diff options
author | V3n3RiX <venerix@redcorelinux.org> | 2019-03-19 11:37:34 +0000 |
---|---|---|
committer | V3n3RiX <venerix@redcorelinux.org> | 2019-03-19 11:37:34 +0000 |
commit | b7b97785ebbb2f11d24d14dab8b81ed274f4ce6a (patch) | |
tree | 9fd110f9fc996e8a4213eeda994a8c112491b86d /net-analyzer/greenbone-security-assistant | |
parent | 066d27181e9a797ad9f8fc43b49fc9a10ff2f707 (diff) |
gentoo resync : 19.03.2019
Diffstat (limited to 'net-analyzer/greenbone-security-assistant')
11 files changed, 404 insertions, 2 deletions
diff --git a/net-analyzer/greenbone-security-assistant/Manifest b/net-analyzer/greenbone-security-assistant/Manifest index 545bd68c6ca0..9e693447b148 100644 --- a/net-analyzer/greenbone-security-assistant/Manifest +++ b/net-analyzer/greenbone-security-assistant/Manifest @@ -1,4 +1,12 @@ AUX greenbone-security-assistant-5.0.3-run.patch 504 BLAKE2B 3e14a5e2d559bfa0f487760ebe081013627038a6ceb690b444c0eb680c05293e4a031074ba05438366a8b01fab4ad1a48f4e9fd97bb7150bdc288cacb718b999 SHA512 fead69c99f8cfb376d19c684495ed4cec7a90672fed378f3ae9ea245393ab3d52c34a2c8e5dd84ce7c5b844f1aa01d70b7a143f417e93f320a240bf1f683bb5d +AUX greenbone-security-assistant-7.0.3-auth.patch 4606 BLAKE2B aa9698aea86c1f0253d4f9ce263c83bce8a440184693ec5e438435517a04a87e9e3df7990522a212e6509b61ee1455e4fb11ccb4aa434c01edb4027c8fb38e2d SHA512 8012de90a92518acd71716790730e7ca736e2b64be026a11fa648b569bfb4229813a39be134efa1b1c09ce394aaeb44db6d31687279a6f5468f7cc97bb1a54ba +AUX greenbone-security-assistant-7.0.3-memleak.patch 1206 BLAKE2B 1349e2cf9d82fa9bc0b05bb471e4ad8c298a12c6ae0ecdc12a44f686440d5cc1b5f6bab8a7fb97a643e2457e99040da9aaf5f0285bbb6582131af3bda297803d SHA512 5ec8404ae8d8c40dc7d1d4cab7572888dc08cedf9c17e8e95e138b9441c34e5d0eeb24f066d15ef5b69d5da9f3a3bbc70ebb6eaf275763b3ec5583af9265652d +AUX gsa-daemon.conf 632 BLAKE2B 9d255f3f9da1d06bb8f78a4ff2b58f304c3765b217dff23485fced7bcd91721e131fc6325b6cb43336c88b9ffab302545fa8c263682c6150279a2fd1f58c221a SHA512 d5ec560be28202bc43580dc215f5214cc73dd9c98fb5949b791e32507e9e593296c2b426c8fb598092d7f7a13dab1c1765458b42730f3a2e97d7cb5f8bcff954 +AUX gsa.init 609 BLAKE2B e25e0d010d9d42daef22daea08ef06581455dc992e75345fa8d5afaf616a39c5b53ab361ee136f29b226b81980cb398c49ba6564e55b097da5fb052b836d5d2d SHA512 ab2cd0f0c5a7999284cdb92e0213a978d2cb0df0196c1d2acd4eeded28dcd365d17e122024a754730942ab6e39eefa11f75df1caaaba0b797d9ff8c4954d9862 +AUX gsa.logrotate 134 BLAKE2B 56bd0128621688a1b1fc5cb0a96503e60b0a2975bfbe74b4db0853b45356610081996004923bc958b8d71ea8e5add097cc8083ce9cd83af38e87995d9386fc1d SHA512 e6164c4b494d87ad55a9b1120bad2cc8619a623382417e0301738e728c535ea78f89f935807eb7616ae7a17d05942f105a7c76795e636f9bcc672a04e3444149 +AUX gsa.nginx.reverse.proxy.example 3835 BLAKE2B c4ec87cd5f1a0e5aedb93f95c7010a3f19b9123355b24b2899c157a532b020ba192ee6f5a382448b17fe0ff1d8473be6a390e0779d3f8c3963d050d0f5c91775 