svn commit: r447483 - in head/security: greenbone-security-assistant9 greenbone-security-assistant9/files openvas8 openvas8-manager openvas8-scanner openvas8/files openvas9 openvas9-manager/files o...
Jose Alonso Cardenas Marquez
acm at FreeBSD.org
Mon Aug 7 03:48:26 UTC 2017
Author: acm
Date: Mon Aug 7 03:48:23 2017
New Revision: 447483
URL: https://svnweb.freebsd.org/changeset/ports/447483
Log:
- Fix rc scripts of OpenVAS 9 ports
- Change some entries of openvas8/files/pkg-message
- Change some entries of openvas9/files/pkg-message. It reflects socket use of
OpenVAS 9 ports.
- Fix problems into OpenVAS 9 greenbone*-sync scripts
- Add missing dependency (ftp/wget)
- Fix socket connection from openvas9-manager to openvas9-scanner
- Bump PORTREVISION
Added:
head/security/openvas9-manager/files/patch-src-scanner.c (contents, props changed)
Modified:
head/security/greenbone-security-assistant9/Makefile
head/security/greenbone-security-assistant9/files/gsad.in
head/security/openvas8-manager/Makefile
head/security/openvas8-scanner/Makefile
head/security/openvas8/Makefile
head/security/openvas8/files/pkg-message.in
head/security/openvas9-manager/files/openvasmd.in
head/security/openvas9-manager/files/patch-tools+greenbone-certdata-sync.in
head/security/openvas9-manager/files/patch-tools+greenbone-scapdata-sync.in
head/security/openvas9-scanner/Makefile
head/security/openvas9-scanner/files/openvassd.in
head/security/openvas9-scanner/files/patch-tools_greenbone-nvt-sync.in
head/security/openvas9/Makefile
head/security/openvas9/files/pkg-message.in
Modified: head/security/greenbone-security-assistant9/Makefile
==============================================================================
--- head/security/greenbone-security-assistant9/Makefile Mon Aug 7 02:38:08 2017 (r447482)
+++ head/security/greenbone-security-assistant9/Makefile Mon Aug 7 03:48:23 2017 (r447483)
@@ -2,6 +2,7 @@
PORTNAME= greenbone-security-assistant9
PORTVERSION= 7.0.2
+PORTREVISION= 2
MASTER_SITES= http://wald.intevation.org/frs/download.php/2429/
COMMENT= OpenVAS 9 web interface
Modified: head/security/greenbone-security-assistant9/files/gsad.in
==============================================================================
--- head/security/greenbone-security-assistant9/files/gsad.in Mon Aug 7 02:38:08 2017 (r447482)
+++ head/security/greenbone-security-assistant9/files/gsad.in Mon Aug 7 03:48:23 2017 (r447483)
@@ -21,7 +21,7 @@ command="%%PREFIX%%/sbin/gsad"
pidfile=/var/run/gsad.pid
: ${gsad_enable="NO"}
-: ${gsad_flags="--listen=127.0.0.1 --port=8080 --http-only"}
+: ${gsad_flags="--listen=127.0.0.1 --port=8080 --http-only --munix-socket=/var/run/openvasmd.sock"}
load_rc_config $name
run_rc_command "$1"
Modified: head/security/openvas8-manager/Makefile
==============================================================================
--- head/security/openvas8-manager/Makefile Mon Aug 7 02:38:08 2017 (r447482)
+++ head/security/openvas8-manager/Makefile Mon Aug 7 03:48:23 2017 (r447483)
@@ -2,7 +2,7 @@
PORTNAME?= openvas8-manager
PORTVERSION?= 6.0.11
-PORTREVISION= 1
+PORTREVISION= 2
CATEGORIES= security
MASTER_SITES?= http://wald.intevation.org/frs/download.php/2445/
DISTNAME= ${PORTNAME:S/${OPENVAS_VER}//}-${PORTVERSION}
@@ -19,7 +19,8 @@ LIB_DEPENDS= libgnutls.so:security/gnutls \
libgpgme.so:security/gpgme \
libgcrypt.so:security/libgcrypt \
libopenvas_base.so:security/openvas${OPENVAS_VER}-libraries
