[openvas-scanner] Bump to openvas 4
rebus
rebus at fedoraproject.org
Tue Mar 22 02:59:27 UTC 2011
commit 8d44341078f36125fe4a07d34f7f055eecc1ffae
Author: Michal Ambroz <rebus at seznam.cz>
Date: Tue Mar 22 03:58:41 2011 +0100
Bump to openvas 4
.gitignore | 1 +
openvas-initd.sh | 9 ++-
openvas-scanner-nvtfeed.patch | 55 +++++----------
openvas-scanner-pki.patch | 57 ++++++++++++++++
openvas-scanner-rulesdir.patch | 16 +++++
openvas-scanner.spec | 143 +++++++++++++++++++++++++++------------
openvas-scanner.sysconfig | 10 +++
openvassd.conf | 52 ++++++++------
sources | 2 +-
9 files changed, 240 insertions(+), 105 deletions(-)
---
diff --git a/.gitignore b/.gitignore
index dba526b..ab78477 100644
--- a/.gitignore
+++ b/.gitignore
@@ -1,2 +1,3 @@
openvas-scanner-3.0.2.tar.gz
/openvas-scanner-3.1.1.tar.gz
+/openvas-scanner-3.2.2.tar.gz
diff --git a/openvas-initd.sh b/openvas-initd.sh
index 6007c14..c19d2a0 100644
--- a/openvas-initd.sh
+++ b/openvas-initd.sh
@@ -29,6 +29,7 @@ lockfile=/var/lock/subsys/openvas-scanner
[ -e /etc/sysconfig/$progname ] && . /etc/sysconfig/$progname
+
rh_status() {
# run checks to determine if the service is running or use generic status
status -p /var/run/$prog.pid $progname
@@ -39,6 +40,12 @@ rh_status_q() {
}
start() {
+
+ # Build parameters
+ [ -n "$SCANNER_LISTEN" ] && PARAMS="$PARAMS --listen=$SCANNER_LISTEN"
+ [ -n "$SCANNER_PORT" ] && PARAMS="$PARAMS --port=$SCANNER_PORT"
+ [ -n "$SCANNER_SRCIP" ] && PARAMS="$PARAMS --src-ip=$SCANNER_SRCIP"
+
grep -q ca_file $config >& /dev/null
if [ $? -ne 0 ]; then
echo "No certificate specified in configuration file. Did you run openvas-mkcert tool?"
@@ -52,7 +59,7 @@ start() {
fi
echo "Starting $progname:"
- daemon --pidfile=/var/run/$prog.pid $prog
+ daemon --pidfile=/var/run/$prog.pid $prog -q $PARAMS
RETVAL=$?
echo
[ $RETVAL -eq 0 ] && touch $lockfile
diff --git a/openvas-scanner-nvtfeed.patch b/openvas-scanner-nvtfeed.patch
index d88e34d..064fe11 100644
--- a/openvas-scanner-nvtfeed.patch
+++ b/openvas-scanner-nvtfeed.patch
@@ -1,42 +1,23 @@
-diff -ru openvas-scanner-3.0.2.orig/tools/greenbone-nvt-sync openvas-scanner-3.0.2/tools/greenbone-nvt-sync
---- openvas-scanner-3.0.2.orig/tools/greenbone-nvt-sync 2010-03-19 10:25:31.000000000 +0100
-+++ openvas-scanner-3.0.2/tools/greenbone-nvt-sync 2010-04-16 16:51:41.000000000 +0200
-@@ -196,6 +196,8 @@
- fi
-
- NVT_DIR=`$SCANNER_BINARY -s | grep plugins_folder | sed 's/plugins\_folder\ *=\ *//'`
-+NVT_DIR="${NVT_DIR}/gsf
-+
