diff options
Diffstat (limited to 'community/openvas-scanner')
-rw-r--r-- | community/openvas-scanner/001-cmakelist-fortify.patch | 21 | ||||
-rw-r--r-- | community/openvas-scanner/002-execinfo-musl-fix.patch | 40 | ||||
-rw-r--r-- | community/openvas-scanner/APKBUILD | 100 | ||||
-rw-r--r-- | community/openvas-scanner/openvas-nvt-sync.cron | 38 | ||||
-rw-r--r-- | community/openvas-scanner/openvas-scanner.post-install | 3 | ||||
-rw-r--r-- | community/openvas-scanner/openvassd.conf | 118 | ||||
-rw-r--r-- | community/openvas-scanner/openvassd.confd | 27 | ||||
-rw-r--r-- | community/openvas-scanner/openvassd.initd | 26 | ||||
-rw-r--r-- | community/openvas-scanner/openvassd.logrotate | 11 |
9 files changed, 0 insertions, 384 deletions
diff --git a/community/openvas-scanner/001-cmakelist-fortify.patch b/community/openvas-scanner/001-cmakelist-fortify.patch deleted file mode 100644 index e77214f945..0000000000 --- a/community/openvas-scanner/001-cmakelist-fortify.patch +++ /dev/null @@ -1,21 +0,0 @@ -diff --git a/CMakeLists.txt b/CMakeLists.txt -index 588f5d8..a98929f 100644 ---- a/CMakeLists.txt -+++ b/CMakeLists.txt -@@ -34,6 +34,7 @@ if (POLICY CMP0005) - endif (POLICY CMP0005) - - include (FindPkgConfig) -+include(CheckIncludeFile) - - if (NOT PKG_CONFIG_FOUND) - message(FATAL_ERROR "pkg-config executable not found. Aborting.") -@@ -225,7 +226,7 @@ configure_file (tools/greenbone-nvt-sync.in tools/greenbone-nvt-sync @ONLY) - - ## Program - --set (HARDENING_FLAGS "-Wformat -Wformat-security -O2 -D_FORTIFY_SOURCE=2 -fstack-protector -Wl,-z,relro -Wl,-z,now") -+set (HARDENING_FLAGS "-Wformat -Wformat-security -O2 -U_FORTIFY_SOURCE -D_FORTIFY_SOURCE=2 -fstack-protector -Wl,-z,relro -Wl,-z,now") - - set (CMAKE_C_FLAGS_DEBUG "${CMAKE_C_FLAGS_DEBUG} -Werror") - set (CMAKE_C_FLAGS "${CMAKE_C_FLAGS} ${HARDENING_FLAGS} -Wall -D_BSD_SOURCE -D_ISOC99_SOURCE -D_SVID_SOURCE -D_DEFAULT_SOURCE") diff --git a/community/openvas-scanner/002-execinfo-musl-fix.patch b/community/openvas-scanner/002-execinfo-musl-fix.patch deleted file mode 100644 index 8fd2164221..0000000000 --- a/community/openvas-scanner/002-execinfo-musl-fix.patch +++ /dev/null @@ -1,40 +0,0 @@ -diff --git a/src/sighand.c b/src/sighand.c -index 1ebf206..985e470 100644 ---- a/src/sighand.c -+++ b/src/sighand.c -@@ -30,7 +30,10 @@ - #include <errno.h> /* for errno() */ - #include <sys/wait.h> /* for wait() */ - #include <sys/socket.h> /* for shutdown() */ -+ -+#ifdef HAVE_EXECINFO_H - #include <execinfo.h> -+#endif - - #include "log.h" - #include "sighand.h" -@@ -112,6 +115,7 @@ sighand_chld (pid_t pid) - waitpid (pid, &status, WNOHANG); - } - -+#ifdef HAVE_EXECINFO_H - static void - print_trace () - { -@@ -126,13 +130,16 @@ print_trace () - log_write ("%s\n", symbols[i]); - g_free (symbols); - } -+#endif - - void - sighand_segv () - { - signal (SIGSEGV, _exit); - log_write ("SIGSEGV occured !"); -+ #ifdef HAVE_EXECINFO_H - print_trace (); -+ #endif - make_em_die (SIGTERM); - log_close (); - _exit (0); diff --git a/community/openvas-scanner/APKBUILD b/community/openvas-scanner/APKBUILD