-RUN_DEPENDS:= ${BUILD_DEPENDS}
+RUN_DEPENDS:= ${BUILD_DEPENDS} \
+ wget:ftp/wget
CONFLICTS?= ${PORTNAME:S/${OPENVAS_VER}/9/}-*
Modified: head/security/openvas8-scanner/Makefile
==============================================================================
--- head/security/openvas8-scanner/Makefile Mon Aug 7 02:38:08 2017 (r447482)
+++ head/security/openvas8-scanner/Makefile Mon Aug 7 03:48:23 2017 (r447483)
@@ -3,7 +3,7 @@
PORTNAME?= openvas8-scanner
PORTVERSION?= 5.0.8
-PORTREVISION= 1
+PORTREVISION= 2
CATEGORIES= security
MASTER_SITES?= http://wald.intevation.org/frs/download.php/2436/
DISTNAME= ${PORTNAME:S/${OPENVAS_VER}//}-${PORTVERSION}
@@ -20,6 +20,7 @@ LIB_DEPENDS= libgcrypt.so:security/libgcrypt \
RUN_DEPENDS= redis-server:databases/redis \
curl:ftp/curl \
rsync:net/rsync \
+ wget:ftp/wget \
nmap:security/nmap
CONFLICTS?= ${PORTNAME:S/${OPENVAS_VER}/9/}-*
Modified: head/security/openvas8/Makefile
==============================================================================
--- head/security/openvas8/Makefile Mon Aug 7 02:38:08 2017 (r447482)
+++ head/security/openvas8/Makefile Mon Aug 7 03:48:23 2017 (r447483)
@@ -3,6 +3,7 @@
PORTNAME= openvas8
PORTVERSION= 8.0
+PORTREVISION= 1
CATEGORIES= security
MAINTAINER= acm at FreeBSD.org
Modified: head/security/openvas8/files/pkg-message.in
==============================================================================
--- head/security/openvas8/files/pkg-message.in Mon Aug 7 02:38:08 2017 (r447482)
+++ head/security/openvas8/files/pkg-message.in Mon Aug 7 03:48:23 2017 (r447483)
@@ -16,12 +16,13 @@ OpenVAS 8 ports were installed
3) The following steps are neccessary before of you can access to OpenVAS web
interface (gsad):
+ # openvassd
# openvas-mkcert
# openvas-mkcert-client -n -i
- # openvasmd --rebuild --progress
# openvas-nvt-sync
# openvas-scapdata-sync
# openvas-certdata-sync
+ # openvasmd --rebuild --progress
# openvasmd --create-user=admin --role=Admin
# openvasmd --user=admin --new-password=yourpassword
Modified: head/security/openvas9-manager/files/openvasmd.in
==============================================================================
--- head/security/openvas9-manager/files/openvasmd.in Mon Aug 7 02:38:08 2017 (r447482)
+++ head/security/openvas9-manager/files/openvasmd.in Mon Aug 7 03:48:23 2017 (r447483)
@@ -22,7 +22,7 @@ pidfile=/var/run/openvasmd.pid
extra_commands="reload"
: ${openvasmd_enable="NO"}
-: ${openvasmd_flags="--listen=127.0.0.1"}
+: ${openvasmd_flags="--unix-socket=/var/run/${name}.sock --listen=127.0.0.1"}
load_rc_config $name
run_rc_command "$1"
Added: head/security/openvas9-manager/files/patch-src-scanner.c
==============================================================================
--- /dev/null 00:00:00 1970 (empty, because file is newly added)
+++ head/security/openvas9-manager/files/patch-src-scanner.c Mon Aug 7 03:48:23 2017 (r447483)
@@ -0,0 +1,34 @@
+--- src/scanner.c 2016-11-10 04:58:06.000000000 -0500
++++ src/scanner.c 2017-08-06 21:58:23.868844000 -0500
+@@ -33,6 +33,7 @@
+ #include <assert.h>
+ #include <unistd.h>
+ #include <sys/types.h>
++#include <sys/socket.h>
+ #include <sys/time.h>
+ #include <sys/stat.h>
+ #include <sys/un.h>
+@@ -586,7 +587,6 @@
+ openvas_scanner_connect_unix ()
+ {
+ struct sockaddr_un addr;
+- int len;
+
+ openvas_scanner_socket = socket (AF_UNIX, SOCK_STREAM, 0);
+ if (openvas_scanner_socket == -1)
+@@ -596,10 +596,12 @@
+ return -1;
+ }
+