- if [ -z $NVT_DIR ]
- then
- echo
-diff -ru openvas-scanner-3.0.2.orig/tools/openvas-nvt-sync.in openvas-scanner-3.0.2/tools/openvas-nvt-sync.in
---- openvas-scanner-3.0.2.orig/tools/openvas-nvt-sync.in 2010-03-22 03:58:31.000000000 +0100
-+++ openvas-scanner-3.0.2/tools/openvas-nvt-sync.in 2010-04-16 17:13:33.000000000 +0200
-@@ -42,7 +42,7 @@
-
+Separate directories for different security feeds
+diff -ru openvas-scanner-3.2.2/tools/greenbone-nvt-sync openvas-scanner-3.2.2.new/tools/greenbone-nvt-sync
+--- openvas-scanner-3.2.2/tools/greenbone-nvt-sync 2011-02-21 10:40:34.000000000 +0100
++++ openvas-scanner-3.2.2.new/tools/greenbone-nvt-sync 2011-03-19 13:49:59.000000000 +0100
+@@ -110,6 +110,7 @@
+ if [ -z $NVT_DIR ]
+ then
+ NVT_DIR=`$SCANNER_BINARY -s | grep plugins_folder | sed 's/plugins\_folder\ *=\ *//'`
++ NVT_DIR="${NVT_DIR}/gsf"
+ if [ -z $NVT_DIR ]
+ then
+ stderr_write "== greenbone-nvt-sync $VERSION ================================================"
+diff -ru openvas-scanner-3.2.2/tools/openvas-nvt-sync.in openvas-scanner-3.2.2.new/tools/openvas-nvt-sync.in
+--- openvas-scanner-3.2.2/tools/openvas-nvt-sync.in 2011-02-21 10:40:34.000000000 +0100
++++ openvas-scanner-3.2.2.new/tools/openvas-nvt-sync.in 2011-03-19 13:51:26.000000000 +0100
+@@ -38,6 +38,7 @@
# configure NVT_DIR where we will sync NVTs
if [ -z "$NVT_DIR" ]; then
-- NVT_DIR="$libdir/openvas/plugins"
-+ NVT_DIR="$libdir/openvas/plugins/nvt"
+ NVT_DIR="@OPENVAS_NVT_DIR@"
++ NVT_DIR="${NVT_DIR}/nvt"
fi
# The URL of the plugin feed
-@@ -57,12 +57,14 @@
- fi
-
- if [ -z "$TMPDIR" ]; then
-- SYNC_TMP_DIR=/tmp
- # If we have mktemp, create a temporary dir (safer)
- if [ -n "`which mktemp`" ]; then
-- SYNC_TMP_DIR=`mktemp -d openvas-nvt-sync` || { echo "ERROR: Cannot create temporary directory for file download" >&2; exit 1 ; }
-- trap "rm -rf $SYNC_TMP_DIR" 0 1 2 5 15
-+ SYNC_TMP_DIR=`mktemp -d /tmp/openvas-nvt-sync.XXXXXX` || { echo "ERROR: Cannot create temporary directory for file download" >&2; exit 1 ; }
-+ else
-+ SYNC_TMP_DIR=/tmp/openvas-nvt-sync
-+ mkdir -p $SYNC_TMP_DIR
- fi
-+ trap "rm -rf $SYNC_TMP_DIR" 0 1 2 5 15
- else
- SYNC_TMP_DIR="$TMPDIR"
- fi
diff --git a/openvas-scanner-pki.patch b/openvas-scanner-pki.patch
new file mode 100644
index 0000000..68d7ea6
--- /dev/null
+++ b/openvas-scanner-pki.patch
@@ -0,0 +1,57 @@
+Put the certificates to the /etc/pki as suggested by:
+http://fedoraproject.org/wiki/PackagingDrafts/Certificates
+Nessus2 package in Fedora is using the same.
