From 5d3ff181e96e7b45ddb10568cc0d2db9d5a8c85f Mon Sep 17 00:00:00 2001 From: Francesco Colista Date: Thu, 18 Aug 2016 12:26:10 +0000 Subject: Revert "community/openvas-scanner: moved from testing" This reverts commit 20c1f7f2330bfd49f9f8a86203aa49b3e34d41a4. --- .../openvas-scanner/001-cmakelist-fortify.patch | 21 ---- .../openvas-scanner/002-execinfo-musl-fix.patch | 40 ------- community/openvas-scanner/APKBUILD | 100 ----------------- community/openvas-scanner/openvas-nvt-sync.cron | 38 ------- .../openvas-scanner/openvas-scanner.post-install | 3 - community/openvas-scanner/openvassd.conf | 118 --------------------- community/openvas-scanner/openvassd.confd | 27 ----- community/openvas-scanner/openvassd.initd | 26 ----- community/openvas-scanner/openvassd.logrotate | 11 -- 9 files changed, 384 deletions(-) delete mode 100644 community/openvas-scanner/001-cmakelist-fortify.patch delete mode 100644 community/openvas-scanner/002-execinfo-musl-fix.patch delete mode 100644 community/openvas-scanner/APKBUILD delete mode 100644 community/openvas-scanner/openvas-nvt-sync.cron delete mode 100644 community/openvas-scanner/openvas-scanner.post-install delete mode 100644 community/openvas-scanner/openvassd.conf delete mode 100644 community/openvas-scanner/openvassd.confd delete mode 100644 community/openvas-scanner/openvassd.initd delete mode 100644 community/openvas-scanner/openvassd.logrotate (limited to 'community') diff --git a/community/openvas-scanner/001-cmakelist-fortify.patch b/community/openvas-scanner/001-cmakelist-fortify.patch deleted file mode 100644 index e77214f945..0000000000 --- a/community/openvas-scanner/001-cmakelist-fortify.patch +++ /dev/null @@ -1,21 +0,0 @@ -diff --git a/CMakeLists.txt b/CMakeLists.txt -index 588f5d8..a98929f 100644 ---- a/CMakeLists.txt -+++ b/CMakeLists.txt -@@ -34,6 +34,7 @@ if (POLICY CMP0005) - endif (POLICY CMP0005) - - include (FindPkgConfig) -+include(CheckIncludeFile) - - if (NOT PKG_CONFIG_FOUND) - message(FATAL_ERROR "pkg-config executable not found. Aborting.") -@@ -225,7 +226,7 @@ configure_file (tools/greenbone-nvt-sync.in tools/greenbone-nvt-sync @ONLY) - - ## Program - --set (HARDENING_FLAGS "-Wformat -Wformat-security -O2 -D_FORTIFY_SOURCE=2 -fstack-protector -Wl,-z,relro -Wl,-z,now") -+set (HARDENING_FLAGS "-Wformat -Wformat-security -O2 -U_FORTIFY_SOURCE -D_FORTIFY_SOURCE=2 -fstack-protector -Wl,-z,relro -Wl,-z,now") - - set (CMAKE_C_FLAGS_DEBUG "${CMAKE_C_FLAGS_DEBUG} -Werror") - set (CMAKE_C_FLAGS "${CMAKE_C_FLAGS} ${HARDENING_FLAGS} -Wall -D_BSD_SOURCE -D_ISOC99_SOURCE -D_SVID_SOURCE -D_DEFAULT_SOURCE") diff --git a/community/openvas-scanner/002-execinfo-musl-fix.patch b/community/openvas-scanner/002-execinfo-musl-fix.patch deleted file mode 100644 index 8fd2164221..0000000000 --- a/community/openvas-scanner/002-execinfo-musl-fix.patch +++ /dev/null @@ -1,40 +0,0 @@ -diff --git a/src/sighand.c b/src/sighand.c -index 1ebf206..985e470 100644 ---- a/src/sighand.c -+++ b/src/sighand.c -@@ -30,7 +30,10 @@ - #include /* for errno() */ - #include /* for wait() */ - #include /* for shutdown() */ -+ -+#ifdef HAVE_EXECINFO_H - #include -+#endif - - #include "log.h" - #include "sighand.h" -@@ -112,6 +115,7 @@ sighand_chld (pid_t pid) - waitpid (pid, &status, WNOHANG); - } - -+#ifdef HAVE_EXECINFO_H - static void - print_trace () - { -@@ -126,13 +130,16 @@ print_trace () - log_write ("%s\n", symbols[i]); - g_free (symbols); - } -+#endif - - void - sighand_segv () - { - signal (SIGSEGV, _exit); - log_write ("SIGSEGV occured !"); -+ #ifdef HAVE_EXECINFO_H - print_trace (); -+ #endif - make_em_die (SIGTERM); - log_close (); - _exit (0); diff --git a/community/openvas-scanner/APKBUILD b/community/openvas-scanner/APKBUILD deleted file mode 100644 index 09b3f3af50..0000000000 --- a/community/openvas-scanner/APKBUILD +++ /dev/null @@ -1,100 +0,0 @@ -# Contributor: Francesco Colista -# Maintainer: Francesco Colista -pkgname=openvas-scanner -_pkgname=openvassd -pkgver=5.0.5 -_pkgid=2266 -pkgrel=3 -pkgdesc="The OpenVAS scanning