max_checks", "10"},
+--- openvas-scanner-5.1.3/src/CMakeLists.txt 2018-08-29 19:27:26.000000000 +0300
++++ openvas-scanner-5.1.3/src/CMakeLists.txt 2019-02-04 03:22:20.078824664 +0300
+@@ -68,10 +68,6 @@
+ add_definitions (-DOPENVAS_NVT_DIR=\\\"${OPENVAS_NVT_DIR}\\\")
+ endif (OPENVAS_NVT_DIR)
+
+-if (OPENVAS_CACHE_DIR)
+- add_definitions (-DOPENVAS_CACHE_DIR=\\\"${OPENVAS_CACHE_DIR}\\\")
+-endif (OPENVAS_CACHE_DIR)
+-
+ if (OPENVAS_LOG_DIR)
+ add_definitions (-DOPENVAS_LOG_DIR=\\\"${OPENVAS_LOG_DIR}\\\")
+ endif (OPENVAS_LOG_DIR)
+--- openvas-scanner-5.1.3/CMakeLists.txt 2018-08-29 19:27:26.000000000 +0300
++++ openvas-scanner-5.1.3/CMakeLists.txt 2019-02-04 03:18:37.889999639 +0300
+@@ -166,7 +166,6 @@
+ set (OPENVAS_DATA_DIR "${DATADIR}/openvas")
+ set (OPENVAS_STATE_DIR "${LOCALSTATEDIR}/lib/openvas")
+ set (OPENVAS_LOG_DIR "${LOCALSTATEDIR}/log/openvas")
+-set (OPENVAS_CACHE_DIR "${LOCALSTATEDIR}/cache/openvas")
+ set (OPENVAS_SYSCONF_DIR "${SYSCONFDIR}/openvas")
+
+ if (NOT OPENVAS_NVT_DIR)
+@@ -265,7 +264,6 @@
+ DESTINATION ${DATADIR}/doc/openvas-scanner/ )
+
+ install (DIRECTORY DESTINATION ${OPENVAS_NVT_DIR})
+-install (DIRECTORY DESTINATION ${OPENVAS_CACHE_DIR})
+
+ ## Tests
+
+
diff --git a/net-analyzer/openvas-scanner/files/openvas-scanner-5.1.3-gcc8.patch b/net-analyzer/openvas-scanner/files/openvas-scanner-5.1.3-gcc8.patch
new file mode 100644
index 00000000000..4ec2e786e12
--- /dev/null
+++ b/net-analyzer/openvas-scanner/files/openvas-scanner-5.1.3-gcc8.patch
@@ -0,0 +1,42 @@
+--- openvas-scanner-5.1.3/src/ntp.c 2018-08-29 19:27:26.000000000 +0300
++++ openvas-scanner-5.1.3/src/ntp.c 2019-02-02 00:57:56.832878754 +0300
+@@ -361,9 +361,7 @@
+ }
+
+ /*----------------------------------------------------------
+-
+ Communication protocol: timestamps
+-
+ ----------------------------------------------------------*/
+
+
+@@ -391,7 +389,7 @@
+ static int
+ __ntp_timestamp_scan_host (int soc, char *msg, char *host)
+ {
+- char timestr[1024];
++ char timestr[64];
+ char *tmp;
+ time_t t;
+ int len;
+--- openvas-scanner-5.1.3/src/pluginload.c 2018-08-29 19:27:26.000000000 +0300
++++ openvas-scanner-5.1.3/src/pluginload.c 2019-02-02 00:59:24.494774959 +0300
+@@ -250,7 +250,7 @@
+ g_slist_free_full (oids, g_free);
+ }
+
+-static int
++static void
+ plugins_reload_from_dir (void *folder)
+ {
+ GSList *files = NULL, *f;
+--- openvas-scanner-5.1.3/src/processes.h 2018-08-29 19:27:26.000000000 +0300
++++ openvas-scanner-5.1.3/src/processes.h 2019-02-02 01:06:42.772908314 +0300
+@@ -28,7 +28,7 @@
+ #ifndef _OPENVAS_THREADS_H
+ #define _OPENVAS_THREADS_H
+
+-typedef int (*process_func_t) (void *);
++typedef void (*process_func_t) (void *);
+ pid_t create_process (process_func_t, void *);
+ int terminate_process (pid_t);
diff --git a/net-analyzer/openvas-scanner/files/openvas-scanner-5.1.3-nvt.patch b/net-analyzer/openvas-scanner/files/openvas-scanner-5.1.3-nvt.patch
new file mode 100644
index 00000000000..67091fcf3e3
--- /dev/null
+++ b/net-analyzer/openvas-scanner/files/openvas-scanner-5.1.3-nvt.patch
@@ -0,0 +1,93 @@
+--- openvas-scanner-5.1.3/src/attack.c 2018-08-29 19:27:26.000000000 +0300
++++ openvas-scanner-5.1.3/src/attack.c 2019-02-02 00:44:12.834888067 +0300
+@@ -97,9 +97,7 @@
+ };
+
+ /*******************************************************
+-
+ PRIVATE FUNCTIONS
+-
+ ********************************************************/
+
+ /**
+@@ -996,6 +994,14 @@
+ sched = plugins_scheduler_init
+ (prefs_get ("plugin_set"), prefs_get_bool ("auto_enable_dependencies"),
+ network_phase);
++ if (sched == NULL)
++ {
++ error_message_to_client (global_socket,
++ "Failed to initialize the plugins scheduler.",
++ NULL, NULL);
++ return;
++ }
++
+
+ max_hosts = get_max_hosts_number ();
+ max_checks = get_max_checks_number ();
+--- openvas-scanner-5.1.3/src/pluginscheduler.c 2018-08-29 19:27:26.000000000 +0300
++++ openvas-scanner-5.1.3/src/pluginscheduler.c 2019-02-02 00:48:03.799598381 +0300
+@@ -486,7 +486,7 @@
+ }
+ }
+
+-static void
++static int
+ plugins_scheduler_fill (plugins_scheduler_t sched)
+ {
+ int i;
+@@ -500,6 +500,15 @@
+ int category;
+
+ category = nvticache_get_category (element->data);
++ if (category < 0)
++ {
++ log_write ("The NVT with oid %s has not category assigned. This is "
++ "considered a fatal error, since the NVTI Cache "
++ "structure stored in Redis is out dated or corrupted.",
++ (char *) element->data);
++ g_slist_free_full (list, g_free);
++ return 1;
++ }
+ scheduler_plugin = g_malloc0 (sizeof (struct scheduler_plugin));
+ scheduler_plugin->running_state = PLUGIN_STATUS_UNRUN;
+ scheduler_plugin->oid = g_strdup (element->data);
+@@ -529,6 +538,7 @@
+ }
+ }
+
++ return 0;
+ }
+
+ plugins_scheduler_t
+@@ -540,7 +550,11 @@
+ /* Fill our lists */
+ ret = g_malloc0 (sizeof (*ret));
+ ret->hash = hash_init ();
+- plugins_scheduler_fill (ret);
++ if (plugins_scheduler_fill (ret))
++ {
++ plugins_scheduler_free (ret);
++ return NULL;
++ }
+
+ plugins_scheduler_enable (ret, plugins_list, autoload);
+
+@@ -729,9 +743,12 @@
+ void
+ plugins_scheduler_free (plugins_scheduler_t sched)
+ {
+- int i;
+- hash_destroy (sched->hash);
+- for (i = ACT_FIRST; i <= ACT_LAST; i++)
+- list_destroy (sched->list[i]);
+- g_free (sched);
++ if (sched)
++ {
++ int i;
++ hash_destroy (sched->hash);
++ for (i = ACT_FIRST; i <= ACT_LAST; i++)
++ list_destroy (sched->list[i]);
++ g_free (sched);
++ }
+ }
diff --git a/net-analyzer/openvas-scanner/files/openvas-scanner-daemon.conf b/net-analyzer/openvas-scanner/files/openvas-scanner-daemon.conf
new file mode 100644
index 00000000000..f14b5aae6f1
--- /dev/null
+++ b/net-analyzer/openvas-scanner/files/openvas-scanner-daemon.conf
@@ -0,0 +1,9 @@
+# OpenVAS Scanner command args
+
+# e.g --foreground
+OPENVAS_SCANNER_OPTIONS=""
+
+# Scanner listen socket
+OPENVAS_SCANNER_LISTEN_SOCKET="--unix-socket=/var/run/openvassd.sock"
+
+
diff --git a/net-analyzer/openvas-scanner/files/openvas-scanner.init b/net-analyzer/openvas-scanner/files/openvas-scanner.init
new file mode 100644
index 00000000000..757b5801f29
--- /dev/null
+++ b/net-analyzer/openvas-scanner/files/openvas-scanner.init
@@ -0,0 +1,25 @@
+#!/sbin/openrc-run
+# Copyright 1999-2019 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+name="OpenVAS Scanner"
+command="/usr/sbin/openvassd"
+command_args="${OPENVAS_SCANNER_OPTIONS} ${OPENVAS_SCANNER_LISTEN_SOCKET}"
+pidfile="/var/run/openvassd.pid"
+command_background="true"
+
+depend() {
+ after bootmisc
+ need localmount net redis
+}
+
+start_pre() {
+ checkpath --directory --mode 0775 --quiet /var/cache/openvas
+}
+
+create_cache() {
+ checkpath --directory --mode 0775 --quiet /var/cache/openvas
+ ebegin "Generating initial Cache"
+ /usr/sbin/openvassd --foreground --only-cache
+ eend $?
+}
diff --git a/net-analyzer/openvas-scanner/files/openvas-scanner.logrotate b/net-analyzer/openvas-scanner/files/openvas-scanner.logrotate
new file mode 100644
index 00000000000..89f9e6d264d
--- /dev/null
+++ b/net-analyzer/openvas-scanner/files/openvas-scanner.logrotate
@@ -0,0 +1,11 @@
+# logrotate for openvas scanner
+/var/log/openvas/openvassd.messages {
+ rotate 4
+ weekly
+ compress
+ delaycompress
+ missingok
+ postrotate
+ /bin/kill -HUP `pidof openvassd`
+ endscript
+}
diff --git a/net-analyzer/openvas-scanner/files/openvas-scanner.service b/net-analyzer/openvas-scanner/files/openvas-scanner.service
new file mode 100644
index 00000000000..4f30586ab51
--- /dev/null
+++ b/net-analyzer/openvas-scanner/files/openvas-scanner.service
@@ -0,0 +1,21 @@
+[Unit]
+Description=OpenVAS Scanner
+After=network.target
+After=redis.service
+Before=gvmd.service
+Requires=redis.service
+
+[Service]
+Type=forking
+EnvironmentFile=-/etc/openvas/sysconfig/openvas-scanner-daemon.conf
+ExecStart=/usr/sbin/openvassd $OPENVAS_SCANNER_OPTIONS $OPENVAS_SCANNER_LISTEN_SOCKET
+ExecReload=/bin/kill -HUP $MAINPID
+Restart=on-failure
+RestartSec=10
+KillMode=mixed
+User=root
+Group=root
+TimeoutSec=1200
+
+[Install]
+WantedBy=multi-user.target
diff --git a/net-analyzer/openvas-scanner/files/openvas-scanner.tmpfiles.d b/net-analyzer/openvas-scanner/files/openvas-scanner.tmpfiles.d
new file mode 100644
index 00000000000..18e820caec1
--- /dev/null
+++ b/net-analyzer/openvas-scanner/files/openvas-scanner.tmpfiles.d
@@ -0,0 +1 @@
+d /var/cache/openvassd 0775
diff --git a/net-analyzer/openvas-scanner/files/openvassd.conf b/net-analyzer/openvas-scanner/files/openvassd.conf
index 88f83f4bed9..b218a4a27b0 100644
--- a/net-analyzer/openvas-scanner/files/openvassd.conf
+++ b/net-analyzer/openvas-scanner/files/openvassd.conf
@@ -1,118 +1,53 @@
-# Configuration file of the OpenVAS Security Scanner
+#You can get detailed informations from https://linux.die.net/man/8/openvassd
-# Every line starting with a '#' is a comment
-
-[Misc]
-
-# Path to the security checks folder:
plugins_folder = /var/lib/openvas/plugins
-
-# Path to OpenVAS caching folder:
-cache_folder = /var/cache/openvas
-
-# Path to OpenVAS include directories:
-# (multiple entries are separated with colon ':')
include_folders = /var/lib/openvas/plugins
-
-# Maximum number of simultaneous hosts tested :
max_hosts = 30
-
-# Maximum number of simultaneous checks against each host tested :
max_checks = 10
-# Niceness. If set to 'yes', openvassd will renice itself to 10.
+#Resource friendly
be_nice = no
-# Log file (or 'syslog') :
-logfile = /var/log/openvas/openvassd.log
+#Logfile
+logfile = /var/log/openvas/openvassd.messages
-# Shall we log every details of the attack ? (disk intensive)
log_whole_attack = no
-
-# Log the name of the plugins that are loaded by the server ?
log_plugins_name_at_load = no
-
-# Dump file for debugging output, use `-' for stdout
dumpfile = /var/log/openvas/openvassd.dump
-
-# Rules file :
-rules = /etc/openvas/openvassd.rules
-
-# CGI paths to check for (cgi-bin:/cgi-aws:/ can do)
cgi_path = /cgi-bin:/scripts
-# Range of the ports the port scanners will scan :
-# 'default' means that OpenVAS will scan ports found in its
-# services file.
-port_range = default
-
-# Optimize the test (recommended) :
+#Turn off for push hard but increase false positive and slow down scans
optimize_test = yes
-# Optimization :
-# Read timeout for the sockets of the tests :
checks_read_timeout = 5
-
-# Ports against which two plugins should not be run simultaneously :
-# non_simult_ports = Services/www, 139, Services/finger
+network_scan = no
non_simult_ports = 139, 445
-
-# Maximum lifetime of a plugin (in seconds) :
plugins_timeout = 320
+scanner_plugins_timeout = 36000
-# Safe checks rely on banner grabbing :
-safe_checks = yes
+#Push harder to target
+safe_checks = no
-# Automatically activate the plugins that are depended on
auto_enable_dependencies = yes
-
-# Do not echo data from plugins which have been automatically enabled
-silent_dependencies = no
-
-# Designate hosts by MAC address, not IP address (useful for DHCP networks)
use_mac_addr = no
-
-
-#--- Knowledge base saving (can be configured by the client) :
-# Save the knowledge base on disk :
-save_knowledge_base = no
-
-# Restore the KB for each test :
-kb_restore = no
-
-# Only test hosts whose KB we do not have :
-only_test_hosts_whose_kb_we_dont_have = no
-
-# Only test hosts whose KB we already have :
-only_test_hosts_whose_kb_we_have = no
-
-# KB test replay :
-kb_dont_replay_scanners = no
-kb_dont_replay_info_gathering = no
-kb_dont_replay_attacks = no
-kb_dont_replay_denials = no
-kb_max_age = 864000
-#--- end of the KB section
-
-
-# If this option is set, OpenVAS will not scan a network incrementally
-# (10.0.0.1, then 10.0.0.2, 10.0.0.3 and so on..) but will attempt to
-# slice the workload throughout the whole network (ie: it will scan
-# 10.0.0.1, then 10.0.0.127, then 10.0.0.2, then 10.0.0.128 and so on...
-slice_network_addresses = no
-
-# Should consider all the NASL scripts as being signed ? (unsafe if set to 'yes')
nasl_no_signature_check = yes
-
-#Certificates
-cert_file=/var/lib/openvas/CA/servercert.pem
-key_file=/var/lib/openvas/private/CA/serverkey.pem
-ca_file=/var/lib/openvas/CA/cacert.pem
-
-# If you decide to protect your private key with a password,
-# uncomment and change next line
-# pem_password=password
-# If you want to force the use of a client certificate, uncomment next line
-# force_pubkey_auth = yes
-
-#end.
+drop_privileges = no
+unscanned_closed = yes
+unscanned_closed_udp = yes
+vhosts =
+vhosts_ip =
+report_host_details = yes
+
+#Redis listening socket (must be same with redis socket)
+kb_location = /tmp/redis.sock
+
+timeout_retry = 3
+time_between_request = 0
+
+#Config File
+config_file = /etc/openvas/openvassd.conf
+
+#Certificates (default these are not needed here but setup-check script looking for them)
+cert_file = /var/lib/openvas/CA/servercert.pem
+key_file = /var/lib/openvas/private/CA/serverkey.pem
+ca_file = /var/lib/openvas/CA/cacert.pem
diff --git a/net-analyzer/openvas-scanner/files/redis.conf.example b/net-analyzer/openvas-scanner/files/redis.conf.example
new file mode 100644
index 00000000000..6a41211aaae
--- /dev/null
+++ b/net-analyzer/openvas-scanner/files/redis.conf.example
@@ -0,0 +1,57 @@
+bind 127.0.0.1
+protected-mode yes
+port 0
+tcp-backlog 511
+unixsocket /tmp/redis.sock
+unixsocketperm 700
+timeout 0
+tcp-keepalive 300
+daemonize no
+supervised no
+pidfile /run/redis/redis.pid
+loglevel notice
+logfile /var/log/redis/redis.log
+databases 16
+always-show-logo yes
+stop-writes-on-bgsave-error yes
+rdbcompression yes
+rdbchecksum yes
+dbfilename dump.rdb
+dir /var/lib/redis/
+slave-serve-stale-data yes
+slave-read-only yes
+repl-diskless-sync no
+repl-diskless-sync-delay 5
+repl-disable-tcp-nodelay no
+slave-priority 100
+lazyfree-lazy-eviction no
+lazyfree-lazy-expire no
+lazyfree-lazy-server-del no
+slave-lazy-flush no
+appendonly no
+appendfilename "appendonly.aof"
+appendfsync everysec
+no-appendfsync-on-rewrite no
+auto-aof-rewrite-percentage 100
+auto-aof-rewrite-min-size 64mb
+aof-load-truncated yes
+aof-use-rdb-preamble no
+lua-time-limit 5000
+slowlog-log-slower-than 10000
+slowlog-max-len 128
+latency-monitor-threshold 0
+notify-keyspace-events ""
+hash-max-ziplist-entries 512
+hash-max-ziplist-value 64
+list-max-ziplist-size -2
+list-compress-depth 0
+set-max-intset-entries 512
+zset-max-ziplist-entries 128
+zset-max-ziplist-value 64
+hll-sparse-max-bytes 3000
+activerehashing yes
+client-output-buffer-limit normal 0 0 0
+client-output-buffer-limit slave 256mb 64mb 60
+client-output-buffer-limit pubsub 32mb 8mb 60
+hz 10
+aof-rewrite-incremental-fsync yes
diff --git a/net-analyzer/openvas-scanner/metadata.xml b/net-analyzer/openvas-scanner/metadata.xml
index 6f49eba8f49..fa26aa942e1 100644
--- a/net-analyzer/openvas-scanner/metadata.xml
+++ b/net-analyzer/openvas-scanner/metadata.xml
@@ -1,5 +1,15 @@
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE pkgmetadata SYSTEM "http://www.gentoo.org/dtd/metadata.dtd">
<pkgmetadata>
-<!-- maintainer-needed -->
+ <maintainer type="person">
+ <email>hasan.calisir@psauxit.com</email>
+ <name>Hasan ÇALIŞIR</name>
+ </maintainer>
+ <maintainer type="project">
+ <email>proxy-maint@gentoo.org</email>
+ <name>Proxy Maintainers</name>
+ </maintainer>
+ <use>
+ <flag name="extras">Html docs support</flag>
+ </use>
</pkgmetadata>
diff --git a/net-analyzer/openvas-scanner/openvas-scanner-5.1.3.ebuild b/net-analyzer/openvas-scanner/openvas-scanner-5.1.3.ebuild
new file mode 100644
index 00000000000..c0e59479a72
--- /dev/null
+++ b/net-analyzer/openvas-scanner/openvas-scanner-5.1.3.ebuild
@@ -0,0 +1,97 @@
+# Copyright 1999-2019 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=7
+
+CMAKE_MAKEFILE_GENERATOR="emake"
+inherit cmake-utils systemd
+MY_PN="openvas-scanner"
+
+DESCRIPTION="A remote security scanner for Linux (OpenVAS-scanner)"
+HOMEPAGE="http://www.openvas.org/"
+SRC_URI="https://github.com/greenbone/${MY_PN}/archive/v${PV}.tar.gz -> ${P}.tar.gz"
+
+SLOT="0"
+LICENSE="GPL-2"
+KEYWORDS="~amd64 ~x86"
+IUSE="extras"
+
+DEPEND="
+ dev-db/redis
+ dev-libs/libgcrypt:0=
+ >=net-analyzer/openvas-libraries-9.0.3
+ net-libs/gnutls:=[tools]
+ net-libs/libssh:=
+ extras? ( dev-perl/CGI )"
+
+RDEPEND="
+ ${DEPEND}
+ !net-analyzer/openvas-tools"
+
+BDEPEND="
+ sys-devel/bison
+ sys-devel/flex
+ virtual/pkgconfig
+ extras? ( app-doc/doxygen[dot]
+ app-doc/xmltoman
+ app-text/htmldoc
+ dev-perl/SQL-Translator
+ )"
+
+PATCHES=(
+ "${FILESDIR}/${P}-gcc8.patch"
+ "${FILESDIR}/${P}-nvt.patch"
+ "${FILESDIR}/${P}-cachedir.patch"
+)
+
+src_prepare() {
+ cmake-utils_src_prepare
+ # Fix for correct FHS/Gentoo policy paths for 5.1.3
+ sed -i "s*/doc/openvas-scanner/*/doc/openvas-scanner-${PV}/*g" "$S"/CMakeLists.txt || die
+ if use extras; then
+ doxygen -u "$S"/doc/Doxyfile_full.in || die
+ fi
+}
+
+src_configure() {
+ local mycmakeargs=(
+ "-DCMAKE_INSTALL_PREFIX=${EPREFIX}/usr"
+ "-DLOCALSTATEDIR=${EPREFIX}/var"
+ "-DSYSCONFDIR=${EPREFIX}/etc"
+ )
+ cmake-utils_src_configure
+}
+
+src_compile() {
+ cmake-utils_src_compile
+ if use extras; then
+ cmake-utils_src_make -C "${BUILD_DIR}" doc
+ cmake-utils_src_make doc-full -C "${BUILD_DIR}" doc
+ HTML_DOCS=( "${BUILD_DIR}"/doc/generated/html/. )
+ fi
+}
+
+src_install() {
+ cmake-utils_src_install
+
+ insinto /etc/openvas
+ doins "${FILESDIR}"/openvassd.conf "${FILESDIR}"/redis.conf.example
+
+ insinto /etc/openvas/sysconfig
+ doins "${FILESDIR}"/${MY_PN}-daemon.conf
+
+ insinto /etc/openvas/scripts
+ doins "${FILESDIR}"/openvas-feed-sync "${FILESDIR}"/first-start
+ fperms 0755 /etc/openvas/scripts/{openvas-feed-sync,first-start}
+
+ newinitd "${FILESDIR}/${MY_PN}.init" ${MY_PN}
+ newconfd "${FILESDIR}/${MY_PN}-daemon.conf" ${MY_PN}
+
+ insinto /etc/logrotate.d
+ newins "${FILESDIR}/${MY_PN}.logrotate" ${MY_PN}
+
+ systemd_newtmpfilesd "${FILESDIR}/${MY_PN}.tmpfiles.d" ${MY_PN}.conf
+ systemd_dounit "${FILESDIR}"/${MY_PN}.service
+
+ keepdir /var/lib/openvas/plugins
+}
^ permalink raw reply related [flat|nested] 8+ messages in thread
* [gentoo-commits] repo/gentoo:master commit in: net-analyzer/openvas-scanner/files/, net-analyzer/openvas-scanner/
@ 2019-08-12 4:54 Joonas Niilola
0 siblings, 0 replies; 8+ messages in thread
From: Joonas Niilola @ 2019-08-12 4:54 UTC (permalink / raw
To: gentoo-commits
commit: 8372f7b1ca8d51249a9594fdc5e8a24a73b13cc7
Author: Hasan ÇALIŞIR <hasan.calisir <AT> psauxit <DOT> com>
AuthorDate: Sat Aug 10 14:08:52 2019 +0000
Commit: Joonas Niilola <juippis <AT> gentoo <DOT> org>
CommitDate: Mon Aug 12 04:54:22 2019 +0000
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=8372f7b1
net-analyzer/openvas-scanner: drop old 5.0.4
Package-Manager: Portage-2.3.69, Repoman-2.3.16
Signed-off-by: Hasan ÇALIŞIR <hasan.calisir <AT> psauxit.com>
Signed-off-by: Joonas Niilola <juippis <AT> gentoo.org>
net-analyzer/openvas-scanner/Manifest | 1 -
net-analyzer/openvas-scanner/files/first-start | 634 ---------------------
.../openvas-scanner/files/openvas-feed-sync | 627 --------------------
.../openvas-scanner/files/openvas-nvt-sync-cron | 39 --
.../files/openvas-scanner-4.0.3-mkcertclient.patch | 29 -
.../files/openvas-scanner-4.0.3-rulesdir.patch | 15 -
.../files/openvas-scanner-4.0.3-run.patch | 17 -
net-analyzer/openvas-scanner/files/openvassd | 22 -
.../openvas-scanner/files/openvassd-daemon.conf | 26 -
net-analyzer/openvas-scanner/files/openvassd.init | 25 -
.../openvas-scanner/files/openvassd.logrotate | 11 -
.../openvas-scanner/files/openvassd.service | 16 -
.../openvas-scanner/files/openvassd.tmpfiles.d | 1 -
.../openvas-scanner-5.0.4-r1.ebuild | 72 ---
.../openvas-scanner/openvas-scanner-5.1.3.ebuild | 4 -
15 files changed, 1539 deletions(-)
diff --git a/net-analyzer/openvas-scanner/Manifest b/net-analyzer/openvas-scanner/Manifest
index 2bb7d462564..12763409b46 100644
--- a/net-analyzer/openvas-scanner/Manifest
+++ b/net-analyzer/openvas-scanner/Manifest
@@ -1,2 +1 @@
-DIST openvas-scanner-5.0.4.tar.gz 236282 BLAKE2B 3105afe0fd819773b33c8194e0addaad70af4692578fe3bfbd76166004ca99e25f2f22a946810fe52da747242f1e45bae00766c4687676ec70df2d7349fa4509 SHA512 51267f832a104897a497b5dc71d1b804de4db77742e2234d111a00b1e0e01536613b16ff48d23a37013178b016b39408a25d18a694980c7e6fc600824e05e149
DIST openvas-scanner-5.1.3.tar.gz 254159 BLAKE2B d90fa15e143ead53abce66f933a3a4cac327176cca0f23bd88fe771ed7726b1891784ae980644c8335e560d348753115e43cfae83af9704e2d1d02827163563f SHA512 5712ab275058877cfd656e268ed09c81db6617ae247c17092f1fcd037f692f2018daf21b09b82401f99a7361bb485f0e0f7d63f8ff2387839cfdd5a3aaf8424e
diff --git a/net-analyzer/openvas-scanner/files/first-start b/net-analyzer/openvas-scanner/files/first-start
deleted file mode 100755
index 95811a56b19..00000000000
--- a/net-analyzer/openvas-scanner/files/first-start
+++ /dev/null
@@ -1,634 +0,0 @@
-#!/bin/bash
-# Copyright 1999-2019 Gentoo Authors
-# Distributed under the terms of the GNU General Public License v2
-# This is OpenVAS first-start/check-setup script which make things automatically for first time use.