+diff -ru openvas-scanner-3.2.2/CMakeLists.txt openvas-scanner-3.2.2.new/CMakeLists.txt
+--- openvas-scanner-3.2.2/CMakeLists.txt 2011-02-21 10:40:34.000000000 +0100
++++ openvas-scanner-3.2.2.new/CMakeLists.txt 2011-03-18 23:07:04.000000000 +0100
+@@ -152,16 +152,17 @@
+ set (OPENVAS_CACHE_DIR "${LOCALSTATEDIR}/cache/openvas")
+ set (OPENVAS_PID_DIR "${LOCALSTATEDIR}/run")
+ set (OPENVAS_SYSCONF_DIR "${SYSCONFDIR}/openvas")
++set (OPENVAS_CERT_DIR "${SYSCONFDIR}/pki/openvas")
+
+ set (OPENVAS_USERS_DIR "${OPENVAS_STATE_DIR}/users")
+ set (OPENVAS_NVT_DIR "${OPENVAS_STATE_DIR}/plugins")
+
+ set (OPENVAS_LIB_INSTALL_DIR "${LIBDIR}")
+-set (OPENVAS_SCANNER_CERTIFICATE "${OPENVAS_STATE_DIR}/CA/servercert.pem")
+-set (OPENVAS_SCANNER_KEY "${OPENVAS_STATE_DIR}/private/CA/serverkey.pem")
+-set (OPENVAS_CLIENT_CERTIFICATE "${OPENVAS_STATE_DIR}/CA/clientcert.pem")
+-set (OPENVAS_CLIENT_KEY "${OPENVAS_STATE_DIR}/private/CA/clientkey.pem")
+-set (OPENVAS_CA_CERTIFICATE "${OPENVAS_STATE_DIR}/CA/cacert.pem")
++set (OPENVAS_SCANNER_CERTIFICATE "${OPENVAS_CERT_DIR}/CA/servercert.pem")
++set (OPENVAS_SCANNER_KEY "${OPENVAS_CERT_DIR}/private/CA/serverkey.pem")
++set (OPENVAS_CLIENT_CERTIFICATE "${OPENVAS_CERT_DIR}/CA/clientcert.pem")
++set (OPENVAS_CLIENT_KEY "${OPENVAS_CERT_DIR}/private/CA/clientkey.pem")
++set (OPENVAS_CA_CERTIFICATE "${OPENVAS_CERT_DIR}/CA/cacert.pem")
+
+ set (OPENVASSD_MESSAGES "${OPENVAS_LOG_DIR}/openvassd.messages")
+ set (OPENVASSD_DEBUGMSG "${OPENVAS_LOG_DIR}/openvassd.dump")
+diff -ru openvas-scanner-3.2.2/tools/openvas-mkcert-client.in openvas-scanner-3.2.2.new/tools/openvas-mkcert-client.in
+--- openvas-scanner-3.2.2/tools/openvas-mkcert-client.in 2011-02-21 10:40:34.000000000 +0100
++++ openvas-scanner-3.2.2.new/tools/openvas-mkcert-client.in 2011-03-18 23:09:22.000000000 +0100
+@@ -26,8 +26,8 @@
+
+ umask 022
+
+-OPENVASPRIV="@OPENVAS_STATE_DIR@/private/CA"
+-OPENVASPUB="@OPENVAS_STATE_DIR@/CA"
++OPENVASPRIV="@OPENVAS_CERT_DIR@/private/CA"
++OPENVASPUB="@OPENVAS_CERT_DIR@/CA"
+
+ usage()
+ {
+diff -ru openvas-scanner-3.2.2/tools/openvas-mkcert.in openvas-scanner-3.2.2.new/tools/openvas-mkcert.in
+--- openvas-scanner-3.2.2/tools/openvas-mkcert.in 2011-02-21 10:40:34.000000000 +0100
++++ openvas-scanner-3.2.2.new/tools/openvas-mkcert.in 2011-03-18 23:11:40.000000000 +0100
+@@ -44,8 +44,8 @@
+ datadir=@DATADIR@
+ bindir=@BINDIR@
+ sbindir=@SBINDIR@
+-OPENVASPRIV="@OPENVAS_STATE_DIR@/private/CA"
+-OPENVASPUB="@OPENVAS_STATE_DIR@/CA"
++OPENVASPRIV="@OPENVAS_CERT_DIR@/private/CA"
++OPENVASPUB="@OPENVAS_CERT_DIR@/CA"
+
+ BASEDIR=${TMPDIR-/tmp}/openvas-mkcert.$$
+
diff --git a/openvas-scanner-rulesdir.patch b/openvas-scanner-rulesdir.patch