Daemon" -url="http://www.openvas.org/" -arch="all" -license="GPL" -depends="redis nmap coreutils openssl" -depends_dev="" -makedepends="$depends_dev cmake openvas-libraries-dev glib-dev - doxygen xmltoman" -install="" -subpackages="$pkgname-doc" -source="http://wald.intevation.org/frs/download.php/$_pkgid/$pkgname-$pkgver.tar.gz - $_pkgname.initd - $_pkgname.confd - $_pkgname.conf - $_pkgname.logrotate - openvas-nvt-sync.cron - 001-cmakelist-fortify.patch - 002-execinfo-musl-fix.patch" - -_builddir="$srcdir"/$pkgname-$pkgver -prepare() { - local i - cd "$_builddir" - for i in $source; do - case $i in - *.patch) msg $i; patch -p1 -i "$srcdir"/$i || return 1;; - esac - done -} - -build() { - cd "$_builddir" - cmake -DCMAKE_BUILD_TYPE=Release \ - -DSBINDIR=/usr/bin \ - -DCMAKE_INSTALL_PREFIX=/usr \ - -DSYSCONFDIR=/etc \ - -DLOCALSTATEDIR=/var . - make || return 1 -} - -package() { - cd "$_builddir" - make DESTDIR="$pkgdir/" install - install -Dm644 "$srcdir/$_pkgname.logrotate" "$pkgdir/etc/logrotate.d/$_pkgname" - install -m755 -D "$srcdir"/$_pkgname.initd "$pkgdir"/etc/init.d/$_pkgname - install -m755 -D "$srcdir"/$_pkgname.confd "$pkgdir"/etc/conf.d/$_pkgname - install -m755 -D "$srcdir"/$_pkgname.conf "$pkgdir"/etc/openvas/$_pkgname.conf - install -Dm744 "$srcdir"/openvas-nvt-sync.cron \ - "$pkgdir"/etc/periodic/daily/openvas-nvt-sync - - mkdir -p "$pkgdir"/usr/share/doc/$_pkgname - cat >"$pkgdir"/usr/share/doc/$_pkgname/README.alpine <& /dev/null - -if [ $? -ne 0 ]; then - echo "Error updating OpenVAS plugins. Please run openvas-nvt-sync manually." - exit 1 -fi - -if [ "$notify_openvas_scanner" == "yes" ]; then - /etc/init.d/openvas-scanner reloadplugins -fi diff --git a/community/openvas-scanner/openvas-scanner.post-install b/community/openvas-scanner/openvas-scanner.post-install deleted file mode 100644 index 1c27c059da..0000000000 --- a/community/openvas-scanner/openvas-scanner.post-install +++ /dev/null @@ -1,3 +0,0 @@ -#!/bin/sh -echo "Remember to modify redis server in order to listen to a socket" -exit 0 diff --git a/community/openvas-scanner/openvassd.conf b/community/openvas-scanner/openvassd.conf deleted file mode 100644 index 88f83f4bed..0000000000 --- a/community/openvas-scanner/openvassd.conf +++ /dev/null @@ -1,118 +0,0 @@ -# Configuration file of the OpenVAS Security Scanner - -# Every line starting with a '#' is a comment - -[Misc] - -# Path to the security checks folder: -plugins_folder = /var/lib/openvas/plugins - -# Path to OpenVAS caching folder: -cache_folder = /var/cache/openvas - -# Path to OpenVAS include directories: -# (multiple entries are separated with colon ':') -include_folders = /var/lib/openvas/plugins - -# Maximum number of simultaneous hosts tested : -max_hosts = 30 - -# Maximum number of simultaneous checks against each host tested : -max_checks = 10 - -# Niceness. If set to 'yes', openvassd will renice itself to 10. -be_nice = no - -# Log file (or 'syslog') : -logfile = /var/log/openvas/openvassd.log - -# Shall we log every details of the attack ? (disk intensive) -log_whole_attack = no - -# Log the name of the plugins that are loaded by the server ? -log_plugins_name_at_load = no - -# Dump file for debugging output, use `-' for stdout -dumpfile = /var/log/openvas/openvassd.dump - -# Rules file : -rules = /etc/openvas/openvassd.rules - -# CGI paths to check for (cgi-bin:/cgi-aws:/ can do) -cgi_path = /cgi-bin:/scripts - -# Range of the ports the port scanners will scan : -# 'default' means that OpenVAS will scan ports found in its -# services file. -port_range = default - -# Optimize the test (recommended) : -optimize_test = yes - -# Optimization : -# Read timeout for the sockets of the tests : -checks_read_timeout = 5 - -# Ports against which two plugins should not be run simultaneously : -# non_simult_ports = Services/www, 139, Services/finger -non_simult_ports = 139, 445 - -# Maximum lifetime of a plugin (in seconds) : -plugins_timeout = 320 - -# Safe checks rely on banner grabbing : -safe_checks = yes - -# Automatically activate the plugins that