-
-
-##################################################################################################
-# If you use systemd or init.d(open-rc) for OpenVAS daemons you don't need to set below settings.#
-# If you don't use any of them you can set the below command args to start daemons manually. #
-##################################################################################################
-
-# OpenVAS Manager command args
-OPENVAS_MANAGER_OPTIONS="" # e.g --foreground
-OPENVAS_MANAGER_PORT="--port=9390" # Manager listen port
-OPENVAS_MANAGER_LISTEN_ADDRESS="--listen=127.0.0.1" # Manager listen address
-OPENVAS_MANAGER_SCANNER_HOST="--scanner-host=/var/run/openvassd.sock" # Scanner unix socket
-OPENVAS_MANAGER_GNUTLS_PRIORITIES="--gnutls-priorities=SECURE256:+SUITEB192:+SECURE192:+SECURE128:+SUITEB128:-MD5:-SHA1:-VERS-TLS1.0:-VERS-TLS1.1:-VERS-SSL3.0"
-
-# OpenVAS Scanner command args
-OPENVAS_SCANNER_OPTIONS="" # e.g --foreground
-OPENVAS_SCANNER_LISTEN_SOCKET="--unix-socket=/var/run/openvassd.sock" # Scanner listen socket
-
-# OpenVAS Security Assistant command args for reverse proxying | SSL PassThrough
-OPENVAS_SECURITY_ASSISTANT_OPTIONS="--no-redirect" # Don't listen port 80 anymore for reverse proxy
-OPENVAS_SECURITY_ASSISTANT_LISTEN_ADDRESS="--listen=127.0.0.1" # WebUI adress
-OPENVAS_SECURITY_ASSISTANT_LISTEN_PORT="--port=9392" # WebUI Port
-OPENVAS_SECURITY_ASSISTANT_MANAGER_LISTEN_ADDRESS="--mlisten=127.0.0.1" # WebUI Manager Address
-OPENVAS_SECURITY_ASSISTANT_MANAGER_PORT="--mport=9390" # WebUI Manager Port
-OPENVAS_SECURITY_ASSISTANT_GNUTLS_PRIORITIES="--gnutls-priorities=NORMAL" # TLS Settings
-
-#####################################################################################################
-
-# Update Environment
-source /etc/profile &>/dev/null
-source /etc/environment &>/dev/null
-source ~/.bash_profile &>/dev/null
-
-# Check the needed executables.They are in our environment and have +x?
-if ! [ -x "$(command -v openvasmd)" ] ||
- ! [ -x "$(command -v openvassd)" ] ||
- ! [ -x "$(command -v redis-server)" ] ||
- ! [ -x "$(command -v openvas-manage-certs)" ] ||
- ! [ -x "$(command -v greenbone-nvt-sync)" ] ||
- ! [ -x "$(command -v greenbone-scapdata-sync)" ] ||
- ! [ -x "$(command -v greenbone-certdata-sync)" ]; then
- path="1"
- else
- path="0"
-fi
-
-# Check Security-Assistant is exist
-if ! [ -x "$(command -v gsad)" ]; then
- gsad="1"
- else
- gsad="0"
-fi
-# Executables are not in our environment
-if [ $path -eq 1 ]; then
- echo "Can't find executables! If you installed OpenVAS to specific location e.g. /opt"
- echo "please add these PATHS to /etc/profile,also sure that they are executable"
- exit 1
-fi
-
-# Check systemd and enable services for Gentoo/Linux
-if command -v systemctl &>/dev/null; then
- systemctl="0"
- echo "systemd found."
- systemctl enable openvas-scanner.service &>/dev/null
- if [ $? -eq 0 ]; then
- echo "systemd.Gentoo --> openvas-scanner.service enabled."
- fi
- systemctl enable gvmd.service &>/dev/null
- if [ $? -eq 0 ]; then
- echo "systemd.Gentoo --> gvmd.service enabled."
- fi
- systemctl enable gsa.service &>/dev/null
- if [ $? -eq 0 ]; then
- echo "systemd.Gentoo --> gsa.service enabled."
- fi
- else
- systemctl="1"
-fi
-
-# Check open-rc if exist
-if command -v rc-service &>/dev/null; then
- open_rc="0"
- else
- open_rc="1"
-fi
-
-# open-rc variables
-if [ $systemctl -eq 1 ] && [ $open_rc -eq 0 ]; then
- echo "open-rc found."
- scanner_init="0"
- manager_init="0"
- assistant_init="0"
- redis_init="0"
-fi
-
-# Check status of OpenVAS-Scanner systemd unit
-if [ $systemctl -eq 0 ] &&
- ([ "$(systemctl is-active openvas-scanner.service)" = "active" ] ||
- [ "$(systemctl list-unit-files | grep 'enabled' | grep 'openvas-scanner.service' | awk '{print $1}')" = "openvas-scanner.service" ]); then
- scanner="0"
- else
- scanner="1"
-fi
-
-# Check status of OpenVAS-Manager systemd unit
-if [ $systemctl -eq 0 ] &&
- ([ "$(systemctl is-active gvmd.service)" = "active" ] ||
- [ "$(systemctl list-unit-files | grep 'enabled' | grep 'gvmd.service' | awk '{print $1}')" = "gvmd.service" ]); then
- manager="0"
- else
- manager="1"
-fi
-
-# Check status of OpenVAS-Assistant systemd unit
-if [ $systemctl -eq 0 ] &&
- ([ "$(systemctl is-active gsa.service)" = "active" ] ||
- [ "$(systemctl list-unit-files | grep 'enabled' | grep 'gsa.service' | awk '{print $1}')" = "gsa.service" ]); then
- assistant="0"
- else
- assistant="1"
-fi
-
-# Check status of Redis systemd unit
-if [ $systemctl -eq 0 ] &&
- ([ "$(systemctl is-active redis.service)" = "active" ] ||
- [ "$(systemctl list-unit-files | grep 'enabled' | grep 'redis.service' | awk '{print $1}')" = "redis.service" ]); then
- redis="0"
- else
- redis="1"
-fi
-
-# We need to find correct service name for restarting.
-if [ $scanner -eq 1 ] || [ $manager -eq 1 ] || [ $assistant -eq 1 ] || [ $redis -eq 1 ]; then
- WHICHM="ExecStart=$(type openvasmd | awk '{print $3}')"
- WHICHS="ExecStart=$(type openvassd | awk '{print $3}')"
- WHICHA="ExecStart=$(type gsad | awk '{print $3}')"
- WHICHR="ExecStart=$(type redis-server | awk '{print $3}')"
-
- # If you have unordinary systemd path you can add here
- DIR="/lib/systemd/system/
- /etc/systemd/system/
- /usr/lib/systemd/system/
- /usr/local/lib/systemd/system/"
-
- # Find OpenVAS daemons systemd files if exist
- for i in $DIR; do
- if [ -d "$i" ]; then
- grep -rilnw "$i" -e "$WHICHM" | cut -d: -f1 | grep -oP "$i\K.*" &>>/tmp/openvas_GVM_manager_service.out
- grep -rilnw "$i" -e "$WHICHS" | cut -d: -f1 | grep -oP "$i\K.*" &>>/tmp/openvas_GVM_scanner_service.out
- grep -rilnw "$i" -e "$WHICHA" | cut -d: -f1 | grep -oP "$i\K.*" &>>/tmp/openvas_GVM_assistant_service.out
- grep -rilnw "$i" -e "$WHICHR" | cut -d: -f1 | grep -oP "$i\K.*" &>>/tmp/openvas_GVM_redis_service.out
- fi
- done
-
- manager_service="$(while IFS= read -r service; do
- systemctl list-unit-files | grep -P "(^|\s)\K$service(?=\s|$)" | awk '{print $1}'
- done < /tmp/openvas_GVM_manager_service.out)"
- scanner_service="$(while IFS= read -r service; do
- systemctl list-unit-files | grep -P "(^|\s)\K$service(?=\s|$)" | awk '{print $1}'
- done < /tmp/openvas_GVM_scanner_service.out)"
- assistant_service="$(while IFS= read -r service; do
- systemctl list-unit-files | grep -P "(^|\s)\K$service(?=\s|$)" | awk '{print $1}'
- done < /tmp/openvas_GVM_assistant_service.out)"
- redis_service="$(while IFS= read -r service; do
- systemctl list-unit-files | grep -P "(^|\s)\K$service(?=\s|$)" | awk '{print $1}'
- done < /tmp/openvas_GVM_redis_service.out)"
-
- rm -rf /tmp/openvas_GVM*
- COUNTM=$(wc -w <<< "${manager_service}")
- COUNTS=$(wc -w <<< "${scanner_service}")
- COUNTA=$(wc -w <<< "${assistant_service}")
- COUNTR=$(wc -w <<< "${redis_service}")
-
- if [ -n "$manager_service" ] && [ $manager -eq 1 ]; then
- if [ "$(systemctl list-unit-files | grep 'enabled' | grep $manager_service | awk '{print $1}')" = "$manager_service" ]; then
- echo "systemd --> OpenVAS Manager '$manager_service' found."
- else
- echo "systemd --> '$manager_service' found but not enabled."
- echo "are you sure this is the correct systemd service for Openvas Manager"
- while true; do
- read -n 1 -p "do you want to enable '$manager_service'? --> (Y)es | (N)o | (Q)uit" answer
- echo
- case $answer in
- [Yy]* ) systemctl enable "$manager_service" &>/dev/null; echo "systemd --> '$manager_service' enabled"; break;;
- [Nn]* ) manager_service=""; echo "it seems you are not sure.ok i don't use $manager_service"; break;;
- [Qq]* ) exit;;
- * ) echo "Please answer yes,no or quit.";;
- esac
- done
- fi
- fi
-
- if [ -n "$scanner_service" ] && [ $scanner -eq 1 ]; then
- if [ "$(systemctl list-unit-files | grep 'enabled' | grep $scanner_service | awk '{print $1}')" = "$scanner_service" ]; then
- echo "systemd --> OpenVAS Scanner '$scanner_service' found."
- else
- echo "systemd --> '$scanner_service' found but not enabled."
- echo "are you sure this is the correct systemd service for Openvas Scanner"
- while true; do
- read -n 1 -p "do you want to enable '$scanner_service'? --> (Y)es | (N)o | (Q)uit" answer
- echo
- case $answer in
- [Yy]* ) systemctl enable "$scanner_service" &>/dev/null; echo "systemd --> '$scanner_service' enabled"; break;;
- [Nn]* ) scanner_service=""; echo "it seems you are not sure.ok i don't use $scanner_service"; break;;
- [Qq]* ) exit;;
- * ) echo "Please answer yes,no or quit.";;
- esac
- done
- fi
- fi
-
- if [ -n "$assistant_service" ] && [ $scanner -eq 1 ]; then
- if [ "$(systemctl list-unit-files | grep 'enabled' | grep $assistant_service | awk '{print $1}')" = "$assistant_service" ]; then
- echo "systemd --> GSA '$assistant_service' found."
- else
- echo "systemd --> '$assistant_service' found but not enabled."
- echo "are you sure this is the correct systemd service for Greenbone Security Assistant"
- while true; do
- read -n 1 -p "do you want to enable '$assistant_service'? --> (Y)es | (N)o | (Q)uit" answer
- echo
- case $answer in
- [Yy]* ) systemctl enable "$assistant_service" &>/dev/null; echo "systemd --> '$assistant_service' enabled"; break;;
- [Nn]* ) assistant_service=""; echo "it seems you are not sure.ok i don't use $assistant_service"; break;;
- [Qq]* ) exit;;
- * ) echo "please answer yes,no or quit.";;
- esac
- done
- fi
- fi
-
- if [ -n "$redis_service" ] && [ $scanner -eq 1 ]; then
- if [ "$(systemctl list-unit-files | grep 'enabled' | grep $redis_service | awk '{print $1}')" = "$redis_service" ]; then
- echo "systemd --> redis '$redis_service' found."
- else
- echo "systemd --> '$redis_service' found but not enabled."
- echo "are you sure this is the correct systemd service for redis-server"
- while true; do
- read -n 1 -p "do you want to enable '$redis_service'? --> (Y)es | (N)o | (Q)uit" answer
- echo
- case $answer in
- [Yy]* ) systemctl enable "$redis_service" &>/dev/null; echo "systemd --> '$redis_service' enabled"; break;;
- [Nn]* ) redis_service=""; echo "it seems you are not sure.ok i don't use $redis_service"; break;;
- [Qq]* ) exit;;
- * ) echo "please answer yes,no or quit.";;
- esac
- done
- fi
- fi
-
- if [ $COUNTM -gt 1 ] || [ $COUNTS -gt 1 ] || [ $COUNTR -gt 1 ]; then
- echo "you have more than one enabled systemd service for single daemon"
- echo " check OpenVAS and Redis systemd unit files to fix it"
- exit 1
- fi
-fi
-
-restart_redis () {
-if [ $redis -eq 0 ]; then
- systemctl restart redis.service &>/dev/null
- if [ $? -eq 0 ]; then
- echo "systemd --> redis.service is restarted."
- else
- echo "systemd --> redis.service cannot restarted."
- exit 1
- fi
-elif [[ -n "$redis_service" ]]; then
- systemctl restart "$redis_service" &>/dev/null
- if [ $? -eq 0 ]; then
- echo "systemd --> $redis_service is restarted."
- else
- echo "systemd --> $redis_service cannot restarted."
- exit 1
- fi
-elif [[ -n "$redis_init" ]]; then
- rc-service redis stop
- sleep 5
- rc-service redis start
- if [ $? -eq 0 ]; then
- echo "open-rc --> redis is restarted."
- else
- echo "open-rc --> redis cannot restarted."
- exit 1
- fi
-fi
-}
-
-build_nvt () {
-if ps aux | grep -v "grep" | grep -P "(^|\s)\Kopenvassd:(?=\s|$)" &>/dev/null; then
- ps aux | grep -v "grep" | grep -P "(^|\s)\Kopenvassd:(?=\s|$)" | awk '{print $2}' | xargs kill -9 &>/dev/null
- openvassd --foreground --only-cache &>/dev/null
- if [ $? -eq 0 ]; then
- echo "building NVT cache is done."
- else
- echo "building NVT cache is failed.."
- exit 1
- fi
- else
- openvassd --foreground --only-cache &>/dev/null
- if [ $? -eq 0 ]; then
- echo "building NVT cache is done."
- else
- echo "building NVT cache is failed.."
- exit 1
- fi
-fi
-}
-
-create_user () {
-GREEN="`tput setaf 2`"
-RED="`tput setaf 1`"
-norm="`tput sgr0`"
-echo "creating WebUI User.."
-openvasmd --create-user=admin --role=Admin &>/tmp/openvas_user.out
-if [ $? -eq 0 ]; then
- username="admin"
- password="$(cat /tmp/openvas_user.out | awk '{print $5}' | cut -c2-)"
- echo "${RED}!WebUI Address : ${GREEN}127.0.0.1:9392"
- echo "${RED}!WebUI Username: ${GREEN}$username"
- echo "${RED}!WebUI Password: ${GREEN}${password%??}${norm}"
- else
- echo "$(cat /tmp/openvas_user.out)"
- echo "these are active users for WebUI"
- openvasmd --get-users
-fi
-rm -rf /tmp/openvas_user.out
-}
-
-# Redis & OpenVAS Scanner socket connection check for Gentoo/Linux
-if [[ -e /etc/redis.conf ]]; then
- if [ "$(openvassd -s | grep 'kb_location' | awk '{print $3}')" = "$(cat /etc/redis.conf | grep -P '(^|\s)\Kunixsocket(?=\s|$)' | awk '{print $2}')" ]; then
- echo "redis server properly configured."
- else
- redis_sock="$(openvassd -s | grep 'kb_location' | awk '{print $3}')"
- echo "redis server is not properly configured."
