[openvas-manager] Initial commit of openvas-manager

[rebus]

commit 5667b94087aeb131ed71e17eff560b9bbd79497f
Author: Michal Ambroz <rebus at seznam.cz>
Date:   Wed Apr 6 00:52:49 2011 +0200

    Initial commit of openvas-manager

 .gitignore                    |    1 +
 openvas-manager-notused.patch |   47 +++++++++++++
 openvas-manager-pki.patch     |   28 ++++++++
 openvas-manager.initd         |  124 +++++++++++++++++++++++++++++++++++
 openvas-manager.logrotate     |   11 +++
 openvas-manager.spec          |  143 +++++++++++++++++++++++++++++++++++++++++
 openvas-manager.sysconfig     |   15 ++++
 sources                       |    1 +
 8 files changed, 370 insertions(+), 0 deletions(-)
---
diff --git a/.gitignore b/.gitignore
index e69de29..bf05e34 100644
--- a/.gitignore
+++ b/.gitignore
@@ -0,0 +1 @@
+/openvas-manager-2.0.2.tar.gz
diff --git a/openvas-manager-notused.patch b/openvas-manager-notused.patch
new file mode 100644
index 0000000..01bf498
--- /dev/null
+++ b/openvas-manager-notused.patch
@@ -0,0 +1,47 @@
+Patch to avoid compile-time errors about variable set but not used
+diff -ru openvas-manager-2.0.2/src/manage_sql.c openvas-manager-2.0.2.new/src/manage_sql.c
+--- openvas-manager-2.0.2/src/manage_sql.c	2011-03-02 15:21:27.000000000 +0100
++++ openvas-manager-2.0.2.new/src/manage_sql.c	2011-03-28 18:29:52.000000000 +0200
+@@ -12005,12 +12005,15 @@
+   {
+     iterator_t formats;
+     const char *uuid_format;
++    /* variable set but not used 
+     char *uuid_report;
++    */
+     gchar *script, *script_dir;
+ 
+     /* Setup file names. */
+ 
+-    uuid_report = report_uuid (report);
++    //uuid_report = report_uuid (report);
++    report_uuid (report);
+     init_report_format_iterator (&formats, report_format, 1, NULL);
+     if (next (&formats) == FALSE)
+       {
+@@ -12271,12 +12274,15 @@
+   {
+     iterator_t formats;
+     const char *uuid_format;
++    /* variable set but not used
+     char *uuid_report;
++    */
+     gchar *script, *script_dir;
+ 
+     /* Setup file names. */
+ 
+-    uuid_report = report_uuid (report);
++    //uuid_report = report_uuid (report);
++    report_uuid (report);
+     init_report_format_iterator (&formats, report_format, 1, NULL);
+     if (next (&formats) == FALSE)
+       {
+@@ -20953,6 +20959,8 @@
+   same_second = (broken1.tm_sec == broken2->tm_sec);
+ 
+   year1_less = (broken1.tm_year < broken2->tm_year);
++  /* avoid compile-time error as variable year1_less is set but never used */
++  (void) year1_less;
+   month1_less = (broken1.tm_mon < broken2->tm_mon);
+   day1_less = (broken1.tm_mday < broken2->tm_mday);
+   hour1_less = (broken1.tm_hour < broken2->tm_hour);
diff --git a/openvas-manager-pki.patch b/openvas-manager-pki.patch
new file mode 100644
index 0000000..d312187
--- /dev/null
+++ b/openvas-manager-pki.patch
@@ -0,0 +1,28 @@
+Put the certificates to the /etc/pki as suggested by:
+http://fedoraproject.org/wiki/PackagingDrafts/Certificates
+Nessus2 package in Fedora is using the same.