new file mode 100644
index 0000000..43160ba
--- /dev/null
+++ b/openvas-scanner-rulesdir.patch
@@ -0,0 +1,16 @@
+Allow compile time definition of the directory to store openvassd.rules
+diff -ru openvas-scanner-3.2.2/CMakeLists.txt openvas-scanner-3.2.2.new/CMakeLists.txt
+--- openvas-scanner-3.2.2/CMakeLists.txt 2011-03-19 18:42:55.000000000 +0100
++++ openvas-scanner-3.2.2.new/CMakeLists.txt 2011-03-19 18:42:09.000000000 +0100
+@@ -167,7 +167,10 @@
+ set (OPENVASSD_MESSAGES "${OPENVAS_LOG_DIR}/openvassd.messages")
+ set (OPENVASSD_DEBUGMSG "${OPENVAS_LOG_DIR}/openvassd.dump")
+ set (OPENVASSD_CONF "${OPENVAS_SYSCONF_DIR}/openvassd.conf")
+-set (OPENVASSD_RULES "${OPENVAS_DATA_DIR}/openvassd.rules")
++
++if (NOT OPENVASSD_RULES)
++ set (OPENVASSD_RULES "${OPENVAS_DATA_DIR}/openvassd.rules")
++endif (NOT OPENVASSD_RULES)
+
+ set (NVT_TIMEOUT "320")
+
diff --git a/openvas-scanner.spec b/openvas-scanner.spec
index 32e30f6..079aded 100644
--- a/openvas-scanner.spec
+++ b/openvas-scanner.spec
@@ -1,34 +1,61 @@
Name: openvas-scanner
Summary: Open Vulnerability Assessment (OpenVAS) Scanner
-Version: 3.1.1
-Release: 3%{?dist}
-Source0: http://wald.intevation.org/frs/download.php/729/%{name}-%{version}.tar.gz
+Version: 3.2.2
+Release: 1%{?dist}
+URL: http://www.openvas.org
+License: GPLv2
+Group: System Environment/Libraries
+
+Source0: http://wald.intevation.org/frs/download.php/852/%{name}-%{version}.tar.gz
Source1: openvas-initd.sh
Source2: openvassd.conf
Source3: openvas.logrotate
Source4: openvas-scanner.sysconfig
Source5: openvas-nvt-sync-cron
Source6: openvas-nvt-sync-cronjob
-Patch0: openvas-scanner-nvtfeed.patch
-URL: http://www.openvas.org
-License: GPLv2
-Group: System Environment/Libraries
+
+#Separate nvt and gsf feeds to separate directories
+#Separation of feeds is currently not possible because nasl script_dependencies doesn't search in all include_folders
+#Patch0: openvas-scanner-nvtfeed.patch
+
+#Accomodate to /etc/pki as suggested by http://fedoraproject.org/wiki/PackagingDrafts/Certificates
+#Not reported upstream as it is RedHat/Fedora specific
+Patch1: openvas-scanner-pki.patch
+
+#Put openvas-mkcert-client to bin directory instead of sbin and install its man page
+#Reported upstream http://wald.intevation.org/tracker/?func=detail&aid=1941&group_id=29&atid=220
+Patch2: openvas-scanner-mkcertclient.patch
+
+#Allow compile time definition of the directory to store openvassd.rules
+#Reported upstream http://wald.intevation.org/tracker/?func=detail&aid=1940&group_id=29&atid=220
+Patch3: openvas-scanner-rulesdir.patch
+
BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root
-BuildRequires: openvas-libraries-devel
+BuildRequires: openvas-libraries-devel >= 4.0.0