SHA512 c323f37f4dd1bc4633213f9aede141e2a915344df7aa8e7be043583e6a5415ec8fefea707f1cab29f478423165f3285c629da683515f08d6e046385fb7177751 +AUX gsa.service 618 BLAKE2B 3fee74a879374bafa0ef9dd65dcddc0ee91c63649d32fcd6cb023b6ff4d881cb971b3db49931bcaaead7b293609a16207459cc803235c1854ee752b07b484582 SHA512 30b29a3503c3b9ee7d5e2bb4e59e28a58d43fcdb0587e820878ac809677c5a7929e119bfc52e569b41fafd4d15ad37d5f9c945bfc89e42ba91ba32d10f1dc192 +AUX gsa.tmpfiles.d 28 BLAKE2B b9343651fc4923451b02a5f72cad7da95e4d790a7b77eb72ca239588568a5d2b88cad1f9f698ad61403c332a44005989e8d6e67ff1ad06cab26abdf67f8d8621 SHA512 b5d98625495353d32bdcaecf5499e2cbe3a8b1a84b067018b61f2ce6e110b0e3a14a061e8791c08891a7058976555a2c7971b48c90f690605129deb457b7b754 AUX gsad 440 BLAKE2B 30fcd923866fb7b17aac3a02a03bb5584c2a43b3cd2a0805706834a008a9f0107bb0553e0c51d180e080c1ec98f45ad58baaad709897110b80383cdbc3f4c924 SHA512 4fd03f00530253e824905a79b7f482b2307d181c8a182096d9fa694d0efce78bba12147961d35ed2616bbc5e5ea3adb0621b5bbacf8401db6d323a266c50ca76 AUX gsad-daemon.conf 378 BLAKE2B ec130e95c087effff1e4f36037bd688583561fac4e3186cac8a4c9204488af60187221a84311cf15269baa61cfcaf765984a394a0b73121b538ae6c90758c1fe SHA512 a4802e41391b4ac51a88924dd3246390fe13c7119eac1130f34e8ff0f7b7df9096c9176569ac63fc2cc7ad8dae9e1bfa762f4853d2c3f7845208bdee0e8072e8 AUX gsad.init 391 BLAKE2B d4167cc68208773dfee0b93930f40ffbf9f68ad70fcb8dc3e4ee42057148414bebc814f1269b8a1b0687462f3847dc5e111a7e5cd3789d0d82f414f6f8bd7c02 SHA512 3955aae20e32ceb61bef9a937ac6e63ec16e33994f88f0daa21cb4160feebabeefdec27dbd0451eabd07ee50d10ff02c1dedb8a37e69e6d5b93dd053d13925ba @@ -6,5 +14,7 @@ AUX gsad.logrotate 199 BLAKE2B 1e1e68c2c5b0bcc097498e30fd007dc3e5b73b5e87592f844 AUX gsad.service 386 BLAKE2B a87330e9d243b4cf951e5a9d21821a501ac2b4a4fbd37e951554ca4fe5ab5e5b84c23b19ff8a685c43d25db31df4b1bd269bd163cb4a522db0bcfba1cd4248ca SHA512 6a706bb3d9fe474818aad419ad50f315a144ac489af5e8225deee773439d12b1296d026ae38bcc3f7fa5b826e2fdcf902b1f072024dda40d9431e12026627a32 AUX gsad.tmpfiles.d 28 BLAKE2B b9343651fc4923451b02a5f72cad7da95e4d790a7b77eb72ca239588568a5d2b88cad1f9f698ad61403c332a44005989e8d6e67ff1ad06cab26abdf67f8d8621 SHA512 b5d98625495353d32bdcaecf5499e2cbe3a8b1a84b067018b61f2ce6e110b0e3a14a061e8791c08891a7058976555a2c7971b48c90f690605129deb457b7b754 DIST greenbone-security-assistant-6.0.9.tar.gz 1476238 BLAKE2B 3311056256885102518e3b0e3106c23965e5a69ad4cfe13a2b34c68079a916466915b3296c80984656ff8a9f9b0aa35f5256c225250ae549d9727ad61f3a6b2b SHA512 4afb50f044b6853181c3c3e6466e7329915356bbcccecf98b89d9dc39a193392f45850f9073ac055ec826753af78e8a6368e7f9ac52734a3b5e254d124180d68 +DIST greenbone-security-assistant-7.0.3.tar.gz 2918954 BLAKE2B 4a6cd5d8378bcbb0a9df6cb5b8f6560060f15d0b0cb53d2c61692cb2bc2cd86af6e9cdeb5040c4d7020c3b016779a76ec517d54614388c62aaedd596f55fa3c4 SHA512 