summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorHasan ÇALIŞIR <hasan.calisir@psauxit.com>2019-02-07 04:51:45 +0300
committerPatrice Clement <monsieurp@gentoo.org>2019-03-13 15:58:51 +0100
commit87057ce7dbb83050472c6ee39f083a229aee2eed (patch)
tree64f3bdbd8e79e5c4329954da592bff8d06b93a31 /net-analyzer/openvas-scanner
parentnet-analyzer/openvas-libraries: version bump to 9.0.3. (diff)
downloadgentoo-87057ce7dbb83050472c6ee39f083a229aee2eed.tar.gz
gentoo-87057ce7dbb83050472c6ee39f083a229aee2eed.tar.bz2
gentoo-87057ce7dbb83050472c6ee39f083a229aee2eed.zip
net-analyzer/openvas-scanner: version bump to 5.1.3.
Bump to 5.1.3. This also brings new improvements and introduces the new USE flag 'extras'. Introduces three new patches which fixes build and QA issues: - gcc8.patch fixes gcc-8 build issue. - nvt.patch fixes nvt category issue. - cachedir.patch fixes unnecessary directory install QA issue. Introduces two new useful scripts: - first-start script checks setup and ready it for first time use. - openvas-feed-sync script updates OpenVAS feeds from cron. Introduces one new example file for proper redis configuration. redis.conf.example is proper example config file for package. systemd & init script files updated. Because of new dependencies ~arm ~ppc keywords have been dropped. This package is part of net-analyzer/openvas. Reported-by: NP-Hardass <np-hardass@gentoo.org> Acked-by: Hasan ÇALIŞIR <hasan.calisir@psauxit.com> Tested-by: Hasan ÇALIŞIR <hasan.calisir@psauxit.com> Signed-off-by: Hasan ÇALIŞIR <hasan.calisir@psauxit.com> Package-Manager: Portage-2.3.51, Repoman-2.3.11 Signed-off-by: Patrice Clement <monsieurp@gentoo.org>
Diffstat (limited to 'net-analyzer/openvas-scanner')
-rw-r--r--net-analyzer/openvas-scanner/Manifest1
-rwxr-xr-xnet-analyzer/openvas-scanner/files/first-start634
-rwxr-xr-xnet-analyzer/openvas-scanner/files/openvas-feed-sync627
-rw-r--r--net-analyzer/openvas-scanner/files/openvas-scanner-5.1.3-cachedir.patch42
-rw-r--r--net-analyzer/openvas-scanner/files/openvas-scanner-5.1.3-gcc8.patch42
-rw-r--r--net-analyzer/openvas-scanner/files/openvas-scanner-5.1.3-nvt.patch93
-rw-r--r--net-analyzer/openvas-scanner/files/openvas-scanner-daemon.conf9
-rw-r--r--net-analyzer/openvas-scanner/files/openvas-scanner.init25
-rw-r--r--net-analyzer/openvas-scanner/files/openvas-scanner.logrotate11
-rw-r--r--net-analyzer/openvas-scanner/files/openvas-scanner.service21
-rw-r--r--net-analyzer/openvas-scanner/files/openvas-scanner.tmpfiles.d1
-rw-r--r--net-analyzer/openvas-scanner/files/openvassd.conf123
-rw-r--r--net-analyzer/openvas-scanner/files/redis.conf.example57
-rw-r--r--net-analyzer/openvas-scanner/metadata.xml12
-rw-r--r--net-analyzer/openvas-scanner/openvas-scanner-5.1.3.ebuild97
15 files changed, 1700 insertions, 95 deletions
diff --git a/net-analyzer/openvas-scanner/Manifest b/net-analyzer/openvas-scanner/Manifest
index db79fe5dc715..2bb7d462564b 100644
--- a/net-analyzer/openvas-scanner/Manifest
+++ b/net-analyzer/openvas-scanner/Manifest
@@ -1 +1,2 @@
DIST openvas-scanner-5.0.4.tar.gz 236282 BLAKE2B 3105afe0fd819773b33c8194e0addaad70af4692578fe3bfbd76166004ca99e25f2f22a946810fe52da747242f1e45bae00766c4687676ec70df2d7349fa4509 SHA512 51267f832a104897a497b5dc71d1b804de4db77742e2234d111a00b1e0e01536613b16ff48d23a37013178b016b39408a25d18a694980c7e6fc600824e05e149
+DIST openvas-scanner-5.1.3.tar.gz 254159 BLAKE2B d90fa15e143ead53abce66f933a3a4cac327176cca0f23bd88fe771ed7726b1891784ae980644c8335e560d348753115e43cfae83af9704e2d1d02827163563f SHA512 5712ab275058877cfd656e268ed09c81db6617ae247c17092f1fcd037f692f2018daf21b09b82401f99a7361bb485f0e0f7d63f8ff2387839cfdd5a3aaf8424e
diff --git a/net-analyzer/openvas-scanner/files/first-start b/net-analyzer/openvas-scanner/files/first-start
new file mode 100755
index 000000000000..95811a56b19d
--- /dev/null
+++ b/net-analyzer/openvas-scanner/files/first-start
@@ -0,0 +1,634 @@
+#!/bin/bash
+# Copyright 1999-2019 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+# This is OpenVAS first-start/check-setup script which make things automatically for first time use.