BuildRequires: cmake >= 2.6.0
BuildRequires: glib2-devel
BuildRequires: libpcap-devel
+BuildRequires: gnutls-devel
+BuildRequires: gpgme-devel
+BuildRequires: pkgconfig
+
# This is introduced to accomodate difference in RHEL5/CentOS5
+%if %{defined rhel}
%if 0%{?rhel} <= 5
-BuildRequires: e2fsprogs-libs-devel
+#RHEL5
+BuildRequires: e2fsprogs-libs-devel
%else
-BuildRequires: libuuid-devel
+#RHEL6
+BuildRequires: libuuid-devel
%endif
-BuildRequires: gnutls-devel
-BuildRequires: gpgme-devel
-Requires(post): chkconfig
-Requires(preun): chkconfig
-Requires(preun): initscripts
+%else
+#Fedora 14 doesn't have "rhel" defined
+BuildRequires: libuuid-devel
+%endif
+
+Requires(post): chkconfig
+Requires(preun): chkconfig
+Requires(preun): initscripts
#Required by the openvas-nvt-sync and greenbone-nvt-sync
Requires: /usr/bin/md5sum
@@ -44,7 +71,11 @@ Scanner module for the Open Vulnerability Assessment System (OpenVAS).
%prep
%setup -q
-# %patch0 -p 1 -b .nvtfeed
+#Separation of feeds not possible because nasl script_dependencies doesn't search in all include_folders
+#patch0 -p 1 -b .nvtfeed
+%patch1 -p 1 -b .pkipath
+%patch2 -p 1 -b .mkcert
+%patch3 -p 1 -b .rules
for i in CHANGES ChangeLog; do
iconv -f iso8859-1 -t utf-8 $i > $i.utf8 && \
@@ -53,18 +84,37 @@ for i in CHANGES ChangeLog; do
done
%build
-%configure --disable-static
+#configure --disable-static
+%cmake -DLOCALSTATEDIR:PATH=%{_var} -DOPENVASSD_RULES:PATH=%{_sysconfdir}/openvas/openvassd.rules
make %{?_smp_mflags}
%install
rm -rf %{buildroot}
+
make install DESTDIR=%{buildroot} INSTALL="install -p"
find %{buildroot} -name '*.la' -exec rm -f {} ';'
-chmod 755 %{buildroot}/%{_libdir}/openvas/plugins
+
+#Config directory
+mkdir -p %{buildroot}/%{_sysconfdir}/openvas
+chmod 755 %{buildroot}/%{_sysconfdir}/openvas
+
+#Make directories for the certificates
+mkdir -p %{buildroot}/%{_sysconfdir}/pki/openvas/CA
+chmod 755 %{buildroot}/%{_sysconfdir}/pki/openvas
+chmod 755 %{buildroot}/%{_sysconfdir}/pki/openvas/CA
+mkdir -p %{buildroot}/%{_sysconfdir}/pki/openvas/private/CA
+chmod 700 %{buildroot}/%{_sysconfdir}/pki/openvas/private
+chmod 700 %{buildroot}/%{_sysconfdir}/pki/openvas/private/CA
#Make directories for the NVT feeds
-mkdir -p %{buildroot}/%{_libdir}/openvas/plugins/nvt
-mkdir -p %{buildroot}/%{_libdir}/openvas/plugins/gsf
+mkdir -p %{buildroot}/%{_var}/lib/openvas/plugins
+chmod 755 %{buildroot}/%{_var}/lib/openvas/plugins
+#Separation of feeds not possible because nasl script_dependencies doesn't search in all include_folders
+#mkdir -p _{buildroot}/_{_var}/lib/openvas/plugins/nvt
+#mkdir -p _{buildroot}/_{_var}/lib/openvas/plugins/gsf
+
+#Log direcotry