- echo "be sure redis server listening unix socket at $redis_sock"
- echo "you can find example redis.conf file in /etc/openvas/redis.conf.example"
- exit 1
- fi
-fi
-
-# Redis & OpenVAS Scanner socket connection check for other linux distros
-if [[ -e /etc/redis/redis.conf ]]; then
- if [ "$(openvassd -s | grep 'kb_location' | awk '{print $3}')" = "$(cat /etc/redis/redis.conf | grep -P '(^|\s)\Kunixsocket(?=\s|$)' | awk '{print $2}')" ]; then
- echo "redis server properly configured."
- else
- redis_sock="$(openvassd -s | grep 'kb_location' | awk '{print $3}')"
- echo "redis server is not properly configured."
- echo "be sure redis server listening unix socket at $redis_sock"
- exit 1
- fi
-fi
-
-# Create certificates for fresh install
-openvas-manage-certs -a &>/dev/null
-if [ $? -eq 0 ]; then
- echo "certificates created."
-
-elif [ "$(openvas-manage-certs -a | grep -ow 'Existing')" = "Existing" ]; then
- echo "certificates already created."
-
-else
- echo "certificates cannot created."
- exit 1
-fi
-
-# Start to update FEED & First NVT.
-try=0
-until [ $try -ge 5 ]; do
- greenbone-nvt-sync &>/dev/null && break
- echo "can't connected! trying to update greenbone-nvt again.."
- try=$[$try+1]
- sleep 30
-done
-
-# Check status
-if [ $? -eq 0 ]; then
- echo "greenbone-nvt-sync is done."
- # Avoid your IP temporary banned because of multiple connection
- sleep 5
- # Try to update scapdata.
- try=0
- until [ $try -ge 5 ]; do
- greenbone-scapdata-sync &>/dev/null && break
- echo "can't connected! trying to update greenbone-scapdata again.."
- try=$[$try+1]
- sleep 30
- done
- # Check status
- if [ $? -eq 0 ]; then
- echo "greenbone-scapdata-sync is done."
- # Avoid your IP temporary banned because of multiple connection
- sleep 5
- # Try to update certdata
- try=0
- until [ $try -ge 5 ]; do
- greenbone-certdata-sync &>/dev/null && break
- echo "can't connected! Trying to update greenbone-certdata again.."
- try=$[$try+1]
- sleep 30
- done
- # Check status
- if [ $? -eq 0 ]; then
- echo "greenbone-certdata-sync is done."
- echo "building NVT cache this will take some time.."
- build_nvt
- # Check OpenVAS-Scanner is running
- if ps aux | grep -v "grep" | grep -P "(^|\s)\Kopenvassd:(?=\s|$)" &>/dev/null; then
- echo "OpenVAS-Scanner is running."
- echo "building Database this will take some time.."
- openvasmd --rebuild --progress &>/dev/null
- elif [ $scanner -eq 0 ]; then
- # Start OpenVAS-Scanner systemd unit & Rebuild Cache
- echo "systemd --> OpenVAS-Scanner is not running! trying to up.."
- systemctl start openvas-scanner.service &>/dev/null
- if [ $? -eq 0 ]; then
- # Wait for initialize
- until [ "$(ps aux | grep -v 'grep' | grep -ow 'openvassd: Waiting')" = "openvassd: Waiting" ]; do
- sleep 15
- echo "waiting for OpenVAS-Scanner to become ready.."
- done
- echo "systemd --> openvas-scanner.service started and waiting for connection."
- echo "building database this will take some time.."
- # Rebuild Cache
- openvasmd --rebuild --progress &>/dev/null
- else
- echo "systemd --> openvas-scanner.service cannot started.."
- exit 1
- fi
- elif [[ -n "$scanner_service" ]]; then
- echo "systemd --> OpenVAS-Scanner is down! trying to up.."
- systemctl start "$scanner_service" &>/dev/null
- if [ $? -eq 0 ]; then
- # Wait for initialize
- until [ "$(ps aux | grep -v 'grep' | grep -ow 'openvassd: Waiting')" = "openvassd: Waiting" ]; do
- sleep 15
- echo "waiting for OpenVAS-Scanner to become ready.."
- done
- echo "systemd --> $scanner_service is started and waiting for connection."
- echo "building database this will take some time.."
- # Rebuild Cache
- openvasmd --rebuild --progress &>/dev/null
- else
- echo "systemd --> $scanner_service cannot started.."
- exit 1
- fi
- elif [[ -n "$scanner_init" ]]; then
- # Start OpenVAS-Scanner with init.d (open-rc) & Rebuild Cache
- echo "open-rc --> OpenVAS-Scanner is down! trying to up.."
- rc-service openvas-scanner start &>/dev/null
- if [ $? -eq 0 ]; then
- # Wait for initialize
- until [ "$(ps aux | grep -v 'grep' | grep -ow 'openvassd: Waiting')" = "openvassd: Waiting" ]; do
- sleep 15
- echo "waiting for OpenVAS-Scanner to become ready.."
- done
- echo "rc-service --> openvas-scanner started and waiting for connection."
- echo "building database this will take some time.."
- # Rebuild Cache
- openvasmd --rebuild --progress &>/dev/null
- else
- echo "rc-service --> openvas-scanner cannot started.."
- exit 1
- fi
- else
- echo "OpenVAS-Scanner is not running! Trying to up.."
- openvassd "$OPENVAS_SCANNER_OPTIONS" "$OPENVAS_SCANNER_LISTEN_SOCKET" &>/dev/null
- # Wait for initialize
- if [ $? -eq 0 ]; then
- until [ "$(ps aux | grep -v 'grep' | grep -ow 'openvassd: Waiting')" = "openvassd: Waiting" ]; do
- sleep 15
- echo "waiting for OpenVAS-Scanner to become ready.."
- done
- else
- echo "OpenVAS Scanner cannot started manually.."
- exit 1
- fi
- echo "OpenVAS-Scanner started manually and waiting for connection."
- echo "building database this will take some time.."
- # Rebuild Cache
- openvasmd --rebuild --progress &>/dev/null
- fi
- # Check status
- if [ $? -eq 0 ]; then
- echo "building database is done"
- create_user
- # Restart OpenVAS-Scanner
- if [ $scanner -eq 0 ]; then
- ps aux | grep -v "grep" | grep -P "(^|\s)\Kopenvassd:(?=\s|$)" | awk '{print $2}' | xargs kill -9 &>/dev/null
- restart_redis
- sleep 3
- systemctl restart openvas-scanner.service &>/dev/null
- elif [[ -n "$scanner_service" ]]; then
- ps aux | grep -v "grep" | grep -P "(^|\s)\Kopenvassd:(?=\s|$)" | awk '{print $2}' | xargs kill -9 &>/dev/null
- restart_redis
- sleep 3
- systemctl restart "$scanner_service" &>/dev/null
- elif [[ -n "$scanner_init" ]]; then
- ps aux | grep -v "grep" | grep -P "(^|\s)\Kopenvassd:(?=\s|$)" | awk '{print $2}' | xargs kill -9 &>/dev/null
- restart_redis
- sleep 3
- rc-service openvas-scanner start &>/dev/null
- else
- ps aux | grep -v "grep" | grep -P "(^|\s)\Kopenvassd:(?=\s|$)" | awk '{print $2}' | xargs kill -9 &>/dev/null
- restart_redis
- sleep 3
- openvassd "$OPENVAS_SCANNER_OPTIONS" "$OPENVAS_SCANNER_LISTEN_SOCKET" &>/dev/null
- fi
- if [ $? -eq 0 ]; then
- until [ "$(ps aux | grep -v 'grep' | grep -ow 'openvassd: Waiting')" = "openvassd: Waiting" ]; do
- sleep 10
- echo "waiting for OpenVAS-Scanner to become ready.."
- done
- echo "OpenVAS-Scanner is restarted."
- # Restart OpenVAS-Manager
- if [ $manager -eq 0 ]; then
- ps aux | grep -v "grep" | grep -P "(^|\s)\Kopenvasmd(?=\s|$)" | awk '{print $2}' | xargs kill -9 &>/dev/null
- sleep 5
- systemctl restart gvmd.service &>/dev/null
- if [ $? -eq 0 ]; then
- success="0"
- echo "systemd --> gvmd.service is restarted."
- echo "OpenVAS setup is ok."
- else
- echo "systemd --> gvmd.service cannot restarted."
- echo "OpenVAS setup is not ok!"
- exit 1
- fi
- elif [[ -n "$manager_service" ]]; then
- ps aux | grep -v "grep" | grep -P "(^|\s)\Kopenvasmd(?=\s|$)" | awk '{print $2}' | xargs kill -9 &>/dev/null
- sleep 5
- systemctl restart "$manager_service" &>/dev/null
- if [ $? -eq 0 ]; then
- success="0"
- echo "systemd --> $manager_service is restarted"
- echo "OpenVAS setup is ok."
- else
- echo "systemd --> $manager_service cannot restarted"
- echo "OpenVAS setup is not ok!"
- exit 1
- fi
- elif [[ -n "$manager_init" ]]; then
- ps aux | grep -v "grep" | grep -P "(^|\s)\Kopenvasmd(?=\s|$)" | awk '{print $2}' | xargs kill -9 &>/dev/null
- sleep 5
- rc-service gvmd start &>/dev/null
- if [ $? -eq 0 ]; then
- success="0"
- echo "open-rc --> gvmd is restarted"
- echo "OpenVAS setup is ok."
- else
- echo "open-rc --> gvmd cannot restarted"
- echo "OpenVAS setup is not ok!"
- exit 1
- fi
- else
- ps aux | grep -v "grep" | grep -P "(^|\s)\Kopenvasmd(?=\s|$)" | awk '{print $2}' | xargs kill -9 &>/dev/null
- sleep 5
- openvasmd "$OPENVAS_MANAGER_OPTIONS" "$OPENVAS_MANAGER_PORT" "$OPENVAS_MANAGER_LISTEN_ADDRESS" "$OPENVAS_MANAGER_SCANNER_HOST" "$OPENVAS_MANAGER_GNUTLS_PRIORITIES" &>/dev/null
- if [ $? -eq 0 ]; then
- success="0"
- echo "OpenVAS-Manager is restarted manually"
- echo "OpenVAS setup is ok."
- else
- echo "OpenVAS-Manager cannot restarted"
- echo "OpenVAS setup is not ok!"
- exit 1
- fi
- fi
- else
- echo "OpenVAS setup is not ok! OpenVAS-scanner cannot restarted."
- fi
- else
- echo "OpenVAS setup is not ok! OpenVAS database build failed."
- fi
- else
- echo "OpenVAS setup is not ok! OpenVAS Certdata sync failed."
- fi
- else
- echo "OpenVAS setup is not ok! OpenVAS Scapdata sync failed."
- fi
- else
- echo "OpenVAS setup is not ok! OpenVAS NVT sync update failed."
-fi
-
-# Restart WebUI
-if [[ -n "$success" ]] && [ $gsad -eq 0 ]; then
- WHICHA="$(type gsad | awk '{print $3}')"
- if [ $assistant -eq 0 ]; then
- # Time to restart OpenVAS-Security Assistant
- ps aux | grep -v "grep" | grep -P "(^|\s)\K$WHICHA(?=\s|$)" | awk '{print $2}' | xargs kill -9 &>/dev/null
- sleep 5
- systemctl restart gsa.service &>/dev/null
- if [ $? -eq 0 ]; then
- echo "systemd --> gsa.service (OpenVAS WebUI) is restarted and ready for connection"
- else
- echo "systemd --> gsa.service (OpenVAS-WebUI) cannot restarted"
- fi
- elif [[ -n "$assistant_service" ]]; then
- if [ $COUNTA -eq 1 ]; then
- ps aux | grep -v "grep" | grep -P "(^|\s)\K$WHICHA(?=\s|$)" | awk '{print $2}' | xargs kill -9 &>/dev/null
- sleep 5
- systemctl restart "$assistant_service" &>/dev/null
- if [ $? -eq 0 ]; then
- echo "systemd --> $assistant_service (OpenVAS WebUI) is restarted and ready for connection"
- else
- echo "systemd --> $assistan_service (OpenVAS WebUI) cannot restarted."
- fi
- else
- echo "systemd --> OpenVAS WebUI cannot restarted! you have multiple enabled systemd services ($assistant_service)"
- exit 1
- fi
- elif [[ -n "$assistant_init" ]]; then
- ps aux | grep -v "grep" | grep -P "(^|\s)\K$WHICHA(?=\s|$)" | awk '{print $2}' | xargs kill -9 &>/dev/null
- sleep 5
- rc-service gsa start &>/dev/null
- if [ $? -eq 0 ]; then
- echo "open-rc --> gsa (OpenVAS WebUI) is restarted"
- else
- echo "open-rc --> gsa (OpenVAS WebUI) cannot restarted."
- fi
- else
- ps aux | grep -v "grep" | grep -P "(^|\s)\K$WHICHA(?=\s|$)" | awk '{print $2}' | xargs kill -9 &>/dev/null
- sleep 5
- gsad "$OPENVAS_SECURITY_ASSISTANT_OPTIONS" "$OPENVAS_SECURITY_ASSISTANT_LISTEN_ADDRESS" "$OPENVAS_SECURITY_ASSISTANT_LISTEN_PORT" "$OPENVAS_SECURITY_ASSISTANT_MANAGER_LISTEN_ADDRESS" "$OPENVAS_SECURITY_ASSISTANT_MANAGER_LISTEN_PORT" "$OPENVAS_SECURITY_ASSISTANT_GNUTLS_PRIORITIES" &>/dev/null
- if [ $? -eq 0 ]; then
- echo "OpenVAS WebUI is restarted"
- else
- echo "OpenVAS WebUI cannot restarted"
- fi
- fi
-fi
diff --git a/net-analyzer/openvas-scanner/files/openvas-feed-sync b/net-analyzer/openvas-scanner/files/openvas-feed-sync
deleted file mode 100755
index de1c69038ab..00000000000
--- a/net-analyzer/openvas-scanner/files/openvas-feed-sync
+++ /dev/null
@@ -1,627 +0,0 @@
-#!/bin/bash
-# Copyright 1999-2019 Gentoo Authors
-# Distributed under the terms of the GNU General Public License v2
-# This is OpenVAS cron script that updates feed and reload daemons.
-# Hasan ÇALIŞIR hsntgm@gmail.com | proxy maintainer
-
-# Mail settings
-MAIL_TO="root"
-MAIL_SUBJECT="CronJob-OpenVAS"
-
-# If you don't use systemd or open-rc for OpenVAS daemons you can set start command args here
-# while we manually start/restart them.
-####################################################################################################
-
-# OpenVAS Manager command args
-OPENVAS_MANAGER_OPTIONS="" # e.g --foreground
-OPENVAS_MANAGER_PORT="--port=9390" # Manager listen port
-OPENVAS_MANAGER_LISTEN_ADDRESS="--listen=127.0.0.1" # Manager listen address
-OPENVAS_MANAGER_SCANNER_HOST="--scanner-host=/var/run/openvassd.sock" # Scanner unix socket
-OPENVAS_MANAGER_GNUTLS_PRIORITIES="--gnutls-priorities=SECURE256:+SUITEB192:+SECURE192:+SECURE128:+SUITEB128:-MD5:-SHA1:-VERS-TLS1.0:-VERS-TLS1.1:-VERS-SSL3.0"
-
-# OpenVAS Scanner command args
-OPENVAS_SCANNER_OPTIONS="" # e.g --foreground
-OPENVAS_SCANNER_LISTEN_SOCKET="--unix-socket=/var/run/openvassd.sock" # Scanner listen socket
-
-# OpenVAS Security Assistant command args for reverse proxying | SSL PassThrough
-OPENVAS_SECURITY_ASSISTANT_OPTIONS="--no-redirect" # Don't listen port 80 anymore
-OPENVAS_SECURITY_ASSISTANT_LISTEN_ADDRESS="--listen=127.0.0.1" # WebUI adress
-OPENVAS_SECURITY_ASSISTANT_LISTEN_PORT="--port=9392" # WebUI Port
-OPENVAS_SECURITY_ASSISTANT_MANAGER_LISTEN_ADDRESS="--mlisten=127.0.0.1" # WebUI Manager Address
-OPENVAS_SECURITY_ASSISTANT_MANAGER_PORT="--mport=9390" # WebUI Manager Port
-OPENVAS_SECURITY_ASSISTANT_GNUTLS_PRIORITIES="--gnutls-priorities=NORMAL" # TLS Settings
-
-#####################################################################################################
-
-# Update Environment
-source /etc/profile &>/dev/null
-source /etc/environment &>/dev/null
-source ~/.bash_profile &>/dev/null
-
-# Check the needed executables if they are in our environment and have +x
-if ! [ -x "$(command -v openvasmd)" ] || ! [ -x "$(command -v openvassd)" ] || ! [ -x "$(command -v redis-server)" ]; then
- path="1"
- else
- path="0"
-fi
-
-# Check Security-Assistant is exist
-if ! [ -x "$(command -v gsad)" ]; then
- gsad="1"
- else
- gsad="0"
-fi
-
-# Executables are not in our environment
-if [ $path -eq 1 ]; then
- echo "OpenVAS CronJob Failed! If you installed OpenVAS to specific location e.g. /opt" | tee -a /tmp/openvas_mail.out
- echo "please add these PATHS to /etc/profile e.g. 'PATH=$PATH:/opt/openvas/bin:/opt/openvas/sbin'" | tee -a /tmp/openvas_mail.out
- echo "also sure that they are executable e.g. 'chmod +x /opt/openvas/sbin/openvassd'" | tee -a /tmp/openvas_mail.out
- echo -e "Subject:$MAIL_SUBJECT\n$(cat /tmp/openvas_mail.out)" | sendmail -t "$MAIL_TO" &>/dev/null
- exit 1
-fi
-
-# Check systemd if exist
-if command -v systemctl &>/dev/null; then
- systemctl="0"
- else
- systemctl="1"
-fi
-
-# Check open-rc if exist
-if command -v rc-service &>/dev/null; then
- open_rc="0"
- else
- open_rc="1"
-fi
-
-# open-rc variables
-if [ $systemctl -eq 1 ] && [ $open_rc -eq 0 ]; then
- scanner_init="0"
- manager_init="0"
- assistant_init="0"
- redis_init="0"
-fi
-
-# Check OpenVAS-Scanner systemd unit(common name) is active or enabled
-if [ $systemctl -eq 0 ] && ([ "$(systemctl is-active openvassd.service)" = "active" ] || [ "$(systemctl list-unit-files | grep 'enabled' | grep 'openvassd.service' | awk '{print $1}')" = "openvassd.service" ]); then
- scanner="0"
- else
- scanner="1"
-fi
-
-# Check OpenVAS-Manager systemd unit(common name) is active or enabled
-if [ $systemctl -eq 0 ] && ([ "$(systemctl is-active openvasmd.service)" = "active" ] || [ "$(systemctl list-unit-files | grep 'enabled' | grep 'openvasmd.service' | awk '{print $1}')" = "openvasmd.service" ]); then
- manager="0"
- else
- manager="1"
-fi
-
-# Check OpenVAS-Assistant systemd unit(common name) is active or not
-if [ $systemctl -eq 0 ] && ([ "$(systemctl is-active gsad.service)" = "active" ] || [ "$(systemctl list-unit-files | grep 'enabled' | grep 'gsad.service' | awk '{print $1}')" = "gsad.service" ]); then
- assistant="0"
- else
- assistant="1"
-fi
-
-# Check Redis systemd unit(common name) is active or not
-if [ $systemctl -eq 0 ] && ([ "$(systemctl is-active redis.service)" = "active" ] || [ "$(systemctl list-unit-files | grep 'enabled' | grep 'redis.service' | awk '{print $1}')" = "redis.service" ]); then
- redis="0"
- else
- redis="1"
-fi
-
-# If you don't use common systemd service names for OpenVAS
-# We need to find correct service name for restarting.
-if [ $scanner -eq 1 ] || [ $manager -eq 1 ]; then
- WHICHM="ExecStart=$(type openvasmd | awk '{print $3}')"
- WHICHS="ExecStart=$(type openvassd | awk '{print $3}')"
- WHICHA="ExecStart=$(type gsad | awk '{print $3}')"
- WHICHR="ExecStart=$(type redis-server | awk '{print $3}')"
-
- # If you have unordinary systemd services PATH you can add here
- DIR="/lib/systemd/system/
- /etc/systemd/system/
- /usr/lib/systemd/system/
- /usr/local/lib/systemd/system/"
-
- # Find OpenVAS daemons systemd files
- for i in $DIR; do
- if [ -d "$i" ]; then
- grep -rilnw "$i" -e "$WHICHM" | cut -d: -f1 | grep -oP "$i\K.*" &>>/tmp/openvas_GVM_manager_service.out
- grep -rilnw "$i" -e "$WHICHS" | cut -d: -f1 | grep -oP "$i\K.*" &>>/tmp/openvas_GVM_scanner_service.out
- grep -rilnw "$i" -e "$WHICHA" | cut -d: -f1 | grep -oP "$i\K.*" &>>/tmp/openvas_GVM_assistant_service.out
- grep -rilnw "$i" -e "$WHICHR" | cut -d: -f1 | grep -oP "$i\K.*" &>>/tmp/openvas_GVM_redis_service.out
- fi
- done
-
- # Time to get our exact systemd service searching in enabled services
- manager_service="$(while IFS= read -r service; do
- systemctl list-unit-files | grep "enabled" | grep -P "(^|\s)\K$service(?=\s|$)" | awk '{print $1}'
- done < /tmp/openvas_GVM_manager_service.out)"
-
- scanner_service="$(while IFS= read -r service; do
- systemctl list-unit-files | grep "enabled" | grep -P "(^|\s)\K$service(?=\s|$)" | awk '{print $1}'
- done < /tmp/openvas_GVM_scanner_service.out)"
-
- assistant_service="$(while IFS= read -r service; do
- systemctl list-unit-files | grep "enabled" | grep -P "(^|\s)\K$service(?=\s|$)" | awk '{print $1}'
- done < /tmp/openvas_GVM_assistant_service.out)"
-
- redis_service="$(while IFS= read -r service; do
- systemctl list-unit-files | grep "enabled" | grep -P "(^|\s)\K$service(?=\s|$)" | awk '{print $1}'
- done < /tmp/openvas_GVM_redis_service.out)"
-
- rm -rf /tmp/openvas_GVM*
- COUNTM=$(wc -w <<< "${manager_service}")
- COUNTS=$(wc -w <<< "${scanner_service}")
- COUNTA=$(wc -w <<< "${assistant_service}")
- COUNTR=$(wc -w <<< "${redis_service}")
-
- if [ $COUNTM -gt 1 ] || [ $COUNTS -gt 1 ] || [ $COUNTR -gt 1 ]; then
- echo "OpenVAS CronJob Failed! You have multiple enabled systemd service for single OpenVAS daemon or redis" | tee -a /tmp/openvas_mail.out
- echo -e "Subject:$MAIL_SUBJECT\n$(cat /tmp/openvas_mail.out)" | sendmail -t "$MAIL_TO" &>/dev/null
- exit 1
- fi
-fi
-
-# Start to update FEED & First NVT.