deleted file mode 100644 index 09b3f3af50..0000000000 --- a/community/openvas-scanner/APKBUILD +++ /dev/null @@ -1,100 +0,0 @@ -# Contributor: Francesco Colista <fcolista@alpinelinux.org> -# Maintainer: Francesco Colista <fcolista@alpinelinux.org> -pkgname=openvas-scanner -_pkgname=openvassd -pkgver=5.0.5 -_pkgid=2266 -pkgrel=3 -pkgdesc="The OpenVAS scanning Daemon" -url="http://www.openvas.org/" -arch="all" -license="GPL" -depends="redis nmap coreutils openssl" -depends_dev="" -makedepends="$depends_dev cmake openvas-libraries-dev glib-dev - doxygen xmltoman" -install="" -subpackages="$pkgname-doc" -source="http://wald.intevation.org/frs/download.php/$_pkgid/$pkgname-$pkgver.tar.gz - $_pkgname.initd - $_pkgname.confd - $_pkgname.conf - $_pkgname.logrotate - openvas-nvt-sync.cron - 001-cmakelist-fortify.patch - 002-execinfo-musl-fix.patch" - -_builddir="$srcdir"/$pkgname-$pkgver -prepare() { - local i - cd "$_builddir" - for i in $source; do - case $i in - *.patch) msg $i; patch -p1 -i "$srcdir"/$i || return 1;; - esac - done -} - -build() { - cd "$_builddir" - cmake -DCMAKE_BUILD_TYPE=Release \ - -DSBINDIR=/usr/bin \ - -DCMAKE_INSTALL_PREFIX=/usr \ - -DSYSCONFDIR=/etc \ - -DLOCALSTATEDIR=/var . - make || return 1 -} - -package() { - cd "$_builddir" - make DESTDIR="$pkgdir/" install - install -Dm644 "$srcdir/$_pkgname.logrotate" "$pkgdir/etc/logrotate.d/$_pkgname" - install -m755 -D "$srcdir"/$_pkgname.initd "$pkgdir"/etc/init.d/$_pkgname - install -m755 -D "$srcdir"/$_pkgname.confd "$pkgdir"/etc/conf.d/$_pkgname - install -m755 -D "$srcdir"/$_pkgname.conf "$pkgdir"/etc/openvas/$_pkgname.conf - install -Dm744 "$srcdir"/openvas-nvt-sync.cron \ - "$pkgdir"/etc/periodic/daily/openvas-nvt-sync - - mkdir -p "$pkgdir"/usr/share/doc/$_pkgname - cat >"$pkgdir"/usr/share/doc/$_pkgname/README.alpine <<EOF - ** In order to make openvas-scanner daemon start, redis server needs to run and listen to a socket. - ** This is a part of redis.conf that should be adjusted: - - unixsocket /tmp/redis.sock - unixsocketperm 700 - port 0 # prevent redis from listening on a TCP socket - timeout 0 - #DB = 1 + (#of parallel tasks) * (#of parallel hosts) - databases 128 - #CLI = 1 + (#of parallel tasks) * (#of parallel hosts) * (#of concurrent NVTs) - maxclients 512 - ** Further info can be found to: - https://svn.wald.intevation.org/svn/openvas/tags/openvas-scanner-release-$pkgver/doc/redis_config.txt - -EOF -} - -md5sums="8eb30120fa8f5aea3a55c729ca9d4939 openvas-scanner-5.0.5.tar.gz -2343f34f83401016cb01f564e9c6c222 openvassd.initd -2fe5c960c0e5e8db0e438de417a70e7a openvassd.confd -9fbfafb3f5001240d2d869ac3d365adf openvassd.conf -a9e8ef884da6a0b33d3b29867d2ffcea openvassd.logrotate -99ec960c1646038b41dbac7a8073500c openvas-nvt-sync.cron -4ccb1c805294a2ceff8c73bceaa8c064 001-cmakelist-fortify.patch -12dc0fb6e1c1410ade5762744afaab71 002-execinfo-musl-fix.patch" -sha256sums="108d8aba9f53ae58b187cb2e297fc5a3e77ac5c2cd9db421fb20598fdfb2ad0a openvas-scanner-5.0.5.tar.gz -a842a6d29c5bf82296d771cfd44e152616277ed412b66f8a4ade81ac593d5615 