diff options
| author | V3n3RiX <venerix@redcorelinux.org> | 2019-03-19 11:37:34 +0000 |
|---|---|---|
| committer | V3n3RiX <venerix@redcorelinux.org> | 2019-03-19 11:37:34 +0000 |
| commit | b7b97785ebbb2f11d24d14dab8b81ed274f4ce6a (patch) | |
| tree | 9fd110f9fc996e8a4213eeda994a8c112491b86d /net-analyzer/greenbone-security-assistant/files | |
| parent | 066d27181e9a797ad9f8fc43b49fc9a10ff2f707 (diff) | |
gentoo resync : 19.03.2019
Diffstat (limited to 'net-analyzer/greenbone-security-assistant/files')
8 files changed, 290 insertions, 0 deletions
diff --git a/net-analyzer/greenbone-security-assistant/files/greenbone-security-assistant-7.0.3-auth.patch b/net-analyzer/greenbone-security-assistant/files/greenbone-security-assistant-7.0.3-auth.patch new file mode 100644 index 000000000000..cce885e10e01 --- /dev/null +++ b/net-analyzer/greenbone-security-assistant/files/greenbone-security-assistant-7.0.3-auth.patch @@ -0,0 +1,107 @@ +--- gsa-7.0.3/src/gsad_omp.c 2019-02-02 03:22:19.297954361 +0300 ++++ gsa-7.0.3/src/gsad_omp.c 2019-02-02 03:27:57.690214371 +0300 +@@ -1366,7 +1366,8 @@ + || (strstr (param_name, "_id") + == param_name + strlen (param_name) - strlen ("_id")) + || (strcmp (param_name, "name") == 0 +- && strcasecmp (prev_action, "Run Wizard") == 0) ++ && (strcasecmp (prev_action, "Run Wizard") == 0 ++ || strcasecmp (next_cmd, "auth_settings") == 0)) + || (strcmp (param_name, "get_name") == 0 + && strcasecmp (next_cmd, "wizard_get") == 0)) + { +@@ -25984,7 +25976,7 @@ + + html = response_from_entity (connection, credentials, params, entity, + (no_redirect && strcmp (no_redirect, "0")), +- NULL, NULL, ++ NULL, "auth_settings", + NULL, "modify_auth", + "Save Authentication Configuration", + response_data); +--- gsa-7.0.3/src/html/classic/js/greenbone.js 2018-03-28 16:23:57.000000000 +0300 ++++ gsa-7.0.3/src/html/classic/js/greenbone.js 2019-02-02 03:40:37.162714538 +0300 +@@ -1559,6 +1559,9 @@ + if (reload === 'next') { + reload_next(response); + } ++ else if (reload === 'window') { ++ location.reload(); ++ } + }, + function(jqXHR) { + if (jqXHR.status == 0 && jqXHR.readyState == 0) { +--- gsa-7.0.3/src/html/classic/omp.xsl 2018-03-28 16:23:57.000000000 +0300 ++++ gsa-7.0.3/src/html/classic/omp.xsl 2019-02-02 03:44:28.470599715 +0300 +@@ -36775,7 +36822,8 @@ + <!-- AUTHENTICATION DESCRIPTION --> + + <xsl:template match="group" mode="ldapauth"> +- <div class="section-box" id="ldap-box"> ++ <div class="section-box ajax-post" id="ldap-box" ++ data-button="form #save_button" data-reload="window"> + <form action="/omp" method="post" enctype="multipart/form-data"> + <input type="hidden" name="token" value="{/envelope/token}"/> + <input type="hidden" name="cmd" value="save_auth"/> +@@ -36784,6 +36832,15 @@ + <input type="hidden" name="filter" value="{gsa:envelope-filter ()}"/> + <!-- group name is e.g. of method:ldap --> + <input type="hidden" name="group" value="{@name}"/> ++ <!-- Auth type name for next page --> ++ <input type="hidden" name="name" value="ldap"/> ++ ++ <div class="error-dialog"> ++ <div class="text-center"> ++ <xsl:value-of select="gsa:i18n ('LDAP authentication config could not be modified.')"