7e1c1ef939ba08dab3b78baf1aa9c110be2febfbed5d67eefe8110c60f5089a1af44bc26693657226f417c6bd516a4a656eb159dae2a78f878e1a1b6c222b117 EBUILD greenbone-security-assistant-6.0.9.ebuild 1308 BLAKE2B 3698cf939f27d441dbdc9feeb5b29be859e2b80360eec531e3a2e54b58d12f18d7be7f7f82d4152f0331e471cf8d862e8ffb942366391662b0706edfb3404f69 SHA512 c44a805020ed43474435946aa514a5cd712b7e0872d30600bbf4d875f8f9f8837bb43efab5104c263bf4bf05d10de89cdcf82ff0ad21e8e3f7b9b50b56c69905 -MISC metadata.xml 166 BLAKE2B c254f1fb642881aba57637be14fb0a89b10384f91a128feaec3a8c870d76efc2cbacb92caccc0dee2dd19a5ac5eaf8643080dafa05c4e2ac96a68568927e5afd SHA512 a56648c974a1d14dd4c18237532773c72057a13ab90c58b5da04f185e3c12a8bd8d5c21fb06053507f31766291a82dc7d87b34cd65fd94cfe2af7295c813ef84 +EBUILD greenbone-security-assistant-7.0.3.ebuild 2084 BLAKE2B 458e7fe2a2129d1862a20b4da13ba443267f7337bac016e41c611657d345882a7a8e0ee675d5a666f8c5ef0d9fd0165372659f086d4e49df1eb8e8ceffd5b635 SHA512 ff913784bab0ad214d6ec98ebf5411d6187313ef4c98b486d0655ab7203db123509c6fbfa1faaf66802be17858ee2931759e39f1adede00adc425f9ccfd44d6a +MISC metadata.xml 461 BLAKE2B 734b873325f2519d61fe25c81061f2344cccffbbe7c6915b716dfa11cdbd09dabfdebe218749680c7bcca47899a8eba97e3152d2b9ac32f7246310408acd3a10 SHA512 87b57dc463871d595b3448b57d4038ad5391eaac1143ee3dc50800d736030abc9ee82387b4127c68b9b106c4972cf75acf42a6e8726c6eaa60cdcc1bde886896 diff --git a/net-analyzer/greenbone-security-assistant/files/greenbone-security-assistant-7.0.3-auth.patch b/net-analyzer/greenbone-security-assistant/files/greenbone-security-assistant-7.0.3-auth.patch new file mode 100644 index 000000000000..cce885e10e01 --- /dev/null +++ b/net-analyzer/greenbone-security-assistant/files/greenbone-security-assistant-7.0.3-auth.patch @@ -0,0 +1,107 @@ +--- gsa-7.0.3/src/gsad_omp.c 2019-02-02 03:22:19.297954361 +0300 ++++ gsa-7.0.3/src/gsad_omp.c 2019-02-02 03:27:57.690214371 +0300 +@@ -1366,7 +1366,8 @@ + || (strstr (param_name, "_id") + == param_name + strlen (param_name) - strlen ("_id")) + || (strcmp (param_name, "name") == 0 +- && strcasecmp (prev_action, "Run Wizard") == 0) ++ && (strcasecmp (prev_action, "Run Wizard") == 0 ++ || strcasecmp (next_cmd, "auth_settings") == 0)) + || (strcmp (param_name, "get_name") == 0 + && strcasecmp (next_cmd, "wizard_get") == 0)) + { +@@ -25984,7 +25976,7 @@ + + html = response_from_entity (connection, credentials, params, entity, + (no_redirect && strcmp (no_redirect, "0")), +- NULL, NULL, ++ NULL, "auth_settings", + NULL, "modify_auth", + "Save Authentication Configuration", + response_data); +--- gsa-7.0.3/src/html/classic/js/greenbone.js 2018-03-28 16:23:57.000000000 +0300 ++++ gsa-7.0.3/src/html/classic/js/greenbone.js 2019-02-02 03:40:37.162714538 +0300 +@@ -1559,6 +1559,9 @@ + if (reload === 'next') { + reload_next(response); + } ++ else if (reload === 'window') { ++ location.reload(); ++ } + }, + function(jqXHR) { + if (jqXHR.status == 0 && jqXHR.readyState == 0) { +--- gsa-7.0.3/src/html/classic/omp.xsl 2018-03-28 16:23:57.000000000 +0300 ++++ gsa-7.0.3/src/html/classic/omp.xsl 2019-02-02 03:44:28.470599715 +0300 +@@ -36775,7 +36822,8 @@ + <!