++ memset(&addr, 0, sizeof(struct sockaddr_un));
++
+ addr.sun_family = AF_UNIX;
+- strncpy (addr.sun_path, openvas_scanner_unix_path, 108);
+- len = strlen (addr.sun_path) + sizeof (addr.sun_family);
+- if (connect (openvas_scanner_socket, (struct sockaddr *) &addr, len) == -1)
++ strlcpy(addr.sun_path, openvas_scanner_unix_path, sizeof(addr.sun_path));
++
++ if (connect (openvas_scanner_socket, (struct sockaddr *) &addr, SUN_LEN(&addr)) == -1)
+ {
+ g_warning ("%s: Failed to connect to scanner (%s): %s\n", __FUNCTION__,
+ openvas_scanner_unix_path, strerror (errno));
Modified: head/security/openvas9-manager/files/patch-tools+greenbone-certdata-sync.in
==============================================================================
--- head/security/openvas9-manager/files/patch-tools+greenbone-certdata-sync.in Mon Aug 7 02:38:08 2017 (r447482)
+++ head/security/openvas9-manager/files/patch-tools+greenbone-certdata-sync.in Mon Aug 7 03:48:23 2017 (r447483)
@@ -1,11 +1,20 @@
---- tools/greenbone-certdata-sync.in.orig 2016-11-10 04:58:06.000000000 -0500
-+++ tools/greenbone-certdata-sync.in 2017-07-29 00:06:06.535930000 -0500
+--- tools/greenbone-certdata-sync.in 2016-11-10 04:58:06.000000000 -0500
++++ tools/greenbone-certdata-sync.in 2017-08-06 13:11:30.155406000 -0500
+@@ -99,7 +99,7 @@
+
+ # Delay between retries
+ if [ -z "$SQL_RETRY_DELAY" ]; then
+- SQL_RETRY_DELAY="10m" # allowed unit suffixes: see sleep command
++ SQL_RETRY_DELAY="600" # allowed unit suffixes: see sleep command
+ fi
+
+ # LOG_CMD defines the command to use for logging. To have logger log to stderr
@@ -766,7 +766,7 @@
for certfile in $CERT_DIR/CB-K*.xml
do
[ -e "$certfile" ] || break # No file found
- filedate=`stat -c "%Y" $certfile | cut -d " " -f 1 | tr -d "-"`
-+ filedate=`stat -c "%m" $certfile | cut -d " " -f 1 | tr -d "-"`
++ filedate=`stat -f "%m" $certfile | cut -d " " -f 1 | tr -d "-"`
filedate=$(( $filedate - ( $filedate % 60 ) ))
if [ $filedate -gt $DB_LASTUPDATE ]
then
@@ -14,10 +23,19 @@
do
[ -e "$certfile" ] || break # no file found
- filedate=`stat -c "%Y" $certfile | cut -d " " -f 1 | tr -d "-"`
-+ filedate=`stat -c "%m" $certfile | cut -d " " -f 1 | tr -d "-"`
++ filedate=`stat -f "%m" $certfile | cut -d " " -f 1 | tr -d "-"`
filedate=$(( $filedate - ( $filedate % 60 ) ))
if [ $filedate -gt $DB_LASTUPDATE ]
then
+@@ -831,7 +831,7 @@
+
+ update_cvss
+
+- LAST_UPDATE_TIMESTAMP=`sed 's/^\(.\{8\}\)/\1 /' $TIMESTAMP | env TZ="UTC" date +%s -f -`
++ LAST_UPDATE_TIMESTAMP=`date -j -f '%Y%m%d%H%M%S' $(sed 's/$/00/g' $TIMESTAMP) +%s`
+
+ reset_sql_tries
+ until [ "$try_sql" -eq 0 ]
@@ -1045,7 +1045,7 @@
if [ -f "$CERT_DB" ]
Modified: head/security/openvas9-manager/files/patch-tools+greenbone-scapdata-sync.in
==============================================================================
--- head/security/openvas9-manager/files/patch-tools+greenbone-scapdata-sync.in Mon Aug 7 02:38:08 2017 (r447482)
+++ head/security/openvas9-manager/files/patch-tools+greenbone-scapdata-sync.in Mon Aug 7 03:48:23 2017 (r447483)
@@ -1,11 +1,41 @@
--- tools/greenbone-scapdata-sync.in 2016-11-10 04:58:06.000000000 -0500
-+++ tools/greenbone-scapdata-sync.in 2017-08-05 22:42:35.986283000 -0500
-@@ -1080,11 +1080,11 @@
++++ tools/greenbone-scapdata-sync.in 2017-08-06 13:50:52.849680000 -0500
+@@ -89,7 +89,7 @@
+
+ # Split CVE data files into parts of this size in kB. 0 = no splitting
+ # The default is 1/30 of the system memory.
