diff options
author | V3n3RiX <venerix@redcorelinux.org> | 2019-11-03 16:06:58 +0000 |
---|---|---|
committer | V3n3RiX <venerix@redcorelinux.org> | 2019-11-03 16:06:58 +0000 |
commit | bd4aeefe33e63f613512604e47bfca7b2187697d (patch) | |
tree | adb35b5a9a00ee7ea591ab0c987f70167c23b597 /net-analyzer/openvas-scanner | |
parent | 48ece6662cbd443015f5a57ae6d8cbdbd69ef37c (diff) |
gentoo resync : 03.11.2019
Diffstat (limited to 'net-analyzer/openvas-scanner')
11 files changed, 409 insertions, 1 deletions
diff --git a/net-analyzer/openvas-scanner/Manifest b/net-analyzer/openvas-scanner/Manifest index c6890335a0ce..184c0e4075bb 100644 --- a/net-analyzer/openvas-scanner/Manifest +++ b/net-analyzer/openvas-scanner/Manifest @@ -1,13 +1,23 @@ +AUX gvm-feed-sync.cron 98 BLAKE2B d0af35e85c0c84e6d848de26fbf3f03e8a7473cea9d46c513fbb0d46f1664a516c334221773309d4f9682187a0f46a447320772d52c9826cc8525df26d0b2c38 SHA512 06526d33017c83c7342d9c356fb80e22f7a145bf8cae9bd49a7c74ae5854f7248b2b3609bc0f423b7a3babaad59a4b92ba14873f7f4e20e4cd5af7eb9c01c5d0 +AUX gvm-feed-sync.sh 1037 BLAKE2B 6ef8a375a06c0ce5a6181ee26eccdfaba09a5d935c56b98bed4435fdaee6b068f8cf87889789d4108361c6c2e83fa1979d533519c47f0d621f63423c43aa96a9 SHA512 a2abb96e268c8d7f74f61cc509730e4949894fe4225b22cb0f9d4fe2b215da70cc96c79405f59f3b05e290a45de2eeeb5d5ecf632cb23da80dd2102d4900b78a AUX openvas-scanner-5.1.3-cachedir.patch 1605 BLAKE2B d5e54d1196000fe9f8a65efcf3d71f3ef29af1cfff5fedbfe7cd753a731e6bd4be6c1f24534b87a2194dcfa146d156ed0ddae076e72bfd229e1e01497985d7a1 SHA512 27efb9e318137390592652db1444141910ddf7975ada760bc6914c21c4eb11e4ded1aa377c37f5c7a67dfd145ec723fd77bbdd9b8ac0af6bf317a07d54642d11 AUX openvas-scanner-5.1.3-gcc8.patch 1253 BLAKE2B ef876d70238b3b0fdaea320fdb9bcffc520bbe6762f220678a39bd99853fcabb27ed3bd44a0e02a7e1e8b93d3af530e4d4b33baaf1060c8b0589593ef5b30e8e SHA512 817e27de3b2d16bce81d3c1abbc6ced63cd6f272762ac00a8bc9ab6c5ccb765c81df1158caed58c64f897712c78fb7f0a02dcb2137dd859c3d48725e6e2699d6 AUX openvas-scanner-5.1.3-nvt.patch 2576 BLAKE2B fed6211a6c4e9f1bed4abedf218e17f0d863e59de869424398d845e479d037f96758486fc03727c14e036814c2efa4e9dab940e032507339a1b6f2f2cda4c4c6 SHA512 b3f6b8cba51fb6c6d0eab189391a848e8f33d24f3b59bcd8f48b562812b1f79a46f3b92b01a8f231a765616fde6c0b37634f9845a5e4ba453c4aeeafed0ce8c1 +AUX openvas-scanner-6.0.1-sbin.patch 716 BLAKE2B 41883486bfa0cb27c4a05ae7290b69227b166c9179546434aece15d1aa2b380f6f9da9afdbfb684ffc68a93f4dd63093b7ce2308d67ca8f806d2cd8e12433819 SHA512 66e2a99f6c7a6d0053bbb4fa797818681983a07ad66814ae0c577b27b37d41054f6241ddd3c017a0928eddef3f2d342480b4a668402c68d28bbf48c357e65b05 AUX openvas-scanner-daemon.conf 176 BLAKE2B 9e0a248736617d3d0a163f3586db92da4a5f273b354a472977b411d29ace507977228407a57cf11378af6ce95275a3d72518ba1b069bdc7293c2fe20d7e29e0b