+
+diff -ru openvas-manager-2.0.2/CMakeLists.txt openvas-manager-2.0.2.new/CMakeLists.txt
+--- openvas-manager-2.0.2/CMakeLists.txt	2011-03-02 15:21:27.000000000 +0100
++++ openvas-manager-2.0.2.new/CMakeLists.txt	2011-03-29 03:24:12.000000000 +0200
+@@ -151,14 +151,15 @@
+ set (OPENVAS_LOG_DIR     "${LOCALSTATEDIR}/log/openvas")
+ set (OPENVAS_PID_DIR     "${LOCALSTATEDIR}/run")
+ set (OPENVAS_SYSCONF_DIR "${SYSCONFDIR}/openvas")
++set (OPENVAS_CERT_DIR    "${SYSCONFDIR}/pki/openvas")
+ 
+ set (OPENVAS_LIB_INSTALL_DIR     "${LIBDIR}")
+ set (OPENVAS_HEADER_INSTALL_DIR  "${INCLUDEDIR}")
+-set (OPENVAS_SCANNER_CERTIFICATE "${OPENVAS_STATE_DIR}/CA/servercert.pem")
+-set (OPENVAS_SCANNER_KEY         "${OPENVAS_STATE_DIR}/private/CA/serverkey.pem")
+-set (OPENVAS_CLIENT_CERTIFICATE  "${OPENVAS_STATE_DIR}/CA/clientcert.pem")
+-set (OPENVAS_CLIENT_KEY          "${OPENVAS_STATE_DIR}/private/CA/clientkey.pem")
+-set (OPENVAS_CA_CERTIFICATE      "${OPENVAS_STATE_DIR}/CA/cacert.pem")
++set (OPENVAS_SCANNER_CERTIFICATE "${OPENVAS_CERT_DIR}/CA/servercert.pem")
++set (OPENVAS_SCANNER_KEY         "${OPENVAS_CERT_DIR}/private/CA/serverkey.pem")
++set (OPENVAS_CLIENT_CERTIFICATE  "${OPENVAS_CERT_DIR}/CA/clientcert.pem")
++set (OPENVAS_CLIENT_KEY          "${OPENVAS_CERT_DIR}/private/CA/clientkey.pem")
++set (OPENVAS_CA_CERTIFICATE      "${OPENVAS_CERT_DIR}/CA/cacert.pem")
+ 
+ set (OPENVAS_USERS_DIR           "${OPENVAS_STATE_DIR}/users/")
+ set (OPENVAS_NVT_DIR             "${OPENVAS_STATE_DIR}/plugins/")
diff --git a/openvas-manager.initd b/openvas-manager.initd
new file mode 100644
index 0000000..92caeb1
--- /dev/null
+++ b/openvas-manager.initd
@@ -0,0 +1,124 @@
+#!/bin/bash
+
+# This is an implementation of a start-script for OpenVAS Manager.
+
+# Make RedHat happy:
+#
+# chkconfig: - 92 9
+# Description: OpenVAS Manager Daemon
+#
+
+### BEGIN INIT INFO
+# Provides: openvas-manager
+# Required-Start: $local_fs $network $syslog
+# Required-Stop: $local_fs $network $syslog
+# Default-Start:
+# Default-Stop: 0 1 2 3 4 5 6
+# Short-Description: start|stop|status|restart|condrestart OpenVAS Manager
+# Description: control OpenVAS Manager
+### END INIT INFO
+
+# Source function library.
+. /etc/rc.d/init.d/functions
+
+exec="/usr/sbin/openvasmd"
+prog="openvasmd"
+progname="openvas-manager"
+config=/etc/openvas/openvasmd_log.conf
+lockfile=/var/lock/subsys/openvas-manager
+
+[ -e /etc/sysconfig/$progname ] && . /etc/sysconfig/$progname
+
+
+rh_status() {
+	# run checks to determine if the service is running or use generic status
+	status -p /var/run/$prog.pid $progname
+}
+
+rh_status_q() {
+	rh_status >/dev/null 2>&1
+}
+
+start() {
+
+	# Build parameters
+	[ -n "$MANAGER_LISTEN" ] && PARAMS="$PARAMS --listen=$MANAGER_LISTEN"
+	[ -n "$MANAGER_PORT" ]   && PARAMS="$PARAMS --port=$MANAGER_PORT"
+	[ -n "$SCANNER_LISTEN" ] && PARAMS="$PARAMS --slisten=$SCANNER_LISTEN"
+	[ -n "$SCANNER_PORT" ]   && PARAMS="$PARAMS --sport=$SCANNER_PORT"
+
+	case "$MANAGER_OTP" in 
+		yes|YES|true|TRUE)
+			PARAMS="$PARAMS --otp"
+			;;
+	esac
+
+
+	if [ ! -f /etc/pki/openvas/private/CA/serverkey.pem  ]; then
+		echo "Missing client certificate to connect openvas-administrator to openvas-manager."
+		echo "Try running: openvas-mkcert-client -n om -i"
+		exit 6
+	fi
+
+	if [ ! -f /var/lib/openvas/mgr/tasks.db  ]; then
+		echo "Missing local NVT cache database."