openvassd.initd -3664ee9dad3627259dafb9494d4a794ccd184a1aeaba06b3b283a7eccd1ee0b8 openvassd.confd -c01dc363c4423dfa791690b6cef50df8ff46af02bbf008ac07575351ab94e0b3 openvassd.conf -c4623fe22f777e722915b6a4cf19030fa54a1fb18fe2ee074e3fb2a2fe6b81ed openvassd.logrotate -d3666d4cb7b639530a312b1dc49867b3b0de41209ea659924428df2d486cea40 openvas-nvt-sync.cron -11bf3922c6ae25a5ed9fbc0b5c567c8106058ed424ba2c4c50959c44fee8dfd9 001-cmakelist-fortify.patch -b5583f364f5b538634759c1df8f3bcd6b4218adcab2e9d18bdfd1904605ecf6d 002-execinfo-musl-fix.patch" -sha512sums="e439c8abb39e397a9d3842846c09fe7cb13c57294f528ae738bed8f962ac776a10a87d0299145be33b88307a7ab8dcb519808e897457bedba5cf0d02918483c9 openvas-scanner-5.0.5.tar.gz -528fc356c485daf3456e0e8f20ecd7bc93c772dd7afc8ec9d7a485cf89156f433fb4ae29a8b3cac7f126c8fa1ac4ca7f1cc4a10bd2388358fdd2e06a04a3c2e4 openvassd.initd -a47cf3add7a0e14175ccbae1c24c0e63ea7daf92ffa3e4d1bb988a2342e9b1ebfb597f0d20075ad22219dc2970d69e92bf8a3608cc156d4b5ca84723879bac71 openvassd.confd -0d203cd2dfcf0b77ce8d2546235de16f23ea71c7e601db557fcd67e9c8dc460029494f1a146daadb44101ae194d7fa4d511a488bb69094e5470de9e10acf008b openvassd.conf -5934a31ef4b7267fd741c41bb97fe2e1e42735d2324cce07145de1942efae3f5e42e8652ec0c3482dd53477be420a58124eae943f254105547abf065febb9046 openvassd.logrotate -92f1700ba15e04f0d830ac04db8c61bffb06104692fd91386a7f67ad8cc4bd1ea92651207a615c4bc56abc3a6c4f2fcf54fad52779fe5c6169d38f98b83513ea openvas-nvt-sync.cron -0e0087477ec313709c1d84480e9f2896628807010d039eb066627229e7f694434b66ae7f7cd44d379e714bd7ff23458bc46f721e953c2603d568fc350d2f0572 001-cmakelist-fortify.patch -5e63b56fc64867c5973eb3593afcf677dc4da900b20d0f82fa24659010da290c0cfc00fe1e67cd2fadd4c58af3df2059120edeef344eedf213ab8a87a0376e49 002-execinfo-musl-fix.patch" diff --git a/community/openvas-scanner/openvas-nvt-sync.cron b/community/openvas-scanner/openvas-nvt-sync.cron deleted file mode 100644 index ff1729f9f8..0000000000 --- a/community/openvas-scanner/openvas-nvt-sync.cron +++ /dev/null @@ -1,38 +0,0 @@ -#!/bin/sh - -if [ -f /etc/openvas/openvassd.conf ]; then - . /etc/openvas/openvassd.conf -fi - -if [ "$auto_plugin_update" != "yes" ]; then - exit 0 -fi - -opts="" -case "$update_method" in - rsync) - opts = "$opts --rsync" - ;; - wget) - opts = "$opts --wget" - ;; - curl) - opts = "$opts --curl" - ;; -esac - -# Export openvas-nvt-sync's environment variables if they are defined -[ \! -z "$NVT_DIR" ] && export NVT_DIR -[ \! -z "$OV_RSYNC_FEED" ] && export OV_RSYNC_FEED -[ \! -z "$OV_HTTP_FEED" ] && export OV_HTTP_FEED - -/usr/sbin/openvas-nvt-sync $opts >& /dev/null - -if [ $? -ne 0 ]; then - echo "Error updating OpenVAS plugins. Please run openvas-nvt-sync manually." - exit 1 -fi - -if [ "$notify_openvas_scanner" == "yes" ]; then - /etc/init.d/openvas-scanner reloadplugins -fi diff --git a/community/openvas-scanner/openvas-scanner.post-install b/community/openvas-scanner/openvas-scanner.post-install deleted file mode 100644 index 1c27c059da..0000000000 --- a/community/openvas-scanner/openvas-scanner.post-install +++ /dev/null @@ -1,3 +0,0 @@ -#!