-- AUTHENTICATION DESCRIPTION --> + + <xsl:template match="group" mode="ldapauth"> +- <div class="section-box" id="ldap-box"> ++ <div class="section-box ajax-post" id="ldap-box" ++ data-button="form #save_button" data-reload="window"> + <form action="/omp" method="post" enctype="multipart/form-data"> + <input type="hidden" name="token" value="{/envelope/token}"/> + <input type="hidden" name="cmd" value="save_auth"/> +@@ -36784,6 +36832,15 @@ + <input type="hidden" name="filter" value="{gsa:envelope-filter ()}"/> + <!-- group name is e.g. of method:ldap --> + <input type="hidden" name="group" value="{@name}"/> ++ <!-- Auth type name for next page --> ++ <input type="hidden" name="name" value="ldap"/> ++ ++ <div class="error-dialog"> ++ <div class="text-center"> ++ <xsl:value-of select="gsa:i18n ('LDAP authentication config could not be modified.')"/> ++ </div> ++ </div> ++ + <table class="gbntable"> + <tr class="gbntablehead2"> + <td><xsl:value-of select="gsa:i18n ('Setting')"/></td> +@@ -36838,7 +36895,8 @@ + </tr> + <tr> + <td colspan="2" style="text-align:right;"> +- <input type="submit" name="submit" value="{gsa:i18n ('Save')}"/> ++ <input type="submit" name="submit" id="save_button" ++ value="{gsa:i18n ('Save')}"/> + </td> + </tr> + </table> +@@ -36847,7 +36905,8 @@ + </xsl:template> + + <xsl:template match="group" mode="radiusauth"> +- <div class="section-box" id="radius-box"> ++ <div class="section-box ajax-post" id="radius-box" ++ data-button="form #save_button" data-reload="window"> + <form action="/omp" method="post" enctype="multipart/form-data"> + <input type="hidden" name="token" value="{/envelope/token}"/> + <input type="hidden" name="cmd" value="save_auth"/> +@@ -36856,6 +36915,15 @@ + <input type="hidden" name="filter" value="{gsa:envelope-filter ()}"/> + <!-- group name is e.g. of method:radius_connect --> + <input type="hidden" name="group" value="{@name}"/> ++ <!-- Auth type name for next page --> ++ <input type="hidden" name="name" value="radius"/> ++ ++ <div class="error-dialog"> ++ <div class="text-center"> ++ <xsl:value-of select="gsa:i18n ('Radius authentication config could not be modified.')"