+mkdir -p %{buildroot}/%{_var}/log/openvas
# Make plugin cache directory
mkdir -p %{buildroot}/%{_var}/cache/openvas
@@ -73,11 +123,12 @@ mkdir -p %{buildroot}/%{_var}/cache/openvas
install -Dp -m 755 %{SOURCE1} %{buildroot}/%{_initddir}/openvas-scanner
# Install initial configuration
-#install -Dp -m 644 %{SOURCE2} %{buildroot}/%{_sysconfdir}/openvas/
-sed -e "s:@@OPENVAS_PLUGINS@@:%{_libdir}/openvas/plugins:g
+sed -e "s:@@OPENVAS_PLUGINS@@:%{_var}/lib/openvas/plugins:g
s:@@OPENVAS_CACHE@@:%{_var}/cache/openvas:g
s:@@OPENVAS_LOGDIR@@:%{_var}/log/openvas:g
- s:@@OPENVAS_SYSCONF@@:%{_sysconfdir}/openvas:g" %{SOURCE2} > openvassd.conf
+ s:@@OPENVAS_SYSCONF@@:%{_sysconfdir}/openvas:g
+ s:@@OPENVAS_CERT@@:%{_sysconfdir}/pki/openvas:g" %{SOURCE2} > openvassd.conf
+
install -Dp -m 644 openvassd.conf %{buildroot}/%{_sysconfdir}/openvas/
# install log rotation stuff
@@ -100,22 +151,39 @@ rm -rf %{buildroot}
# This adds the proper /etc/rc*.d links for the script
if [ $1 = 1 ]; then
/sbin/chkconfig --add openvas-scanner
-fi
+fi
%preun
if [ $1 = 0 ]; then
/sbin/service openvas-scanner stop >/dev/null 2>&1
/sbin/chkconfig --del openvas-scanner
-fi
+fi
%postun
if [ $1 -ge 1 ]; then
/sbin/service openvas-scanner condrestart >/dev/null 2>&1
-fi
+fi
%files
%defattr(-,root,root,-)
%doc CHANGES ChangeLog COPYING README
+%dir %{_sysconfdir}/openvas
+%dir %{_sysconfdir}/pki/openvas
+%dir %{_sysconfdir}/pki/openvas/CA
+%dir %{_sysconfdir}/pki/openvas/private
+%dir %{_sysconfdir}/pki/openvas/private/CA
+%dir %{_var}/lib/openvas
+%dir %{_var}/lib/openvas/plugins
+#Separation of feeds not possible because nasl script_dependencies doesn't search in all include_folders
+#_dir _{_var}/lib/openvas/plugins/nvt
+#_dir _{_var}/lib/openvas/plugins/gsf
+%dir %{_var}/log/openvas
+%dir %{_var}/cache/openvas
+%config(noreplace) %{_sysconfdir}/openvas/openvassd.conf
+%config(noreplace) %{_sysconfdir}/sysconfig/openvas-scanner
+%config(noreplace) %{_sysconfdir}/cron.d/openvas-sync-plugins
+%config(noreplace) %{_sysconfdir}/logrotate.d/openvas-scanner
+%{_initddir}/openvas-scanner
%{_bindir}/openvas-mkcert-client
%{_sbindir}/openvas-adduser
%{_sbindir}/openvas-mkcert
@@ -124,29 +192,19 @@ fi
%{_sbindir}/openvas-nvt-sync-cron
%{_sbindir}/greenbone-nvt-sync
%{_sbindir}/openvassd
-%{_initddir}/openvas-scanner
-%dir %{_sysconfdir}/openvas
-%config(noreplace) %{_sysconfdir}/openvas/openvassd.conf
-%config(noreplace) %{_sysconfdir}/sysconfig/openvas-scanner
-%config(noreplace) %{_sysconfdir}/cron.d/openvas-sync-plugins
%{_mandir}/man1/openvas-mkcert-client.1.*
%{_mandir}/man8/openvas-adduser.8.*
%{_mandir}/man8/openvas-mkcert.8.*
%{_mandir}/man8/openvas-rmuser.8.*
%{_mandir}/man8/openvassd.8.*