SHA512 3b5dcae3d2770769e627e28064e73746f9ad22aca5c9927e04583bfc3907fa538c2010bd0e5de3737979cede63d44175a645adb55391a5e2a71e96e6d31dd1f9 AUX openvas-scanner.init 620 BLAKE2B a32349eed21d71e4968ee09fdff007aab532943e093e6b1aed9c26c474c2ab419dc5eb2e382300be85d6d34c57a521b3ac67dc1a44dd3c8045bd94aac19ea6e4 SHA512 e77c5e383504817e9ab0a98517f3e5553458b482f576f1f1965d26c5808ec7f2eac836dff0248f0f6be8dfb22aa188232c9df85af4104cc5730ad587dd52a2b0 AUX openvas-scanner.logrotate 222 BLAKE2B 264e3b0fa47f7d933ee1f9c5d120e267a8387df8c8e5cfb8b09b23d28b983c666684430dc9aa389938dac71bef69480d74ab24fd393134ed33d9a3518314c91e SHA512 1c8b50626de9bcd7d26323d82d28ae4d25f5ce0382cfb0b16b91e58e75c05f565c7cdf19fe441647b5cd3c2ebc312b171eb6fa22c310fac1f76a0629544f030c AUX openvas-scanner.service 455 BLAKE2B be6f94c3d383ea1c647effc462aeddac384e4c2507a9f1145d4dc39badcb810cbca7d4c8eba74e64942d2a5895b058cad7ac3fdcfaa4c5de7335cefcb70db366 SHA512 108a13b9cbbb86acc99a4271fa5b1a051022e42f30866bd490ae606c1ffac202c61aa5bf5a1f7ee10b276484135f8f868625debbb142a802c0ff2a4c011a8206 AUX openvas-scanner.tmpfiles.d 28 BLAKE2B b9343651fc4923451b02a5f72cad7da95e4d790a7b77eb72ca239588568a5d2b88cad1f9f698ad61403c332a44005989e8d6e67ff1ad06cab26abdf67f8d8621 SHA512 b5d98625495353d32bdcaecf5499e2cbe3a8b1a84b067018b61f2ce6e110b0e3a14a061e8791c08891a7058976555a2c7971b48c90f690605129deb457b7b754 +AUX openvassd-daemon.conf 394 BLAKE2B 9dd55e29004d6d55f0cd44568b3b22aab21cb4ed88969934e5b1905cdfb05017843ee46f59297f8cba5d7b9db35a0b9c906d1f00075c4361d57e039d7d0cf601 SHA512 c8076ecaa04824e45d7b9b90e63c530d8bbcec6ca22b4ac4d3f2b661f05b8a684f6bef340f9f4524a311c19efa85013199f2de5088efe799969bde301ebe1e82 AUX openvassd.conf 1288 BLAKE2B d1ae7db928d797014e0382d8be3a08793efbcaa3663629c0d1c6c2d871ccf16588605fa4be21d71556893092b21ecfef72c31d40411d35dd97f8652eca6232c0 SHA512 5bb499fcd03aac4de981a64a17fa760b29b1f83d0afcdb73cdfdeb0f492b02bc383d32544fd133c6b953e73ea9ff0dc042e8dba76c22def3ee00d6f3bdd980b8 +AUX openvassd.gvm.conf 3577 BLAKE2B dd7452f0c9e63e431cf03553e221f802f7f7463ba36ad64fe18db12a44c3e7c0c4ded80cf4b7ab346a877e95271e5b10b7811d431be533eea2bb98eab53a9cee SHA512 dde7b0fe72e5dd551afdd3817562d785c95a03bbc109465490d65f81dc02a546e9d499a0c937828d2e38d357b9a7deadde12b2408307ea02a47c651c9fff4181 +AUX openvassd.init 480 BLAKE2B 28dfdabe7935ce55615fb36e6ddae3c36c84793ba01f6d3c92274a2fea1e44efe3f96bd3e7016740f4dcabff034173b541058d18f99081bd232a098a56d8e572 SHA512 1b0f13ab77f332708e9efb9cad06c47e61e47f68597c797e3f5140a921acaa2b856c10003938f737a20b534caaee7d3bb446d427373d8be8ef3fe7c83ee11b82 +AUX openvassd.logrotate 330 BLAKE2B faf900a6882bb23c29859080d0c140c9dde8dcab42f31c31bfd43342beedab0bfe711f4e918aba5c7f8e5bb91430e251e270d0bc2e6f49e84ce98cdbbfe6d023 