/> ++ </div> ++ </div> ++ + <table class="gbntable"> + <tr class="gbntablehead2"> + <td><xsl:value-of select="gsa:i18n ('Setting')"/></td> +@@ -36890,7 +36958,8 @@ + </tr> + <tr> + <td colspan="2" style="text-align:right;"> +- <input type="submit" name="submit" value="{gsa:i18n ('Save')}"/> ++ <input type="submit" name="submit" id="save_button" ++ value="{gsa:i18n ('Save')}"/> + </td> + </tr> + </table> diff --git a/net-analyzer/greenbone-security-assistant/files/greenbone-security-assistant-7.0.3-memleak.patch b/net-analyzer/greenbone-security-assistant/files/greenbone-security-assistant-7.0.3-memleak.patch new file mode 100644 index 000000000000..5132e344a798 --- /dev/null +++ b/net-analyzer/greenbone-security-assistant/files/greenbone-security-assistant-7.0.3-memleak.patch @@ -0,0 +1,42 @@ +--- gsa-7.0.3/src/gsad_omp.c 2018-03-28 16:23:57.000000000 +0300 ++++ gsa-7.0.3/src/gsad_omp.c 2019-02-02 03:12:16.617046562 +0300 +@@ -7737,16 +7738,21 @@ + g_string_append (xml, command_escaped); + g_free (command_escaped); + ++ response = NULL; + ret = omp (connection, credentials, &response, &entity, response_data, + command->str); + g_string_free (command, TRUE); ++ ++ if (ret) ++ { ++ free_entity (entity); ++ g_string_free (xml, TRUE); ++ } ++ + switch (ret) + { + case 0: + break; +- case -1: +- /* 'omp' set response. */ +- return response; + case 1: + response_data->http_status_code = MHD_HTTP_INTERNAL_SERVER_ERROR; + return gsad_message (credentials, +@@ -7770,10 +7776,14 @@ + "/omp?cmd=get_tasks", response_data); + } + ++ if (omp_success (entity) == 0) ++ set_http_status_from_entity (entity, response_data); + g_string_append (xml, response); + + g_string_append (xml, "</get_aggregate>"); + ++ free_entity (entity); ++ g_free (response); + return xsl_transform_omp (connection, credentials, params, + g_string_free (xml, FALSE), response_data); + } diff --git a/net-analyzer/greenbone-security-assistant/files/gsa-daemon.conf b/net-analyzer/greenbone-security-assistant/files/gsa-daemon.conf new file mode 100644 index 000000000000..9d34da62659c --- /dev/null +++ b/net-analyzer/greenbone-security-assistant/files/gsa-daemon.conf @@ -0,0 +1,20 @@ +# OpenVAS Security Assistant command args +# man page --> https://www.mankier.com/8/gsad + +# e.g. --foreground | e.g. --no-redirect -- > Don't listen port 80 anymore +OPENVAS_SECURITY_ASSISTANT_OPTIONS="--no-redirect" + +# WebUI adress +OPENVAS_SECURITY_ASSISTANT_LISTEN_ADDRESS="--listen=127.0.0.1" + +# WebUI Port +OPENVAS_SECURITY_ASSISTANT_LISTEN_PORT="--port=9392" + +# WebUI Manager Address +OPENVAS_SECURITY_ASSISTANT_MANAGER_LISTEN_ADDRESS="--mlisten=127.0.0.1" + +# WebUI Manager Port +OPENVAS_SECURITY_ASSISTANT_MANAGER_LISTEN_PORT="--mport=9390" + +# TLS Settings +OPENVAS_SECURITY_ASSISTANT_GNUTLS_PRIORITIES="--gnutls-priorities=NORMAL" diff --git a/net-analyzer/greenbone-security-assistant/files/gsa.init b/net-analyzer/greenbone-security-assistant/files/gsa.init new file mode 100644 index 000000000000..6e625a96a25c --- /dev/null +++ b/net-analyzer/greenbone-security-assistant/files/gsa.init @@ -0,0 +1,14 @@ +#!