-try=0
-until [ $try -ge 5 ]; do
- greenbone-nvt-sync &>/dev/null && break
- echo "Can't connected! Trying to update greenbone-nvt again.." &>>/tmp/openvas_mail.out
- try=$[$try+1]
- sleep 30
-done
-
-# Check status
-if [ $? -eq 0 ]; then
- echo "greenbone-nvt-sync is done" &>>/tmp/openvas_mail.out
- # Avoid your IP temporary banned because of multiple connection
- sleep 5
- # Try to update scapdata.
- try=0
- until [ $try -ge 5 ]; do
- greenbone-scapdata-sync &>/dev/null && break
- echo "Can't connected! Trying to update greenbone-scapdata again.." &>>/tmp/openvas_mail.out
- try=$[$try+1]
- sleep 30
- done
-
- # Check status
- if [ $? -eq 0 ]; then
- echo "greenbone-scapdata-sync is done" &>>/tmp/openvas_mail.out
- # Avoid your IP temporary banned because of multiple connection
- sleep 5
- # Try to update certdata
- try=0
- until [ $try -ge 5 ]; do
- greenbone-certdata-sync &>/dev/null && break
- echo "Can't connected! Trying to update greenbone-certdata again.." &>>/tmp/openvas_mail.out
- try=$[$try+1]
- sleep 30
- done
-
- # Check status
- if [ $? -eq 0 ]; then
- echo "greenbone-certdata-sync is done" &>>/tmp/openvas_mail.out
-
- # Check OpenVAS-Scanner is running
- if ps aux | grep -v "grep" | grep -P "(^|\s)\Kopenvassd:(?=\s|$)" &>/dev/null; then
- echo "OpenVAS-Scanner is running." &>>/tmp/openvas_mail.out
- openvasmd --update --progress &>/dev/null
-
- elif [ $scanner -eq 0 ]; then
- # Start OpenVAS-Scanner systemd unit & Rebuild Cache
- echo "OpenVAS-Scanner is down! Trying to up.." &>>/tmp/openvas_mail.out
- systemctl start openvassd.service &>/dev/null
-
- if [ $? -eq 0 ]; then
- # Wait for initialize
- until [ "$(ps aux | grep -v 'grep' | grep -ow 'openvassd: Waiting')" = "openvassd: Waiting" ]; do
- sleep 15
- echo "Waiting for OpenVAS-Scanner to become ready.." &>>/tmp/openvas_mail.out
- done
- echo "openvassd.service started and waiting for connection." &>>/tmp/openvas_mail.out
- # Rebuild Cache
- openvasmd --update --progress &>/dev/null
- else
- echo "openvassd.service cannot started.." | tee -a /tmp/openvas_mail.out
- echo -e "Subject:$MAIL_SUBJECT\n$(cat /tmp/openvas_mail.out)" | sendmail -t "$MAIL_TO" &>/dev/null
- exit 1
- fi
-
- elif [[ -n "$scanner_service" ]]; then
- echo "OpenVAS-Scanner is down! Trying to up.." &>>/tmp/openvas_mail.out
- systemctl start "$scanner_service" &>/dev/null
-
- if [ $? -eq 0 ]; then
- # Wait for initialize
- until [ "$(ps aux | grep -v 'grep' | grep -ow 'openvassd: Waiting')" = "openvassd: Waiting" ]; do
- sleep 15
- echo "Waiting for OpenVAS-Scanner to become ready.." &>>/tmp/openvas_mail.out
- done
- echo "$scanner_service is started and waiting for connection." &>>/tmp/openvas_mail.out
- # Rebuild Cache
- openvasmd --update --progress &>/dev/null
- else
- echo "$scanner_service cannot started.." | tee -a /tmp/openvas_mail.out
- echo -e "Subject:$MAIL_SUBJECT\n$(cat /tmp/openvas_mail.out)" | sendmail -t "$MAIL_TO" &>/dev/null
- exit 1
- fi
-
- elif [[ -n "$scanner_init" ]]; then
- # Start OpenVAS-Scanner with init.d (open-rc) & Rebuild Cache
- echo "OpenVAS-Scanner is down! Trying to up.." &>>/tmp/openvas_mail.out
- rc-service openvassd start &>/dev/null
-
- if [ $? -eq 0 ]; then
- # Wait for initialize
- until [ "$(ps aux | grep -v 'grep' | grep -ow 'openvassd: Waiting')" = "openvassd: Waiting" ]; do
- sleep 15
- echo "Waiting for OpenVAS-Scanner to become ready.." &>>/tmp/openvas_mail.out
- done
- echo "rc-service --> openvassd started and waiting for connection." &>>/tmp/openvas_mail.out
- # Rebuild Cache
- openvasmd --update --progress &>/dev/null
- else
- echo "rc-service --> openvassd cannot started.." | tee -a /tmp/openvas_mail.out
- echo -e "Subject:$MAIL_SUBJECT\n$(cat /tmp/openvas_mail.out)" | sendmail -t "$MAIL_TO" &>/dev/null
- exit 1
- fi
-
- else
- echo "OpenVAS-Scanner is down! Trying to up.." &>>/tmp/openvas_mail.out
- openvassd "$OPENVAS_SCANNER_OPTIONS" "$OPENVAS_SCANNER_LISTEN_SOCKET" &>/dev/null
- # Wait for initialize
- if [ $? -eq 0 ]; then
- until [ "$(ps aux | grep -v 'grep' | grep -ow 'openvassd: Waiting')" = "openvassd: Waiting" ]; do
- sleep 15
- echo "Waiting for OpenVAS-Scanner to become ready.." &>>/tmp/openvas_mail.out
- done
- else
- echo "OpenVAS Scanner cannot started manually.." | tee -a /tmp/openvas_mail.out
- echo -e "Subject:$MAIL_SUBJECT\n$(cat /tmp/openvas_mail.out)" | sendmail -t "$MAIL_TO" &>/dev/null
- exit 1
- fi
- echo "OpenVAS-Scanner started manually and waiting for connection." &>>/tmp/openvas_mail.out
- # Rebuild Cache
- openvasmd --update --progress &>/dev/null
- fi
-
- # Check status
- if [ $? -eq 0 ]; then
- echo "Updating NVT cache is done" &>>/tmp/openvas_mail.out
-
- # Restart OpenVAS-Scanner
- if [ $scanner -eq 0 ]; then
- ps aux | grep -v "grep" | grep -P "(^|\s)\Kopenvassd:(?=\s|$)" | awk '{print $2}' | xargs kill -9 &>/dev/null
- sleep 3
-
- # Try to restart redis service before OpenVAS-Scanner
- if [ $redis -eq 0 ]; then
- systemctl restart redis.service &>/dev/null
-
- if [ $? -eq 0 ]; then
- echo "systemd --> redis.service is restarted." &>>/tmp/openvas_mail.out
- else
- echo "systemd --> redis.service cannot restarted." | tee -a /tmp/openvas_mail.out
- echo -e "Subject:$MAIL_SUBJECT\n$(cat /tmp/openvas_mail.out)" | sendmail -t "$MAIL_TO" &>/dev/null
- exit 1
- fi
-
- elif [[ -n "$redis_service" ]]; then
- systemctl restart "$redis_service" &>/dev/null
-
- if [ $? -eq 0 ]; then
- echo "systemd --> $redis_service is restarted." &>>/tmp/openvas_mail.out
- else
- echo "systemd --> $redis_service cannot restarted." | tee -a /tmp/openvas_mail.out
- echo -e "Subject:$MAIL_SUBJECT\n$(cat /tmp/openvas_mail.out)" | sendmail -t "$MAIL_TO" &>/dev/null
- exit 1
- fi
-
- elif [[ -n "$redis_init" ]]; then
- rc-service redis stop
- sleep 5
- rc-service redis start
-
- if [ $? -eq 0 ]; then
- echo "open-rc --> redis is restarted." &>>/tmp/openvas_mail.out
- else
- echo "open-rc --> redis cannot restarted." | tee -a /tmp/openvas_mail.out
- echo -e "Subject:$MAIL_SUBJECT\n$(cat /tmp/openvas_mail.out)" | sendmail -t "$MAIL_TO" &>/dev/null
- exit 1
- fi
- fi
- systemctl restart openvassd.service &>/dev/null
-
- elif [[ -n "$scanner_service" ]]; then
- ps aux | grep -v "grep" | grep -P "(^|\s)\Kopenvassd:(?=\s|$)" | awk '{print $2}' | xargs kill -9 &>/dev/null
- sleep 3
-
- # Try to restart redis service before OpenVAS-Scanner
- if [ $redis -eq 0 ]; then
- systemctl restart redis.service &>/dev/null
-
- if [ $? -eq 0 ]; then
- echo "systemd --> redis.service is restarted." &>>/tmp/openvas_mail.out
- else
- echo "systemd --> redis.service cannot restarted." | tee -a /tmp/openvas_mail.out
- echo -e "Subject:$MAIL_SUBJECT\n$(cat /tmp/openvas_mail.out)" | sendmail -t "$MAIL_TO" &>/dev/null
- exit 1
- fi
-
- elif [[ -n "$redis_service" ]]; then
- systemctl restart "$redis_service" &>/dev/null
-
- if [ $? -eq 0 ]; then
- echo "systemd --> $redis_service is restarted." &>>/tmp/openvas_mail.out
- else
- echo "systemd --> $redis_service cannot restarted." | tee -a /tmp/openvas_mail.out
- echo -e "Subject:$MAIL_SUBJECT\n$(cat /tmp/openvas_mail.out)" | sendmail -t "$MAIL_TO" &>/dev/null
- exit 1
- fi
-
- elif [[ -n "$redis_init" ]]; then
- rc-service redis stop
- sleep 5
- rc-service redis start
-
- if [ $? -eq 0 ]; then
- echo "open-rc --> redis is restarted." &>>/tmp/openvas_mail.out
- else
- echo "open-rc --> redis cannot restarted." | tee -a /tmp/openvas_mail.out
- echo -e "Subject:$MAIL_SUBJECT\n$(cat /tmp/openvas_mail.out)" | sendmail -t "$MAIL_TO" &>/dev/null
- exit 1
- fi
- fi
- systemctl restart "$scanner_service" &>/dev/null
-
- elif [[ -n "$scanner_init" ]]; then
- ps aux | grep -v "grep" | grep -P "(^|\s)\Kopenvassd:(?=\s|$)" | awk '{print $2}' | xargs kill -9 &>/dev/null
- sleep 3
-
- # Try to restart redis service before OpenVAS-Scanner
- if [ $redis -eq 0 ]; then
- systemctl restart redis.service &>/dev/null
-
- if [ $? -eq 0 ]; then
- echo "systemd --> redis.service is restarted." &>>/tmp/openvas_mail.out
- else
- echo "systemd --> redis.service cannot restarted." | tee -a /tmp/openvas_mail.out
- echo -e "Subject:$MAIL_SUBJECT\n$(cat /tmp/openvas_mail.out)" | sendmail -t "$MAIL_TO" &>/dev/null
- exit 1
- fi
-
- elif [[ -n "$redis_service" ]]; then
- systemctl restart "$redis_service" &>/dev/null
-
- if [ $? -eq 0 ]; then
- echo "systemd --> $redis_service is restarted." &>>/tmp/openvas_mail.out
- else
- echo "systemd --> $redis_service cannot restarted." | tee -a /tmp/openvas_mail.out
- echo -e "Subject:$MAIL_SUBJECT\n$(cat /tmp/openvas_mail.out)" | sendmail -t "$MAIL_TO" &>/dev/null
- exit 1
- fi
-
- elif [[ -n "$redis_init" ]]; then
- rc-service redis stop
- sleep 5
- rc-service redis start
-
- if [ $? -eq 0 ]; then
- echo "open-rc --> redis is restarted." &>>/tmp/openvas_mail.out
- else
- echo "open-rc --> redis cannot restarted." | tee -a /tmp/openvas_mail.out
- echo -e "Subject:$MAIL_SUBJECT\n$(cat /tmp/openvas_mail.out)" | sendmail -t "$MAIL_TO" &>/dev/null
- exit 1
- fi
- fi
- rc-service openvassd start &>/dev/null
-
- else
- ps aux | grep -v "grep" | grep -P "(^|\s)\Kopenvassd:(?=\s|$)" | awk '{print $2}' | xargs kill -9 &>/dev/null
- sleep 3
-
- # Try to restart redis service before OpenVAS-Scanner
- if [ $redis -eq 0 ]; then
- systemctl restart redis.service &>/dev/null
-
- if [ $? -eq 0 ]; then
- echo "systemd --> redis.service is restarted." &>>/tmp/openvas_mail.out
- else
- echo "systemd --> redis.service cannot restarted." | tee -a /tmp/openvas_mail.out
- echo -e "Subject:$MAIL_SUBJECT\n$(cat /tmp/openvas_mail.out)" | sendmail -t "$MAIL_TO" &>/dev/null
- exit 1
- fi
-
- elif [[ -n "$redis_service" ]]; then
- systemctl restart "$redis_service" &>/dev/null
-
- if [ $? -eq 0 ]; then
- echo "systemd --> $redis_service is restarted." &>>/tmp/openvas_mail.out
- else
- echo "systemd --> $redis_service cannot restarted." | tee -a /tmp/openvas_mail.out
- echo -e "Subject:$MAIL_SUBJECT\n$(cat /tmp/openvas_mail.out)" | sendmail -t "$MAIL_TO" &>/dev/null
- exit 1
- fi
-
- elif [[ -n "$redis_init" ]]; then
- rc-service redis stop
- sleep 5
- rc-service redis start
-
- if [ $? -eq 0 ]; then
- echo "open-rc --> redis is restarted." &>>/tmp/openvas_mail.out
- else
- echo "open-rc --> redis cannot restarted." | tee -a /tmp/openvas_mail.out
- echo -e "Subject:$MAIL_SUBJECT\n$(cat /tmp/openvas_mail.out)" | sendmail -t "$MAIL_TO" &>/dev/null
- exit 1
- fi
- fi
- openvassd "$OPENVAS_SCANNER_OPTIONS" "$OPENVAS_SCANNER_LISTEN_SOCKET" &>/dev/null
- fi
-
- if [ $? -eq 0 ]; then
- until [ "$(ps aux | grep -v 'grep' | grep -ow 'openvassd: Waiting')" = "openvassd: Waiting" ]; do
- sleep 10
- echo "Waiting for OpenVAS-Scanner to become ready.." &>>/tmp/openvas_mail.out
- done
- echo "OpenVAS-Scanner is restarted." &>>/tmp/openvas_mail.out
-
- # Restart OpenVAS-Manager
- if [ $manager -eq 0 ]; then
- ps aux | grep -v "grep" | grep -P "(^|\s)\Kopenvasmd(?=\s|$)" | awk '{print $2}' | xargs kill -9 &>/dev/null
- sleep 5
- systemctl restart openvasmd.service &>/dev/null
-
- if [ $? -eq 0 ]; then
- success="0"
- echo "systemd --> openvasmd.service is restarted" &>>/tmp/openvas_mail.out
- echo "OpenVAS CronJob Success!" | tee -a /tmp/openvas_mail.out
- echo -e "Subject:$MAIL_SUBJECT\n$(cat /tmp/openvas_mail.out)" | sendmail -t "$MAIL_TO" &>/dev/null
- else
- echo "systemd --> openvasmd.service cannot restarted" &>>/tmp/openvas_mail.out
- echo "OpenVAS CronJob Failed!" | tee -a /tmp/openvas_mail.out
- echo -e "Subject:$MAIL_SUBJECT\n$(cat /tmp/openvas_mail.out)" | sendmail -t "$MAIL_TO" &>/dev/null
- exit 1
- fi
-
- elif [[ -n "$manager_service" ]]; then
- ps aux | grep -v "grep" | grep -P "(^|\s)\Kopenvasmd(?=\s|$)" | awk '{print $2}' | xargs kill -9 &>/dev/null
- sleep 5
- systemctl restart "$manager_service" &>/dev/null
-
- if [ $? -eq 0 ]; then
- success="0"
- echo "systemd --> $manager_service is restarted" &>>/tmp/openvas_mail.out
- echo "OpenVAS CronJob Success!" | tee -a /tmp/openvas_mail.out
- echo -e "Subject:$MAIL_SUBJECT\n$(cat /tmp/openvas_mail.out)" | sendmail -t "$MAIL_TO" &>/dev/null
- else
- echo "systemd --> $manager_service cannot restarted" &>>/tmp/openvas_mail.out
- echo "OpenVAS CronJob Failed!" | tee -a /tmp/openvas_mail.out
- echo -e "Subject:$MAIL_SUBJECT\n$(cat /tmp/openvas_mail.out)" | sendmail -t "$MAIL_TO" &>/dev/null
- exit 1
- fi
-
- elif [[ -n "$manager_init" ]]; then
- ps aux | grep -v "grep" | grep -P "(^|\s)\Kopenvasmd(?=\s|$)" | awk '{print $2}' | xargs kill -9 &>/dev/null
- sleep 5
- rc-service openvasmd start &>/dev/null
-
- if [ $? -eq 0 ]; then
- success="0"
- echo "open-rc --> openvasmd is restarted" &>>/tmp/openvas_mail.out
- echo "OpenVAS CronJob Success!" | tee -a /tmp/openvas_mail.out
- echo -e "Subject:$MAIL_SUBJECT\n$(cat /tmp/openvas_mail.out)" | sendmail -t "$MAIL_TO" &>/dev/null
- else
- echo "open-rc --> openvasmd cannot restarted" &>>/tmp/openvas_mail.out
- echo "OpenVAS CronJob Failed!" | tee -a /tmp/openvas_mail.out
- echo -e "Subject:$MAIL_SUBJECT\n$(cat /tmp/openvas_mail.out)" | sendmail -t "$MAIL_TO" &>/dev/null
- exit 1
- fi
-
- else
- ps aux | grep -v "grep" | grep -P "(^|\s)\Kopenvasmd(?=\s|$)" | awk '{print $2}' | xargs kill -9 &>/dev/null
- sleep 5
- openvasmd "$OPENVAS_MANAGER_OPTIONS" "$OPENVAS_MANAGER_PORT" "$OPENVAS_MANAGER_LISTEN_ADDRESS" "$OPENVAS_MANAGER_SCANNER_HOST" "$OPENVAS_MANAGER_GNUTLS_PRIORITIES" &>/dev/null
-
- if [ $? -eq 0 ]; then
- success="0"
- echo "OpenVAS-Manager is restarted manually" &>>/tmp/openvas_mail.out
- echo "OpenVAS CronJob Success!" | tee -a /tmp/openvas_mail.out
- echo -e "Subject:$MAIL_SUBJECT\n$(cat /tmp/openvas_mail.out)" | sendmail -t "$MAIL_TO" &>/dev/null
- else
- echo "OpenVAS-Manager cannot restarted" &>>/tmp/openvas_mail.out
- echo "OpenVAS CronJob Failed!" | tee -a /tmp/openvas_mail.out
- echo -e "Subject:$MAIL_SUBJECT\n$(cat /tmp/openvas_mail.out)" | sendmail -t "$MAIL_TO" &>/dev/null
- exit 1
- fi
- fi
- else
- echo "OpenVAS CronJob Failed! openvas-scanner cannot restarted" | tee -a /tmp/openvas_mail.out
- echo -e "Subject:$MAIL_SUBJECT\n$(cat /tmp/openvas_mail.out)" | sendmail -t "$MAIL_TO" &>/dev/null
- fi
- else
- echo "OpenVAS CronJob Failed! OpenVAS NVT cache build failed" | tee -a /tmp/openvas_mail.out
- echo -e "Subject:$MAIL_SUBJECT\n$(cat /tmp/openvas_mail.out)" | sendmail -t "$MAIL_TO" &>/dev/null
- fi
- else
- echo "OpenVAS CronJob Failed! OpenVAS Certdata sync failed!" | tee -a /tmp/openvas_mail.out
- echo -e "Subject:$MAIL_SUBJECT\n$(cat /tmp/openvas_mail.out)" | sendmail -t "$MAIL_TO" &>/dev/null
- fi
- else
- echo "OpenVAS CronJob Failed! OpenVAS Scapdata sync failed!" | tee -a /tmp/openvas_mail.out
- echo -e "Subject:$MAIL_SUBJECT\n$(cat /tmp/openvas_mail.out)" | sendmail -t "$MAIL_TO" &>/dev/null
- fi
- else
- echo "OpenVAS CronJob Failed! OpenVAS NVT sync update failed!" | tee -a /tmp/openvas_mail.out
- echo -e "Subject:$MAIL_SUBJECT\n$(cat /tmp/openvas_mail.out)" | sendmail -t "$MAIL_TO" &>/dev/null
-fi
-rm -rf /tmp/openvas_mail.out
-
-# Restart WebUI
-if [[ -n "$success" ]] && [ $gsad -eq 0 ]; then
- WHICHA="$(type gsad | awk '{print $3}')"
-
- if [ $assistant -eq 0 ]; then
- # Time to restart OpenVAS-Security Assistant
- ps aux | grep -v "grep" | grep -P "(^|\s)\K$WHICHA(?=\s|$)" | awk '{print $2}' | xargs kill -9 &>/dev/null
- sleep 5
- systemctl restart gsad.service &>/dev/null
-
- if [ $? -eq 0 ]; then
- echo "systemd --> gsad.service (OpenVAS WebUI) is restarted" | tee -a /tmp/openvas_mail.out
- echo -e "Subject:$MAIL_SUBJECT\n$(cat /tmp/openvas_mail.out)" | sendmail -t "$MAIL_TO" &>/dev/null
- else
- echo "systemd --> gsad.service (OpenVAS-WebUI) cannot restarted" | tee -a /tmp/openvas_mail.out
- echo -e "Subject:$MAIL_SUBJECT\n$(cat /tmp/openvas_mail.out)" | sendmail -t "$MAIL_TO" &>/dev/null
- fi
-
- elif [[ -n "$assistant_service" ]]; then
- if [ $COUNTA -eq 1 ]; then
- ps aux | grep -v "grep" | grep -P "(^|\s)\K$WHICHA(?=\s|$)" | awk '{print $2}' | xargs kill -9 &>/dev/null
- sleep 5
- systemctl restart "$assistant_service" &>/dev/null
-
- if [ $? -eq 0 ]; then
- echo "systemd --> $assistant_service (OpenVAS WebUI) is restarted" | tee -a /tmp/openvas_mail.out
- echo -e "Subject:$MAIL_SUBJECT\n$(cat /tmp/openvas_mail.out)" | sendmail -t "$MAIL_TO" &>/dev/null
- else
- echo "systemd --> $assistan_service (OpenVAS WebUI) cannot restarted." | tee -a /tmp/openvas_mail.out
- echo -e "Subject:$MAIL_SUBJECT\n$(cat /tmp/openvas_mail.out)" | sendmail -t "$MAIL_TO" &>/dev/null
- fi
- else
- echo "systemd --> OpenVAS WebUI cannot restarted! You have multiple enabled systemd services ($assistant_service)" | tee -a /tmp/openvas_mail.out
- echo -e "Subject:$MAIL_SUBJECT\n$(cat /tmp/openvas_mail.out)" | sendmail -t "$MAIL_TO" &>/dev/null
- exit 1
- fi
-
- elif [[ -n "$assistant_init" ]]; then
- ps aux | grep -v "grep" | grep -P "(^|\s)\K$WHICHA(?=\s|$)" | awk '{print $2}' | xargs kill -9 &>/dev/null
- sleep 5
- rc-service gsad start &>/dev/null
-
- if [ $? -eq 0 ]; then
- echo "open-rc --> gsad (OpenVAS WebUI) is restarted" | tee -a /tmp/openvas_mail.out
- echo -e "Subject:$MAIL_SUBJECT\n$(cat /tmp/openvas_mail.out)" | sendmail -t "$MAIL_TO" &>/dev/null
- else
- echo "open-rc --> gsad (OpenVAS WebUI) cannot restarted." | tee -a /tmp/openvas_mail.out
- echo -e "Subject:$MAIL_SUBJECT\n$(cat /tmp/openvas_mail.out)" | sendmail -t "$MAIL_TO" &>/dev/null
- fi
- else
- ps aux | grep -v "grep" | grep -P "(^|\s)\K$WHICHA(?=\s|$)" | awk '{print $2}' | xargs kill -9 &>/dev/null
- sleep 5
- gsad "$OPENVAS_SECURITY_ASSISTANT_OPTIONS" "$OPENVAS_SECURITY_ASSISTANT_LISTEN_ADDRESS" "$OPENVAS_SECURITY_ASSISTANT_LISTEN_PORT" "$OPENVAS_SECURITY_ASSISTANT_MANAGER_LISTEN_ADDRESS" "$OPENVAS_SECURITY_ASSISTANT_MANAGER_LISTEN_PORT" "$OPENVAS_SECURITY_ASSISTANT_GNUTLS_PRIORITIES" &>/dev/null
-
- if [ $? -eq 0 ]; then
- echo "OpenVAS WebUI is restarted" | tee -a /tmp/openvas_mail.out
- echo -e "Subject:$MAIL_SUBJECT\n$(cat /tmp/openvas_mail.out)" | sendmail -t "$MAIL_TO" &>/dev/null
- else
- echo "OpenVAS WebUI cannot restarted" | tee -a /tmp/openvas_mail.out
- echo -e "Subject:$MAIL_SUBJECT\n$(cat /tmp/openvas_mail.out)" | sendmail -t "$MAIL_TO" &>/dev/null
- fi
- fi
- rm -rf /tmp/openvas_mail.out
-fi
diff --git a/net-analyzer/openvas-scanner/files/openvas-nvt-sync-cron b/net-analyzer/openvas-scanner/files/openvas-nvt-sync-cron
deleted file mode 100644
index e6a83867f3d..00000000000
--- a/net-analyzer/openvas-scanner/files/openvas-nvt-sync-cron
+++ /dev/null
@@ -1,39 +0,0 @@
-#!/bin/sh
-
-if [ -f /etc/openvas/openvassd.conf ]; then
- . /etc/openvas/openvassd.conf
-fi
-
-if [ "$auto_plugin_update" != "yes" ]; then
- exit 0
-fi
-
-opts=""
-case "$update_method" in
- rsync)
- opts = "$opts --rsync"
- ;;
- wget)
- opts = "$opts --wget"
- ;;
- curl)
- opts = "$opts --curl"
- ;;
-esac
-
-# Export openvas-nvt-sync's environment variables if they are defined
-[ \! -z "$NVT_DIR" ] && export NVT_DIR
-[ \! -z "$OV_RSYNC_FEED" ] && export OV_RSYNC_FEED
-[ \! -z "$OV_HTTP_FEED" ] && export OV_HTTP_FEED
-
-/usr/sbin/openvas-nvt-sync $opts >& /dev/null
-
-if [ $? -ne 0 ]; then
- echo "Error updating OpenVAS plugins. Please run openvas-nvt-sync manually."