SHA512 397c9fd0d63ab66b463f65b6d235ec3e4e6ca52a3c811ddd4efcaeffc05fed8f9cd97605f439a628c144ecc1cfcfd31290d2a9dc6e57e8197d063b4aee63d73b +AUX openvassd.service 472 BLAKE2B 528c25dbc32cd742753eb6b155a9221f0adde0e792b1e7af376b714831bcc210a228f5a87089f449f6f0e808f46f45d40fd68d9caed44530d57d99c37dbb8b0d SHA512 3497382e6540ddc341cf17e63f1c8d2250249bb51f8dbe379d48c1f90e81d00fdf03349a4dd08c6c6c2dc7336b385fa892b316ff2315a623952d8a2db33681bd AUX redis.conf.example 1351 BLAKE2B ad1a99404360b76144944793b2994554799bcc6624abce68524773b7f748075b8bcec79dcf94d2f400132a424a5147a3675d67f48d23a46e28a6afdca83e50a3 SHA512 b5024c26696f49e5d453cef7a0e3838a3fa557b2339a250f95d5367a30564b8a62733c86901ae000f62e916d73162188fbca1c56ed3a078dd99e8e8db1cc2c64 DIST openvas-scanner-5.1.3.tar.gz 254159 BLAKE2B d90fa15e143ead53abce66f933a3a4cac327176cca0f23bd88fe771ed7726b1891784ae980644c8335e560d348753115e43cfae83af9704e2d1d02827163563f SHA512 5712ab275058877cfd656e268ed09c81db6617ae247c17092f1fcd037f692f2018daf21b09b82401f99a7361bb485f0e0f7d63f8ff2387839cfdd5a3aaf8424e +DIST openvas-scanner-6.0.1.tar.gz 522100 BLAKE2B af82b41736329bd90ba1ea73a0ace36d4115375f81a7aaff5d3bd50f21cfa3195cdf4012aa952da52c4103a31475de5c5790ef3e2e36180aa06737371fa0e5a0 SHA512 db4087fffe1d50e232fa1e51325cf7f142237e2bd3cc5dcaa1e7058a4871300f352f2c0e700eae72ea9412c347b072e9d1f2eca508b27cb30f36c6895ec95147 EBUILD openvas-scanner-5.1.3.ebuild 2142 BLAKE2B 5984c99659d1a41c3739a1de5077f5ca8dd25c668e97c7a1f59a6efceb95fed25daceb8c8f6b5971c842e016d1843dff8527d253d1347ea0d91a67d633c2d859 SHA512 d66a67f3803c071f20e6a1c9132ca771e9286f9c6446e781b6077323ae32417d2061169543c34de91f3a9ca1ec7a4bfaf9472aead66b983a46d163ea88137480 -MISC metadata.xml 435 BLAKE2B 4d40c4dcffe9bfd81d1c1b517b4e6d6e1e658f9d6be65f8ad962ecbbee78bf0cc6bbb5805f2e056375c7371697a453453f8eeae40bae1bdf890be8f3e23ccfbc SHA512 fc802728917b8ebc3c43e3c35ce1fa7b8aa30d89d60abcfcd82eb6baf0152d02384b2e336664942bd89c3ed27a418f37a13699b68a424f36645c51c1310a6e16 +EBUILD openvas-scanner-6.0.1.ebuild 3324 BLAKE2B bc10da8ad9cdef4cc124f0e50879c07120a49cff1ea37d7b99462209104e1a252dc1808033cb1c69bc8010b4cf7620aef3852c9bbae424f90673892042240ad9 SHA512 7d6daa1c624ce54f5b5d683d764d972648289d4837b2f927ad9d39c5fd9149b3db4c267cb2b0d6d3032d4419d57a9881f34ef97ee66f2aefe9f2a1a1f088b1a9 +MISC metadata.xml 951 BLAKE2B 195ec0e9becddea6e9c08103473e7d26670d9fa766ed470a37f85d25a79d771654ec0305fe242d240e1255636657d086eb908f12e94fe934c7b7c66a59af7e50 SHA512 577b533837640c4131ca305e047dd6bbfc5456d19afcd91a71a8fd6b4c6cb4a464f346ac140b7e9505b2a5a4302d281616d762bc11eb123993d507cd0129b8a1 diff --git a/net-analyzer/openvas-scanner/files/gvm-feed-sync.cron b/net-analyzer/openvas-scanner/files/gvm-feed-sync.cron new file mode 