%{_mandir}/man8/openvas-nvt-sync.8.*
-%dir %{_var}/log/openvas
-%dir %{_var}/lib/openvas
-%dir %{_var}/lib/openvas/openvas-services
-%dir %{_var}/cache/openvas
-%config(noreplace) %{_sysconfdir}/logrotate.d/openvas-scanner
-%dir %{_libdir}/openvas
-%dir %{_libdir}/openvas/plugins
-%dir %{_libdir}/openvas/plugins/nvt
-%dir %{_libdir}/openvas/plugins/gsf
-%attr(644,root,root) %{_libdir}/openvas/plugins/*.nes
+%{_mandir}/man8/greenbone-nvt-sync.8.*
+#attr(644,root,root) _{_libdir}/openvas/plugins/*.nes
%changelog
+* Fri Mar 18 2011 Michal Ambroz <rebus at, seznam.cz> - 3.2.2-1
+- Bump to latest stable release 4
+
* Tue Feb 08 2011 Fedora Release Engineering <rel-eng at lists.fedoraproject.org> - 3.1.1-3
- Rebuilt for https://fedoraproject.org/wiki/Fedora_15_Mass_Rebuild
@@ -157,9 +215,6 @@ fi
* Tue Nov 23 2010 Stjepan Gros <stjepan.gros at gmail.com> - 3.1.1-1
- synced with upstream version
-* Thu Apr 16 2010 Michal Ambroz <rebus at, seznam.cz> - 3.0.2-4
-- subdirectories for nvt feeds
-
* Fri Apr 16 2010 Stjepan Gros <stjepan.gros at gmail.com> - 3.0.2-3
- Reverted plugin permissions to 644
- Removed non-existing provides
diff --git a/openvas-scanner.sysconfig b/openvas-scanner.sysconfig
index 129b32a..16431d0 100644
--- a/openvas-scanner.sysconfig
+++ b/openvas-scanner.sysconfig
@@ -1,3 +1,12 @@
+#Listen on given address - by default scanner listens on all addresses
+#SCANNER_LISTEN=127.0.0.1
+
+#Listen on given port - by default 9391
+SCANNER_PORT=9391
+
+#Send the packets with the source IP of IP1,IP2,IP3....
+#SCANNER_SRCIP=127.0.0.1,192.168.1.2
+
# Set to yes if plugins should be automatically updated via a cron job
auto_plugin_update=no
@@ -12,3 +21,4 @@ notify_openvas_scanner=yes
#NVT_DIR where to extract plugins (absolute path)
#OV_RSYNC_FEED URL of rsync feed
#OV_HTTP_FEED URL of http feed
+
diff --git a/openvassd.conf b/openvassd.conf
index 3685c9e..be59fe8 100644
--- a/openvassd.conf
+++ b/openvassd.conf
@@ -1,31 +1,29 @@
# Configuration file of the OpenVAS Security Scanner
-
-
# Every line starting with a '#' is a comment
[Misc]
-# Path to the security checks folder :
+# Path to the security checks folder:
plugins_folder = @@OPENVAS_PLUGINS@@
-# Path to OpenVAS caching folder:
+# Path to OpenVAS caching folder:
cache_folder = @@OPENVAS_CACHE@@
-# Path to OpenVAS include directories:
+# Path to OpenVAS include directories:
# (multiple entries are separated with colon ':')
include_folders = @@OPENVAS_PLUGINS@@
-# Maximum number of simultaneous hosts tested :
+# Maximum number of simultaneous hosts tested :
max_hosts = 30
-# Maximum number of simultaneous checks against each host tested :
+# Maximum number of simultaneous checks against each host tested :