- exit 1
-fi
-
-if [ "$notify_openvas_scanner" == "yes" ]; then
- /etc/init.d/openvas-scanner reloadplugins
-fi
-
diff --git a/net-analyzer/openvas-scanner/files/openvas-scanner-4.0.3-mkcertclient.patch b/net-analyzer/openvas-scanner/files/openvas-scanner-4.0.3-mkcertclient.patch
deleted file mode 100644
index 05e92728f18..00000000000
--- a/net-analyzer/openvas-scanner/files/openvas-scanner-4.0.3-mkcertclient.patch
+++ /dev/null
@@ -1,29 +0,0 @@
-diff -ru openvas-scanner-4.0.1/CMakeLists.txt openvas-scanner-4.0.1.mkcert/CMakeLists.txt
---- openvas-scanner-4.0.1/CMakeLists.txt 2014-04-23 16:00:47.000000000 +0200
-+++ openvas-scanner-4.0.1.mkcert/CMakeLists.txt 2014-05-26 16:04:23.093548608 +0200
-@@ -258,7 +258,6 @@
- # DESTINATION ${OPENVAS_SYSCONF_DIR})
-
- install (FILES ${CMAKE_BINARY_DIR}/tools/openvas-mkcert
-- ${CMAKE_BINARY_DIR}/tools/openvas-mkcert-client
- ${CMAKE_BINARY_DIR}/tools/openvas-nvt-sync
- DESTINATION ${SBINDIR}
- PERMISSIONS OWNER_EXECUTE OWNER_READ OWNER_WRITE
-@@ -269,7 +268,15 @@
- PERMISSIONS OWNER_EXECUTE OWNER_READ OWNER_WRITE
- GROUP_READ GROUP_EXECUTE WORLD_READ WORLD_EXECUTE)
-
--install (FILES ${CMAKE_BINARY_DIR}/doc/openvassd.8
-+install (FILES ${CMAKE_BINARY_DIR}/tools/openvas-mkcert-client
-+ DESTINATION ${BINDIR}
-+ PERMISSIONS OWNER_EXECUTE OWNER_READ OWNER_WRITE
-+ GROUP_READ GROUP_EXECUTE WORLD_READ WORLD_EXECUTE)
-+
-+install (FILES ${CMAKE_SOURCE_DIR}/doc/openvas-mkcert-client.1
-+ DESTINATION ${DATADIR}/man/man1 )
-+
-+install (FILES ${CMAKE_BINARY_DIR}/doc/openvassd.8
- DESTINATION ${DATADIR}/man/man8 )
-
- install (FILES ${CMAKE_SOURCE_DIR}/doc/openvas-mkcert.8
-Only in openvas-scanner-4.0.1.mkcert/: CMakeLists.txt~
diff --git a/net-analyzer/openvas-scanner/files/openvas-scanner-4.0.3-rulesdir.patch b/net-analyzer/openvas-scanner/files/openvas-scanner-4.0.3-rulesdir.patch
deleted file mode 100644
index 90f998ffd40..00000000000
--- a/net-analyzer/openvas-scanner/files/openvas-scanner-4.0.3-rulesdir.patch
+++ /dev/null
@@ -1,15 +0,0 @@
-diff -ru openvas-scanner-4.0.1/CMakeLists.txt openvas-scanner-4.0.1.rules/CMakeLists.txt
---- openvas-scanner-4.0.1/CMakeLists.txt 2014-04-23 16:00:47.000000000 +0200
-+++ openvas-scanner-4.0.1.rules/CMakeLists.txt 2014-05-26 16:07:37.454116277 +0200
-@@ -171,6 +171,10 @@
- set (OPENVASSD_DEBUGMSG "${OPENVAS_LOG_DIR}/openvassd.dump")
- set (OPENVASSD_CONF "${OPENVAS_SYSCONF_DIR}/openvassd.conf")
-
-+if (NOT OPENVASSD_RULES)
-+ set (OPENVASSD_RULES "${OPENVAS_DATA_DIR}/openvassd.rules")
-+endif (NOT OPENVASSD_RULES)
-+
- set (NVT_TIMEOUT "320")
-
- message ("-- Install prefix: ${CMAKE_INSTALL_PREFIX}")
-
diff --git a/net-analyzer/openvas-scanner/files/openvas-scanner-4.0.3-run.patch b/net-analyzer/openvas-scanner/files/openvas-scanner-4.0.3-run.patch
deleted file mode 100644
index 51dd8389c5f..00000000000
--- a/net-analyzer/openvas-scanner/files/openvas-scanner-4.0.3-run.patch
+++ /dev/null
@@ -1,17 +0,0 @@
- CMakeLists.txt | 2 +-
- tools/greenbone-nvt-sync | 2 +-
- 2 files changed, 2 insertions(+), 2 deletions(-)
-
-diff --git a/CMakeLists.txt b/CMakeLists.txt
-index c691100..d78ffa6 100644
---- a/CMakeLists.txt
-+++ b/CMakeLists.txt
-@@ -155,7 +155,7 @@ set (OPENVAS_DATA_DIR "${DATADIR}/openvas")
- set (OPENVAS_STATE_DIR "${LOCALSTATEDIR}/lib/openvas")
- set (OPENVAS_LOG_DIR "${LOCALSTATEDIR}/log/openvas")
- set (OPENVAS_CACHE_DIR "${LOCALSTATEDIR}/cache/openvas")
--set (OPENVAS_PID_DIR "${LOCALSTATEDIR}/run")
-+set (OPENVAS_PID_DIR "/run")
- set (OPENVAS_SYSCONF_DIR "${SYSCONFDIR}/openvas")
-
- set (OPENVAS_NVT_DIR "${OPENVAS_STATE_DIR}/plugins")
diff --git a/net-analyzer/openvas-scanner/files/openvassd b/net-analyzer/openvas-scanner/files/openvassd
deleted file mode 100644
index 13070e32e1c..00000000000
--- a/net-analyzer/openvas-scanner/files/openvassd
+++ /dev/null
@@ -1,22 +0,0 @@
-#!/sbin/openrc-run
-# Copyright 1999-2011 Gentoo Foundation
-# Distributed under the terms of the GNU General Public License v2
-
-depend() {
- need net
-}
-
-start() {
- ebegin "Starting openvassd (scanner)"
- start-stop-daemon --start --name openvassd \
- --exec /usr/sbin/openvassd \
- --pidfile /var/run/openvassd.pid
- eend $?
-}
-
-stop() {
- ebegin "Stop openvassd (scanner)"
- start-stop-daemon --stop --name openvassd \
- --pidfile /var/run/openvassd.pid
- eend $?
-}
diff --git a/net-analyzer/openvas-scanner/files/openvassd-daemon.conf b/net-analyzer/openvas-scanner/files/openvassd-daemon.conf
deleted file mode 100644
index 628a223a419..00000000000
--- a/net-analyzer/openvas-scanner/files/openvassd-daemon.conf
+++ /dev/null
@@ -1,26 +0,0 @@
-#Listen on given address - by default scanner listens on all addresses
-#SCANNER_LISTEN=--listen=127.0.0.1
-
-#Listen on given port - by default 9391
-SCANNER_PORT=--port=9391
-
-#Send the packets with the source IP of IP1,IP2,IP3....
-#SCANNER_SRCIP=--src-ip=127.0.0.1,192.168.1.2
-
-# Extra Arguments
-# SCANNER_EXTRA_ARGS=""
-
-# Set to yes if plugins should be automatically updated via a cron job
-auto_plugin_update=no
-
-# Notify OpenVAS scanner after update by seding it SIGHUP?
-notify_openvas_scanner=yes
-
-# Method to use to get updates. The default is via rsync
-# Note that only wget and curl support retrieval via proxy
-# update_method=rsync|wget|curl
-
-# Additionaly, you can specify the following variables
-#NVT_DIR where to extract plugins (absolute path)
-#OV_RSYNC_FEED URL of rsync feed
-#OV_HTTP_FEED URL of http feed
diff --git a/net-analyzer/openvas-scanner/files/openvassd.init b/net-analyzer/openvas-scanner/files/openvassd.init
deleted file mode 100644
index c07d3936905..00000000000
--- a/net-analyzer/openvas-scanner/files/openvassd.init
+++ /dev/null
@@ -1,25 +0,0 @@
-#!/sbin/openrc-run
-# Copyright 1999-2014 Gentoo Foundation
-# Distributed under the terms of the GNU General Public License v2
-
-name="OpenVAS Scanner"
-command="/usr/sbin/openvassd"
-command_args="${SCANNER_LISTEN} ${SCANNER_PORT} ${SCANNER_SRCIP} ${SCANNER_EXTRA_ARGS}"
-pidfile="/run/openvassd.pid"
-extra_stopped_commands="create_cache"
-
-depend() {
- after bootmisc
- need localmount net
-}
-
-start_pre() {
- checkpath --directory --mode 0775 --quiet /var/cache/openvas
-}
-
-create_cache() {
- checkpath --directory --mode 0775 --quiet /var/cache/openvas
- ebegin "Generating initial Cache"
- /usr/sbin/openvassd --foreground --only-cache
- eend $?
-}
diff --git a/net-analyzer/openvas-scanner/files/openvassd.logrotate b/net-analyzer/openvas-scanner/files/openvassd.logrotate
deleted file mode 100644
index 9316ba8d962..00000000000
--- a/net-analyzer/openvas-scanner/files/openvassd.logrotate
+++ /dev/null
@@ -1,11 +0,0 @@
-# logrotate for openvas
-/var/log/openvas/openvassd.log {
- rotate 4
- weekly
- compress
- delaycompress
- missingok
- postrotate
- /bin/kill -HUP `pidof openvassd`
- endscript
-}
diff --git a/net-analyzer/openvas-scanner/files/openvassd.service b/net-analyzer/openvas-scanner/files/openvassd.service
deleted file mode 100644
index 553b09b5b2f..00000000000
--- a/net-analyzer/openvas-scanner/files/openvassd.service
+++ /dev/null
@@ -1,16 +0,0 @@
-[Unit]
-Description=OpenVAS Scanner
-After=network.target
-Before=openvasmd.service
-
-[Service]
-EnvironmentFile=-/etc/openvas/openvassd-daemon.conf
-ExecStart=/usr/sbin/openvassd -f ${SCANNER_PORT} ${SCANNER_LISTEN} ${SCANNER_SRCIP} ${SCANNER_EXTRA_ARGS}
-Restart=always
-RestartSec=1
-User=root
-Group=root
-TimeoutSec=1200
-
-[Install]
-WantedBy=multi-user.target
diff --git a/net-analyzer/openvas-scanner/files/openvassd.tmpfiles.d b/net-analyzer/openvas-scanner/files/openvassd.tmpfiles.d
deleted file mode 100644
index 18e820caec1..00000000000
--- a/net-analyzer/openvas-scanner/files/openvassd.tmpfiles.d
+++ /dev/null
@@ -1 +0,0 @@
-d /var/cache/openvassd 0775
diff --git a/net-analyzer/openvas-scanner/openvas-scanner-5.0.4-r1.ebuild b/net-analyzer/openvas-scanner/openvas-scanner-5.0.4-r1.ebuild
deleted file mode 100644
index ac7d2ea314e..00000000000
--- a/net-analyzer/openvas-scanner/openvas-scanner-5.0.4-r1.ebuild
+++ /dev/null
@@ -1,72 +0,0 @@
-# Copyright 1999-2018 Gentoo Authors
-# Distributed under the terms of the GNU General Public License v2
-
-EAPI=7
-
-DL_ID=2129
-MY_PN=openvassd
-inherit cmake-utils systemd
-
-DESCRIPTION="A remote security scanner for Linux (OpenVAS-scanner)"
-HOMEPAGE="http://www.openvas.org/"
-SRC_URI="http://wald.intevation.org/frs/download.php/${DL_ID}/${P/_beta/+beta}.tar.gz"
-
-SLOT="0"
-LICENSE="GPL-2"
-KEYWORDS="~amd64 ~arm ~ppc ~x86"
-IUSE=""
-
-DEPEND="
- app-crypt/gpgme
- >=dev-libs/glib-2.16:2
- dev-libs/libgcrypt:0
- >=net-analyzer/openvas-libraries-8.0.2
-"
-RDEPEND="${DEPEND}
- !net-analyzer/openvas-plugins
- !net-analyzer/openvas-server
-"
-BDEPEND="
- virtual/pkgconfig
-"
-
-S="${WORKDIR}"/${P/_beta/+beta}
-
-PATCHES=(
- "${FILESDIR}"/${PN}-4.0.3-mkcertclient.patch
- "${FILESDIR}"/${PN}-4.0.3-rulesdir.patch
- "${FILESDIR}"/${PN}-4.0.3-run.patch
-)
-
-src_prepare() {
- cmake-utils_src_prepare
- sed \
- -e '/^install.*OPENVAS_CACHE_DIR.*/d' \
- -i CMakeLists.txt || die
-}
-
-src_configure() {
- local mycmakeargs=(
- -DLOCALSTATEDIR="${EPREFIX}/var"
- -DSYSCONFDIR="${EPREFIX}/etc"
- )
- cmake-utils_src_configure
-}
-
-src_install() {
- cmake-utils_src_install
-
- newinitd "${FILESDIR}"/${MY_PN}.init ${MY_PN}
-
- insinto /etc/openvas
- doins "${FILESDIR}"/${MY_PN}.conf "${FILESDIR}"/${MY_PN}-daemon.conf
- dosym ../openvas/${MY_PN}-daemon.conf /etc/conf.d/${MY_PN}
-
- insinto /etc/logrotate.d
- doins "${FILESDIR}"/${MY_PN}.logrotate
-
- dodoc "${FILESDIR}"/openvas-nvt-sync-cron
-
- systemd_newtmpfilesd "${FILESDIR}"/${MY_PN}.tmpfiles.d ${MY_PN}.conf
- systemd_dounit "${FILESDIR}"/${MY_PN}.service
-}
diff --git a/net-analyzer/openvas-scanner/openvas-scanner-5.1.3.ebuild b/net-analyzer/openvas-scanner/openvas-scanner-5.1.3.ebuild
index c0e59479a72..ece8f93f901 100644
--- a/net-analyzer/openvas-scanner/openvas-scanner-5.1.3.ebuild
+++ b/net-analyzer/openvas-scanner/openvas-scanner-5.1.3.ebuild
@@ -80,10 +80,6 @@ src_install() {
insinto /etc/openvas/sysconfig
doins "${FILESDIR}"/${MY_PN}-daemon.conf
- insinto /etc/openvas/scripts
- doins "${FILESDIR}"/openvas-feed-sync "${FILESDIR}"/first-start
- fperms 0755 /etc/openvas/scripts/{openvas-feed-sync,first-start}
-
newinitd "${FILESDIR}/${MY_PN}.init" ${MY_PN}
newconfd "${FILESDIR}/${MY_PN}-daemon.conf" ${MY_PN}
^ permalink raw reply related [flat|nested] 8+ messages in thread
* [gentoo-commits] repo/gentoo:master commit in: net-analyzer/openvas-scanner/files/, net-analyzer/openvas-scanner/
@ 2020-03-25 13:46 Joonas Niilola
0 siblings, 0 replies; 8+ messages in thread
From: Joonas Niilola @ 2020-03-25 13:46 UTC (permalink / raw
To: gentoo-commits
commit: 645e4851a86e04a0dc4f5db8303e30b391bbde2f
Author: Jonas Licht <jonas.licht <AT> fem <DOT> tu-ilmenau <DOT> de>
AuthorDate: Tue Mar 10 20:28:08 2020 +0000
Commit: Joonas Niilola <juippis <AT> gentoo <DOT> org>
CommitDate: Wed Mar 25 13:45:25 2020 +0000
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=645e4851
net-analyzer/openvas-scanner: Version Bump to 7.0.0
Bug: https://bugs.gentoo.org/708194
Package-Manager: Portage-2.3.89, Repoman-2.3.20
Signed-off-by: Jonas Licht <jonas.licht <AT> fem.tu-ilmenau.de>
Signed-off-by: Joonas Niilola <juippis <AT> gentoo.org>
net-analyzer/openvas-scanner/Manifest | 1 +
net-analyzer/openvas-scanner/files/openvas.conf | 1 +
net-analyzer/openvas-scanner/metadata.xml | 9 +-
.../openvas-scanner/openvas-scanner-7.0.0.ebuild | 116 +++++++++++++++++++++
4 files changed, 126 insertions(+), 1 deletion(-)
diff --git a/net-analyzer/openvas-scanner/Manifest b/net-analyzer/openvas-scanner/Manifest
index e9387af7ba6..d7b9bcd11fa 100644
--- a/net-analyzer/openvas-scanner/Manifest
+++ b/net-analyzer/openvas-scanner/Manifest
@@ -1 +1,2 @@
DIST openvas-scanner-6.0.1.tar.gz 522100 BLAKE2B af82b41736329bd90ba1ea73a0ace36d4115375f81a7aaff5d3bd50f21cfa3195cdf4012aa952da52c4103a31475de5c5790ef3e2e36180aa06737371fa0e5a0 SHA512 db4087fffe1d50e232fa1e51325cf7f142237e2bd3cc5dcaa1e7058a4871300f352f2c0e700eae72ea9412c347b072e9d1f2eca508b27cb30f36c6895ec95147
+DIST openvas-scanner-7.0.0.tar.gz 428304 BLAKE2B fa0a21127edd2223dbbf533b6c188729a1b6de4977e5667fbc1a45b2c426045cdc73eb58d05df24b8b39d0e47fb445fa704bd1b827bb5ea6403fdb83c6b01fd9 SHA512 ce3e78ce5e1575c5c37b6c2aa77ec8955754029832bafb3fcedd75b48dff309906a97bac052d206f6e93e9e72b8461a131558e849f70b3afce6280a7b06924d1
diff --git a/net-analyzer/openvas-scanner/files/openvas.conf b/net-analyzer/openvas-scanner/files/openvas.conf
new file mode 100644
index 00000000000..487e643834b
--- /dev/null
+++ b/net-analyzer/openvas-scanner/files/openvas.conf
@@ -0,0 +1 @@
+db_address = /tmp/redis.sock
diff --git a/net-analyzer/openvas-scanner/metadata.xml b/net-analyzer/openvas-scanner/metadata.xml
index b3cbf9d7d2e..932077da95e 100644
--- a/net-analyzer/openvas-scanner/metadata.xml
+++ b/net-analyzer/openvas-scanner/metadata.xml
@@ -1,7 +1,14 @@
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE pkgmetadata SYSTEM "http://www.gentoo.org/dtd/metadata.dtd">
<pkgmetadata>
- <!-- maintainer-needed -->
+ <maintainer type="person">
+ <email>jonas.licht@gmail.com</email>
+ <name>Jonas Licht</name>
+ </maintainer>
+ <maintainer type="project">
+ <email>proxy-maint@gentoo.org</email>
+ <name>Proxy Maintainers</name>
+ </maintainer>
<use>
<flag name="cron">Install a cron job to update GVM's feed daily.</flag>