/sbin/openrc-run +# Copyright 1999-2019 Gentoo Authors +# Distributed under the terms of the GNU General Public License v2 + +name="Greenbone Security Assistant Daemon" +command="/usr/sbin/gsad" +command_args="${OPENVAS_SECURITY_ASSISTANT_OPTIONS} ${OPENVAS_SECURITY_ASSISTANT_LISTEN_ADDRESS} ${OPENVAS_SECURITY_ASSISTANT_LISTEN_PORT} ${OPENVAS_SECURITY_ASSISTANT_MANAGER_LISTEN_ADDRESS} ${OPENVAS_SECURITY_ASSISTANT_MANAGER_LISTEN_PORT} ${OPENVAS_SECURITY_ASSISTANT_GNUTLS_PRIORITIES}" +pidfile="/var/run/gsad.pid" +command_background="true" + +depend() { + after bootmisc + need localmount net openvas-scanner gvmd +} diff --git a/net-analyzer/greenbone-security-assistant/files/gsa.logrotate b/net-analyzer/greenbone-security-assistant/files/gsa.logrotate new file mode 100644 index 000000000000..79e54e854319 --- /dev/null +++ b/net-analyzer/greenbone-security-assistant/files/gsa.logrotate @@ -0,0 +1,9 @@ +# logrotate for openvas security agent +/var/log/openvas/gsad.log { + daily + rotate 7 + compress + missingok + notifempty + sharedscripts +} diff --git a/net-analyzer/greenbone-security-assistant/files/gsa.nginx.reverse.proxy.example b/net-analyzer/greenbone-security-assistant/files/gsa.nginx.reverse.proxy.example new file mode 100644 index 000000000000..b233911a2f1d --- /dev/null +++ b/net-analyzer/greenbone-security-assistant/files/gsa.nginx.reverse.proxy.example @@ -0,0 +1,78 @@ +upstream backend { + server 127.0.0.1:9392; + keepalive 64; +} + +server { + listen IP:80; + server_name openvas.domain.tdl; + return 301 https://openvas.domain.tdl$request_uri; +} + +server { + listen IP:443 ssl http2; + server_name openvas.domain.tdl; + access_log /var/log/nginx/openvas.domain.tdl.access.log; + error_log /var/log/nginx/openvas.domain.tdl.error.log; + # Not sourcing directly from file + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + fastcgi_param QUERY_STRING $query_string; + fastcgi_param REQUEST_METHOD $request_method; + fastcgi_param CONTENT_TYPE $content_type; + fastcgi_param CONTENT_LENGTH $content_length; + fastcgi_param SCRIPT_NAME $fastcgi_script_name; + fastcgi_param REQUEST_URI $request_uri; + fastcgi_param DOCUMENT_URI $document_uri; + fastcgi_param SERVER_PROTOCOL $server_protocol; + fastcgi_param REQUEST_SCHEME $scheme; + fastcgi_param HTTPS $https; + fastcgi_param GATEWAY_INTERFACE CGI/1.1; + fastcgi_param SERVER_SOFTWARE nginx/$nginx_version; + fastcgi_param REMOTE_ADDR $remote_addr; + fastcgi_param REMOTE_PORT $remote_port; + fastcgi_param SERVER_ADDR $server_addr; + fastcgi_param SERVER_PORT $server_port; + fastcgi_param SERVER_NAME $server_name; + fastcgi_param REDIRECT_STATUS 200; + fastcgi_param HTTP_PROXY ""; + fastcgi_param PATH_INFO $fastcgi_path_info; + fastcgi_param PATH_TRANSLATED $document_root$fastcgi_path_info; + fastcgi_param DOCUMENT_ROOT $document_root; + + location / { + proxy_set_header Host $http_host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header REMOTE_HOST $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-FORWARDED-PROTOCOL $scheme; + proxy_pass https://backend; + proxy_http_version 1.1; + proxy_pass_request_headers on; + proxy_set_header Connection "keep-alive"; + proxy_store off; + gzip on; + gzip_proxied any; + gzip_types *; + } + + resolver 127.0.0.1; + resolver_timeout 6s; + ssl_certificate /openvas.domain.tdl/fullchain.pem; + ssl_certificate_key /openvas.domain.tdl/privkey.pem; + ssl_trusted_certificate /openvas.domain.tdl/chain.pem; + ssl_dhparam /openvas.domain.tdl/dhparam.pem; + ssl_protocols TLSv1 TLSv1.1 TLSv1.2; + ssl_prefer_server_ciphers on; + ssl_ciphers ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES256-SHA:ECDHE-ECDSA-DES-CBC3-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:DES-CBC3-SHA:!DSS; + ssl_ecdh_curve secp384r1; + ssl_stapling on; + ssl_stapling_verify on; + ssl_session_cache shared:SSL:40m; + ssl_session_timeout 21h; + ssl_session_tickets off; + ssl_buffer_size 4k; + add_header Referrer-Policy no-referrer-when-downgrade; + add_header X-Frame-Options "SAMEORIGIN"; + add_header X-Content-Type-Options "nosniff"; + add_header X-XSS-Protection "1; mode=block"; +} diff --git a/net-analyzer/greenbone-security-assistant/files/gsa.service b/net-analyzer/greenbone-security-assistant/files/gsa.service new file mode 100644 index 000000000000..3d0f2d37a45e --- /dev/null +++ b/net-analyzer/greenbone-security-assistant/files/gsa.service @@ -0,0 +1,19 @@ +[Unit] +Description=OpenVAS Manager +After=network.target +After=openvas-scanner.service +After=gvmd.service +Wants=gvmd.service + +[Service] +Type=forking +EnvironmentFile=-/etc/openvas/sysconfig/gsa-daemon.conf +ExecStart=/usr/sbin/gsad $OPENVAS_SECURITY_ASSISTANT_OPTIONS $OPENVAS_SECURITY_ASSISTANT_LISTEN_ADDRESS $OPENVAS_SECURITY_ASSISTANT_LISTEN_PORT $OPENVAS_SECURITY_ASSISTANT_MANAGER_LISTEN_ADDRESS $OPENVAS_SECURITY_ASSISTANT_MANAGER_LISTEN_PORT $OPENVAS_SECURITY_ASSISTANT_GNUTLS_PRIORITIES +ExecReload=/bin/kill -HUP $MAINPID +KillMode=mixed +User=root +Group=root +TimeoutSec=1200 + +[Install] +WantedBy=multi-user.target diff --git a/net-analyzer/greenbone-security-assistant/files/gsa.tmpfiles.d b/net-analyzer/greenbone-security-assistant/files/gsa.tmpfiles.d new file mode 100644 index 000000000000..18e820caec1b --- /dev/null +++ b/net-analyzer/greenbone-security-assistant/files/gsa.tmpfiles.d @@ -0,0 +1 @@ +d /var/cache/openvassd 0775 diff --git a/net-analyzer/greenbone-security-assistant/greenbone-security-assistant-7.0.3.ebuild b/net-analyzer/greenbone-security-assistant/greenbone-security-assistant-7.0.3.ebuild new file mode 100644 index 000000000000..c58b1ab920e2 --- /dev/null +++ b/net-analyzer/greenbone-security-assistant/greenbone-security-assistant-7.0.3.ebuild @@ -0,0 +1,92 @@ +# Copyright 1999-2019 Gentoo Authors +# Distributed under the terms of the GNU General Public License v2 + +EAPI=7 + +CMAKE_MAKEFILE_GENERATOR="emake" +inherit cmake-utils systemd +MY_PN="gsa" + +DESCRIPTION="Greenbone Security Assistant for OpenVAS" +HOMEPAGE="http://www.openvas.org/" +SRC_URI="https://github.com/greenbone/${MY_PN}/archive/v${PV}.tar.gz -> ${P}.tar.gz" + +SLOT="0" +LICENSE="GPL-2+ BSD MIT" +KEYWORDS="~amd64 ~x86" +IUSE="extras" + +DEPEND=" + dev-libs/libgcrypt:0= + dev-libs/libxml2:2 + dev-libs/libxslt + >=net-analyzer/openvas-libraries-9.0.3 + net-libs/gnutls:=[tools] + net-libs/libmicrohttpd[messages] + extras? ( dev-python/polib )" + +RDEPEND=" + ${DEPEND} + >=net-analyzer/openvas-scanner-5.1.3 + >=net-analyzer/openvas-manager-7.0.3 + extras? ( dev-texlive/texlive-latexextra )" + +BDEPEND=" + virtual/pkgconfig + extras? ( app-doc/doxygen[dot] + app-doc/xmltoman + app-text/htmldoc + sys-devel/gettext + )" + +BUILD_DIR="${WORKDIR}/${MY_PN}-${PV}_build" +S="${WORKDIR}/${MY_PN}-${PV}" + +PATCHES=( + "${FILESDIR}/${P}-memleak.patch" + "${FILESDIR}/${P}-auth.patch" +) + +src_prepare() { + cmake-utils_src_prepare + if use extras; then + doxygen -u "$S"/doc/Doxyfile_full.in || die + fi +} + +src_configure() { + local mycmakeargs=( + "-DCMAKE_INSTALL_PREFIX=${EPREFIX}/usr" + "-DLOCALSTATEDIR=${EPREFIX}/var" + "-DSYSCONFDIR=${EPREFIX}/etc" + ) + cmake-utils_src_configure +} + +src_compile() { + cmake-utils_src_compile + if use extras; then + cmake-utils_src_make -C "${BUILD_DIR}" doc + cmake-utils_src_make doc-full -C "${BUILD_DIR}" doc + HTML_DOCS=( "${BUILD_DIR}"/doc/generated/html/. ) + fi +} + +src_install() { + cmake-utils_src_install + + insinto /etc/openvas/sysconfig + doins "${FILESDIR}"/${MY_PN}-daemon.conf + + insinto /etc/openvas/reverse-proxy + doins "${FILESDIR}"/gsa.nginx.reverse.proxy.example + + newinitd "${FILESDIR}/${MY_PN}.init" ${MY_PN} + newconfd "${FILESDIR}/${MY_PN}-daemon.conf" ${MY_PN} + + insinto /etc/logrotate.d + newins "${FILESDIR}/${MY_PN}.logrotate" ${MY_PN} + + systemd_newtmpfilesd "${FILESDIR}/${MY_PN}.tmpfiles.d" ${MY_PN}.conf + systemd_dounit "${FILESDIR}"/${MY_PN}.service +} diff --git a/net-analyzer/greenbone-security-assistant/metadata.xml b/net-analyzer/greenbone-security-assistant/metadata.xml index 6f49eba8f496..6a3196eff3b2 100644 --- a/net-analyzer/greenbone-security-assistant/metadata.xml +++ b/net-analyzer/greenbone-security-assistant/metadata.xml @@ -1,5 +1,15 @@ <?xml version="1.0" encoding="UTF-8"?> <!DOCTYPE pkgmetadata SYSTEM "http://www.gentoo.org/dtd/metadata.dtd"> <pkgmetadata> -<!-- maintainer-needed --> + <maintainer type="person"> + <email>hasan.calisir@psauxit.com</email> + <name>Hasan ÇALIŞIR</name> + </maintainer> + <maintainer type="project"> + <email>proxy-maint@gentoo.org</email> + <name>Proxy Maintainers</name> + </maintainer> + <use> + <flag name="extras">Pdf results, extra fonts, html docs support</flag> + </use> </pkgmetadata> |