/> ++ </div> ++ </div> ++ + <table class="gbntable"> + <tr class="gbntablehead2"> + <td><xsl:value-of select="gsa:i18n ('Setting')"/></td> +@@ -36838,7 +36895,8 @@ + </tr> + <tr> + <td colspan="2" style="text-align:right;"> +- <input type="submit" name="submit" value="{gsa:i18n ('Save')}"/> ++ <input type="submit" name="submit" id="save_button" ++ value="{gsa:i18n ('Save')}"/> + </td> + </tr> + </table> +@@ -36847,7 +36905,8 @@ + </xsl:template> + + <xsl:template match="group" mode="radiusauth"> +- <div class="section-box" id="radius-box"> ++ <div class="section-box ajax-post" id="radius-box" ++ data-button="form #save_button" data-reload="window"> + <form action="/omp" method="post" enctype="multipart/form-data"> + <input type="hidden" name="token" value="{/envelope/token}"/> + <input type="hidden" name="cmd" value="save_auth"/> +@@ -36856,6 +36915,15 @@ + <input type="hidden" name="filter" value="{gsa:envelope-filter ()}"/> + <!-- group name is e.g. of method:radius_connect --> + <input type="hidden" name="group" value="{@name}"/> ++ <!-- Auth type name for next page --> ++ <input type="hidden" name="name" value="radius"/> ++ ++ <div class="error-dialog"> ++ <div class="text-center"> ++ <xsl:value-of select="gsa:i18n ('Radius authentication config could not be modified.')"/> ++ </div> ++ </div> ++ + <table class="gbntable"> + <tr class="gbntablehead2"> + <td><xsl:value-of select="gsa:i18n ('Setting')"/></td> +@@ -36890,7 +36958,8 @@ + </tr> + <tr> + <td colspan="2" style="text-align:right;"> +- <input type="submit" name="submit" value="{gsa:i18n ('Save')}"/> ++ <input type="submit" name="submit" id="save_button" ++ value="{gsa:i18n ('Save')}"/> + </td> + </tr> + </table> diff --git a/net-analyzer/greenbone-security-assistant/files/greenbone-security-assistant-7.0.3-memleak.patch b/net-analyzer/greenbone-security-assistant/files/greenbone-security-assistant-7.0.3-memleak.patch new file mode 100644 index 000000000000..5132e344a798 --- /dev/null +++ b/net-analyzer/greenbone-security-assistant/files/greenbone-security-assistant-7.0.3-memleak.patch @@ -0,0 +1,42 @@ +--- gsa-7.0.3/src/gsad_omp.c 2018-03-28 16:23:57.000000000 +0300 ++++ gsa-7.0.3/src/gsad_omp.c 2019-02-02 03:12:16.617046562 +0300 +@@ -7737,16 +7738,21 @@ + g_string_append (xml, command_escaped); + g_free (command_escaped); + ++ response = NULL; + ret = omp (connection, credentials, &response, &entity, response_data, + command->str); + g_string_free (command, TRUE); ++ ++ if (ret) ++ { ++ free_entity (entity); ++ g_string_free (xml, TRUE); ++ } ++ + switch (ret) + { + case 0: + break; +- case -1: +- /* 'omp' set response. */ +- return response; + case 1: + response_data->http_status_code = MHD_HTTP_INTERNAL_SERVER_ERROR; + return gsad_message (credentials, +@@ -7770,10 +7776,14 @@ + "/omp?cmd=get_tasks", response_data); + } + ++ if (omp_success (entity) == 0) ++ set_http_status_from_entity (entity, response_data); + g_string_append (xml, response); + + g_string_append (xml, "</get_aggregate>"); + ++ free_entity (entity); ++ g_free (response); + return xsl_transform_omp (connection, credentials, params, + g_string_free (xml, FALSE), response_data); + } diff --git a/net-analyzer/greenbone-security-assistant/files/gsa-daemon.conf b/net-analyzer/greenbone-security-assistant/files/gsa-daemon.conf