100644 index 000000000000..5563b92929b1 --- /dev/null +++ b/net-analyzer/openvas-scanner/files/gvm-feed-sync.cron @@ -0,0 +1 @@ +0 2 * * * gvm [ -x /etc/gvm/gvm-feed-sync.sh ] && /bin/bash /etc/gvm/gvm-feed-sync.sh > /dev/null diff --git a/net-analyzer/openvas-scanner/files/gvm-feed-sync.sh b/net-analyzer/openvas-scanner/files/gvm-feed-sync.sh new file mode 100644 index 000000000000..ba21632a4d6c --- /dev/null +++ b/net-analyzer/openvas-scanner/files/gvm-feed-sync.sh @@ -0,0 +1,45 @@ +#!/bin/sh +# Copyright 1999-2019 Gentoo Authors +# Distributed under the terms of the GNU General Public License v2 +# GVM cron script that updates feed. + +# Start to update FEED & First NVT. +try=0 +until [ $try -ge 5 ]; do + greenbone-nvt-sync --curl &>/dev/null && break + try=$[$try+1] + sleep 30 +done + +# Check status +if [ $? -eq 0 ]; then + # Avoid your IP temporary banned because of multiple connection + sleep 5 + # Try to update scapdata. + try=0 + until [ $try -ge 5 ]; do + greenbone-scapdata-sync &>/dev/null && break + try=$[$try+1] + sleep 30 + done + + # Check status + if [ $? -eq 0 ]; then + # Avoid your IP temporary banned because of multiple connection + sleep 5 + # Try to update certdata + try=0 + until [ $try -ge 5 ]; do + greenbone-certdata-sync &>/dev/null && break + try=$[$try+1] + sleep 30 + done + + # Check status + if [ $? -eq 0 ]; then + exit 0 + else + exit 1 + fi + fi +fi diff --git a/net-analyzer/openvas-scanner/files/openvas-scanner-6.0.1-sbin.patch b/net-analyzer/openvas-scanner/files/openvas-scanner-6.0.1-sbin.patch new file mode 100644 index 000000000000..d5b8a2a6b62f --- /dev/null +++ b/net-analyzer/openvas-scanner/files/openvas-scanner-6.0.1-sbin.patch @@ -0,0 +1,21 @@ +--- a/src/CMakeLists.txt 2019-07-21 23:16:18.608251465 +0300 ++++ b/src/CMakeLists.txt 2019-07-21 23:17:08.434210058 +0300 +@@ -175,7 +175,7 @@ + ## Install + + install (TARGETS openvassd +- RUNTIME DESTINATION ${SBINDIR} ++ RUNTIME DESTINATION ${BINDIR} + PERMISSIONS OWNER_EXECUTE OWNER_READ OWNER_WRITE + GROUP_READ GROUP_EXECUTE WORLD_READ WORLD_EXECUTE) + +@@ -183,7 +183,7 @@ + DESTINATION ${OPENVAS_SYSCONF_DIR}) + + install (FILES ${CMAKE_BINARY_DIR}/tools/greenbone-nvt-sync +- DESTINATION ${SBINDIR} ++ DESTINATION ${BINDIR} + PERMISSIONS OWNER_EXECUTE OWNER_READ OWNER_WRITE + GROUP_READ GROUP_EXECUTE WORLD_READ WORLD_EXECUTE) + + diff --git a/net-analyzer/openvas-scanner/files/openvassd-daemon.conf b/net-analyzer/openvas-scanner/files/openvassd-daemon.conf new file mode 100644 index 000000000000..6bb70d165355 --- /dev/null +++ b/net-analyzer/openvas-scanner/files/openvassd-daemon.conf @@ -0,0 +1,17 @@ +# OpenVAS Scanner command args + +# e.g --foreground +OPENVAS_SCANNER_OPTIONS="" + +# Scanner listen socket +OPENVAS_SCANNER_LISTEN_SOCKET="--unix-socket=/var/run/openvassd.sock" + +# Scanner listen owner +OPENVAS_SCANNER_LISTEN_OWNER="--listen-owner=gvm" + +# Scanner listen group +OPENVAS_SCANNER_LISTEN_GROUP="--listen-group=gvm" + +# Scanner listen mode +OPENVAS_SCANNER_LISTEN_MODE="--listen-mode=755" + diff --git a/net-analyzer/openvas-scanner/files/openvassd.gvm.conf b/net-analyzer/openvas-scanner/files/openvassd.gvm.conf new file mode 100644 index 000000000000..5dfb8b527454 --- /dev/null +++ b/net-analyzer/openvas-scanner/files/openvassd.gvm.conf @@ -0,0 +1,124 @@ +# You can get detailed informations from https://linux.die.net/man/8/openvassd +# Configuration file of the OpenVAS Security Scanner +# Every line starting with a '#' is a comment + +[Misc] + +# Path to the security checks folder: +plugins_folder = /var/lib/openvas/plugins + +# Path to OpenVAS caching folder: +cache_folder = /var/cache/openvas + +# Path to OpenVAS include directories: +# (multiple entries are separated with colon ':') +include_folders = /var/lib/openvas/plugins + +# Config File +config_file = /etc/openvas/openvassd.conf + +# Maximum number of simultaneous hosts tested : +max_hosts = 30 + +# Maximum number of simultaneous checks against each host tested : +max_checks = 10 + +# Niceness. If set to 'yes', openvassd will renice itself to 10. +be_nice = no + +# Log file (or 'syslog') : +logfile = /var/log/gvm/openvassd.log + +# Shall we log every details of the attack ? (disk intensive) +log_whole_attack = no + +# Log the name of the plugins that are loaded by the server ? +log_plugins_name_at_load = no + +# Dump file for debugging output, use `-' for stdout +dumpfile = /var/log/gvm/openvassd.dump + +# Rules file : +rules = /etc/openvas/openvassd.rules + +# CGI paths to check for (cgi-bin:/cgi-aws:/ can do) +cgi_path = /cgi-bin:/scripts + +# Range of the ports the port scanners will scan : +# 'default' means that OpenVAS will scan ports found in its +# services file. +port_range = default + +# Optimize the test (recommended) : +# Turn off for push hard but increase false positive and slow down scans +optimize_test = yes + +# Optimization : +# Read timeout for the sockets of the tests : +checks_read_timeout = 5 + +# Ports against which two plugins should not be run simultaneously : +# non_simult_ports = Services/www, 139, Services/finger +non_simult_ports = 139, 445 + +# Maximum lifetime of a plugin (in seconds) : +plugins_timeout = 320 + +# Safe checks rely on banner grabbing & If enabled push harder to target: +safe_checks = yes + +# Automatically activate the plugins that are depended on +auto_enable_dependencies = yes + +# Do not echo data from plugins which have been automatically enabled +silent_dependencies = no + +# Designate hosts by MAC address, not IP address (useful for DHCP networks) +use_mac_addr = no + + +#--- Knowledge base saving (can be configured by the client) : +# Save the knowledge base on disk : +save_knowledge_base = no + +# Restore the KB for each test : +kb_restore = no + +# Only test hosts whose KB we do not have : +only_test_hosts_whose_kb_we_dont_have = no + +# Only test hosts whose KB we already have : +only_test_hosts_whose_kb_we_have = no + +# KB test replay : +kb_dont_replay_scanners = no +kb_dont_replay_info_gathering = no +kb_dont_replay_attacks = no +kb_dont_replay_denials = no +kb_max_age = 864000 +#--- end of the KB section + +# Redis socket default setting +db_address = /tmp/redis.sock + +# If this option is set, OpenVAS will not scan a network incrementally +# (10.0.0.1, then 10.0.0.2, 10.0.0.3 and so on..) but will attempt to +# slice the workload throughout the whole network (ie: it will scan +# 10.0.0.1, then 10.0.0.127, then 10.0.0.2, then 10.0.0.128 and so on... +slice_network_addresses = no + +# Should consider all the NASL scripts as being signed ? (unsafe if set to 'yes') +nasl_no_signature_check = yes + +#Certificates +cert_file=/var/lib/gvm/CA/servercert.pem +key_file=/var/lib/gvm/private/CA/serverkey.pem +ca_file=/var/lib/gvm/CA/cacert.pem + +# If you decide to protect your private key with a password, +# uncomment and change next line +# pem_password=password +# If you want to force the use of a client certificate, uncomment next line +# force_pubkey_auth = yes + +#end. diff --git a/net-analyzer/openvas-scanner/files/openvassd.init b/net-analyzer/openvas-scanner/files/openvassd.init new file mode 100644 index 000000000000..9bd7332134fc --- /dev/null +++ b/net-analyzer/openvas-scanner/files/openvassd.init @@ -0,0 +1,14 @@ +#!/sbin/openrc-run +# Copyright 1999-2019 Gentoo Authors +# Distributed under the terms of the GNU General Public License v2 + +name="Open Vulnerability Assessment Scanner" +command="/usr/bin/openvassd" +command_args="${OPENVAS_SCANNER_OPTIONS} ${OPENVAS_SCANNER_LISTEN_SOCKET} ${OPENVAS_SCANNER_LISTEN_OWNER} ${OPENVAS_SCANNER_LISTEN_GROUP} ${OPENVAS_SCANNER_LISTEN_MODE}" +pidfile="/run/openvassd.pid" +command_background="true" + +depend() { + after bootmisc + need localmount net redis +} diff --git a/net-analyzer/openvas-scanner/files/openvassd.logrotate b/net-analyzer/openvas-scanner/files/openvassd.logrotate new file mode 100644 index 000000000000..9cf47d54763d --- /dev/null +++ b/net-analyzer/openvas-scanner/files/openvassd.logrotate @@ -0,0 +1,13 @@ +# Copyright 1999-2019 Gentoo Authors +# Distributed under the terms of the GNU General Public License v2 +# Daemon ignore HUP so we use 'copytruncate' instead of 'create' +# with safe file size