<flag name="extras">Html docs support</flag>
diff --git a/net-analyzer/openvas-scanner/openvas-scanner-7.0.0.ebuild b/net-analyzer/openvas-scanner/openvas-scanner-7.0.0.ebuild
new file mode 100644
index 00000000000..eeee5c6277a
--- /dev/null
+++ b/net-analyzer/openvas-scanner/openvas-scanner-7.0.0.ebuild
@@ -0,0 +1,116 @@
+# Copyright 1999-2020 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=7
+
+CMAKE_MAKEFILE_GENERATOR="emake"
+inherit cmake flag-o-matic toolchain-funcs
+
+MY_PN="openvas"
+MY_DN="openvassd"
+
+DESCRIPTION="Open Vulnerability Assessment Scanner"
+HOMEPAGE="https://www.greenbone.net/en/"
+SRC_URI="https://github.com/greenbone/openvas-scanner/archive/v${PV}.tar.gz -> ${P}.tar.gz"
+
+SLOT="0"
+LICENSE="GPL-2 GPL-2+"
+KEYWORDS="~amd64 ~x86"
+IUSE="cron extras"
+
+DEPEND="
+ acct-user/gvm
+ app-crypt/gpgme:=
+ dev-db/redis
+ dev-libs/glib
+ dev-libs/libgcrypt:=
+ dev-libs/libksba
+ >=net-analyzer/gvm-libs-11.0.0
+ net-analyzer/net-snmp
+ net-libs/gnutls:=
+ net-libs/libpcap
+ net-libs/libssh:="
+
+RDEPEND="
+ ${DEPEND}"
+
+BDEPEND="
+ sys-devel/bison
+ sys-devel/flex
+ virtual/pkgconfig
+ extras? (
+ app-doc/doxygen[dot]
+ app-doc/xmltoman
+ app-text/htmldoc
+ dev-perl/CGI
+ dev-perl/SQL-Translator
+ )"
+
+BUILD_DIR="${WORKDIR}/${MY_PN}-${PV}_build"
+S="${WORKDIR}/${MY_PN}-${PV}"
+
+src_prepare() {
+ cmake_src_prepare
+ # QA-Fix | Correct FHS/Gentoo policy paths for 7.0.0
+ sed -i -e "s*/doc/openvas-scanner/*/doc/openvas-scanner-${PV}/*g" "$S"/src/CMakeLists.txt || die
+ # QA-Fix | Remove !CLANG doxygen warnings for 7.0.0
+ if use extras; then
+ if ! tc-is-clang; then
+ local f
+ for f in doc/*.in
+ do
+ sed -i \
+ -e "s*CLANG_ASSISTED_PARSING = NO*#CLANG_ASSISTED_PARSING = NO*g" \
+ -e "s*CLANG_OPTIONS*#CLANG_OPTIONS*g" \
+ "${f}" || die "couldn't disable CLANG parsing"
+ done
+ fi
+ fi
+}
+
+src_configure() {
+ local mycmakeargs=(
+ "-DLOCALSTATEDIR=${EPREFIX}/var"
+ "-DSYSCONFDIR=${EPREFIX}/etc"
+ "-DSBINDIR=${EPREFIX}/usr/bin"
+ )
+ cmake_src_configure
+}
+
+src_compile() {
+ cmake_src_compile
+ if use extras; then
+ cmake_build -C "${BUILD_DIR}" doc
+ cmake_build doc-full -C "${BUILD_DIR}" doc
+ fi
+ cmake_build rebuild_cache
+}
+
+src_install() {
+ if use extras; then
+ local HTML_DOCS=( "${BUILD_DIR}"/doc/generated/html/. )
+ fi
+ cmake_src_install
+
+ if use cron; then
+ # Install the cron job if they want it.
+ exeinto /etc/gvm
+ doexe "${FILESDIR}/gvm-feed-sync.sh"
+ fowners gvm:gvm /etc/gvm/gvm-feed-sync.sh
+
+ insinto /etc/cron.d
+ newins "${FILESDIR}"/gvm-feed-sync.cron gvm
+ fi
+
+ insinto /etc/logrotate.d
+ newins "${FILESDIR}/${MY_DN}.logrotate" "${MY_DN}"
+
+ # Set proper permissions on required files/directories
+ keepdir /var/log/gvm
+ fowners gvm:gvm /var/log/gvm
+ keepdir /var/lib/openvas/{gnupg,plugins}
+ fowners -R gvm:gvm /var/lib/openvas
+
+ insinto /etc/openvas
+ doins "${FILESDIR}/openvas.conf"
+}
^ permalink raw reply related [flat|nested] 8+ messages in thread
* [gentoo-commits] repo/gentoo:master commit in: net-analyzer/openvas-scanner/files/, net-analyzer/openvas-scanner/
@ 2022-12-24 14:49 Andreas Sturmlechner
0 siblings, 0 replies; 8+ messages in thread
From: Andreas Sturmlechner @ 2022-12-24 14:49 UTC (permalink / raw
To: gentoo-commits
commit: 1b660bc1fa2a8bc217edbdddd787d0a7716b8f91
Author: Andreas Sturmlechner <asturm <AT> gentoo <DOT> org>
AuthorDate: Tue Dec 20 19:35:56 2022 +0000
Commit: Andreas Sturmlechner <asturm <AT> gentoo <DOT> org>
CommitDate: Sat Dec 24 14:48:03 2022 +0000
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=1b660bc1
net-analyzer/openvas-scanner: drop 6.0.1, 7.0.1, 20.8.1
Signed-off-by: Andreas Sturmlechner <asturm <AT> gentoo.org>
net-analyzer/openvas-scanner/Manifest | 3 -
.../files/openvas-scanner-6.0.1-sbin.patch | 21 ----
net-analyzer/openvas-scanner/metadata.xml | 2 -
.../openvas-scanner/openvas-scanner-20.8.1.ebuild | 132 --------------------
.../openvas-scanner/openvas-scanner-6.0.1.ebuild | 135 ---------------------
.../openvas-scanner/openvas-scanner-7.0.1.ebuild | 127 -------------------
6 files changed, 420 deletions(-)
diff --git a/net-analyzer/openvas-scanner/Manifest b/net-analyzer/openvas-scanner/Manifest
index 7dac2d80b696..f305491728b5 100644
--- a/net-analyzer/openvas-scanner/Manifest
+++ b/net-analyzer/openvas-scanner/Manifest
@@ -1,4 +1 @@
-DIST openvas-scanner-20.8.1.tar.gz 431985 BLAKE2B 60b328dc261bf48f37aa2727f4b63904c898467f989abef8f05e29329a24d0d98c13690005c5c7a8c93f899db709771ea60832927f169f6779707a1fac602368 SHA512 6114f37a91a3dd42c3693f10548a7727fb88fbe535ce511b164a440d5ace1c736d4c8a45db9a7e83b9abbd376c4d6b13afd3d23a995a5d089329a2bb8bd71cec
DIST openvas-scanner-21.4.4.tar.gz 460601 BLAKE2B 66d627e76912735539399aed637fdc07a7d13c9e4eb142498dcf181b8ea952dd93107bcc1f2ef577126178ff3dad1e5f6e50d67840692cd49f7352e3a726ce8f SHA512 f2fe1f802b14fc41ee0d7657d031d318b651c3ec9ef554b33379a7459d40c17b44525c8f666ccb9670868576c101766936dd0c700778e46683bf43f0683834b6
-DIST openvas-scanner-6.0.1.tar.gz 522100 BLAKE2B af82b41736329bd90ba1ea73a0ace36d4115375f81a7aaff5d3bd50f21cfa3195cdf4012aa952da52c4103a31475de5c5790ef3e2e36180aa06737371fa0e5a0 SHA512 db4087fffe1d50e232fa1e51325cf7f142237e2bd3cc5dcaa1e7058a4871300f352f2c0e700eae72ea9412c347b072e9d1f2eca508b27cb30f36c6895ec95147
-DIST openvas-scanner-7.0.1.tar.gz 429012 BLAKE2B 13fd0fef2ce88f6789da9f00e8f35329e915ebc74a29b3bd52af93c6b70292d055fa1159aec4041d79a785971a583eb514e8700d1d38a76775446e40af9b2fac SHA512 201ea02b25bf247320437ae5c82bdc95db981cc6bd99fdece9403573434db122cdc8db7b82a08cba34b6d67d5794b2364f798847c79b421495666adc95a02571
diff --git a/net-analyzer/openvas-scanner/files/openvas-scanner-6.0.1-sbin.patch b/net-analyzer/openvas-scanner/files/openvas-scanner-6.0.1-sbin.patch
deleted file mode 100644
index d5b8a2a6b62f..000000000000
--- a/net-analyzer/openvas-scanner/files/openvas-scanner-6.0.1-sbin.patch
+++ /dev/null
@@ -1,21 +0,0 @@
---- a/src/CMakeLists.txt 2019-07-21 23:16:18.608251465 +0300
-+++ b/src/CMakeLists.txt 2019-07-21 23:17:08.434210058 +0300
-@@ -175,7 +175,7 @@
- ## Install
-
- install (TARGETS openvassd
-- RUNTIME DESTINATION ${SBINDIR}
-+ RUNTIME DESTINATION ${BINDIR}
- PERMISSIONS OWNER_EXECUTE OWNER_READ OWNER_WRITE
- GROUP_READ GROUP_EXECUTE WORLD_READ WORLD_EXECUTE)
-
-@@ -183,7 +183,7 @@
- DESTINATION ${OPENVAS_SYSCONF_DIR})
-
- install (FILES ${CMAKE_BINARY_DIR}/tools/greenbone-nvt-sync
-- DESTINATION ${SBINDIR}
-+ DESTINATION ${BINDIR}
- PERMISSIONS OWNER_EXECUTE OWNER_READ OWNER_WRITE
- GROUP_READ GROUP_EXECUTE WORLD_READ WORLD_EXECUTE)
-
-
diff --git a/net-analyzer/openvas-scanner/metadata.xml b/net-analyzer/openvas-scanner/metadata.xml
index d89ae96ec8ec..20db261053a1 100644
--- a/net-analyzer/openvas-scanner/metadata.xml
+++ b/net-analyzer/openvas-scanner/metadata.xml
@@ -10,8 +10,6 @@
<name>Proxy Maintainers</name>
</maintainer>
<use>
- <flag name="cron">Install a cron job to update GVM's feed daily.</flag>
- <flag name="extras">Html docs support</flag>
<flag name="snmp">Build againts <pkg>net-analyzer/net-snmp</pkg> for "improved SNMP support"</flag>
</use>
<longdescription lang="en">
diff --git a/net-analyzer/openvas-scanner/openvas-scanner-20.8.1.ebuild b/net-analyzer/openvas-scanner/openvas-scanner-20.8.1.ebuild
deleted file mode 100644
index 9dbdf06bee94..000000000000
--- a/net-analyzer/openvas-scanner/openvas-scanner-20.8.1.ebuild
+++ /dev/null
@@ -1,132 +0,0 @@
-# Copyright 1999-2021 Gentoo Authors
-# Distributed under the terms of the GNU General Public License v2
-
-EAPI=7
-
-CMAKE_MAKEFILE_GENERATOR="emake"
-inherit cmake toolchain-funcs
-
-MY_PN="openvas"
-MY_DN="openvassd"
-
-DESCRIPTION="Open Vulnerability Assessment Scanner"
-HOMEPAGE="https://www.greenbone.net/en/ https://github.com/greenbone/openvas-scanner/"
-SRC_URI="https://github.com/greenbone/openvas-scanner/archive/v${PV}.tar.gz -> ${P}.tar.gz"
-
-SLOT="0"
-LICENSE="GPL-2 GPL-2+"
-KEYWORDS="~amd64 ~x86"
-IUSE="cron extras snmp test"
-RESTRICT="!test? ( test )"
-
-DEPEND="
- acct-group/gvm
- acct-user/gvm
- app-crypt/gpgme:=
- dev-db/redis
- dev-libs/glib
- dev-libs/libgcrypt:=
- dev-libs/libksba
- >=net-analyzer/gvm-libs-20.8.0
- snmp? ( net-analyzer/net-snmp:= )
- net-libs/gnutls:=
- net-libs/libpcap
- net-libs/libssh:="
-
-RDEPEND="
- ${DEPEND}"
-
-BDEPEND="
- sys-devel/bison
- sys-devel/flex
- virtual/pkgconfig
- extras? (
- app-doc/doxygen[dot]
- app-doc/xmltoman
- app-text/htmldoc
- dev-perl/CGI
- dev-perl/SQL-Translator
- )
- test? ( dev-libs/cgreen )"
-
-PATCHES=(
- "${FILESDIR}"/${PN}-7.0.1-disable-automagic-dep.patch
- "${FILESDIR}"/${PN}-7.0.1-fix-linking-with-lld.patch
- #qa fix for rpath
- "${FILESDIR}"/${P}-rpath-qa-fix.patch
-)
-
-src_prepare() {
- cmake_src_prepare
- # QA-Fix | Correct FHS/Gentoo policy paths for 7.0.0
- sed -i -e "s*/doc/openvas-scanner/*/doc/openvas-scanner-${PV}/*g" "${S}"/src/CMakeLists.txt || die
- # QA-Fix | Remove !CLANG doxygen warnings for 7.0.0
- if use extras; then
- if ! tc-is-clang; then
- local f
- for f in doc/*.in
- do
- sed -i \
- -e "s*CLANG_ASSISTED_PARSING = NO*#CLANG_ASSISTED_PARSING = NO*g" \
- -e "s*CLANG_OPTIONS*#CLANG_OPTIONS*g" \
- "${f}" || die "couldn't disable CLANG parsing"
- done
- fi
- fi
-
- #Remove tests that doesn't work in the network sandbox
- if use test; then
- sed -i 's/add_test (pcap-test pcap-test)/ /g' misc/CMakeLists.txt || die
- fi
-}
-
-src_configure() {
- local mycmakeargs=(
- "-DLOCALSTATEDIR=${EPREFIX}/var"
- "-DSYSCONFDIR=${EPREFIX}/etc"
- "-DSBINDIR=${EPREFIX}/usr/bin"
- "-DBUILD_WITH_SNMP=$(usex snmp)"
- )
- cmake_src_configure
-}
-
-src_compile() {
- cmake_src_compile
- if use extras; then
- cmake_build -C "${BUILD_DIR}" doc
- cmake_build doc-full -C "${BUILD_DIR}" doc
- fi
- cmake_build rebuild_cache
- if use test; then
- cmake_build tests
- fi
-}
-
-src_install() {
- if use extras; then
- local HTML_DOCS=( "${BUILD_DIR}"/doc/generated/html/. )
- fi
- cmake_src_install
-
- if use cron; then
- # Install the cron job if they want it.
- exeinto /etc/gvm
- newexe "${FILESDIR}/gvm-feed-sync-${PV}.sh" gvm-feed-sync.sh
- fowners gvm:gvm /etc/gvm/gvm-feed-sync.sh
-
- insinto /etc/cron.d
- newins "${FILESDIR}"/gvm-feed-sync.cron gvm
- fi
-
- insinto /etc/logrotate.d
- newins "${FILESDIR}/${MY_DN}.logrotate" "${MY_DN}"
-
- # Set proper permissions on required files/directories
- keepdir /var/log/gvm
- fowners gvm:gvm /var/log/gvm
- keepdir /var/lib/openvas/{gnupg,plugins}
- fowners -R gvm:gvm /var/lib/openvas
-
- insinto /etc/openvas
- doins "${FILESDIR}/openvas.conf"
-}
diff --git a/net-analyzer/openvas-scanner/openvas-scanner-6.0.1.ebuild b/net-analyzer/openvas-scanner/openvas-scanner-6.0.1.ebuild
deleted file mode 100644
index cabd334cd52f..000000000000
--- a/net-analyzer/openvas-scanner/openvas-scanner-6.0.1.ebuild
+++ /dev/null
@@ -1,135 +0,0 @@
-# Copyright 1999-2021 Gentoo Authors
-# Distributed under the terms of the GNU General Public License v2
-
-EAPI=7
-
-CMAKE_MAKEFILE_GENERATOR="emake"
-inherit cmake flag-o-matic systemd toolchain-funcs
-
-MY_PN="openvas"
-MY_DN="openvassd"
-
-DESCRIPTION="Open Vulnerability Assessment Scanner"
-HOMEPAGE="https://www.greenbone.net/en/"
-SRC_URI="https://github.com/greenbone/openvas-scanner/archive/v${PV}.tar.gz -> ${P}.tar.gz"
-
-SLOT="0"
-LICENSE="GPL-2 GPL-2+"
-KEYWORDS="~amd64 ~x86"
-IUSE="cron extras"
-
-DEPEND="
- app-crypt/gpgme:=
- dev-db/redis
- dev-libs/libgcrypt:=
- dev-libs/libksba
- >=net-analyzer/gvm-libs-10.0.1
- net-analyzer/net-snmp
- net-libs/gnutls:=
- net-libs/libpcap
- net-libs/libssh:=
-"
-
-RDEPEND="
- ${DEPEND}"
-
-BDEPEND="
- sys-devel/bison
- sys-devel/flex
- virtual/pkgconfig
- extras? ( app-doc/doxygen[dot]
- app-doc/xmltoman
- app-text/htmldoc
- dev-perl/CGI
- dev-perl/SQL-Translator
- )"
-
-BUILD_DIR="${WORKDIR}/${MY_PN}-${PV}_build"
-S="${WORKDIR}/${MY_PN}-${PV}"
-
-PATCHES=(
- # Install exec. to /usr/bin instead of /usr/sbin
- "${FILESDIR}/${P}-sbin.patch"
-)
-
-src_prepare() {
- cmake_src_prepare
- # QA-Fix | Correct FHS/Gentoo policy paths for 6.0.1
- sed -i -e "s*/doc/openvas-scanner/*/doc/openvas-scanner-${PV}/*g" "${S}"/src/CMakeLists.txt || die
- # QA-Fix | Remove !CLANG doxygen warnings for 6.0.1
- if use extras; then
- if ! tc-is-clang; then
- local f
- for f in doc/*.in
- do
- sed -i \
- -e "s*CLANG_ASSISTED_PARSING = NO*#CLANG_ASSISTED_PARSING = NO*g" \
- -e "s*CLANG_OPTIONS*#CLANG_OPTIONS*g" \
- "${f}" || die "couldn't disable CLANG parsing"
- done
- fi
- fi
-}
-
-src_configure() {
- local mycmakeargs=(
- "-DLOCALSTATEDIR=${EPREFIX}/var"
- "-DSYSCONFDIR=${EPREFIX}/etc"
- )
- # Add release hardening flags for 6.0.1
- append-cflags -Wno-format-truncation -Wformat -Wformat-security -D_FORTIFY_SOURCE=2 -fstack-protector
- append-ldflags -Wl,-z,relro -Wl,-z,now
- cmake_src_configure
-}
-
-src_compile() {
- cmake_src_compile
- if use extras; then
- cmake_build -C "${BUILD_DIR}" doc
- cmake_build doc-full -C "${BUILD_DIR}" doc
- HTML_DOCS=( "${BUILD_DIR}"/doc/generated/html/. )
- fi
- cmake_build rebuild_cache
-}
-
-src_install() {
- cmake_src_install
-
- dodir /etc/openvas
- insinto /etc/openvas
- newins "${FILESDIR}/${MY_DN}.gvm.conf" openvassd.conf
-
- insinto /etc/openvas
- doins "${FILESDIR}"/redis.conf.example
-
- dodir /etc/openvas/sysconfig
- insinto /etc/openvas/sysconfig
- doins "${FILESDIR}/${MY_DN}-daemon.conf"
-
- if use cron; then
- # Install the cron job if they want it.
