[openvas-manager] Initial commit of openvas-manager
rebus
rebus at fedoraproject.org
Tue Apr 5 22:53:17 UTC 2011
commit 5667b94087aeb131ed71e17eff560b9bbd79497f
Author: Michal Ambroz <rebus at seznam.cz>
Date: Wed Apr 6 00:52:49 2011 +0200
Initial commit of openvas-manager
.gitignore | 1 +
openvas-manager-notused.patch | 47 +++++++++++++
openvas-manager-pki.patch | 28 ++++++++
openvas-manager.initd | 124 +++++++++++++++++++++++++++++++++++
openvas-manager.logrotate | 11 +++
openvas-manager.spec | 143 +++++++++++++++++++++++++++++++++++++++++
openvas-manager.sysconfig | 15 ++++
sources | 1 +
8 files changed, 370 insertions(+), 0 deletions(-)
---
diff --git a/.gitignore b/.gitignore
index e69de29..bf05e34 100644
--- a/.gitignore
+++ b/.gitignore
@@ -0,0 +1 @@
+/openvas-manager-2.0.2.tar.gz
diff --git a/openvas-manager-notused.patch b/openvas-manager-notused.patch
new file mode 100644
index 0000000..01bf498
--- /dev/null
+++ b/openvas-manager-notused.patch
@@ -0,0 +1,47 @@
+Patch to avoid compile-time errors about variable set but not used
+diff -ru openvas-manager-2.0.2/src/manage_sql.c openvas-manager-2.0.2.new/src/manage_sql.c
+--- openvas-manager-2.0.2/src/manage_sql.c 2011-03-02 15:21:27.000000000 +0100
++++ openvas-manager-2.0.2.new/src/manage_sql.c 2011-03-28 18:29:52.000000000 +0200
+@@ -12005,12 +12005,15 @@
+ {
+ iterator_t formats;
+ const char *uuid_format;
++ /* variable set but not used
+ char *uuid_report;
++ */
+ gchar *script, *script_dir;
+
+ /* Setup file names. */
+
+- uuid_report = report_uuid (report);
++ //uuid_report = report_uuid (report);
++ report_uuid (report);
+ init_report_format_iterator (&formats, report_format, 1, NULL);
+ if (next (&formats) == FALSE)
+ {
+@@ -12271,12 +12274,15 @@
+ {
+ iterator_t formats;
+ const char *uuid_format;
++ /* variable set but not used
+ char *uuid_report;
++ */
+ gchar *script, *script_dir;
+
+ /* Setup file names. */
+
+- uuid_report = report_uuid (report);
++ //uuid_report = report_uuid (report);
++ report_uuid (report);
+ init_report_format_iterator (&formats, report_format, 1, NULL);
+ if (next (&formats) == FALSE)
+ {
+@@ -20953,6 +20959,8 @@
+ same_second = (broken1.tm_sec == broken2->tm_sec);
+
+ year1_less = (broken1.tm_year < broken2->tm_year);
++ /* avoid compile-time error as variable year1_less is set but never used */
++ (void) year1_less;
+ month1_less = (broken1.tm_mon < broken2->tm_mon);
+ day1_less = (broken1.tm_mday < broken2->tm_mday);
+ hour1_less = (broken1.tm_hour < broken2->tm_hour);
diff --git a/openvas-manager-pki.patch b/openvas-manager-pki.patch
new file mode 100644
index 0000000..d312187
--- /dev/null
+++ b/openvas-manager-pki.patch
@@ -0,0 +1,28 @@
+Put the certificates to the /etc/pki as suggested by:
+http://fedoraproject.org/wiki/PackagingDrafts/Certificates
+Nessus2 package in Fedora is using the same.