+
+
+##################################################################################################
+# If you use systemd or init.d(open-rc) for OpenVAS daemons you don't need to set below settings.#
+# If you don't use any of them you can set the below command args to start daemons manually. #
+##################################################################################################
+
+# OpenVAS Manager command args
+OPENVAS_MANAGER_OPTIONS="" # e.g --foreground
+OPENVAS_MANAGER_PORT="--port=9390" # Manager listen port
+OPENVAS_MANAGER_LISTEN_ADDRESS="--listen=127.0.0.1" # Manager listen address
+OPENVAS_MANAGER_SCANNER_HOST="--scanner-host=/var/run/openvassd.sock" # Scanner unix socket
+OPENVAS_MANAGER_GNUTLS_PRIORITIES="--gnutls-priorities=SECURE256:+SUITEB192:+SECURE192:+SECURE128:+SUITEB128:-MD5:-SHA1:-VERS-TLS1.0:-VERS-TLS1.1:-VERS-SSL3.0"
+
+# OpenVAS Scanner command args
+OPENVAS_SCANNER_OPTIONS="" # e.g --foreground
+OPENVAS_SCANNER_LISTEN_SOCKET="--unix-socket=/var/run/openvassd.sock" # Scanner listen socket
+
+# OpenVAS Security Assistant command args for reverse proxying | SSL PassThrough
+OPENVAS_SECURITY_ASSISTANT_OPTIONS="--no-redirect" # Don't listen port 80 anymore for reverse proxy
+OPENVAS_SECURITY_ASSISTANT_LISTEN_ADDRESS="--listen=127.0.0.1" # WebUI adress
+OPENVAS_SECURITY_ASSISTANT_LISTEN_PORT="--port=9392" # WebUI Port
+OPENVAS_SECURITY_ASSISTANT_MANAGER_LISTEN_ADDRESS="--mlisten=127.0.0.1" # WebUI Manager Address
+OPENVAS_SECURITY_ASSISTANT_MANAGER_PORT="--mport=9390" # WebUI Manager Port
+OPENVAS_SECURITY_ASSISTANT_GNUTLS_PRIORITIES="--gnutls-priorities=NORMAL" # TLS Settings
+
+#####################################################################################################
+
+# Update Environment
+source /etc/profile &>/dev/null
+source /etc/environment &>/dev/null
+source ~/.bash_profile &>/dev/null
+
+# Check the needed executables.They are in our environment and have +x?
+if ! [ -x "$(command -v openvasmd)" ] ||
+ ! [ -x "$(command -v openvassd)" ] ||
+ ! [ -x "$(command -v redis-server)" ] ||
+ ! [ -x "$(command -v openvas-manage-certs)" ] ||
+ ! [ -x "$(command -v greenbone-nvt-sync)" ] ||
+ ! [ -x "$(command -v greenbone-scapdata-sync)" ] ||
+ ! [ -x "$(command -v greenbone-certdata-sync)" ]; then
+ path="1"
+ else
+ path="0"
+fi
+
+# Check Security-Assistant is exist
+if ! [ -x "$(command -v gsad)" ]; then
+ gsad="1"
+ else
+ gsad="0"
+fi
+# Executables are not in our environment
+if [ $path -eq 1 ]; then
+ echo "Can't find executables! If you installed OpenVAS to specific location e.g. /opt"
+ echo "please add these PATHS to /etc/profile,also sure that they are executable"
+ exit 1
+fi
+
+# Check systemd and enable services for Gentoo/Linux
+if command -v systemctl &>/dev/null; then
+ systemctl="0"
+ echo "systemd found."
+ systemctl enable openvas-scanner.service &>/dev/null
+ if [ $? -eq 0 ]; then
+ echo "systemd.Gentoo --> openvas-scanner.service enabled."
+ fi
+ systemctl enable gvmd.service &>/dev/null
+ if [ $? -eq 0 ]; then
+ echo "systemd.Gentoo --> gvmd.service enabled."
+ fi
+ systemctl enable gsa.service &>/dev/null
+ if [ $? -eq 0 ]; then
+ echo "systemd.Gentoo --> gsa.service enabled."