are depended on -auto_enable_dependencies = yes - -# Do not echo data from plugins which have been automatically enabled -silent_dependencies = no - -# Designate hosts by MAC address, not IP address (useful for DHCP networks) -use_mac_addr = no - - -#--- Knowledge base saving (can be configured by the client) : -# Save the knowledge base on disk : -save_knowledge_base = no - -# Restore the KB for each test : -kb_restore = no - -# Only test hosts whose KB we do not have : -only_test_hosts_whose_kb_we_dont_have = no - -# Only test hosts whose KB we already have : -only_test_hosts_whose_kb_we_have = no - -# KB test replay : -kb_dont_replay_scanners = no -kb_dont_replay_info_gathering = no -kb_dont_replay_attacks = no -kb_dont_replay_denials = no -kb_max_age = 864000 -#--- end of the KB section - - -# If this option is set, OpenVAS will not scan a network incrementally -# (10.0.0.1, then 10.0.0.2, 10.0.0.3 and so on..) but will attempt to -# slice the workload throughout the whole network (ie: it will scan -# 10.0.0.1, then 10.0.0.127, then 10.0.0.2, then 10.0.0.128 and so on... -slice_network_addresses = no - -# Should consider all the NASL scripts as being signed ? (unsafe if set to 'yes') -nasl_no_signature_check = yes - -#Certificates -cert_file=/var/lib/openvas/CA/servercert.pem -key_file=/var/lib/openvas/private/CA/serverkey.pem -ca_file=/var/lib/openvas/CA/cacert.pem - -# If you decide to protect your private key with a password, -# uncomment and change next line -# pem_password=password -# If you want to force the use of a client certificate, uncomment next line -# force_pubkey_auth = yes - -#end. diff --git a/community/openvas-scanner/openvassd.confd b/community/openvas-scanner/openvassd.confd deleted file mode 100644 index d48adef151..0000000000 --- a/community/openvas-scanner/openvassd.confd +++ /dev/null @@ -1,27 +0,0 @@ -#Listen on given address - by default scanner listens on all addresses -#SCANNER_LISTEN=--listen=127.0.0.1 - -#Listen on given port - by default 9391 -SCANNER_PORT=--port=9391 - -#Send the packets with the source IP of IP1,IP2,IP3.... -#SCANNER_SRCIP=--src-ip=127.0.0.1,192.168.1.2 - -# Extra Arguments -# SCANNER_EXTRA_ARGS="" - -# Set to yes if plugins should be automatically updated via a cron job -auto_plugin_update=no - -# Notify OpenVAS scanner after update by seding it SIGHUP? -notify_openvas_scanner=yes - -# Method to use to get updates. The default is via rsync -# Note that only wget and curl support retrieval via proxy -# update_method=rsync|wget|curl - -# Additionaly, you can specify the following variables -#NVT_DIR where to extract plugins (absolute path) -#OV_RSYNC_FEED URL of rsync feed -#OV_HTTP_FEED URL of http feed - diff --git a/community/openvas-scanner/openvassd.initd b/community/openvas-scanner/openvassd.initd deleted file mode 100644 index 4b4de5e515..0000000000 --- a/community/openvas-scanner/openvassd.initd +++ /dev/null @@ -1,26 +0,0 @@ -#!/sbin/openrc-run -# Copyright 1999-2014 Gentoo Foundation -# Distributed under the terms of the GNU General Public License v2 -# $Id$ - -name="OpenVAS Scanner" -command="/usr/bin/openvassd" -command_args="${SCANNER_LISTEN} ${SCANNER_PORT} ${SCANNER_SRCIP} ${SCANNER_EXTRA_ARGS}" -pidfile="/run/openvassd.pid" -extra_stopped_commands="create_cache" - -depend() { - after bootmisc - need localmount net -} - -start_pre() { - checkpath --directory --mode 0775 --quiet /var/cache/openvas -} - -create_cache() { - checkpath --directory --mode 0775 --quiet /var/cache/openvas - ebegin "Generating initial Cache" - /usr/bin/openvassd --foreground --only-cache - eend $? -} diff --git a/community/openvas-scanner/openvassd.logrotate b/community/openvas-scanner/openvassd.logrotate deleted file mode 100644 index 9316ba8d96..0000000000 --- a/community/openvas-scanner/openvassd.logrotate +++ /dev/null @@ -1,11 +0,0 @@ -# logrotate for openvas -/var/log/openvas/openvassd.log { - rotate 4 - weekly - compress - delaycompress - missingok - postrotate - /bin/kill -HUP `pidof openvassd` - endscript -} -- cgit v1.2.3