+
+diff -ru openvas-manager-2.0.2/CMakeLists.txt openvas-manager-2.0.2.new/CMakeLists.txt
+--- openvas-manager-2.0.2/CMakeLists.txt 2011-03-02 15:21:27.000000000 +0100
++++ openvas-manager-2.0.2.new/CMakeLists.txt 2011-03-29 03:24:12.000000000 +0200
+@@ -151,14 +151,15 @@
+ set (OPENVAS_LOG_DIR "${LOCALSTATEDIR}/log/openvas")
+ set (OPENVAS_PID_DIR "${LOCALSTATEDIR}/run")
+ set (OPENVAS_SYSCONF_DIR "${SYSCONFDIR}/openvas")
++set (OPENVAS_CERT_DIR "${SYSCONFDIR}/pki/openvas")
+
+ set (OPENVAS_LIB_INSTALL_DIR "${LIBDIR}")
+ set (OPENVAS_HEADER_INSTALL_DIR "${INCLUDEDIR}")
+-set (OPENVAS_SCANNER_CERTIFICATE "${OPENVAS_STATE_DIR}/CA/servercert.pem")
+-set (OPENVAS_SCANNER_KEY "${OPENVAS_STATE_DIR}/private/CA/serverkey.pem")
+-set (OPENVAS_CLIENT_CERTIFICATE "${OPENVAS_STATE_DIR}/CA/clientcert.pem")
+-set (OPENVAS_CLIENT_KEY "${OPENVAS_STATE_DIR}/private/CA/clientkey.pem")
+-set (OPENVAS_CA_CERTIFICATE "${OPENVAS_STATE_DIR}/CA/cacert.pem")
++set (OPENVAS_SCANNER_CERTIFICATE "${OPENVAS_CERT_DIR}/CA/servercert.pem")
++set (OPENVAS_SCANNER_KEY "${OPENVAS_CERT_DIR}/private/CA/serverkey.pem")
++set (OPENVAS_CLIENT_CERTIFICATE "${OPENVAS_CERT_DIR}/CA/clientcert.pem")
++set (OPENVAS_CLIENT_KEY "${OPENVAS_CERT_DIR}/private/CA/clientkey.pem")
++set (OPENVAS_CA_CERTIFICATE "${OPENVAS_CERT_DIR}/CA/cacert.pem")
+
+ set (OPENVAS_USERS_DIR "${OPENVAS_STATE_DIR}/users/")
+ set (OPENVAS_NVT_DIR "${OPENVAS_STATE_DIR}/plugins/")
diff --git a/openvas-manager.initd b/openvas-manager.initd
new file mode 100644
index 0000000..92caeb1
--- /dev/null
+++ b/openvas-manager.initd
@@ -0,0 +1,124 @@
+#!/bin/bash
+
+# This is an implementation of a start-script for OpenVAS Manager.
+
+# Make RedHat happy:
+#
+# chkconfig: - 92 9
+# Description: OpenVAS Manager Daemon
+#
+
+### BEGIN INIT INFO
+# Provides: openvas-manager
+# Required-Start: $local_fs $network $syslog
+# Required-Stop: $local_fs $network $syslog
+# Default-Start:
+# Default-Stop: 0 1 2 3 4 5 6
+# Short-Description: start|stop|status|restart|condrestart OpenVAS Manager
+# Description: control OpenVAS Manager
+### END INIT INFO
+
+# Source function library.
+. /etc/rc.d/init.d/functions
+
+exec="/usr/sbin/openvasmd"
+prog="openvasmd"
+progname="openvas-manager"
+config=/etc/openvas/openvasmd_log.conf
+lockfile=/var/lock/subsys/openvas-manager
+
+[ -e /etc/sysconfig/$progname ] && . /etc/sysconfig/$progname
+
+
+rh_status() {
+ # run checks to determine if the service is running or use generic status
+ status -p /var/run/$prog.pid $progname
+}
+
+rh_status_q() {
+ rh_status >/dev/null 2>&1
+}
+
+start() {
+
+ # Build parameters
+ [ -n "$MANAGER_LISTEN" ] && PARAMS="$PARAMS --listen=$MANAGER_LISTEN"
+ [ -n "$MANAGER_PORT" ] && PARAMS="$PARAMS --port=$MANAGER_PORT"
+ [ -n "$SCANNER_LISTEN" ] && PARAMS="$PARAMS --slisten=$SCANNER_LISTEN"
+ [ -n "$SCANNER_PORT" ] && PARAMS="$PARAMS --sport=$SCANNER_PORT"
+
+ case "$MANAGER_OTP" in
+ yes|YES|true|TRUE)
+ PARAMS="$PARAMS --otp"
+ ;;
+ esac
+
+
+ if [ ! -f /etc/pki/openvas/private/CA/serverkey.pem ]; then
+ echo "Missing client certificate to connect openvas-administrator to openvas-manager."
+ echo "Try running: openvas-mkcert-client -n om -i"
+ exit 6
+ fi
+
+ if [ ! -f /var/lib/openvas/mgr/tasks.db ]; then
+ echo "Missing local NVT cache database."