/bin/sh -echo "Remember to modify redis server in order to listen to a socket" -exit 0 diff --git a/community/openvas-scanner/openvassd.conf b/community/openvas-scanner/openvassd.conf deleted file mode 100644 index 88f83f4bed..0000000000 --- a/community/openvas-scanner/openvassd.conf +++ /dev/null @@ -1,118 +0,0 @@ -# Configuration file of the OpenVAS Security Scanner - -# Every line starting with a '#' is a comment - -[Misc] - -# Path to the security checks folder: -plugins_folder = /var/lib/openvas/plugins - -# Path to OpenVAS caching folder: -cache_folder = /var/cache/openvas - -# Path to OpenVAS include directories: -# (multiple entries are separated with colon ':') -include_folders = /var/lib/openvas/plugins - -# Maximum number of simultaneous hosts tested : -max_hosts = 30 - -# Maximum number of simultaneous checks against each host tested : -max_checks = 10 - -# Niceness. If set to 'yes', openvassd will renice itself to 10. -be_nice = no - -# Log file (or 'syslog') : -logfile = /var/log/openvas/openvassd.log - -# Shall we log every details of the attack ? (disk intensive) -log_whole_attack = no - -# Log the name of the plugins that are loaded by the server ? -log_plugins_name_at_load = no - -# Dump file for debugging output, use `-' for stdout -dumpfile = /var/log/openvas/openvassd.dump - -# Rules file : -rules = /etc/openvas/openvassd.rules - -# CGI paths to check for (cgi-bin:/cgi-aws:/ can do) -cgi_path = /cgi-bin:/scripts - -# Range of the ports the port scanners will scan : -# 'default' means that OpenVAS will scan ports found in its -# services file. -port_range = default - -# Optimize the test (recommended) : -optimize_test = yes - -# Optimization : -# Read timeout for the sockets of the tests : -checks_read_timeout = 5 - -# Ports against which two plugins should not be run simultaneously : -# non_simult_ports = Services/www, 139, Services/finger -non_simult_ports = 139, 445 - -# Maximum lifetime of a plugin (in seconds) : -plugins_timeout = 320 - -# Safe checks rely on banner grabbing : -safe_checks = yes - -# Automatically activate the plugins that are depended on -auto_enable_dependencies = yes - -# Do not echo data from plugins which have been automatically enabled -silent_dependencies = no - -# Designate hosts by MAC address, not IP address (useful for DHCP networks) -use_mac_addr = no - - -#--- Knowledge base saving (can be configured by the client) : -# Save the knowledge base on disk : -save_knowledge_base = no - -# Restore the KB for each test : -kb_restore = no - -# Only test hosts whose KB we do not have : -only_test_hosts_whose_kb_we_dont_have = no - -# Only test hosts whose KB we already have : -only_test_hosts_whose_kb_we_have = no - -# KB test replay : -kb_dont_replay_scanners = no -kb_dont_replay_info_gathering = no -kb_dont_replay_attacks = no -kb_dont_replay_denials = no -kb_max_age = 864000 -#--- end of the KB section - - -# If this option is set, OpenVAS will not scan a network incrementally -# (10.0.0.1, then 10.0.0.2, 10.0.0.3 and so on..) but will attempt to -# slice the