max_checks = 10
# Niceness. If set to 'yes', openvassd will renice itself to 10.
be_nice = no
-# Log file (or 'syslog') :
+# Log file (or 'syslog') :
logfile = @@OPENVAS_LOGDIR@@/openvassd.log
# Shall we log every details of the attack ? (disk intensive)
@@ -37,57 +35,57 @@ log_plugins_name_at_load = no
# Dump file for debugging output, use `-' for stdout
dumpfile = @@OPENVAS_LOGDIR@@/openvassd.dump
-# Rules file :
+# Rules file :
rules = @@OPENVAS_SYSCONF@@/openvassd.rules
# CGI paths to check for (cgi-bin:/cgi-aws:/ can do)
cgi_path = /cgi-bin:/scripts
-# Range of the ports the port scanners will scan :
+# Range of the ports the port scanners will scan :
# 'default' means that OpenVAS will scan ports found in its
# services file.
port_range = default
-# Optimize the test (recommended) :
+# Optimize the test (recommended) :
optimize_test = yes
-
-
-# Optimization :
-# Read timeout for the sockets of the tests :
+# Optimization :
+# Read timeout for the sockets of the tests :
checks_read_timeout = 5
+
# Ports against which two plugins should not be run simultaneously :
# non_simult_ports = Services/www, 139, Services/finger
non_simult_ports = 139, 445
-# Maximum lifetime of a plugin (in seconds) :
-plugins_timeout = 320
+# Maximum lifetime of a plugin (in seconds) :
+plugins_timeout = 320
# Safe checks rely on banner grabbing :
safe_checks = yes
-
# Automatically activate the plugins that are depended on
auto_enable_dependencies = yes
-
# Do not echo data from plugins which have been automatically enabled
silent_dependencies = no
-
# Designate hosts by MAC address, not IP address (useful for DHCP networks)
use_mac_addr = no
#--- Knowledge base saving (can be configured by the client) :
-# Save the knowledge base on disk :
+# Save the knowledge base on disk :
save_knowledge_base = no
+
# Restore the KB for each test :
kb_restore = no
+
# Only test hosts whose KB we do not have :
only_test_hosts_whose_kb_we_dont_have = no
+
# Only test hosts whose KB we already have :
only_test_hosts_whose_kb_we_have = no
+
# KB test replay :
kb_dont_replay_scanners = no
kb_dont_replay_info_gathering = no
@@ -97,7 +95,6 @@ kb_max_age = 864000
#--- end of the KB section
-
# If this option is set, OpenVAS will not scan a network incrementally
# (10.0.0.1, then 10.0.0.2, 10.0.0.3 and so on..) but will attempt to
# slice the workload throughout the whole network (ie: it will scan
@@ -107,4 +104,15 @@ slice_network_addresses = no
# Should consider all the NASL scripts as being signed ? (unsafe if set to 'yes')
nasl_no_signature_check = yes
+#Certificates
+cert_file=@@OPENVAS_CERT@@/CA/servercert.pem
+key_file=@@OPENVAS_CERT@@/private/CA/serverkey.pem
+ca_file=@@OPENVAS_CERT@@/CA/cacert.pem
+
+# If you decide to protect your private key with a password,
+# uncomment and change next line
+# pem_password=password
+# If you want to force the use of a client certificate, uncomment next line
+# force_pubkey_auth = yes
+
#end.
diff --git a/sources b/sources
index 9c247ce..4a81dd7 100644
--- a/sources
+++ b/sources
@@ -1 +1 @@
-e8e0ff4caa00211b36a22056476fd84f openvas-scanner-3.1.1.tar.gz
+5649eb79602c8f071de6315407420d3f openvas-scanner-3.2.2.tar.gz
More information about the scm-commits
mailing list