+ echo "Try running: openvasmd --rebuild"
+ exit 6
+ fi
+
+ echo "Starting $progname:"
+ daemon --pidfile=/var/run/$prog.pid $prog $PARAMS
+ RETVAL=$?
+ echo
+ [ $RETVAL -eq 0 ] && touch $lockfile
+ return $RETVAL
+}
+
+stop() {
+ echo -n "Stopping $progname: "
+ killproc $prog
+ RETVAL=$?
+ echo
+ [ $RETVAL -eq 0 ] && rm -f $lockfile
+ return $RETVAL
+}
+
+restart() {
+ stop
+ start
+}
+
+
+case "$1" in
+ start)
+ rh_status_q && exit 0
+ $1
+ ;;
+
+ stop)
+ rh_status_q || exit 0
+ $1
+ ;;
+
+ restart)
+ $1
+ ;;
+
+ condrestart|try-restart)
+ rh_status_q || exit 0
+ $1
+ ;;
+
+ reload)
+ ;;
+
+ status)
+ status -p /var/run/$prog.pid $progname
+ ;;
+
+ *)
+ echo "Usage: $0 {start|stop|status|restart|condrestart|reload}"
+ exit 1
+esac
+
+exit 0
diff --git a/openvas-manager.logrotate b/openvas-manager.logrotate
new file mode 100644
index 0000000..69cfa26
--- /dev/null
+++ b/openvas-manager.logrotate
@@ -0,0 +1,11 @@
+# logrotate for openvas-manager
+/var/log/openvas/openvasmd.log {
+ rotate 4
+ weekly
+ compress
+ delaycompress
+ missingok
+ postrotate
+ /bin/kill -HUP `pidof openvasmd`
+ endscript
+}
diff --git a/openvas-manager.spec b/openvas-manager.spec
new file mode 100644
index 0000000..7ae2264
--- /dev/null
+++ b/openvas-manager.spec
@@ -0,0 +1,143 @@
+Name: openvas-manager
+Summary: Manager Module for the Open Vulnerability Assessment System (OpenVAS)
+Version: 2.0.2
+Release: 3%{?dist}
+URL: http://www.openvas.org
+License: GPLv2+
+Group: System Environment/Libraries
+
+Source0: http://wald.intevation.org/frs/download.php/858/%{name}-%{version}.tar.gz
+Source1: openvas-manager.initd
+Source2: openvas-manager.logrotate
+Source3: openvas-manager.sysconfig
+
+#Patch to avoid compile-time errors about variable set but not used
+Patch0: openvas-manager-notused.patch
+
+#Put certs to /etc/pki as suggested by http://fedoraproject.org/wiki/PackagingDrafts/Certificates
+#Not reported upstream as it is RedHat/Fedora specific
+Patch1: openvas-manager-pki.patch
+
+BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root
+BuildRequires: openvas-libraries-devel
+BuildRequires: cmake >= 2.6.0
+BuildRequires: glib2-devel
+BuildRequires: sqlite-devel
+BuildRequires: gnutls-devel
+BuildRequires: libuuid-devel
+BuildRequires: libpcap-devel
+BuildRequires: gpgme-devel
+BuildRequires: doxygen
+BuildRequires: pkgconfig
+Requires: logrotate
+Requires: /usr/bin/xsltproc
+
+Requires(post): chkconfig
+Requires(preun): chkconfig
+Requires(preun): initscripts
+
+
+%description
+The OpenVAS Manager is the central service that consolidates plain vulnerability
+scanning into a full vulnerability management solution. The Manager controls the
+Scanner via OTP and itself offers the XML-based, stateless OpenVAS Management
+Protocol (OMP). All intelligence is implemented in the Manager so that it is
+possible to implement various lean clients that will behave consistently e.g.
+with regard to filtering or sorting scan results. The Manager also controls
+a SQL database (sqlite-based) where all configuration and scan result data is
+centrally stored.