- exeinto /etc/gvm
- doexe "${FILESDIR}/gvm-feed-sync.sh"
- fowners gvm:gvm /etc/gvm/gvm-feed-sync.sh
-
- insinto /etc/cron.d
- newins "${FILESDIR}"/gvm-feed-sync.cron gvm
- fi
-
- fowners -R gvm:gvm /etc/openvas
-
- newinitd "${FILESDIR}/${MY_DN}.init" "${MY_DN}"
- newconfd "${FILESDIR}/${MY_DN}-daemon.conf" "${MY_DN}"
-
- dodir /etc/logrotate.d
- insinto /etc/logrotate.d
- newins "${FILESDIR}/${MY_DN}.logrotate" "${MY_DN}"
-
- systemd_dounit "${FILESDIR}/${MY_DN}.service"
-
- # Set proper permissions on required files/directories
- keepdir /var/log/gvm
- fowners gvm:gvm /var/log/gvm
- keepdir /var/lib/openvas/{gnupg,plugins}
- fowners -R gvm:gvm /var/lib/openvas
-}
diff --git a/net-analyzer/openvas-scanner/openvas-scanner-7.0.1.ebuild b/net-analyzer/openvas-scanner/openvas-scanner-7.0.1.ebuild
deleted file mode 100644
index 6aae6a5c5fe1..000000000000
--- a/net-analyzer/openvas-scanner/openvas-scanner-7.0.1.ebuild
+++ /dev/null
@@ -1,127 +0,0 @@
-# Copyright 1999-2021 Gentoo Authors
-# Distributed under the terms of the GNU General Public License v2
-
-EAPI=7
-
-CMAKE_MAKEFILE_GENERATOR="emake"
-inherit cmake toolchain-funcs
-
-MY_PN="openvas"
-MY_DN="openvassd"
-
-DESCRIPTION="Open Vulnerability Assessment Scanner"
-HOMEPAGE="https://www.greenbone.net/en/"
-SRC_URI="https://github.com/greenbone/openvas-scanner/archive/v${PV}.tar.gz -> ${P}.tar.gz"
-
-SLOT="0"
-LICENSE="GPL-2 GPL-2+"
-KEYWORDS="~amd64 ~x86"
-IUSE="cron extras snmp test"
-RESTRICT="!test? ( test )"
-
-DEPEND="
- acct-user/gvm
- app-crypt/gpgme:=
- dev-db/redis
- dev-libs/glib
- dev-libs/libgcrypt:=
- dev-libs/libksba
- >=net-analyzer/gvm-libs-11.0.1
- snmp? ( net-analyzer/net-snmp:= )
- net-libs/gnutls:=
- net-libs/libpcap
- net-libs/libssh:="
-
-RDEPEND="
- ${DEPEND}"
-
-BDEPEND="
- sys-devel/bison
- sys-devel/flex
- virtual/pkgconfig
- extras? (
- app-doc/doxygen[dot]
- app-doc/xmltoman
- app-text/htmldoc
- dev-perl/CGI
- dev-perl/SQL-Translator
- )
- test? ( dev-libs/cgreen )"
-
-PATCHES=(
- "${FILESDIR}"/${P}-disable-automagic-dep.patch
- "${FILESDIR}"/${P}-fix-linking-with-lld.patch
-)
-
-BUILD_DIR="${WORKDIR}/${MY_PN}-${PV}_build"
-S="${WORKDIR}/${MY_PN}-${PV}"
-
-src_prepare() {
- cmake_src_prepare
- # QA-Fix | Correct FHS/Gentoo policy paths for 7.0.0
- sed -i -e "s*/doc/openvas-scanner/*/doc/openvas-scanner-${PV}/*g" "${S}"/src/CMakeLists.txt || die
- # QA-Fix | Remove !CLANG doxygen warnings for 7.0.0
- if use extras; then
- if ! tc-is-clang; then
- local f
- for f in doc/*.in
- do
- sed -i \
- -e "s*CLANG_ASSISTED_PARSING = NO*#CLANG_ASSISTED_PARSING = NO*g" \
- -e "s*CLANG_OPTIONS*#CLANG_OPTIONS*g" \
- "${f}" || die "couldn't disable CLANG parsing"
- done
- fi
- fi
-}
-
-src_configure() {
- local mycmakeargs=(
- "-DLOCALSTATEDIR=${EPREFIX}/var"
- "-DSYSCONFDIR=${EPREFIX}/etc"
- "-DSBINDIR=${EPREFIX}/usr/bin"
- "-DBUILD_WITH_SNMP=$(usex snmp)"
- )
- cmake_src_configure
-}
-
-src_compile() {
- cmake_src_compile
- if use extras; then
- cmake_build -C "${BUILD_DIR}" doc
- cmake_build doc-full -C "${BUILD_DIR}" doc
- fi
- cmake_build rebuild_cache
- if use test; then
- cmake_build tests
- fi
-}
-
-src_install() {
- if use extras; then
- local HTML_DOCS=( "${BUILD_DIR}"/doc/generated/html/. )
- fi
- cmake_src_install
-
- if use cron; then
- # Install the cron job if they want it.
- exeinto /etc/gvm
- doexe "${FILESDIR}/gvm-feed-sync.sh"
- fowners gvm:gvm /etc/gvm/gvm-feed-sync.sh
-
- insinto /etc/cron.d
- newins "${FILESDIR}"/gvm-feed-sync.cron gvm
- fi
-
- insinto /etc/logrotate.d
- newins "${FILESDIR}/${MY_DN}.logrotate" "${MY_DN}"
-
- # Set proper permissions on required files/directories
- keepdir /var/log/gvm
- fowners gvm:gvm /var/log/gvm
- keepdir /var/lib/openvas/{gnupg,plugins}
- fowners -R gvm:gvm /var/lib/openvas
-
- insinto /etc/openvas
- doins "${FILESDIR}/openvas.conf"
-}
^ permalink raw reply related [flat|nested] 8+ messages in thread
* [gentoo-commits] repo/gentoo:master commit in: net-analyzer/openvas-scanner/files/, net-analyzer/openvas-scanner/
@ 2023-07-31 12:57 Florian Schmaus
0 siblings, 0 replies; 8+ messages in thread
From: Florian Schmaus @ 2023-07-31 12:57 UTC (permalink / raw
To: gentoo-commits
commit: dace69ea187784545286de6c07970920a4a8ca49
Author: Giuseppe Foti <foti.giuseppe <AT> gmail <DOT> com>
AuthorDate: Sun Jul 30 10:00:39 2023 +0000
Commit: Florian Schmaus <flow <AT> gentoo <DOT> org>
CommitDate: Mon Jul 31 12:57:31 2023 +0000
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=dace69ea
net-analyzer/openvas-scanner: fix logrotate issue
Signed-off-by: Giuseppe Foti <foti.giuseppe <AT> gmail.com>
Closes: https://github.com/gentoo/gentoo/pull/32083
Signed-off-by: Florian Schmaus <flow <AT> gentoo.org>
net-analyzer/openvas-scanner/files/openvas.logrotate | 13 +++++++++++++
.../openvas-scanner/openvas-scanner-22.7.3-r1.ebuild | 3 +--
2 files changed, 14 insertions(+), 2 deletions(-)
diff --git a/net-analyzer/openvas-scanner/files/openvas.logrotate b/net-analyzer/openvas-scanner/files/openvas.logrotate
new file mode 100644
index 000000000000..7d116f6fbbc0
--- /dev/null
+++ b/net-analyzer/openvas-scanner/files/openvas.logrotate
@@ -0,0 +1,13 @@
+# Copyright 1999-2023 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+# Daemon ignore HUP so we use 'copytruncate' instead of 'create'
+# with safe file size to prevent losing log entries.
+
+/var/log/gvm/openvas.log {
+ compress
+ missingok
+ notifempty
+ sharedscripts
+ copytruncate
+ maxsize 10M
+}
diff --git a/net-analyzer/openvas-scanner/openvas-scanner-22.7.3-r1.ebuild b/net-analyzer/openvas-scanner/openvas-scanner-22.7.3-r1.ebuild
index 7bff1bd30260..096f3452f3ff 100644
--- a/net-analyzer/openvas-scanner/openvas-scanner-22.7.3-r1.ebuild
+++ b/net-analyzer/openvas-scanner/openvas-scanner-22.7.3-r1.ebuild
@@ -5,8 +5,7 @@ EAPI=8
inherit cmake systemd tmpfiles toolchain-funcs readme.gentoo-r1 optfeature
-MY_PN="openvas"
-MY_DN="openvassd"
+MY_DN="openvas"
DESCRIPTION="Open Vulnerability Assessment Scanner"
HOMEPAGE="https://www.greenbone.net https://github.com/greenbone/openvas-scanner/"
^ permalink raw reply related [flat|nested] 8+ messages in thread
* [gentoo-commits] repo/gentoo:master commit in: net-analyzer/openvas-scanner/files/, net-analyzer/openvas-scanner/
@ 2023-10-09 10:54 Florian Schmaus
0 siblings, 0 replies; 8+ messages in thread
From: Florian Schmaus @ 2023-10-09 10:54 UTC (permalink / raw
To: gentoo-commits
commit: 4339e4fae61334e298b398bf020f191c78bd20ab
Author: Giuseppe Foti <foti.giuseppe <AT> gmail <DOT> com>
AuthorDate: Sat Oct 7 15:47:40 2023 +0000
Commit: Florian Schmaus <flow <AT> gentoo <DOT> org>
CommitDate: Mon Oct 9 10:54:08 2023 +0000
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=4339e4fa
net-analyzer/openvas-scanner: add 22.7.5, drop 22.7.3-r1
Signed-off-by: Giuseppe Foti <foti.giuseppe <AT> gmail.com>
Closes: https://github.com/gentoo/gentoo/pull/33231
Signed-off-by: Florian Schmaus <flow <AT> gentoo.org>
net-analyzer/openvas-scanner/Manifest | 3 +--
net-analyzer/openvas-scanner/files/redis-openvas.confd | 2 +-
net-analyzer/openvas-scanner/files/redis-openvas.initd | 8 ++++++--
...anner-22.7.3-r1.ebuild => openvas-scanner-22.7.5.ebuild} | 13 +++----------
4 files changed, 11 insertions(+), 15 deletions(-)
diff --git a/net-analyzer/openvas-scanner/Manifest b/net-analyzer/openvas-scanner/Manifest
index b2e13b849c4b..1d93a64ae0d6 100644
--- a/net-analyzer/openvas-scanner/Manifest
+++ b/net-analyzer/openvas-scanner/Manifest
@@ -1,3 +1,2 @@
DIST openvas-scanner-21.4.4.tar.gz 460601 BLAKE2B 66d627e76912735539399aed637fdc07a7d13c9e4eb142498dcf181b8ea952dd93107bcc1f2ef577126178ff3dad1e5f6e50d67840692cd49f7352e3a726ce8f SHA512 f2fe1f802b14fc41ee0d7657d031d318b651c3ec9ef554b33379a7459d40c17b44525c8f666ccb9670868576c101766936dd0c700778e46683bf43f0683834b6
-DIST openvas-scanner-22.7.3-fix-automagic-dep-on-snmp.patch 2669 BLAKE2B 1ac0478c23d8102d0928552acefff01661db55949cf4f0540d9a8608078ff01e5d794f7a851095cfcdd49657593e7ba2340c665b3f87615ae4ca7cee2eb1248a SHA512 7dc3cf4d39733706516909e4724272abf17cd20b9a6104b6a03166056415905748c72ad629258a430e19aed553cc1659587c0a0b6c7991c35605ee82e9caea5b
-DIST openvas-scanner-22.7.3.tar.gz 962647 BLAKE2B d3ce0be58b41bef6c01c5e831307713fa95913dae70cb6e67d82c196793817f516429f2ef1efffcc58863165913524a10465f33aac5f283d94d21595aaad360c SHA512 c729fca47534e289c26f5c5ad1766fe0101b1fc287609d5b40c65108152b1069b759ecfd6375999b6384b2b90ffff420336f5ce134256bd1a5fec5b5523a8272
+DIST openvas-scanner-22.7.5.tar.gz 976268 BLAKE2B 0a8b2ce275de5baec614e18164fcc13029373233e3e6acc31124e0660c9c82a8aabf2913223983014518fefe534048fd8a23a7457727ffa165c8a3ea58cd44d0 SHA512 cdbafb80e74f948043cae87e27a10df5fb7af1bb4112a3fd593f60233fd3c9a46d3ffb80b1fce195bed7de6308228b3fe7fcbff6ed493791627bdd3767987261
diff --git a/net-analyzer/openvas-scanner/files/redis-openvas.confd b/net-analyzer/openvas-scanner/files/redis-openvas.confd
index 2e9ec5cfbf16..6a75dfdc7d28 100644
--- a/net-analyzer/openvas-scanner/files/redis-openvas.confd
+++ b/net-analyzer/openvas-scanner/files/redis-openvas.confd
@@ -8,7 +8,7 @@ REDIS_GROUP="gvm"
REDIS_CONF="/etc/gvm/redis-openvas.conf"
# Redis dump directory.
-REDIS_DIR="/var/lib/gvm/redis"
+REDIS_DIR="/var/lib/openvas/redis"
# Redis options.
# (Redis expects the first argument to be the configuration file.)
diff --git a/net-analyzer/openvas-scanner/files/redis-openvas.initd b/net-analyzer/openvas-scanner/files/redis-openvas.initd
index 5c50d29dae6a..058d99d063dc 100644
--- a/net-analyzer/openvas-scanner/files/redis-openvas.initd
+++ b/net-analyzer/openvas-scanner/files/redis-openvas.initd
@@ -1,8 +1,8 @@
#!/sbin/openrc-run
-# Copyright 1999-2017 Gentoo Foundation
+# Copyright 1999-2023 Gentoo Foundation
# Distributed under the terms of the GNU General Public License v2
-: ${REDIS_DIR:=/var/lib/gvm/redis}
+: ${REDIS_DIR:=/var/lib/openvas/redis}
: ${REDIS_CONF:=/etc/gvm/redis-openvas.conf}
: ${REDIS_OPTS:="${REDIS_CONF}"}
: ${REDIS_USER:=gvm}
@@ -19,6 +19,10 @@ pidfile="/run/${RC_SVCNAME}/redis-server.pid"
retry="${REDIS_TIMEOUT}"
start_stop_daemon_args="--chdir \"${REDIS_DIR}\""
+start_post() {
+ checkpath -f --mode 0644 --owner ${REDIS_USER}:${REDIS_GROUP} /var/log/gvm/openvas.log
+}
+
depend() {
use localmount logger
after keepalived
diff --git a/net-analyzer/openvas-scanner/openvas-scanner-22.7.3-r1.ebuild b/net-analyzer/openvas-scanner/openvas-scanner-22.7.5.ebuild
similarity index 92%
rename from net-analyzer/openvas-scanner/openvas-scanner-22.7.3-r1.ebuild
rename to net-analyzer/openvas-scanner/openvas-scanner-22.7.5.ebuild
index 096f3452f3ff..2d19d16186c3 100644
--- a/net-analyzer/openvas-scanner/openvas-scanner-22.7.3-r1.ebuild
+++ b/net-analyzer/openvas-scanner/openvas-scanner-22.7.5.ebuild
@@ -11,8 +11,6 @@ DESCRIPTION="Open Vulnerability Assessment Scanner"
HOMEPAGE="https://www.greenbone.net https://github.com/greenbone/openvas-scanner/"
SRC_URI="
https://github.com/greenbone/openvas-scanner/archive/v${PV}.tar.gz -> ${P}.tar.gz
- https://github.com/greenbone/openvas-scanner/commit/c9ba348e1a7fa99a0b41a0e53f251309f2768187.patch
- -> ${PN}-22.7.3-fix-automagic-dep-on-snmp.patch
"
SLOT="0"
@@ -23,14 +21,14 @@ RESTRICT="!test? ( test )"
DEPEND="
acct-user/gvm
- dev-db/redis
- dev-libs/glib:2
+ >=dev-db/redis-5.0.3
+ >=dev-libs/glib-2.42:2
>=dev-libs/json-glib-1.4.4
>=net-libs/gnutls-3.2.15
>=net-analyzer/gvm-libs-22.4
net-libs/libpcap
app-crypt/gpgme:=
- dev-libs/libgcrypt:=
+ >=dev-libs/libgcrypt-1.6
dev-libs/libgpg-error
>=dev-libs/libksba-1.0.7
>=net-libs/libssh-0.6.0
@@ -53,11 +51,6 @@ BDEPEND="
test? ( dev-libs/cgreen )
"
-PATCHES=(
- # Fix https://bugs.gentoo.org/911114
- "${DISTDIR}"/${PN}-22.7.3-fix-automagic-dep-on-snmp.patch
-)
-
src_prepare() {
cmake_src_prepare
# QA-Fix | Correct FHS/Gentoo policy paths for 7.0.0
^ permalink raw reply related [flat|nested] 8+ messages in thread
* [gentoo-commits] repo/gentoo:master commit in: net-analyzer/openvas-scanner/files/, net-analyzer/openvas-scanner/
@ 2023-11-14 7:53 Florian Schmaus
0 siblings, 0 replies; 8+ messages in thread
From: Florian Schmaus @ 2023-11-14 7:53 UTC (permalink / raw
To: gentoo-commits
commit: da4a7f1c80ae570c902b2ad45917f29abc37352b
Author: Giuseppe Foti <foti.giuseppe <AT> gmail <DOT> com>
AuthorDate: Mon Nov 13 20:10:11 2023 +0000
Commit: Florian Schmaus <flow <AT> gentoo <DOT> org>
CommitDate: Tue Nov 14 07:52:28 2023 +0000
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=da4a7f1c
net-analyzer/openvas-scanner: drop 21.4.4-r2
Signed-off-by: Giuseppe Foti <foti.giuseppe <AT> gmail.com>
Closes: https://github.com/gentoo/gentoo/pull/33803
Signed-off-by: Florian Schmaus <flow <AT> gentoo.org>
net-analyzer/openvas-scanner/Manifest | 1 -
.../openvas-scanner-20.8.1-rpath-qa-fix.patch | 14 ---
...envas-scanner-7.0.1-disable-automagic-dep.patch | 33 ------
...penvas-scanner-7.0.1-fix-linking-with-lld.patch | 33 ------
net-analyzer/openvas-scanner/files/openvas.conf | 1 -
.../openvas-scanner/files/openvassd.logrotate | 13 ---
.../openvas-scanner-21.4.4-r2.ebuild | 125 ---------------------
7 files changed, 220 deletions(-)
diff --git a/net-analyzer/openvas-scanner/Manifest b/net-analyzer/openvas-scanner/Manifest
index a67ed4e9be68..85069d96a398 100644
--- a/net-analyzer/openvas-scanner/Manifest
+++ b/net-analyzer/openvas-scanner/Manifest
@@ -1,2 +1 @@
-DIST openvas-scanner-21.4.4.tar.gz 460601 BLAKE2B 66d627e76912735539399aed637fdc07a7d13c9e4eb142498dcf181b8ea952dd93107bcc1f2ef577126178ff3dad1e5f6e50d67840692cd49f7352e3a726ce8f SHA512 f2fe1f802b14fc41ee0d7657d031d318b651c3ec9ef554b33379a7459d40c17b44525c8f666ccb9670868576c101766936dd0c700778e46683bf43f0683834b6
DIST openvas-scanner-22.7.6.tar.gz 1027968 BLAKE2B 393b14dbb2c4fefb08a4b24597b5b1be8ade48d047dbf8b7aa8240cb14a7cf59829d9f68911ff726c5312d250ac1b14bb56478662d8c68a3006ec40212dd340b SHA512 83de4f546557d8e72fe63374940ef10bf365e2414fadeb32f23b5a621bf09a27bb2e75473e06413d3951d308ce7ac9b431cd270a17cfec9d64984228d65f0f09
diff --git a/net-analyzer/openvas-scanner/files/openvas-scanner-20.8.1-rpath-qa-fix.patch b/net-analyzer/openvas-scanner/files/openvas-scanner-20.8.1-rpath-qa-fix.patch
deleted file mode 100644
index 79e8692f4d6d..000000000000
--- a/net-analyzer/openvas-scanner/files/openvas-scanner-20.8.1-rpath-qa-fix.patch
+++ /dev/null
@@ -1,14 +0,0 @@
-diff --git a/CMakeLists.txt b/CMakeLists.txt
-index 69c68375..5bc000c0 100644
---- a/CMakeLists.txt
-+++ b/CMakeLists.txt
-@@ -37,6 +37,8 @@ endif (NOT CMAKE_BUILD_TYPE)
-
- OPTION (ENABLE_COVERAGE "Enable support for coverage analysis" OFF)
-
-+set(CMAKE_BUILD_WITH_INSTALL_RPATH TRUE)
-+
- ## Retrieve git revision (at configure time)
- include (GetGit)
-
-
diff --git a/net-analyzer/openvas-scanner/files/openvas-scanner-7.0.1-disable-automagic-dep.patch b/net-analyzer/openvas-scanner/files/openvas-scanner-7.0.1-disable-automagic-dep.patch
deleted file mode 100644
index fd3e4610f8a4..000000000000
--- a/net-analyzer/openvas-scanner/files/openvas-scanner-7.0.1-disable-automagic-dep.patch
+++ /dev/null
@@ -1,33 +0,0 @@
-diff --git a/nasl/CMakeLists.txt b/nasl/CMakeLists.txt
-index b594679c..81c5e4a9 100644
---- a/nasl/CMakeLists.txt
-+++ b/nasl/CMakeLists.txt
-@@ -100,14 +100,20 @@ execute_process (COMMAND gpgme-config --cflags
- OUTPUT_VARIABLE GPGME_CFLAGS
- OUTPUT_STRIP_TRAILING_WHITESPACE)
-
--message (STATUS "Looking for netsnmp...")
