diff options
| author |   Giuseppe Foti <foti.giuseppe@gmail.com> | 2023-05-20 19:31:02 +0200 |
|---|---|---|
| committer |   Florian Schmaus <flow@gentoo.org> | 2023-07-03 10:15:24 +0200 |
| commit | b3880f8eca49b733579f558fa8874fd7a6c0065b (patch) | |
| tree | 6ff2586e107e0fa44105d51cba58d515d0a57da5 /net-analyzer | |
| parent | net-analyzer/openvas-scanner: add 22.7.2 (diff) | |
| download | gentoo-b3880f8eca49b733579f558fa8874fd7a6c0065b.tar.gz gentoo-b3880f8eca49b733579f558fa8874fd7a6c0065b.tar.bz2 gentoo-b3880f8eca49b733579f558fa8874fd7a6c0065b.zip | |
net-analyzer/ospd-openvas: add 22.5.1
Signed-off-by: Giuseppe Foti <foti.giuseppe@gmail.com>
Signed-off-by: Florian Schmaus <flow@gentoo.org>
Diffstat (limited to 'net-analyzer')
6 files changed, 125 insertions, 0 deletions
diff --git a/net-analyzer/ospd-openvas/Manifest b/net-analyzer/ospd-openvas/Manifest index 62b5a8d2c3cc..b81230cc16a2 100644 --- a/net-analyzer/ospd-openvas/Manifest +++ b/net-analyzer/ospd-openvas/Manifest @@ -1 +1,2 @@ DIST ospd-openvas-21.4.4.tar.gz 173368 BLAKE2B 4568eb45bb999d0ff2cf91652dd56000bceb967f5c37c3061735322d1c72165f9b869c8b48694b37fd6d684679fa1bbff4a5550076bbcfcee5936b470cb04700 SHA512 3981b0a9044f90243fe06f15b0d8ee5a6b1a334556f6de76955aecda0404da2f8bd1d39bf547093a31c244f0aabae819f5e45e8c518984fc7d50764a267086e9 +DIST ospd-openvas-22.5.1.tar.gz 253605 BLAKE2B 6f4ecc31f1c47941154973bfca92818fdfe6942b5091d84234d81e287c0871f91deefc25f16790015ab1c57366b92ae42e236673c44848fdaab491caa042693f SHA512 2f92a09b4b9abced9f122eb2ac2dedf652b8c673e3d4ce5676a356da573816cd0f20769540a94919b35d6612ffb8a86b75dc704eae75c1e63150255e564e3349 diff --git a/net-analyzer/ospd-openvas/files/ospd-openvas-22.initd b/net-analyzer/ospd-openvas/files/ospd-openvas-22.initd new file mode 100644 index 000000000000..f43f75802729 --- /dev/null +++ b/net-analyzer/ospd-openvas/files/ospd-openvas-22.initd @@ -0,0 +1,21 @@ +#!/sbin/openrc-run +# Copyright 2020 Gentoo Authors +# Distributed under the terms of the GNU General Public License v2 + +name="remotely control an OpenVAS Scanner" +command=/usr/bin/ospd-openvas +pidfile="/run/${RC_SVCNAME}.pid" +command_args="${OSPD_OPENVAS_OPTIONS} \ + ${OSPD_OPENVAS_UNIX_SOCKET} \ + ${OSPD_OPENVAS_SOCKET_MODE} \ + --pid-file ${pidfile} \ + --config /etc/openvas/ospd.conf" + +depend() { + after bootmisc + need localmount redis-openvas +} + +start_pre() { + checkpath -d /var/run/ospd +} diff --git a/net-analyzer/ospd-openvas/files/ospd-openvas.service.conf b/net-analyzer/ospd-openvas/files/ospd-openvas.service.conf new file mode 100644 index 000000000000..976d81bc72bc --- /dev/null +++ b/net-analyzer/ospd-openvas/files/ospd-openvas.service.conf @@ -0,0 +1,7 @@ +[Unit] +After=network.target networking.service redis-openvas.service mosquitto.service +Wants=redis-openvas.service +PartOf=gvm.target + +[Service] +ExecStartPre=+setfacl -m u:gvm:rw /run/redis-openvas/redis.sock diff --git a/net-analyzer/ospd-openvas/files/ospd-openvas.service_notus.conf b/net-analyzer/ospd-openvas/files/ospd-openvas.service_notus.conf new file mode 100644 index 000000000000..cd8b7d8d0e70 --- /dev/null +++ b/net-analyzer/ospd-openvas/files/ospd-openvas.service_notus.conf @@ -0,0 +1,9 @@ +[Unit] +After=network.target networking.service redis-openvas.service mosquitto.service +Wants=redis-openvas.service +PartOf=gvm.target + +[Service] +ExecStartPre=+setfacl -m u:gvm:rw /run/redis-openvas/redis.sock +ExecStart= +ExecStart=/usr/bin/ospd-openvas --config /etc/gvm/ospd-openvas.conf --log-config /etc/gvm/ospd-logging.conf --lock-file-dir /var/lib/openvas --socket-mode 0o770 --mqtt-broker-address localhost --mqtt-broker-port 1883 --notus-feed-dir /var/lib/notus/advisories diff --git a/net-analyzer/ospd-openvas/metadata.xml b/net-analyzer/ospd-openvas/metadata.xml index 3f6d058084e3..18eb90f3e699 100644 --- a/net-analyzer/ospd-openvas/metadata.xml +++ b/net-analyzer/ospd-openvas/metadata.xml @@ -2,6 +2,10 @@ <!DOCTYPE pkgmetadata SYSTEM "https://www.gentoo.org/dtd/metadata.dtd"> <pkgmetadata> <maintainer type="person" proxied="yes"> + <email>foti.giuseppe@gmail.com</email> + <name>Giuseppe Foti</name> + </maintainer> + <maintainer type="person" proxied="yes"> <email>jonas.licht@gmail.com</email> <name>Jonas Licht</name> </maintainer> @@ -13,4 +17,10 @@ This is an OSP server implementation to allow GVM to remotely control OpenVAS. Once running, you need to configure OpenVAS for the Greenbone Vulnerability Manager, for example via the web interface Greenbone Security Assistant. Then you can create scan tasks to use OpenVAS. </longdescription> + <use> + <flag name="notus">Set systemd service file to use notus-scanner</flag> + </use> + <upstream> + <remote-id type="github">greenbone/ospd-openvas</remote-id> + </upstream> </pkgmetadata> diff --git a/net-analyzer/ospd-openvas/ospd-openvas-22.5.1.ebuild b/net-analyzer/ospd-openvas/ospd-openvas-22.5.1.ebuild new file mode 100644 index 000000000000..5aa80f75d415 --- /dev/null +++ b/net-analyzer/ospd-openvas/ospd-openvas-22.5.1.ebuild @@ -0,0 +1,77 @@ +# Copyright 2020-2023 Gentoo Authors +# Distributed under the terms of the GNU General Public License v2 + +EAPI=8 + +PYTHON_COMPAT=( python3_{10..11} ) +DISTUTILS_USE_PEP517=poetry +inherit distutils-r1 systemd + +DESCRIPTION="This is an OSP server implementation to allow GVM to remotely control OpenVAS" +HOMEPAGE="https://www.greenbone.net https://github.com/greenbone/ospd-openvas" +SRC_URI="https://github.com/greenbone/ospd-openvas/archive/v${PV}.tar.gz -> ${P}.tar.gz" + +LICENSE="AGPL-3+ GPL-2+" +SLOT="0" +KEYWORDS="~amd64 ~x86" +IUSE="doc +notus" + +DEPEND=" + acct-user/gvm + dev-python/defusedxml[${PYTHON_USEDEP}] + dev-python/deprecated[${PYTHON_USEDEP}] + dev-python/lxml[${PYTHON_USEDEP}] + >=dev-python/packaging-20.4[${PYTHON_USEDEP}] + dev-python/paramiko[${PYTHON_USEDEP}] + >=dev-python/psutil-5.7.0[${PYTHON_USEDEP}] + >=dev-python/redis-3.5.3[${PYTHON_USEDEP}] + >=dev-python/python-gnupg-0.5.0[${PYTHON_USEDEP}] + dev-libs/paho-mqtt-c + app-misc/mosquitto +" +RDEPEND=" + ${DEPEND} + app-admin/sudo + >=net-analyzer/openvas-scanner-${PV} + notus? ( >=net-analyzer/notus-scanner-22.4 ) +" + +distutils_enable_tests unittest + +python_compile() { + if use doc; then + bash "${S}"/docs/generate || die + HTML_DOCS=( "${S}"/docs/. ) + fi + distutils-r1_python_compile +} + +python_install() { + distutils-r1_python_install + + insinto /etc/gvm + doins config/${PN}.conf + if ! use prefix; then + fowners -R gvm:gvm /etc/gvm + fi + + newinitd "${FILESDIR}/${PN}-22.initd" "${PN}" + newconfd "${FILESDIR}/${PN}.confd" "${PN}" + + systemd_dounit config/${PN}.service + + if use notus; then + systemd_install_serviced "${FILESDIR}/ospd-openvas.service_notus.conf" \ + ${PN}.service + else + systemd_install_serviced "${FILESDIR}/ospd-openvas.service.conf" \ + ${PN}.service + fi + + # OSPD OpenVAS attempts to call openvas via sudo as network security + # scanning often requires priviliged operations. + insinto /etc/sudoers.d + newins - openvas <<-EOF + gvm ALL = NOPASSWD: /usr/bin/openvas +EOF +} |