+
+
+%prep
+%setup -q
+%patch0 -p1 -b .notused
+%patch1 -p1 -b .pki
+
+%build
+export CFLAGS="$RPM_OPT_FLAGS -Werror=unused-but-set-variable"
+%cmake -DLOCALSTATEDIR:PATH=%{_var}
+make %{?_smp_mflags} VERBOSE=1
+
+%install
+rm -rf %{buildroot}
+
+make install DESTDIR=%{buildroot} INSTALL="install -p"
+
+#Config directory
+mkdir -p %{buildroot}/%{_sysconfdir}/openvas
+chmod 755 %{buildroot}/%{_sysconfdir}/openvas
+
+#Log direcotry
+mkdir -p %{buildroot}/%{_var}/log/openvas
+touch %{buildroot}%{_var}/log/openvas/openvasmd.log
+
+#Runtime lib directory
+mkdir -p %{buildroot}/%{_var}/lib/openvas/mgr
+
+# Install startup script
+install -Dp -m 755 %{SOURCE1} %{buildroot}/%{_initddir}/%{name}
+
+# install log rotation stuff
+install -m 644 -Dp %{SOURCE2} \
+ %{buildroot}/%{_sysconfdir}/logrotate.d/%{name}
+
+# Install sysconfig configration
+install -Dp -m 644 %{SOURCE3} %{buildroot}/%{_sysconfdir}/sysconfig/%{name}
+
+#Fix permissions on templates
+chmod -R a+r %{buildroot}%{_datadir}/openvas/openvasmd
+find %{buildroot}%{_datadir}/openvas/openvasmd -name generate | xargs chmod 755
+
+%clean
+[ "%{buildroot}" = "/" ] || rm -rf %{buildroot}
+
+
+%post
+# This adds the proper /etc/rc*.d links for the script
+if [ "$1" -eq 1 ] ; then
+ /sbin/chkconfig --add openvas-manager
+fi
+
+
+%preun
+if [ "$1" -eq 0 ] ; then
+ /sbin/service openvas-manager stop >/dev/null 2>&1
+ /sbin/chkconfig --del openvas-manager
+fi
+
+
+%postun
+# only for upgrades not erasure
+if [ "$1" -eq 1 ] ; then
+ /sbin/service openvas-manager condrestart >/dev/null 2>&1
+fi
+
+
+%files
+%defattr(-,root,root)
+%doc CHANGES COPYING README ChangeLog INSTALL TODO
+%doc doc/*.png doc/*.sql doc/*.html doc/report-format-HOWTO
+%doc report_formats
+%config(noreplace) %{_sysconfdir}/logrotate.d/openvas-manager
+%dir %{_sysconfdir}/openvas
+%dir %{_var}/lib/openvas
+%dir %{_var}/lib/openvas/mgr
+%dir %{_var}/log/openvas
+%dir %{_datadir}/openvas
+%config(noreplace) %{_sysconfdir}/openvas/openvasmd_log.conf
+%config(noreplace) %{_sysconfdir}/sysconfig/%{name}
+%{_initrddir}/%{name}
+%{_sbindir}/openvasmd
+%{_mandir}/man8/openvasmd.8*
+%{_datadir}/openvas/openvasmd
+%ghost %{_var}/log/openvas/openvasmd.log
+
+%changelog
+* Wed Mar 30 2011 Michal Ambroz <rebus at, seznam.cz> - 2.0.2-3
+- implement changes based on package review
+
+* Wed Mar 30 2011 Michal Ambroz <rebus at, seznam.cz> - 2.0.2-2
+- implement changes based on package review
+
+* Mon Mar 28 2011 Michal Ambroz <rebus at, seznam.cz> - 2.0.2-1
+- initial spec for openvas-manager based on openvas-scanner
diff --git a/openvas-manager.sysconfig b/openvas-manager.sysconfig
new file mode 100644
index 0000000..a9a8829
--- /dev/null
+++ b/openvas-manager.sysconfig
@@ -0,0 +1,15 @@
+#Manager listens on given address - by default manager listens on all addresses
+#MANAGER_LISTEN=127.0.0.1
+
+#Manager listens on given port - by default 9390
+MANAGER_PORT=9390
+
+#Enable Manager to server OTP too
+MANAGER_OTP=yes
+
+#Contact scanner on given address
+SCANNER_LISTEN=127.0.0.1
+
+#Scanner listens on given port - by default 9390
+SCANNER_PORT=9391
+
diff --git a/sources b/sources
index e69de29..15bea39 100644
--- a/sources
+++ b/sources
@@ -0,0 +1 @@
+5680a523cfeac8aec4d52f5f964d1713 openvas-manager-2.0.2.tar.gz
More information about the scm-commits
mailing list