workload throughout the whole network (ie: it will scan -# 10.0.0.1, then 10.0.0.127, then 10.0.0.2, then 10.0.0.128 and so on... -slice_network_addresses = no - -# Should consider all the NASL scripts as being signed ? (unsafe if set to 'yes') -nasl_no_signature_check = yes - -#Certificates -cert_file=/var/lib/openvas/CA/servercert.pem -key_file=/var/lib/openvas/private/CA/serverkey.pem -ca_file=/var/lib/openvas/CA/cacert.pem - -# If you decide to protect your private key with a password, -# uncomment and change next line -# pem_password=password -# If you want to force the use of a client certificate, uncomment next line -# force_pubkey_auth = yes - -#end. diff --git a/community/openvas-scanner/openvassd.confd b/community/openvas-scanner/openvassd.confd deleted file mode 100644 index d48adef151..0000000000 --- a/community/openvas-scanner/openvassd.confd +++ /dev/null @@ -1,27 +0,0 @@ -#Listen on given address - by default scanner listens on all addresses -#SCANNER_LISTEN=--listen=127.0.0.1 - -#Listen on given port - by default 9391 -SCANNER_PORT=--port=9391 - -#Send the packets with the source IP of IP1,IP2,IP3.... -#SCANNER_SRCIP=--src-ip=127.0.0.1,192.168.1.2 - -# Extra Arguments -# SCANNER_EXTRA_ARGS="" - -# Set to yes if plugins should be automatically updated via a cron job -auto_plugin_update=no - -# Notify OpenVAS scanner after update by seding it SIGHUP? -notify_openvas_scanner=yes - -# Method to use to get updates. The default is via rsync -# Note that only wget and curl support retrieval via proxy -# update_method=rsync|wget|curl - -# Additionaly, you can specify the following variables -#NVT_DIR where to extract plugins (absolute path) -#OV_RSYNC_FEED URL of rsync feed -#OV_HTTP_FEED URL of http feed - diff --git a/community/openvas-scanner/openvassd.initd b/community/openvas-scanner/openvassd.initd deleted file mode 100644 index 4b4de5e515..0000000000 --- a/community/openvas-scanner/openvassd.initd +++ /dev/null @@ -1,26 +0,0 @@ -#!/sbin/openrc-run -# Copyright 1999-2014 Gentoo Foundation -# Distributed under the terms of the GNU General Public License v2 -# $Id$ - -name="OpenVAS Scanner" -command="/usr/bin/openvassd" -command_args="${SCANNER_LISTEN} ${SCANNER_PORT} ${SCANNER_SRCIP} ${SCANNER_EXTRA_ARGS}" -pidfile="/run/openvassd.pid" -extra_stopped_commands="create_cache" - -depend() { - after bootmisc - need localmount net -} - -start_pre() { - checkpath --directory --mode 0775 --quiet /var/cache/openvas -} - -create_cache() { - checkpath --directory --mode 0775 --quiet /var/cache/openvas - ebegin "Generating initial Cache" - /usr/bin/openvassd --foreground --only-cache - eend $? -} diff --git a/community/openvas-scanner/openvassd.logrotate b/community/openvas-scanner/openvassd.logrotate deleted file mode 100644 index 9316ba8d96..0000000000 --- a/community/openvas-scanner/openvassd.logrotate +++ /dev/null @@ -1,11 +0,0 @@ -# logrotate for openvas -/var/log/openvas/openvassd.log { - rotate 4 - weekly - compress - delaycompress - missingok - postrotate - /bin/kill -HUP `pidof openvassd` - endscript -} |