+		echo "Try running: openvasmd --rebuild"
+		exit 6
+	fi
+
+	echo "Starting $progname:"
+	daemon --pidfile=/var/run/$prog.pid $prog $PARAMS
+	RETVAL=$?
+	echo
+	[ $RETVAL -eq 0 ] && touch $lockfile
+	return $RETVAL
+}
+
+stop() {
+	echo -n "Stopping $progname: "
+	killproc $prog
+	RETVAL=$?
+	echo
+	[ $RETVAL -eq 0 ] && rm -f $lockfile
+	return $RETVAL
+}
+
+restart() {
+	stop
+	start
+}
+
+
+case "$1" in
+	start)
+		rh_status_q && exit 0
+		$1
+		;;
+
+	stop)
+		rh_status_q || exit 0
+		$1
+                ;;
+
+	restart)
+		$1
+		;;
+
+	condrestart|try-restart)
+		rh_status_q || exit 0
+		$1
+		;;
+
+	reload)
+		;;
+
+	status)
+		status -p /var/run/$prog.pid $progname
+                ;;
+
+	*)
+		echo "Usage: $0 {start|stop|status|restart|condrestart|reload}"
+		exit 1
+esac
+
+exit 0
diff --git a/openvas-manager.logrotate b/openvas-manager.logrotate
new file mode 100644
index 0000000..69cfa26
--- /dev/null
+++ b/openvas-manager.logrotate
@@ -0,0 +1,11 @@
+# logrotate for openvas-manager
+/var/log/openvas/openvasmd.log {
+        rotate 4
+        weekly
+        compress
+        delaycompress
+        missingok
+	postrotate
+	    /bin/kill -HUP `pidof openvasmd`
+	endscript
+}
diff --git a/openvas-manager.spec b/openvas-manager.spec
new file mode 100644
index 0000000..7ae2264
--- /dev/null
+++ b/openvas-manager.spec
@@ -0,0 +1,143 @@
+Name:		openvas-manager
+Summary:	Manager Module for the Open Vulnerability Assessment System (OpenVAS)
+Version:	2.0.2
+Release:	3%{?dist}
+URL:		http://www.openvas.org
+License:	GPLv2+
+Group:		System Environment/Libraries
+
+Source0:	http://wald.intevation.org/frs/download.php/858/%{name}-%{version}.tar.gz
+Source1:	openvas-manager.initd
+Source2:	openvas-manager.logrotate
+Source3:	openvas-manager.sysconfig
+
+#Patch to avoid compile-time errors about variable set but not used
+Patch0:		openvas-manager-notused.patch
+
+#Put certs to /etc/pki as suggested by http://fedoraproject.org/wiki/PackagingDrafts/Certificates
+#Not reported upstream as it is RedHat/Fedora specific
+Patch1:		openvas-manager-pki.patch
+
+BuildRoot:	%{_tmppath}/%{name}-%{version}-%{release}-root
+BuildRequires:	openvas-libraries-devel
+BuildRequires:	cmake >= 2.6.0
+BuildRequires:	glib2-devel
+BuildRequires:	sqlite-devel
+BuildRequires:	gnutls-devel
+BuildRequires:	libuuid-devel
+BuildRequires:	libpcap-devel
+BuildRequires:	gpgme-devel
+BuildRequires:	doxygen
+BuildRequires:	pkgconfig
+Requires:	logrotate
+Requires:	/usr/bin/xsltproc
+
+Requires(post):		chkconfig
+Requires(preun):	chkconfig
+Requires(preun):	initscripts
+
+
+%description
+The OpenVAS Manager is the central service that consolidates plain vulnerability
+scanning into a full vulnerability management solution. The Manager controls the
+Scanner via OTP and itself offers the XML-based, stateless OpenVAS Management 
+Protocol (OMP). All intelligence is implemented in the Manager so that it is
+possible to implement various lean clients that will behave consistently e.g. 
+with regard to filtering or sorting scan results. The Manager also controls 
+a SQL database (sqlite-based) where all configuration and scan result data is 
+centrally stored.