+-SPLIT_PART_SIZE=$(awk '/MemTotal/ { print int( $2/60) }' /proc/meminfo)
++SPLIT_PART_SIZE=$((($(sysctl hw.physmem | cut -d " " -f2)/1024)/60))
+
+ # SQLITE3 defines the name of the sqlite binary to call, along with additional
+ # parameters.
+@@ -109,7 +109,7 @@
+
+ # Delay between retries
+ if [ -z "$SQL_RETRY_DELAY" ]; then
+- SQL_RETRY_DELAY="10m" # allowed unit suffixes: see sleep command
++ SQL_RETRY_DELAY="600" # allowed unit suffixes: see sleep command
+ fi
+
+ # SCRIPT_NAME is the name the scripts will use to identify itself and to mark
+@@ -234,11 +234,6 @@
+
+ if [ -z "$TMPDIR" ]; then
+ SYNC_TMP_DIR=/tmp
+- # If we have mktemp, create a temporary dir (safer)
+- if [ -n "`which mktemp`" ]; then
+- SYNC_TMP_DIR=`mktemp -t -d greenbone-scap-data-sync.XXXXXXXXXX` || { log_err "Cannot create temporary directory for file download" ; exit 1 ; }
+- trap "rm -rf $SYNC_TMP_DIR" EXIT HUP INT TRAP TERM
+- fi
+ else
+ SYNC_TMP_DIR="$TMPDIR"
+ fi
+@@ -1080,11 +1075,11 @@
then
for ovalfile in $oval_files_sorted_private
do
- filedate=`stat -c "%Y" "$ovalfile" | cut -d " " -f 1 | tr -d "-"`
-+ filedate=`stat -c "%m" "$ovalfile" | cut -d " " -f 1 | tr -d "-"`
++ filedate=`stat -f "%m" "$ovalfile" | cut -d " " -f 1 | tr -d "-"`
filedate=$(( $filedate - ( $filedate % 60 ) ))
if [ $filedate -gt $DB_LASTUPDATE ] || [ 1 = "$REBUILD_OVAL" ]
then
@@ -14,7 +44,7 @@
if [ 1 = "$REBUILD_OVAL" ]
then
-@@ -1153,7 +1153,7 @@
+@@ -1153,7 +1148,7 @@
DIR_STR_LENGTH=$((`echo "$SCAP_DIR" | wc -c` + 1))
oval_files_shortened=""
@@ -23,7 +53,7 @@
then
for ovalfile in $oval_files_sorted_private
do
-@@ -1163,7 +1163,7 @@
+@@ -1163,7 +1158,7 @@
fi
oval_files_clause=""
@@ -32,7 +62,7 @@
then
oval_files_clause="AND (xml_file NOT IN ($oval_files_shortened))"
fi
-@@ -1186,7 +1186,7 @@
+@@ -1186,7 +1181,7 @@
fi
# TODO: This is not quite accurate as it uses the timestamp of the non-private data.
@@ -41,12 +71,12 @@
reset_sql_tries
until [ "$try_sql" -eq 0 ]
-@@ -1208,12 +1208,12 @@
+@@ -1208,12 +1203,12 @@
CPEBASE="$SCAP_DIR/official-cpe-dictionary_v2.2.xml"
if [ -e $CPEBASE ]
then
- filedate=`stat -c "%Y" "$CPEBASE" | cut -d " " -f 1 | tr -d "-"`
-+ filedate=`stat -c "%m" "$CPEBASE" | cut -d " " -f 1 | tr -d "-"`
++ filedate=`stat -f "%m" "$CPEBASE" | cut -d " " -f 1 | tr -d "-"`
filedate=$(( $filedate - ( $filedate % 60 ) ))
if [ $filedate -gt $DB_LASTUPDATE ]
then
@@ -56,12 +86,12 @@
if [ "0" -ne "$SPLIT_PART_SIZE" ] && [ "$filesize" -gt $(($SPLIT_PART_SIZE * 1024)) ]
then
log_info "File is larger than ${SPLIT_PART_SIZE}k. Splitting into multiple parts"
-@@ -1271,13 +1271,13 @@
+@@ -1271,13 +1266,13 @@
for cvefile in $SCAP_DIR/nvdcve-2.0-*.xml
do
[ -e "$cvefile" ] || break # no file found
- filedate=`stat -c "%Y" "$cvefile" | cut -d " " -f 1 | tr -d "-"`
-+ filedate=`stat -c "%m" "$cvefile" | cut -d " " -f 1 | tr -d "-"`
++ filedate=`stat -f "%m" "$cvefile" | cut -d " " -f 1 | tr -d "-"`
filedate=$(( $filedate - ( $filedate % 60 ) ))
if [ $filedate -gt $DB_LASTUPDATE ]
then
@@ -72,12 +102,12 @@
if [ "0" -ne "$SPLIT_PART_SIZE" ] && [ "$filesize" -gt $(($SPLIT_PART_SIZE * 1024)) ]
then
log_info "File is larger than ${SPLIT_PART_SIZE}k. Splitting into multiple parts"
-@@ -1347,11 +1347,11 @@
+@@ -1347,11 +1342,11 @@
for ovalfile in $oval_files_sorted
do
- filedate=`stat -c "%Y" "$ovalfile" | cut -d " " -f 1 | tr -d "-"`
-+ filedate=`stat -c "%m" "$ovalfile" | cut -d " " -f 1 | tr -d "-"`
++ filedate=`stat -f "%m" "$ovalfile" | cut -d " " -f 1 | tr -d "-"`
filedate=$(( $filedate - ( $filedate % 60 ) ))
if [ $filedate -gt $DB_LASTUPDATE ] || [ 1 = "$REBUILD_OVAL" ]
then
@@ -86,7 +116,7 @@
if [ 1 = "$REBUILD_OVAL" ]
then
-@@ -1403,7 +1403,7 @@
+@@ -1403,7 +1398,7 @@
update_cvss
update_placeholders
@@ -95,7 +125,7 @@
reset_sql_tries
until [ "$try_sql" -eq 0 ]
-@@ -1635,7 +1635,7 @@
+@@ -1635,7 +1630,7 @@
then
if [ -f "$SCAP_DB" ]
then
Modified: head/security/openvas9-scanner/Makefile
==============================================================================
--- head/security/openvas9-scanner/Makefile Mon Aug 7 02:38:08 2017 (r447482)
+++ head/security/openvas9-scanner/Makefile Mon Aug 7 03:48:23 2017 (r447483)
@@ -2,6 +2,7 @@
PORTNAME= openvas9-scanner
PORTVERSION= 5.1.1
+PORTREVISION= 1
MASTER_SITES= http://wald.intevation.org/frs/download.php/2423/
COMMENT= OpenVAS 9 scanner
Modified: head/security/openvas9-scanner/files/openvassd.in
==============================================================================
--- head/security/openvas9-scanner/files/openvassd.in Mon Aug 7 02:38:08 2017 (r447482)
+++ head/security/openvas9-scanner/files/openvassd.in Mon Aug 7 03:48:23 2017 (r447483)
@@ -8,18 +8,21 @@
#
# Add the following to /etc/rc.conf[.local] to enable this service
#
-# openvassd_enable="YES"
+# openvassd_enable (bool): Set to NO by default.
+# Set it to YES to enable openvassd.
+# openvassd_flags (params): Set params used to start openvassd.
#
. /etc/rc.subr
name=openvassd
-rcvar=openvassd_enable
+rcvar=${name}_enable
command="%%PREFIX%%/sbin/openvassd"
pidfile=/var/run/openvassd.pid
extra_commands="reload"
: ${openvassd_enable=NO}
+: ${openvassd_flags="--unix-socket=/var/run/${name}.sock"}
load_rc_config $name
run_rc_command "$1"
Modified: head/security/openvas9-scanner/files/patch-tools_greenbone-nvt-sync.in
==============================================================================
--- head/security/openvas9-scanner/files/patch-tools_greenbone-nvt-sync.in Mon Aug 7 02:38:08 2017 (r447482)
+++ head/security/openvas9-scanner/files/patch-tools_greenbone-nvt-sync.in Mon Aug 7 03:48:23 2017 (r447483)
@@ -1,6 +1,18 @@
--- tools/greenbone-nvt-sync.in 2016-11-10 04:57:55.000000000 -0500
-+++ tools/greenbone-nvt-sync.in 2017-07-28 23:31:16.323079000 -0500
-@@ -577,7 +577,7 @@
++++ tools/greenbone-nvt-sync.in 2017-08-06 13:55:03.833824000 -0500
+@@ -180,11 +180,6 @@
+
+ if [ -z "$TMPDIR" ]; then
+ SYNC_TMP_DIR=/tmp
+- # If we have mktemp, create a temporary dir (safer)
+- if [ -n "`which mktemp`" ]; then
+- SYNC_TMP_DIR=`mktemp -t -d greenbone-nvt-sync.XXXXXXXXXX` || { echo "ERROR: Cannot create temporary directory for file download" >&2; exit 1 ; }
+- trap "rm -rf $SYNC_TMP_DIR" EXIT HUP INT TRAP TERM
+- fi
+ else
+ SYNC_TMP_DIR="$TMPDIR"
+ fi
+@@ -577,7 +572,7 @@
log_err "rsync failed, aborting synchronization."
exit 1
fi
@@ -9,7 +21,7 @@
if [ $? -ne 0 ] ; then
if [ -n "$retried" ]
then
-@@ -650,7 +650,7 @@
+@@ -650,7 +645,7 @@
do_self_test ()
{
Modified: head/security/openvas9/Makefile
==============================================================================
--- head/security/openvas9/Makefile Mon Aug 7 02:38:08 2017 (r447482)
+++ head/security/openvas9/Makefile Mon Aug 7 03:48:23 2017 (r447483)
@@ -3,6 +3,7 @@
PORTNAME= openvas9
PORTVERSION= 9.0
+PORTREVISION= 1
CATEGORIES= security
MAINTAINER= acm at FreeBSD.org
Modified: head/security/openvas9/files/pkg-message.in
==============================================================================
--- head/security/openvas9/files/pkg-message.in Mon Aug 7 02:38:08 2017 (r447482)
+++ head/security/openvas9/files/pkg-message.in Mon Aug 7 03:48:23 2017 (r447483)
@@ -16,12 +16,11 @@ OpenVAS 9 ports were installed
3) The following steps are neccessary before of you can access to OpenVAS web
interface (gsad):
- # openvas-mkcert
- # openvas-mkcert-client -n -i
- # openvasmd --rebuild --progress
+ # openvassd
# greenbone-nvt-sync
# greenbone-scapdata-sync
# greenbone-certdata-sync
+ # openvasmd --rebuild --progress
# openvasmd --create-user=admin --role=Admin
# openvasmd --user=admin --new-password=yourpassword
@@ -31,11 +30,11 @@ OpenVAS 9 ports were installed
openvasmd_enable="YES"
gsad_enable="YES"
-5) Start OpenVAS Scanner. It will listen on 127.0.0.1:9391 by default
+5) Start OpenVAS Scanner. It will listen on /var/run/openvassd.sock by default
# service openvassd restart
-6) 5) Start OpenVAS Manager. It will listen on 127.0.0.1:9390 by default
+6) 5) Start OpenVAS Manager. It will listen on /var/run/openvasmd.sock by default
# service openvasmd restart
# openvasmd --rebuild --progress
More information about the svn-ports-all
mailing list