new file mode 100644 index 000000000000..9d34da62659c --- /dev/null +++ b/net-analyzer/greenbone-security-assistant/files/gsa-daemon.conf @@ -0,0 +1,20 @@ +# OpenVAS Security Assistant command args +# man page --> https://www.mankier.com/8/gsad + +# e.g. --foreground | e.g. --no-redirect -- > Don't listen port 80 anymore +OPENVAS_SECURITY_ASSISTANT_OPTIONS="--no-redirect" + +# WebUI adress +OPENVAS_SECURITY_ASSISTANT_LISTEN_ADDRESS="--listen=127.0.0.1" + +# WebUI Port +OPENVAS_SECURITY_ASSISTANT_LISTEN_PORT="--port=9392" + +# WebUI Manager Address +OPENVAS_SECURITY_ASSISTANT_MANAGER_LISTEN_ADDRESS="--mlisten=127.0.0.1" + +# WebUI Manager Port +OPENVAS_SECURITY_ASSISTANT_MANAGER_LISTEN_PORT="--mport=9390" + +# TLS Settings +OPENVAS_SECURITY_ASSISTANT_GNUTLS_PRIORITIES="--gnutls-priorities=NORMAL" diff --git a/net-analyzer/greenbone-security-assistant/files/gsa.init b/net-analyzer/greenbone-security-assistant/files/gsa.init new file mode 100644 index 000000000000..6e625a96a25c --- /dev/null +++ b/net-analyzer/greenbone-security-assistant/files/gsa.init @@ -0,0 +1,14 @@ +#!/sbin/openrc-run +# Copyright 1999-2019 Gentoo Authors +# Distributed under the terms of the GNU General Public License v2 + +name="Greenbone Security Assistant Daemon" +command="/usr/sbin/gsad" +command_args="${OPENVAS_SECURITY_ASSISTANT_OPTIONS} ${OPENVAS_SECURITY_ASSISTANT_LISTEN_ADDRESS} ${OPENVAS_SECURITY_ASSISTANT_LISTEN_PORT} ${OPENVAS_SECURITY_ASSISTANT_MANAGER_LISTEN_ADDRESS} ${OPENVAS_SECURITY_ASSISTANT_MANAGER_LISTEN_PORT} ${OPENVAS_SECURITY_ASSISTANT_GNUTLS_PRIORITIES}" +pidfile="/var/run/gsad.pid" +command_background="true" + +depend() { + after bootmisc + need localmount net openvas-scanner gvmd +} diff --git a/net-analyzer/greenbone-security-assistant/files/gsa.logrotate b/net-analyzer/greenbone-security-assistant/files/gsa.logrotate new file mode 100644 index 000000000000..79e54e854319 --- /dev/null +++ b/net-analyzer/greenbone-security-assistant/files/gsa.logrotate @@ -0,0 +1,9 @@ +# logrotate for openvas security agent +/var/log/openvas/gsad.log { + daily + rotate 7 + compress + missingok + notifempty + sharedscripts +} diff --git a/net-analyzer/greenbone-security-assistant/files/gsa.nginx.reverse.proxy.example b/net-analyzer/greenbone-security-assistant/files/gsa.nginx.reverse.proxy.example new file mode 100644 index 000000000000..b233911a2f1d --- /dev/null +++ b/net-analyzer/greenbone-security-assistant/files/gsa.nginx.reverse.proxy.example @@ -0,0 +1,78 @@ +upstream backend { + server 127.0.0.1:9392; + keepalive 64; +} + +server { + listen IP:80; + server_name openvas.domain.tdl; + return 301 https://openvas.domain.tdl$request_uri; +} + +server { + listen IP:443 ssl http2; + server_name openvas.domain.tdl; + access_log /var/log/nginx/openvas.domain.tdl.access.log; + error_log /var/log/nginx/openvas.domain.tdl.error.log; + # Not sourcing directly from file + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + fastcgi_param QUERY_STRING $query_string; + fastcgi_param REQUEST_METHOD $request_method; + fastcgi_param CONTENT_TYPE $content_type; + fastcgi_param CONTENT_LENGTH $content_length; + fastcgi_param SCRIPT_NAME $fastcgi_script_name; + fastcgi_param REQUEST_URI $request_uri; + fastcgi_param DOCUMENT_URI $document_uri; + fastcgi_param SERVER_PROTOCOL $server_protocol; + fastcgi_param REQUEST_SCHEME $scheme; + fastcgi_param HTTPS $https; + fastcgi_param GATEWAY_INTERFACE CGI/1.1; + fastcgi_param SERVER_SOFTWARE nginx/$nginx_version; + fastcgi_param REMOTE_ADDR $remote_addr; + fastcgi_param REMOTE_PORT $remote_port; + fastcgi_param SERVER_ADDR $server_addr; + fastcgi_param SERVER_PORT $server_port; + fastcgi_param SERVER_NAME $server_name; + fastcgi_param REDIRECT_STATUS 200; + fastcgi_param HTTP_PROXY ""; + fastcgi_param PATH_INFO $fastcgi_path_info; + fastcgi_param PATH_TRANSLATED $document_root$fastcgi_path_info; + fastcgi_param DOCUMENT_ROOT $document_root; + + location / { + proxy_set_header Host $http_host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header REMOTE_HOST $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-FORWARDED-PROTOCOL $scheme; + proxy_pass https://backend; + proxy_http_version 1.1; + proxy_pass_request_headers on; + proxy_set_header Connection "keep-alive"; + proxy_store off; + gzip on; + gzip_proxied any; + gzip_types *; + } + + resolver 127.0.0.1; + resolver_timeout 6s; + ssl_certificate /openvas.domain.tdl/fullchain.pem; + ssl_certificate_key /openvas.domain.tdl/privkey.pem; + ssl_trusted_certificate /openvas.domain.tdl/chain.pem; + ssl_dhparam /openvas.domain.tdl/dhparam.pem; + ssl_protocols TLSv1 TLSv1.1 TLSv1.2; + ssl_prefer_server_ciphers on; + ssl_ciphers ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES256-SHA:ECDHE-ECDSA-DES-CBC3-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:DES-CBC3-SHA:!DSS; + ssl_ecdh_curve secp384r1; + ssl_stapling on; + ssl_stapling_verify on; + ssl_session_cache shared:SSL:40m; + ssl_session_timeout 21h; + ssl_session_tickets off; + ssl_buffer_size 4k; + add_header Referrer-Policy no-referrer-when-downgrade; + add_header X-Frame-Options "SAMEORIGIN"; + add_header X-Content-Type-Options "nosniff"; + add_header X-XSS-Protection "1; mode=block"; +} diff --git a/net-analyzer/greenbone-security-assistant/files/gsa.service b/net-analyzer/greenbone-security-assistant/files/gsa.service new file mode 100644 index 000000000000..3d0f2d37a45e --- /dev/null +++ b/net-analyzer/greenbone-security-assistant/files/gsa.service @@ -0,0 +1,19 @@ +[Unit] +Description=OpenVAS Manager +After=network.target +After=openvas-scanner.service +After=gvmd.service +Wants=gvmd.service + +[Service] +Type=forking +EnvironmentFile=-/etc/openvas/sysconfig/gsa-daemon.conf +ExecStart=/usr/sbin/gsad $OPENVAS_SECURITY_ASSISTANT_OPTIONS $OPENVAS_SECURITY_ASSISTANT_LISTEN_ADDRESS $OPENVAS_SECURITY_ASSISTANT_LISTEN_PORT $OPENVAS_SECURITY_ASSISTANT_MANAGER_LISTEN_ADDRESS $OPENVAS_SECURITY_ASSISTANT_MANAGER_LISTEN_PORT $OPENVAS_SECURITY_ASSISTANT_GNUTLS_PRIORITIES +ExecReload=/bin/kill -HUP $MAINPID +KillMode=mixed +User=root +Group=root +TimeoutSec=1200 + +[Install] +WantedBy=multi-user.target diff --git a/net-analyzer/greenbone-security-assistant/files/gsa.tmpfiles.d b/net-analyzer/greenbone-security-assistant/files/gsa.tmpfiles.d new file mode 100644 index 000000000000..18e820caec1b --- /dev/null +++ b/net-analyzer/greenbone-security-assistant/files/gsa.tmpfiles.d @@ -0,0 +1 @@ +d /var/cache/openvassd 0775 |