+
+
+%prep
+%setup -q
+%patch0 -p1 -b .notused
+%patch1 -p1 -b .pki
+
+%build
+export CFLAGS="$RPM_OPT_FLAGS -Werror=unused-but-set-variable"
+%cmake -DLOCALSTATEDIR:PATH=%{_var}
+make %{?_smp_mflags} VERBOSE=1
+
+%install
+rm -rf %{buildroot}
+
+make install DESTDIR=%{buildroot} INSTALL="install -p"
+
+#Config directory
+mkdir -p %{buildroot}/%{_sysconfdir}/openvas
+chmod 755 %{buildroot}/%{_sysconfdir}/openvas
+
+#Log direcotry
+mkdir -p %{buildroot}/%{_var}/log/openvas
+touch %{buildroot}%{_var}/log/openvas/openvasmd.log
+
+#Runtime lib directory
+mkdir -p %{buildroot}/%{_var}/lib/openvas/mgr
+
+# Install startup script
+install -Dp -m 755 %{SOURCE1} %{buildroot}/%{_initddir}/%{name}
+
+# install log rotation stuff
+install -m 644 -Dp %{SOURCE2} \
+	%{buildroot}/%{_sysconfdir}/logrotate.d/%{name}
+
+# Install sysconfig configration
+install -Dp -m 644 %{SOURCE3} %{buildroot}/%{_sysconfdir}/sysconfig/%{name}
+
+#Fix permissions on templates
+chmod -R a+r %{buildroot}%{_datadir}/openvas/openvasmd
+find %{buildroot}%{_datadir}/openvas/openvasmd -name generate | xargs chmod 755
+
+%clean
+[ "%{buildroot}" = "/" ] || rm -rf %{buildroot}
+
+
+%post
+# This adds the proper /etc/rc*.d links for the script
+if [ "$1" -eq 1 ] ; then
+	/sbin/chkconfig --add openvas-manager
+fi
+
+
+%preun
+if [ "$1" -eq 0 ] ; then
+	/sbin/service openvas-manager stop >/dev/null 2>&1
+	/sbin/chkconfig --del openvas-manager
+fi
+
+
+%postun
+# only for upgrades not erasure
+if [ "$1" -eq 1 ] ; then
+	/sbin/service openvas-manager condrestart  >/dev/null 2>&1
+fi
+
+
+%files
+%defattr(-,root,root)
+%doc CHANGES COPYING README ChangeLog INSTALL TODO
+%doc doc/*.png doc/*.sql doc/*.html doc/report-format-HOWTO
+%doc report_formats
+%config(noreplace) %{_sysconfdir}/logrotate.d/openvas-manager
+%dir %{_sysconfdir}/openvas
+%dir %{_var}/lib/openvas
+%dir %{_var}/lib/openvas/mgr
+%dir %{_var}/log/openvas
+%dir %{_datadir}/openvas
+%config(noreplace) %{_sysconfdir}/openvas/openvasmd_log.conf
+%config(noreplace) %{_sysconfdir}/sysconfig/%{name}
+%{_initrddir}/%{name}
+%{_sbindir}/openvasmd
+%{_mandir}/man8/openvasmd.8*
+%{_datadir}/openvas/openvasmd
+%ghost %{_var}/log/openvas/openvasmd.log
+
+%changelog
+* Wed Mar 30 2011 Michal Ambroz <rebus at, seznam.cz> - 2.0.2-3
+- implement changes based on package review
+
+* Wed Mar 30 2011 Michal Ambroz <rebus at, seznam.cz> - 2.0.2-2
+- implement changes based on package review
+
+* Mon Mar 28 2011 Michal Ambroz <rebus at, seznam.cz> - 2.0.2-1
+- initial spec for openvas-manager based on openvas-scanner
diff --git a/openvas-manager.sysconfig b/openvas-manager.sysconfig
new file mode 100644
index 0000000..a9a8829
--- /dev/null
+++ b/openvas-manager.sysconfig
@@ -0,0 +1,15 @@
+#Manager listens on given address - by default manager listens on all addresses
+#MANAGER_LISTEN=127.0.0.1
+
+#Manager listens on given port - by default 9390
+MANAGER_PORT=9390
+
+#Enable Manager to server OTP too
+MANAGER_OTP=yes
+
+#Contact scanner on given address
+SCANNER_LISTEN=127.0.0.1
+
+#Scanner listens on given port - by default 9390
+SCANNER_PORT=9391
+
diff --git a/sources b/sources
index e69de29..15bea39 100644
--- a/sources
+++ b/sources
@@ -0,0 +1 @@
+5680a523cfeac8aec4d52f5f964d1713  openvas-manager-2.0.2.tar.gz