diff options
Diffstat (limited to 'network')
-rw-r--r-- | network/openvas-server/README | 22 | ||||
-rw-r--r-- | network/openvas-server/doinst.sh | 22 | ||||
-rw-r--r-- | network/openvas-server/openvas-server.SlackBuild | 106 | ||||
-rw-r--r-- | network/openvas-server/openvas-server.info | 8 | ||||
-rw-r--r-- | network/openvas-server/openvasd.conf | 163 | ||||
-rw-r--r-- | network/openvas-server/rc.openvasd | 29 | ||||
-rw-r--r-- | network/openvas-server/slack-desc | 19 |
7 files changed, 369 insertions, 0 deletions
diff --git a/network/openvas-server/README b/network/openvas-server/README new file mode 100644 index 0000000000..73987998fd --- /dev/null +++ b/network/openvas-server/README @@ -0,0 +1,22 @@ +OpenVAS stands for Open Vulnerability Assessment System and is a network +security scanner with associated tools like a graphical user front-end. The +core component is a server with a set of network vulnerability tests (NVTs) +to detect security problems in remote systems and applications. + +OpenVAS products are Free Software under GNU GPL and a fork of Nessus. + +This package provides the OpenVAS server. To build OpenVAS server, you +have to compile and install the packages in the the following sequence: + 1. openvas-libraries + 2. openvas-libnasl + 3. openvas-server + 4. openvas-plugins + +To run OpenVAS server at startup use something like this in your rc.local: + +# Start openvasd if [ -x /etc/rc.d/rc.openvasd ]; then + /etc/rc.d/rc.openvasd start +fi + +and something smilar in your rc.local_shutdown to stop the service. Beware +it can take sometime to load all the plugins. diff --git a/network/openvas-server/doinst.sh b/network/openvas-server/doinst.sh new file mode 100644 index 0000000000..6a05aaf2d8 --- /dev/null +++ b/network/openvas-server/doinst.sh @@ -0,0 +1,22 @@ +config() { + NEW="$1" + OLD="`dirname $NEW`/`basename $NEW .new`" + # If there's no config file by that name, mv it over: + if [ ! -r $OLD ]; then + mv $NEW $OLD + elif [ "`cat $OLD | md5sum`" = "`cat $NEW | md5sum`" ]; then # toss the redundant copy + rm $NEW + fi + # Otherwise, we leave the .new copy for the admin to consider... +} + +# Keep same perms on rc.openvasd.new: +if [ -e etc/rc.d/rc.openvasd ]; then + cp -a etc/rc.d/rc.openvasd etc/rc.d/rc.openvasd.new.incoming + cat etc/rc.d/rc.openvasd.new > etc/rc.d/rc.openvasd.new.incoming + mv etc/rc.d/rc.openvasd.new.incoming etc/rc.d/rc.openvasd.new +fi + +config etc/rc.d/rc.openvasd.new +config etc/openvas/openvasd.conf.new + diff --git a/network/openvas-server/openvas-server.SlackBuild b/network/openvas-server/openvas-server.SlackBuild new file mode 100644 index 0000000000..24bb7f0135 --- /dev/null +++ b/network/openvas-server/openvas-server.SlackBuild @@ -0,0 +1,106 @@ +#!/bin/sh + +# Slackware build script for OpenVAS server. +# +# Copyright 2009-2010 Marco Bonetti <sid77@slackware.it> +# All rights reserved. +# +# Redistribution and use of this script, with or without modification, is +# permitted provided that the following conditions are met: +# +# 1. Redistributions of this script must retain the above copyright +# notice, this list of conditions and the following disclaimer. +# +# THIS SOFTWARE IS PROVIDED BY THE AUTHOR ''AS IS'' AND ANY EXPRESS OR IMPLIED +# WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF +# MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO +# EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, +# SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, +# PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; +# OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, +# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR +# OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF +# ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + +PRGNAM=openvas-server +VERSION=${VERSION:-2.0.2} +ARCH=${ARCH:-i486} +BUILD=${BUILD:-1} +TAG=${TAG:-_SBo} + +CWD=$(pwd) +TMP=${TMP:-/tmp/SBo} +PKG=$TMP/package-$PRGNAM +OUTPUT=${OUTPUT:-/tmp} + +DOCS="CHANGES COPYING" + +if [ "$ARCH" = "i486" ]; then + SLKCFLAGS="-O2 -march=i486 -mtune=i686" + LIBDIRSUFFIX="" +elif [ "$ARCH" = "i686" ]; then + SLKCFLAGS="-O2 -march=i686 -mtune=i686" + LIBDIRSUFFIX="" +elif [ "$ARCH" = "x86_64" ]; then + SLKCFLAGS="-O2 -fPIC" + LIBDIRSUFFIX="64" +fi + +set -e + +rm -rf $PKG +mkdir -p $TMP $PKG $OUTPUT +cd $TMP +rm -rf $PRGNAM-$VERSION +tar xvf $CWD/$PRGNAM-$VERSION.tar.gz +cd $PRGNAM-$VERSION + +chown -R root:root . +find . \ + \( -perm 777 -o -perm 775 -o -perm 711 -o -perm 555 -o -perm 511 \) \ + -exec chmod 755 {} \; -o \ + \( -perm 666 -o -perm 664 -o -perm 600 -o -perm 444 -o -perm 440 -o -perm 400 \) \ + -exec chmod 644 {} \; + +CFLAGS="$SLKCFLAGS" \ +CXXFLAGS="$SLKCFLAGS" \ +./configure \ + --prefix=/usr \ + --libdir=/usr/lib${LIBDIRSUFFIX} \ + --sysconfdir=/etc \ + --localstatedir=/var \ + --mandir=/usr/man \ + --docdir=/usr/doc/$PRGNAM-$VERSION \ + --build=$ARCH-slackware-linux + +make +make install DESTDIR=$PKG + +# install a slackwarized config file +cat $CWD/openvasd.conf > $PKG/etc/openvas/openvasd.conf.new + +mkdir -p $PKG/etc/rc.d +cat $CWD/rc.openvasd > $PKG/etc/rc.d/rc.openvasd.new + +( cd $PKG + find . | xargs file | grep "executable" | grep ELF | cut -f 1 -d : | \ + xargs strip --strip-unneeded 2> /dev/null || true + find . | xargs file | grep "shared object" | grep ELF | cut -f 1 -d : | \ + xargs strip --strip-unneeded 2> /dev/null +) + +( cd $PKG/usr/man + find . -type f -exec gzip -9 {} \; + for i in $( find . -type l ) ; do ln -s $( readlink $i ).gz $i.gz ; rm $i ; done +) + +mkdir -p $PKG/usr/doc/$PRGNAM-$VERSION +cp -a $DOCS $PKG/usr/doc/$PRGNAM-$VERSION +cat $CWD/$PRGNAM.SlackBuild > $PKG/usr/doc/$PRGNAM-$VERSION/$PRGNAM.SlackBuild + +mkdir -p $PKG/install +cat $CWD/slack-desc > $PKG/install/slack-desc +cat $CWD/doinst.sh > $PKG/install/doinst.sh + +cd $PKG +/sbin/makepkg -l y -c n $OUTPUT/$PRGNAM-$VERSION-$ARCH-$BUILD$TAG.tgz diff --git a/network/openvas-server/openvas-server.info b/network/openvas-server/openvas-server.info new file mode 100644 index 0000000000..a2cc287a39 --- /dev/null +++ b/network/openvas-server/openvas-server.info @@ -0,0 +1,8 @@ +PRGNAM="openvas-server" +VERSION="2.0.2" +HOMEPAGE="http://www.openvas.org/" +DOWNLOAD="http://wald.intevation.org/frs/download.php/593/openvas-server-2.0.2.tar.gz" +MD5SUM="87d4727e9cba146c1e28003e30f2d5ee" +MAINTAINER="Marco Bonetti" +EMAIL="sid77@slackware.it" +APPROVED="rworkman" diff --git a/network/openvas-server/openvasd.conf b/network/openvas-server/openvasd.conf new file mode 100644 index 0000000000..305b045364 --- /dev/null +++ b/network/openvas-server/openvasd.conf @@ -0,0 +1,163 @@ +# OpenVAS Security Scanner, Slackware default configuration file +# +# Empty lines and those starting with '#' are ignored. + +# Directory where plug-ins are to be found +plugins_folder = /usr/lib/openvas/plugins + +# E-mail address of the admin +email = root + +# Maximum number of hosts +max_hosts = 255 + +# Number of plugins that will run against each host, +# i.e. simultaneous tests +# Total number of processes will be max_checks x max_hosts +max_checks = 15 + +# File used to log activity. Set it to 'syslog' if you want to use syslogd. +logfile = /var/log/openvas/openvasd.messages + +# Log every detail of the attack in openvasd.messages +# If disabled only the beginning and end are logged, and +# not the time each plugin takes to execute +log_whole_attack = yes + +# Log the name of the plugins that are loaded by the server +log_plugins_name_at_load = no + +# Dump file for debugging output, use `-' for stdout +dumpfile = /var/lib/openvas/openvasd.dump + +# File that contains rules database that apply to all users +rules = /etc/openvas/openvasd.rules + +# Users database file +users = /etc/openvas/openvasd.users + +# Path where it will find information for all users +per_user_base = /var/lib/openvas/users + +# Cache folder +cache_folder = /var/cache/openvas + +# CGI paths to check for (cgi-bin:/cgi-aws:/ can do) +cgi_path = /cgi-bin + +# Optimize the test +optimize_test = yes + +# Read timeout (in seconds) for the sockets of the tests +# Increase this value if running on a slow network link (dialup) +checks_read_timeout = 15 + +# Delay (in seconds) to pass for between two tests against the same port +# (to be inetd friendly) +delay_between_tests = 1 + +# Do not run simultaneous ports for these tests. Default value: +# non_simul_ports = 139, 445 + +# Remote file that the plugins will try to read: +test_file = /etc/passwd + +# Range of the ports that nmap will scan +port_range = 1-15000 + +# Ping hosts before scanning them? +ping_hosts = yes + +# Only test the IPs that can be reversely looked up? +reverse_lookup = no + +# Host expansion: +# dns: performs and AXFR on the remote name server +# and test the host obtained +# nfs: test hosts that have the right to mount the +# filesystems exported by the remote host +# ip: scan the entire subnet +host_expansion = dns;ip + +subnet_class = C + +# Use the MAC address as host identifier (useful in +# local LANs with dynamic addresses, e.g. DHCP) +# use_mac_addr = yes + +# Slice the network IPs into portions and rotate them +# between scanning each slice. Instead of the (default) +# behaviour of scanning a network incrementally. +# slice_network_addresses = yes + +scan_level = normal +outside_firewall = no + +# Enable plugins that are depended on +# auto_enable_dependencies = yes + +# Enable safe checks (this overrides the client's configuration) +# safe_checks = yes + +# Allow users to upload plugins to the server +# Note: This effectively gives administrative permissions +# to OpenVAS users and, when using local checks, could grant +# them execute permissions in remote systems, so use with care! +plugin_upload = no + +# Filename suffixes that are allowed when uploading +# plugin_upload_suffixes = .nasl, .inc + +# Language to use in plugins. +# Current valid options are 'english' and 'french' +language = english + +# Public key client server encryption (crypto options) +peks_username = openvasd +peks_keylen = 1024 +peks_keyfile = /etc/openvas/openvasd.private-keys +peks_usrkeys = /etc/openvas/openvasd.user-keys +peks_pwdfail = 5 +track_iothreads = yes +cookie_logpipe = /etc/openvas/openvasd.logpipe +cookie_logpipe_suptmo = 2 +# Define SSL version, use NONE to disable SSL +# ssl_version = 3 +# Full path and filename of a trusted certificate authority +# see /usr/share/doc/openvas/README_SSL.gz +# trusted_ca = + +# SSL Ciphers to use +# The following removes all SSLv3 ciphers except RC4. +# This has been implemented to workaround an OpenSSL 0.9.8 +# bug, for more information please read +# http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=338006 +# and +# http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=343487 +# ssl_cipher_list = SSLv2:-LOW:-EXPORT:RC4+RSA + +# NASL scripts cryptographic checks of some plugins (trusted +# scripts). OpenVAS will refuse to load and execute trusted +# scripts that are not signed. Use extreme caution when +# setting this to 'yes' +#nasl_no_signature_check = no +nasl_no_signature_check = yes + +# Uncomment the following for IO thread debugging +#track_iothreads = yes + +# Set this to 'yes' if you want each child to be nice(2)d +# be_nice = yes + +# End of /etc/openvas/openvasd.conf file. +# +# Added by openvas-mkcert +# +cert_file=/var/lib/openvas/CA/servercert.pem +key_file=/var/lib/openvas/private/CA/serverkey.pem +ca_file=/var/lib/openvas/CA/cacert.pem +# If you decide to protect your private key with a password, +# uncomment and change next line +# pem_password=password +# If you want to force the use of a client certificate, uncomment next line +# force_pubkey_auth = yes diff --git a/network/openvas-server/rc.openvasd b/network/openvas-server/rc.openvasd new file mode 100644 index 0000000000..e66b4758b7 --- /dev/null +++ b/network/openvas-server/rc.openvasd @@ -0,0 +1,29 @@ +#!/bin/sh + +PIDFILE="/var/run/openvasd.pid" + +start() { + echo "Starting OpenVAS server..." + openvasd -D +} + +stop() { + echo "Stopping OpenVAS server..." + kill `cat $PIDFILE` +} + +case "$1" in + start) + start + ;; + stop) + stop + ;; + restart) + stop + sleep 1 + start + ;; + *) + echo "Usage: $0 (start|stop|restart)" +esac diff --git a/network/openvas-server/slack-desc b/network/openvas-server/slack-desc new file mode 100644 index 0000000000..91bc7ef22f --- /dev/null +++ b/network/openvas-server/slack-desc @@ -0,0 +1,19 @@ +# HOW TO EDIT THIS FILE: +# The "handy ruler" below makes it easier to edit a package description. Line +# up the first '|' above the ':' following the base package name, and the '|' +# on the right side marks the last column you can put a character in. You must +# make exactly 11 lines for the formatting to be correct. It's also +# customary to leave one space after the ':'. + + |-----handy-ruler------------------------------------------------------| +openvas-server: OpenVAS server (OpenVAS server) +openvas-server: +openvas-server: OpenVAS stands for Open Vulnerability Assessment System and is a +openvas-server: network security scanner with associated tools like a graphical user +openvas-server: front-end. The core component is a server with a set of network +openvas-server: vulnerability tests (NVTs) to detect security problems in remote +openvas-server: systems and applications. +openvas-server: +openvas-server: OpenVAS products are Free Software under GNU GPL and a fork of Nessus. +openvas-server: +openvas-server: This package provides the OpenVAS server. |