--find_library (SNMP netsnmp)
--message (STATUS "Looking for netsnmp... ${SNMP}")
--if (SNMP)
-- execute_process (COMMAND net-snmp-config --libs
-- OUTPUT_VARIABLE SNMP_LDFLAGS
-- OUTPUT_STRIP_TRAILING_WHITESPACE)
--endif (SNMP)
-+option(BUILD_WITH_SNMP "Build with SNMP Support" ON)
-+if (BUILD_WITH_SNMP)
-+ message (STATUS "Looking for netsnmp...")
-+ find_library (SNMP netsnmp)
-+ message (STATUS "Looking for netsnmp... ${SNMP}")
-+ if (SNMP)
-+ execute_process (COMMAND net-snmp-config --libs
-+ OUTPUT_VARIABLE SNMP_LDFLAGS
-+ OUTPUT_STRIP_TRAILING_WHITESPACE)
-+ endif (SNMP)
-+ if (NOT SNMP)
-+ message (SEND_ERROR " netsnmp not found")
-+ endif(NOT SNMP)
-+endif (BUILD_WITH_SNMP)
-
- message (STATUS "Looking for libgcrypt...")
- find_library (GCRYPT gcrypt)
diff --git a/net-analyzer/openvas-scanner/files/openvas-scanner-7.0.1-fix-linking-with-lld.patch b/net-analyzer/openvas-scanner/files/openvas-scanner-7.0.1-fix-linking-with-lld.patch
deleted file mode 100644
index 2b31a7c7d22a..000000000000
--- a/net-analyzer/openvas-scanner/files/openvas-scanner-7.0.1-fix-linking-with-lld.patch
+++ /dev/null
@@ -1,33 +0,0 @@
-diff --git a/nasl/CMakeLists.txt b/nasl/CMakeLists.txt
-index b594679c..adf9a221 100644
---- a/nasl/CMakeLists.txt
-+++ b/nasl/CMakeLists.txt
-@@ -87,6 +87,28 @@ endif (NOT KSBA)
- message (STATUS "Looking for pcap...")
- find_library (PCAP pcap)
-
-+message (STATUS "Looking for pcap... ${PCAP}")
-+if (NOT PCAP)
-+ message (SEND_ERROR "The pcap library is required.")
-+endif (NOT PCAP)
-+
-+message (STATUS "Looking for pcap-config...")
-+find_program (PCAP_CONFIG pcap-config)
-+
-+if (PCAP_CONFIG)
-+ message (STATUS "Looking for pcap-config... ${PCAP_CONFIG}")
-+ execute_process (COMMAND pcap-config --libs
-+ OUTPUT_VARIABLE PCAP_LDFLAGS
-+ OUTPUT_STRIP_TRAILING_WHITESPACE)
-+ execute_process (COMMAND pcap-config --cflags
-+ OUTPUT_VARIABLE PCAP_CFLAGS
-+ OUTPUT_STRIP_TRAILING_WHITESPACE)
-+else (PCAP_CONFIG)
-+ message (STATUS "pcap-config not found, using defaults...")
-+ set (PCAP_LDFLAGS "-L/usr/lib -lpcap")
-+ set (PCAP_CFLAGS "-I/usr/include")
-+endif (PCAP_CONFIG)
-+
- find_library (GPGME gpgme)
- message (STATUS "Looking for gpgme... ${GPGME}")
- if (NOT GPGME)
diff --git a/net-analyzer/openvas-scanner/files/openvas.conf b/net-analyzer/openvas-scanner/files/openvas.conf
deleted file mode 100644
index 487e643834b8..000000000000
--- a/net-analyzer/openvas-scanner/files/openvas.conf
+++ /dev/null
@@ -1 +0,0 @@
-db_address = /tmp/redis.sock
diff --git a/net-analyzer/openvas-scanner/files/openvassd.logrotate b/net-analyzer/openvas-scanner/files/openvassd.logrotate
deleted file mode 100644
index 9cf47d54763d..000000000000
--- a/net-analyzer/openvas-scanner/files/openvassd.logrotate
+++ /dev/null
@@ -1,13 +0,0 @@
-# Copyright 1999-2019 Gentoo Authors
-# Distributed under the terms of the GNU General Public License v2
-# Daemon ignore HUP so we use 'copytruncate' instead of 'create'
-# with safe file size to prevent losing log entries.
-
-/var/log/gvm/openvassd.log {
- compress
- missingok
- notifempty
- sharedscripts
- copytruncate
- maxsize 10M
-}
diff --git a/net-analyzer/openvas-scanner/openvas-scanner-21.4.4-r2.ebuild b/net-analyzer/openvas-scanner/openvas-scanner-21.4.4-r2.ebuild
deleted file mode 100644
index 59b7fae51932..000000000000
--- a/net-analyzer/openvas-scanner/openvas-scanner-21.4.4-r2.ebuild
+++ /dev/null
@@ -1,125 +0,0 @@
-# Copyright 1999-2022 Gentoo Authors
-# Distributed under the terms of the GNU General Public License v2
-
-EAPI=8
-
-inherit cmake toolchain-funcs
-
-MY_PN="openvas"
-MY_DN="openvassd"
-
-DESCRIPTION="Open Vulnerability Assessment Scanner"
-HOMEPAGE="https://www.greenbone.net https://github.com/greenbone/openvas-scanner/"
-SRC_URI="https://github.com/greenbone/openvas-scanner/archive/v${PV}.tar.gz -> ${P}.tar.gz"
-
-SLOT="0"
-LICENSE="GPL-2 GPL-2+"
-KEYWORDS="~amd64 ~x86"
-IUSE="doc snmp test"
-RESTRICT="!test? ( test )"
-
-DEPEND="
- acct-user/gvm
- app-crypt/gpgme:=
- dev-db/redis
- dev-libs/glib:2
- dev-libs/libgcrypt:=
- dev-libs/libgpg-error
- dev-libs/libksba
- >=net-analyzer/gvm-libs-${PV}
- snmp? ( net-analyzer/net-snmp:= )
- net-libs/gnutls:=
- net-libs/libpcap
- net-libs/libssh:=
-"
-RDEPEND="${DEPEND}"
-BDEPEND="
- sys-devel/bison
- sys-devel/flex
- virtual/pkgconfig
- doc? (
- app-doc/doxygen[dot]
- app-doc/xmltoman
- app-text/htmldoc
- dev-perl/CGI
- dev-perl/SQL-Translator
- )
- test? ( dev-libs/cgreen )
-"
-
-PATCHES=(
- "${FILESDIR}"/${PN}-7.0.1-disable-automagic-dep.patch
- "${FILESDIR}"/${PN}-7.0.1-fix-linking-with-lld.patch
- #qa fix for rpath
- "${FILESDIR}"/${PN}-20.8.1-rpath-qa-fix.patch
-)
-
-src_prepare() {
- cmake_src_prepare
- # QA-Fix | Correct FHS/Gentoo policy paths for 7.0.0
- sed -i -e "s*/doc/openvas-scanner/*/doc/openvas-scanner-${PV}/*g" "${S}"/src/CMakeLists.txt || die
- # QA-Fix | Remove !CLANG doxygen warnings for 7.0.0
- if use doc; then
- if ! tc-is-clang; then
- local f
- for f in doc/*.in
- do
- sed -i \
- -e "s*CLANG_ASSISTED_PARSING = NO*#CLANG_ASSISTED_PARSING = NO*g" \
- -e "s*CLANG_OPTIONS*#CLANG_OPTIONS*g" \
- "${f}" || die "couldn't disable CLANG parsing"
- done
- fi
- fi
-
- #Remove tests that doesn't work in the network sandbox
- if use test; then
- sed -i 's/add_test (pcap-test pcap-test)/ /g' misc/CMakeLists.txt || die
- fi
-}
-
-src_configure() {
- local mycmakeargs=(
- "-DLOCALSTATEDIR=${EPREFIX}/var"
- "-DSYSCONFDIR=${EPREFIX}/etc"
- "-DSBINDIR=${EPREFIX}/usr/bin"
- "-DBUILD_WITH_SNMP=$(usex snmp)"
- )
- cmake_src_configure
-}
-
-src_compile() {
- cmake_src_compile
- if use doc; then
- cmake_build -C "${BUILD_DIR}" doc
- cmake_build doc-full -C "${BUILD_DIR}" doc
- fi
- cmake_build rebuild_cache
- if use test; then
- cmake_build tests
- fi
-}
-
-src_install() {
- if use doc; then
- local HTML_DOCS=( "${BUILD_DIR}"/doc/generated/html/. )
- fi
- cmake_src_install
-
- insinto /etc/logrotate.d
- newins "${FILESDIR}/${MY_DN}.logrotate" "${MY_DN}"
-
- # Set proper permissions on required files/directories
- keepdir /var/log/gvm
- if ! use prefix; then
- fowners gvm:gvm /var/log/gvm
- fi
-
- keepdir /var/lib/openvas/{gnupg,plugins}
- if ! use prefix; then
- fowners -R gvm:gvm /var/lib/openvas
- fi
-
- insinto /etc/openvas
- doins "${FILESDIR}/openvas.conf"
-}
^ permalink raw reply related [flat|nested] 8+ messages in thread
* [gentoo-commits] repo/gentoo:master commit in: net-analyzer/openvas-scanner/files/, net-analyzer/openvas-scanner/
@ 2024-04-03 17:38 Florian Schmaus
0 siblings, 0 replies; 8+ messages in thread
From: Florian Schmaus @ 2024-04-03 17:38 UTC (permalink / raw
To: gentoo-commits
commit: d6d31519339f95017875475954b66b61a3e9cca1
Author: Giuseppe Foti <foti.giuseppe <AT> gmail <DOT> com>
AuthorDate: Fri Mar 29 23:21:50 2024 +0000
Commit: Florian Schmaus <flow <AT> gentoo <DOT> org>
CommitDate: Wed Apr 3 17:34:48 2024 +0000
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=d6d31519
net-analyzer/openvas-scanner: add 23.0.1
Signed-off-by: Giuseppe Foti <foti.giuseppe <AT> gmail.com>
Closes: https://github.com/gentoo/gentoo/pull/35995
Signed-off-by: Florian Schmaus <flow <AT> gentoo.org>
net-analyzer/openvas-scanner/Manifest | 1 +
.../files/openvas-scanner-23.0.1-link-pcap.patch | 16 ++
.../openvas-scanner/openvas-scanner-23.0.1.ebuild | 163 +++++++++++++++++++++
3 files changed, 180 insertions(+)
diff --git a/net-analyzer/openvas-scanner/Manifest b/net-analyzer/openvas-scanner/Manifest
index 883c03b3f20b..678d032cb5a3 100644
--- a/net-analyzer/openvas-scanner/Manifest
+++ b/net-analyzer/openvas-scanner/Manifest
@@ -1 +1,2 @@
DIST openvas-scanner-22.7.9.tar.gz 1069904 BLAKE2B 908810997880d1267f41df59905acc2ac2d491ab8453001ae8e2cc6881958150e8866b07b4e335888e8e574b5a347b33880bd24c9b8d140edd6c384e498e5dc9 SHA512 279a781fe698496fb88efd28c0ee6ede66a0180237b60c4d7b083fe10c7b7ac054ec04b08c9b33e6dd142f60529faedfef4441421cc04e95eaa08865e47b58dd
+DIST openvas-scanner-23.0.1.tar.gz 1387550 BLAKE2B 22f0b7f10fbb8be7d0897ce1895035ec9e330adee2a56d7c724e9e9fd54808ed10de5f05b3bb02918e44e45a7f85035e7d63fdd89345dcdb09d5180740823c74 SHA512 e2107ca762abcbb20d4506d2cc4479d5fbf5efd744a598ec63ea3c66ae6a6f1743deeb4b7aa9863b78c186c8a4d4b5f2212d241cef51b91c6c5bcd0879c45dc7
diff --git a/net-analyzer/openvas-scanner/files/openvas-scanner-23.0.1-link-pcap.patch b/net-analyzer/openvas-scanner/files/openvas-scanner-23.0.1-link-pcap.patch
new file mode 100644
index 000000000000..9d7294708360
--- /dev/null
+++ b/net-analyzer/openvas-scanner/files/openvas-scanner-23.0.1-link-pcap.patch
@@ -0,0 +1,16 @@
+Fixes underlinking pcatp lib in nasl/CMakeLists.txt
+Upstream PR: https://github.com/greenbone/openvas-scanner/pull/1611
+
+diff --git a/nasl/CMakeLists.txt b/nasl/CMakeLists.txt
+index 975154a..dd1b925 100644
+--- a/nasl/CMakeLists.txt
++++ b/nasl/CMakeLists.txt
+@@ -188,7 +188,7 @@ set_target_properties (openvas_nasl_shared PROPERTIES CLEAN_DIRECT_OUTPUT 1)
+ set_target_properties (openvas_nasl_shared PROPERTIES SOVERSION "${PROJECT_VERSION_MAJOR}")
+ set_target_properties (openvas_nasl_shared PROPERTIES VERSION "${PROJECT_VERSION_STRING}")
+ # line below is needed so it also works with no-undefined which is e.g. used by Mandriva
+-target_link_libraries (openvas_nasl_shared openvas_misc_shared ${GLIB_LDFLAGS}
++target_link_libraries (openvas_nasl_shared openvas_misc_shared pcap ${GLIB_LDFLAGS}
+ ${LIBOPENVAS_MISC_LDFLAGS}
+ ${GLIB_JSON_LDFLAGS}
+ ${GCRYPT_LDFLAGS} ${GPGME_LDFLAGS} m
diff --git a/net-analyzer/openvas-scanner/openvas-scanner-23.0.1.ebuild b/net-analyzer/openvas-scanner/openvas-scanner-23.0.1.ebuild
new file mode 100644
index 000000000000..4d62998ccc00
--- /dev/null
+++ b/net-analyzer/openvas-scanner/openvas-scanner-23.0.1.ebuild
@@ -0,0 +1,163 @@
+# Copyright 1999-2024 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=8
+
+inherit cmake systemd tmpfiles toolchain-funcs readme.gentoo-r1 optfeature
+
+MY_DN="openvas"
+
+DESCRIPTION="Open Vulnerability Assessment Scanner"
+HOMEPAGE="https://www.greenbone.net https://github.com/greenbone/openvas-scanner/"
+SRC_URI="
+ https://github.com/greenbone/openvas-scanner/archive/v${PV}.tar.gz -> ${P}.tar.gz
+"
+
+SLOT="0"
+LICENSE="GPL-2 GPL-2+"
+KEYWORDS="amd64 ~x86"
+IUSE="doc snmp test"
+RESTRICT="!test? ( test )"
+
+DEPEND="
+ acct-user/gvm
+ app-crypt/gpgme:=
+ >=dev-db/redis-5.0.3
+ >=dev-libs/glib-2.42:2
+ >=dev-libs/libgcrypt-1.6:=
+ dev-libs/libgpg-error
+ >=dev-libs/libksba-1.0.7
+ dev-libs/libbsd
+ >=net-libs/libssh-0.6.0:=
+ >=dev-libs/json-glib-1.4.4
+ >=net-analyzer/gvm-libs-22.4
+ >=net-libs/gnutls-3.6.4:=
+ net-libs/libpcap
+ >=net-misc/curl-7.74.0[ssl]
+ snmp? ( net-analyzer/net-snmp:= )
+"
+RDEPEND="${DEPEND}"
+BDEPEND="
+ >=sys-devel/bison-2.5
+ app-alternatives/lex
+ virtual/pkgconfig
+ doc? (
+ app-text/doxygen[dot]
+ app-text/xmltoman
+ app-text/htmldoc
+ dev-perl/CGI
+ dev-perl/SQL-Translator
+ virtual/pandoc
+ )
+ test? ( dev-libs/cgreen )
+"
+PATCHES=(
+ # See https://github.com/greenbone/openvas-scanner/pull/1611
+ "${FILESDIR}"/openvas-scanner-23.0.1-link-pcap.patch
+)
+
+src_prepare() {
+ cmake_src_prepare
+ # QA-Fix | Remove -Werror compiler flag
+ sed -i -e "s/-Werror//" "${S}"/CMakeLists.txt || die #909560
+ # QA-Fix | Remove !CLANG doxygen warnings for 7.0.0
+ if use doc; then
+ if ! tc-is-clang; then
+ local f
+ for f in doc/*.in
+ do
+ sed -i \
+ -e "s*CLANG_ASSISTED_PARSING = NO*#CLANG_ASSISTED_PARSING = NO*g" \
+ -e "s*CLANG_OPTIONS*#CLANG_OPTIONS*g" \
+ "${f}" || die "couldn't disable CLANG parsing"
+ done
+ fi
+ fi
+
+ #Remove tests that doesn't work in the network sandbox
+ if use test; then
+ sed -i 's/add_test (pcap-test pcap-test)/ /g' misc/CMakeLists.txt || die
+ fi
+}
+
+src_configure() {
+ local mycmakeargs=(
+ "-DLOCALSTATEDIR=${EPREFIX}/var"
+ "-DSYSCONFDIR=${EPREFIX}/etc"
+ "-DSBINDIR=${EPREFIX}/usr/bin"
+ "-DOPENVAS_FEED_LOCK_PATH=${EPREFIX}/var/lib/openvas/feed-update.lock"
+ "-DOPENVAS_RUN_DIR=/run/ospd"
+ "-DINSTALL_OLD_SYNC_SCRIPT=OFF"
+ "-DBUILD_WITH_NETSNMP=$(usex snmp)"
+ )
+ cmake_src_configure
+}
+
+src_compile() {
+ cmake_src_compile
+ if use doc; then
+ cmake_build -C "${BUILD_DIR}" doxygen-full manual
+ fi
+ cmake_build rebuild_cache
+ if use test; then
+ cmake_build tests
+ fi
+}
+
+src_install() {
+ if use doc; then
+ mv "${BUILD_DIR}"/doc/html "${BUILD_DIR}"/doc/html-manual || die
+ local HTML_DOCS=(
+ "${BUILD_DIR}"/doc/generated/html/.
+ "${BUILD_DIR}"/doc/html-manual
+ )
+ fi
+ cmake_src_install
+
+ insinto /etc/logrotate.d
+ newins "${FILESDIR}/${MY_DN}.logrotate" "${MY_DN}"
+
+ # Set proper permissions on required files/directories
+ keepdir /var/log/gvm
+ if ! use prefix; then
+ fowners gvm:gvm /var/log/gvm
+ fi
+
+ keepdir /var/lib/openvas/{gnupg,plugins}
+ if ! use prefix; then
+ fowners -R gvm:gvm /var/lib/openvas
+ fi
+
+ insinto /etc/openvas
+ newins "${FILESDIR}/openvas.conf-22" openvas.conf
+
+ systemd_newunit "${FILESDIR}/redis-openvas.service" redis-openvas.service
+ newtmpfiles "${FILESDIR}/redis-openvas.tmpfiles" redis-openvas.conf
+
+ insinto /etc/gvm
+ doins config/redis-openvas.conf
+ if ! use prefix; then
+ fowners -R gvm:gvm /etc/gvm /etc/gvm/redis-openvas.conf
+ fi
+
+ fperms 0750 /etc/gvm
+ fperms 0640 /etc/gvm/redis-openvas.conf
+
+ newconfd "${FILESDIR}/redis-openvas.confd" redis-openvas
+ newinitd "${FILESDIR}/redis-openvas.initd" redis-openvas
+
+ if use prefix; then
+ diropts -m0750
+ else
+ diropts -m0750 -o gvm -g gvm
+ fi
+ keepdir /var/lib/openvas/redis
+
+ readme.gentoo_create_doc
+}
+
+pkg_postinst() {
+ tmpfiles_process redis-openvas.conf
+ optfeature "port scanner" net-analyzer/nmap
+ readme.gentoo_print_elog
+}
^ permalink raw reply related [flat|nested] 8+ messages in thread
end of thread, other threads:[~2024-04-03 17:38 UTC | newest]
Thread overview: 8+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2022-12-24 14:49 [gentoo-commits] repo/gentoo:master commit in: net-analyzer/openvas-scanner/files/, net-analyzer/openvas-scanner/ Andreas Sturmlechner
-- strict thread matches above, loose matches on Subject: below --
2024-04-03 17:38 Florian Schmaus
2023-11-14 7:53 Florian Schmaus
2023-10-09 10:54 Florian Schmaus
2023-07-31 12:57 Florian Schmaus
2020-03-25 13:46 Joonas Niilola
2019-08-12 4:54 Joonas Niilola
2019-03-13 14:59 Patrice Clement
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox