network/openvas-server: Added to 12.2 repository

7 files changed, 369 insertions, 0 deletions

diff --git a/network/openvas-server/README b/network/openvas-server/README
new file mode 100644
index 0000000000..73987998fd
--- /dev/null
+++ b/network/openvas-server/README
@@ -0,0 +1,22 @@
+OpenVAS stands for Open Vulnerability Assessment System and is a network
+security scanner with associated tools like a graphical user front-end. The
+core component is a server with a set of network vulnerability tests (NVTs)
+to detect security problems in remote systems and applications.
+
+OpenVAS products are Free Software under GNU GPL and a fork of Nessus.
+
+This package provides the OpenVAS server. To build OpenVAS server, you
+have to compile and install the packages in the the following sequence:
+ 1. openvas-libraries
+ 2. openvas-libnasl
+ 3. openvas-server
+ 4. openvas-plugins
+
+To run OpenVAS server at startup use something like this in your rc.local:
+
+# Start openvasd if [ -x /etc/rc.d/rc.openvasd ]; then
+  /etc/rc.d/rc.openvasd start
+fi
+
+and something smilar in your rc.local_shutdown to stop the service. Beware
+it can take sometime to load all the plugins.
diff --git a/network/openvas-server/doinst.sh b/network/openvas-server/doinst.sh
new file mode 100644
index 0000000000..6a05aaf2d8
--- /dev/null
+++ b/network/openvas-server/doinst.sh
@@ -0,0 +1,22 @@
+config() {
+  NEW="$1"
+  OLD="`dirname $NEW`/`basename $NEW .new`"
+  # If there's no config file by that name, mv it over:
+  if [ ! -r $OLD ]; then
+    mv $NEW $OLD
+  elif [ "`cat $OLD | md5sum`" = "`cat $NEW | md5sum`" ]; then # toss the redundant copy
+    rm $NEW
+  fi
+  # Otherwise, we leave the .new copy for the admin to consider...
+}
+
+# Keep same perms on rc.openvasd.new:
+if [ -e etc/rc.d/rc.openvasd ]; then
+  cp -a etc/rc.d/rc.openvasd etc/rc.d/rc.openvasd.new.incoming
+  cat etc/rc.d/rc.openvasd.new > etc/rc.d/rc.openvasd.new.incoming
+  mv etc/rc.d/rc.openvasd.new.incoming etc/rc.d/rc.openvasd.new
+fi
+
+config etc/rc.d/rc.openvasd.new
+config etc/openvas/openvasd.conf.new
+
diff --git a/network/openvas-server/openvas-server.SlackBuild b/network/openvas-server/openvas-server.SlackBuild
new file mode 100644
index 0000000000..24bb7f0135
--- /dev/null
+++ b/network/openvas-server/openvas-server.SlackBuild
@@ -0,0 +1,106 @@
+#!/bin/sh
+
+# Slackware build script for OpenVAS server.
+#
+# Copyright 2009-2010 Marco Bonetti <sid77@slackware.it>
+# All rights reserved.
+#
+# Redistribution and use of this script, with or without modification, is
+# permitted provided that the following conditions are met:
+#
+# 1. Redistributions of this script must retain the above copyright
+#    notice, this list of conditions and the following disclaimer.
+#
+# THIS SOFTWARE IS PROVIDED BY THE AUTHOR ''AS IS'' AND ANY EXPRESS OR IMPLIED
+# WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
+# MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO
+# EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+# SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
+# PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS;
+# OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
+# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR
+# OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF
+# ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+
+PRGNAM=openvas-server
+VERSION=${VERSION:-2.0.2}
+ARCH=${ARCH:-i486}
+BUILD=${BUILD:-1}
+TAG=${TAG:-_SBo}
+
+CWD=$(pwd)
+TMP=${TMP:-/tmp/SBo}
+PKG=$TMP/package-$PRGNAM
+OUTPUT=${OUTPUT:-/tmp}
+
+DOCS="CHANGES COPYING"
+
+if [ "$ARCH" = "i486" ]; then
+  SLKCFLAGS="-O2 -march=i486 -mtune=i686"
+  LIBDIRSUFFIX=""
+elif [ "$ARCH" = "i686" ]; then
+  SLKCFLAGS="-O2 -march=i686 -mtune=i686"
+  LIBDIRSUFFIX=""
+elif [ "$ARCH" = "x86_64" ]; then
+  SLKCFLAGS="-O2 -fPIC"
+  LIBDIRSUFFIX="64"
+fi
+
+set -e
+
+rm -rf $PKG
+mkdir -p $TMP $PKG $OUTPUT
+cd $TMP
+rm -rf $PRGNAM-$VERSION
+tar xvf $CWD/$PRGNAM-$VERSION.tar.gz
+cd $PRGNAM-$VERSION
+
+chown -R root:root .
+find . \
+ \( -perm 777 -o -perm 775 -o -perm 711 -o -perm 555 -o -perm 511 \) \
+ -exec chmod 755 {} \; -o \
+ \( -perm 666 -o -perm 664 -o -perm 600 -o -perm 444 -o -perm 440 -o -perm 400 \) \
+ -exec chmod 644 {} \;
+
+CFLAGS="$SLKCFLAGS" \
+CXXFLAGS="$SLKCFLAGS" \
+./configure \
+  --prefix=/usr \
+  --libdir=/usr/lib${LIBDIRSUFFIX} \
+  --sysconfdir=/etc \
+  --localstatedir=/var \
+  --mandir=/usr/man \
+  --docdir=/usr/doc/$PRGNAM-$VERSION \
+  --build=$ARCH-slackware-linux
+
+make
+make install DESTDIR=$PKG
+
+# install a slackwarized config file
+cat $CWD/openvasd.conf > $PKG/etc/openvas/openvasd.conf.new
+
+mkdir -p $PKG/etc/rc.d
+cat $CWD/rc.openvasd > $PKG/etc/rc.d/rc.openvasd.new
+
+( cd $PKG
+  find . | xargs file | grep "executable" | grep ELF | cut -f 1 -d : | \
+    xargs strip --strip-unneeded 2> /dev/null || true
+  find . | xargs file | grep "shared object" | grep ELF | cut -f 1 -d : | \
+    xargs strip --strip-unneeded 2> /dev/null
+)
+
+( cd $PKG/usr/man
+  find . -type f -exec gzip -9 {} \;
+  for i in $( find . -type l ) ; do ln -s $( readlink $i ).gz $i.gz ; rm $i ; done
+)
+
+mkdir -p $PKG/usr/doc/$PRGNAM-$VERSION
+cp -a $DOCS $PKG/usr/doc/$PRGNAM-$VERSION
+cat $CWD/$PRGNAM.SlackBuild > $PKG/usr/doc/$PRGNAM-$VERSION/$PRGNAM.SlackBuild
+
+mkdir -p $PKG/install
+cat $CWD/slack-desc > $PKG/install/slack-desc
+cat $CWD/doinst.sh > $PKG/install/doinst.sh
+
+cd $PKG
+/sbin/makepkg -l y -c n $OUTPUT/$PRGNAM-$VERSION-$ARCH-$BUILD$TAG.tgz
diff --git a/network/openvas-server/openvas-server.info b/network/openvas-server/openvas-server.info
new file mode 100644
index 0000000000..a2cc287a39
--- /dev/null
+++ b/network/openvas-server/openvas-server.info
@@ -0,0 +1,8 @@
+PRGNAM="openvas-server"
+VERSION="2.0.2"
+HOMEPAGE="http://www.openvas.org/"
+DOWNLOAD="http://wald.intevation.org/frs/download.php/593/openvas-server-2.0.2.tar.gz"
+MD5SUM="87d4727e9cba146c1e28003e30f2d5ee"
+MAINTAINER="Marco Bonetti"
+EMAIL="sid77@slackware.it"
+APPROVED="rworkman"
diff --git a/network/openvas-server/openvasd.conf b/network/openvas-server/openvasd.conf
new file mode 100644
index 0000000000..305b045364
--- /dev/null
+++ b/network/openvas-server/openvasd.conf
@@ -0,0 +1,163 @@
+# OpenVAS Security Scanner, Slackware default configuration file
+#
+# Empty lines and those starting with '#' are ignored.
+
+# Directory where plug-ins are to be found
+plugins_folder = /usr/lib/openvas/plugins
+
+# E-mail address of the admin
+email = root
+
+# Maximum number of hosts
+max_hosts = 255
+
+# Number of plugins that will run against each host,
+# i.e. simultaneous tests
+# Total number of processes will be max_checks x max_hosts
+max_checks = 15
+
+# File used to log activity. Set it to 'syslog' if you want to use syslogd.
+logfile = /var/log/openvas/openvasd.messages
+
+# Log every detail of the attack in openvasd.messages
+# If disabled only the beginning and end are logged, and
+# not the time each plugin takes to execute
+log_whole_attack = yes
+
+# Log the name of the plugins that are loaded by the server
+log_plugins_name_at_load = no
+
+# Dump file for debugging output, use `-' for stdout
+dumpfile = /var/lib/openvas/openvasd.dump
+
+# File that contains rules database that apply to all users
+rules = /etc/openvas/openvasd.rules
+
+# Users database file
+users = /etc/openvas/openvasd.users
+
+# Path where it will find information for all users
+per_user_base = /var/lib/openvas/users
+
+# Cache folder
+cache_folder = /var/cache/openvas
+
+# CGI paths to check for (cgi-bin:/cgi-aws:/ can do)
+cgi_path = /cgi-bin
+
+# Optimize the test
+optimize_test = yes
+
+# Read timeout (in seconds) for the sockets of the tests
+# Increase this value if running on a slow network link (dialup)
+checks_read_timeout = 15
+
+# Delay (in seconds) to pass for between two tests against the same port
+# (to be inetd friendly)
+delay_between_tests = 1
+
+# Do not run simultaneous ports for these tests. Default value:
+# non_simul_ports = 139, 445
+
+# Remote file that the plugins will try to read:
+test_file = /etc/passwd
+
+# Range of the ports that nmap will scan
+port_range = 1-15000
+
+# Ping hosts before scanning them?
+ping_hosts = yes
+
+# Only test the IPs that can be reversely looked up?
+reverse_lookup = no
+
+# Host expansion:
+# dns:  performs and AXFR on the remote name server
+#       and test the host obtained
+# nfs:  test hosts that have the right to mount the
+#       filesystems exported by the remote host
+# ip:   scan the entire subnet
+host_expansion = dns;ip
+
+subnet_class = C
+
+# Use the MAC address as host identifier (useful in 
+# local LANs with dynamic addresses, e.g. DHCP)
+# use_mac_addr = yes
+
+# Slice the network IPs into portions and rotate them
+# between scanning each slice. Instead of the (default)
+# behaviour of scanning a network incrementally.
+# slice_network_addresses = yes
+
+scan_level = normal
+outside_firewall = no
+
+# Enable plugins that are depended on
+# auto_enable_dependencies = yes
+
+# Enable safe checks (this overrides the client's configuration)
+# safe_checks = yes
+
+# Allow users to upload plugins to the server
+# Note: This effectively gives administrative permissions
+# to OpenVAS users and, when using local checks, could grant
+# them execute permissions in remote systems, so use with care!
+plugin_upload = no
+
+# Filename suffixes that are allowed when uploading
+# plugin_upload_suffixes = .nasl, .inc
+
+# Language to use in plugins.
+# Current valid options are 'english' and 'french'
+language = english
+
+# Public key client server encryption (crypto options)
+peks_username = openvasd
+peks_keylen = 1024
+peks_keyfile = /etc/openvas/openvasd.private-keys
+peks_usrkeys = /etc/openvas/openvasd.user-keys
+peks_pwdfail = 5
+track_iothreads = yes
+cookie_logpipe = /etc/openvas/openvasd.logpipe
+cookie_logpipe_suptmo = 2
+# Define SSL version, use NONE to disable SSL
+# ssl_version = 3
+# Full path and filename of a trusted certificate authority
+# see /usr/share/doc/openvas/README_SSL.gz
+# trusted_ca = 
+
+# SSL Ciphers to use
+# The following removes all SSLv3 ciphers except RC4.
+# This has been implemented to workaround an OpenSSL 0.9.8
+# bug, for more information please read
+# http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=338006
+# and
+# http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=343487
+# ssl_cipher_list = SSLv2:-LOW:-EXPORT:RC4+RSA
+
+# NASL scripts cryptographic checks of some plugins (trusted
+# scripts). OpenVAS will refuse to load and execute trusted
+# scripts that are not signed. Use extreme caution when
+# setting this to 'yes'
+#nasl_no_signature_check = no
+nasl_no_signature_check = yes
+
+# Uncomment the following for IO thread debugging
+#track_iothreads = yes
+
+# Set this to 'yes' if you want each child to be nice(2)d
+# be_nice = yes
+
+# End of /etc/openvas/openvasd.conf file.
+#
+# Added by openvas-mkcert
+#
+cert_file=/var/lib/openvas/CA/servercert.pem
+key_file=/var/lib/openvas/private/CA/serverkey.pem
+ca_file=/var/lib/openvas/CA/cacert.pem
+# If you decide to protect your private key with a password, 
+# uncomment and change next line
+# pem_password=password
+# If you want to force the use of a client certificate, uncomment next line
+# force_pubkey_auth = yes
diff --git a/network/openvas-server/rc.openvasd b/network/openvas-server/rc.openvasd
new file mode 100644
index 0000000000..e66b4758b7
--- /dev/null
+++ b/network/openvas-server/rc.openvasd
@@ -0,0 +1,29 @@
+#!/bin/sh
+
+PIDFILE="/var/run/openvasd.pid"
+
+start() {
+  echo "Starting OpenVAS server..."
+  openvasd -D
+}
+
+stop() {
+  echo "Stopping OpenVAS server..."
+  kill `cat $PIDFILE`
+}
+
+case "$1" in
+  start)
+    start
+    ;;
+  stop)
+    stop
+    ;;
+  restart)
+    stop
+    sleep 1
+    start
+    ;;
+  *)
+    echo "Usage: $0 (start|stop|restart)"
+esac
diff --git a/network/openvas-server/slack-desc b/network/openvas-server/slack-desc
new file mode 100644
index 0000000000..91bc7ef22f
--- /dev/null
+++ b/network/openvas-server/slack-desc
@@ -0,0 +1,19 @@
+# HOW TO EDIT THIS FILE:
+# The "handy ruler" below makes it easier to edit a package description.  Line
+# up the first '|' above the ':' following the base package name, and the '|'
+# on the right side marks the last column you can put a character in.  You must
+# make exactly 11 lines for the formatting to be correct.  It's also
+# customary to leave one space after the ':'.
+
+              |-----handy-ruler------------------------------------------------------|
+openvas-server: OpenVAS server (OpenVAS server)
+openvas-server:
+openvas-server: OpenVAS stands for Open Vulnerability Assessment System and is a 
+openvas-server: network security scanner with associated tools like a graphical user 
+openvas-server: front-end. The core component is a server with a set of network 
+openvas-server: vulnerability tests (NVTs) to detect security problems in remote 
+openvas-server: systems and applications.
+openvas-server:
+openvas-server: OpenVAS products are Free Software under GNU GPL and a fork of Nessus.
+openvas-server:
+openvas-server: This package provides the OpenVAS server.