to prevent losing log entries. + +/var/log/gvm/openvassd.log { + compress + missingok + notifempty + sharedscripts + copytruncate + maxsize 10M +} diff --git a/net-analyzer/openvas-scanner/files/openvassd.service b/net-analyzer/openvas-scanner/files/openvassd.service new file mode 100644 index 000000000000..b7d7df8bbab0 --- /dev/null +++ b/net-analyzer/openvas-scanner/files/openvassd.service @@ -0,0 +1,16 @@ +[Unit] +Description=Open Vulnerability Assessment Scanner +After=network.target +After=redis.service +Before=gvmd.service +Requires=redis.service + +[Service] +Type=forking +EnvironmentFile=-/etc/openvas/sysconfig/openvassd-daemon.conf +ExecStart=/usr/bin/openvassd $OPENVAS_SCANNER_OPTIONS $OPENVAS_SCANNER_LISTEN_SOCKET $OPENVAS_SCANNER_LISTEN_OWNER $OPENVAS_SCANNER_LISTEN_GROUP $OPENVAS_SCANNER_LISTEN_MODE +Restart=on-failure +RestartSec=10 + +[Install] +WantedBy=multi-user.target diff --git a/net-analyzer/openvas-scanner/metadata.xml b/net-analyzer/openvas-scanner/metadata.xml index fa26aa942e17..50c99b9436cc 100644 --- a/net-analyzer/openvas-scanner/metadata.xml +++ b/net-analyzer/openvas-scanner/metadata.xml @@ -10,6 +10,15 @@ <name>Proxy Maintainers</name> </maintainer> <use> + <flag name="cron">Install a cron job to update GVM's feed daily.</flag> <flag name="extras">Html docs support</flag> </use> + <longdescription lang="en"> + Open Vulnerability Assessment System (OpenVAS) Scanner is the Greenbone Vulnerability Management (GVM) Solution. + It is used for the Greenbone Security Manager appliances and is a full-featured scan engine that executes a continuously + updated and extended feed of Network Vulnerability Tests (NVTs). + </longdescription> + <upstream> + <remote-id type="github">greenbone/openvas-scanner</remote-id> + </upstream> </pkgmetadata> diff --git a/net-analyzer/openvas-scanner/openvas-scanner-6.0.1.ebuild b/net-analyzer/openvas-scanner/openvas-scanner-6.0.1.ebuild new file mode 100644 index 000000000000..1700d9421816 --- /dev/null +++ b/net-analyzer/openvas-scanner/openvas-scanner-6.0.1.ebuild @@ -0,0 +1,138 @@ +# Copyright 1999-2019 Gentoo Authors +# Distributed under the terms of the GNU General Public License v2 + +EAPI=7 + +CMAKE_MAKEFILE_GENERATOR="emake" +inherit cmake-utils flag-o-matic systemd toolchain-funcs + +MY_PN="openvas" +MY_DN="openvassd" + +DESCRIPTION="Open Vulnerability Assessment Scanner" +HOMEPAGE="https://www.greenbone.net/en/" +SRC_URI="https://github.com/greenbone/openvas-scanner/archive/v${PV}.tar.gz -> ${P}.tar.gz" + +SLOT="0" +LICENSE="GPL-2 GPL-2+" +KEYWORDS="~amd64 ~x86" +IUSE="cron extras" + +DEPEND=" + app-crypt/gpgme:= + dev-db/redis + dev-libs/libgcrypt:= + dev-libs/libksba + >=net-analyzer/gvm-libs-10.0.1 + net-analyzer/net-snmp + net-libs/gnutls:= + net-libs/libpcap + net-libs/libssh:= +" + +RDEPEND=" + ${DEPEND} + !~net-analyzer/openvas-scanner-5.1.3 + !net-analyzer/openvas-tools" + +BDEPEND=" + sys-devel/bison + sys-devel/flex + virtual/pkgconfig + extras? ( app-doc/doxygen[dot] + app-doc/xmltoman + app-text/htmldoc + dev-perl/CGI + dev-perl/SQL-Translator + )" + +BUILD_DIR="${WORKDIR}/${MY_PN}-${PV}_build" +S="${WORKDIR}/${MY_PN}-${PV}" + +PATCHES=( + # Install exec. to /usr/bin instead of /usr/sbin + "${FILESDIR}/${P}-sbin.patch" +) + +src_prepare() { + cmake-utils_src_prepare + # QA-Fix | Correct FHS/Gentoo policy paths for 6.0.1 + sed -i -e "s*/doc/openvas-scanner/*/doc/openvas-scanner-${PV}/*g" "$S"/src/CMakeLists.txt || die + # QA-Fix | Remove !CLANG doxygen warnings for 6.0.1 + if use extras; then + if ! tc-is-clang; then + local f + for f in doc/*.in + do + sed -i \ + -e "s*CLANG_ASSISTED_PARSING = NO*#CLANG_ASSISTED_PARSING = NO*g" \ + -e "s*CLANG_OPTIONS*#CLANG_OPTIONS*g" \ + "${f}" || die "couldn't disable CLANG parsing" + done + fi + fi +} + +src_configure() { + local mycmakeargs=( + "-DCMAKE_INSTALL_PREFIX=${EPREFIX}/usr" + "-DLOCALSTATEDIR=${EPREFIX}/var" + "-DSYSCONFDIR=${EPREFIX}/etc" + ) + # Add release hardening flags for 6.0.1 + append-cflags -Wno-format-truncation -Wformat -Wformat-security -D_FORTIFY_SOURCE=2 -fstack-protector + append-ldflags -Wl,-z,relro -Wl,-z,now + cmake-utils_src_configure +} + +src_compile() { + cmake-utils_src_compile + if use extras; then + cmake-utils_src_make -C "${BUILD_DIR}" doc + cmake-utils_src_make doc-full -C "${BUILD_DIR}" doc + HTML_DOCS=( "${BUILD_DIR}"/doc/generated/html/. ) + fi + cmake-utils_src_make rebuild_cache +} + +src_install() { + cmake-utils_src_install + + dodir /etc/openvas + insinto /etc/openvas + newins "${FILESDIR}/${MY_DN}.gvm.conf" openvassd.conf + + insinto /etc/openvas + doins "${FILESDIR}"/redis.conf.example + + dodir /etc/openvas/sysconfig + insinto /etc/openvas/sysconfig + doins "${FILESDIR}/${MY_DN}-daemon.conf" + + if use cron; then + # Install the cron job if they want it. + exeinto /etc/gvm + doexe "${FILESDIR}/gvm-feed-sync.sh" + fowners gvm:gvm /etc/gvm/gvm-feed-sync.sh + + insinto /etc/cron.d + newins "${FILESDIR}"/gvm-feed-sync.cron gvm + fi + + fowners -R gvm:gvm /etc/openvas + + newinitd "${FILESDIR}/${MY_DN}.init" "${MY_DN}" + newconfd "${FILESDIR}/${MY_DN}-daemon.conf" "${MY_DN}" + + dodir /etc/logrotate.d + insinto /etc/logrotate.d + newins "${FILESDIR}/${MY_DN}.logrotate" "${MY_DN}" + + systemd_dounit "${FILESDIR}/${MY_DN}.service" + + # Set proper permissions on required files/directories + keepdir /var/log/gvm + fowners gvm:gvm /var/log/gvm + keepdir /var/lib/openvas/{gnupg,plugins} + fowners -R gvm:gvm /var/lib/openvas +} |