+ fi
+ else
+ systemctl="1"
+fi
+
+# Check open-rc if exist
+if command -v rc-service &>/dev/null; then
+ open_rc="0"
+ else
+ open_rc="1"
+fi
+
+# open-rc variables
+if [ $systemctl -eq 1 ] && [ $open_rc -eq 0 ]; then
+ echo "open-rc found."
+ scanner_init="0"
+ manager_init="0"
+ assistant_init="0"
+ redis_init="0"
+fi
+
+# Check status of OpenVAS-Scanner systemd unit
+if [ $systemctl -eq 0 ] &&
+ ([ "$(systemctl is-active openvas-scanner.service)" = "active" ] ||
+ [ "$(systemctl list-unit-files | grep 'enabled' | grep 'openvas-scanner.service' | awk '{print $1}')" = "openvas-scanner.service" ]); then
+ scanner="0"
+ else
+ scanner="1"
+fi
+
+# Check status of OpenVAS-Manager systemd unit
+if [ $systemctl -eq 0 ] &&
+ ([ "$(systemctl is-active gvmd.service)" = "active" ] ||
+ [ "$(systemctl list-unit-files | grep 'enabled' | grep 'gvmd.service' | awk '{print $1}')" = "gvmd.service" ]); then
+ manager="0"
+ else
+ manager="1"
+fi
+
+# Check status of OpenVAS-Assistant systemd unit
+if [ $systemctl -eq 0 ] &&
+ ([ "$(systemctl is-active gsa.service)" = "active" ] ||
+ [ "$(systemctl list-unit-files | grep 'enabled' | grep 'gsa.service' | awk '{print $1}')" = "gsa.service" ]); then
+ assistant="0"
+ else
+ assistant="1"
+fi
+
+# Check status of Redis systemd unit
+if [ $systemctl -eq 0 ] &&
+ ([ "$(systemctl is-active redis.service)" = "active" ] ||
+ [ "$(systemctl list-unit-files | grep 'enabled' | grep 'redis.service' | awk '{print $1}')" = "redis.service" ]); then
+ redis="0"
+ else
+ redis="1"
+fi
+
+# We need to find correct service name for restarting.
+if [ $scanner -eq 1 ] || [ $manager -eq 1 ] || [ $assistant -eq 1 ] || [ $redis -eq 1 ]; then
+ WHICHM="ExecStart=$(type openvasmd | awk '{print $3}')"
+ WHICHS="ExecStart=$(type openvassd | awk '{print $3}')"
+ WHICHA="ExecStart=$(type gsad | awk '{print $3}')"
+ WHICHR="ExecStart=$(type redis-server | awk '{print $3}')"
+
+ # If you have unordinary systemd path you can add here
+ DIR="/lib/systemd/system/
+ /etc/systemd/system/
+ /usr/lib/systemd/system/
+ /usr/local/lib/systemd/system/"
+
+ # Find OpenVAS daemons systemd files if exist
+ for i in $DIR; do
+ if [ -d "$i" ]; then
+ grep -rilnw "$i" -e "$WHICHM" | cut -d: -f1 | grep -oP "$i\K.*" &>>/tmp/openvas_GVM_manager_service.out
+ grep -rilnw "$i" -e "$WHICHS" | cut -d: -f1 | grep -oP "$i\K.*" &>>/tmp/openvas_GVM_scanner_service.out
+ grep -rilnw "$i" -e "$WHICHA" | cut -d: -f1 | grep -oP "$i\K.*" &>>/tmp/openvas_GVM_assistant_service.out
+ grep -rilnw "$i" -e "$WHICHR" | cut -d: -f1 | grep -oP "$i\K.*" &>>/tmp/openvas_GVM_redis_service.out
+ fi
+ done
+
+ manager_service="$(while IFS= read -r service; do
+ systemctl list-unit-files | grep -P "(^|\s)\K$service(?=\s|$)" | awk '{print $1}'
+ done < /tmp/openvas_GVM_manager_service.out)"
+ scanner_service="$(while IFS= read -r service; do
+ systemctl list-unit-files | grep -P "(^|\s)\K$service(?=\s|$)" | awk '{print $1}'
+ done < /tmp/openvas_GVM_scanner_service.out)"
+ assistant_service="$(while IFS= read -r service; do
+ systemctl list-unit-files | grep -P "(^|\s)\K$service(?=\s|$)" | awk '{print $1}'
+ done < /tmp/openvas_GVM_assistant_service.out)"
+ redis_service="$(while IFS= read -r service; do
+ systemctl list-unit-files | grep -P "(^|\s)\K$service(?=\s|$)" | awk '{print $1}'
+ done < /tmp/openvas_GVM_redis_service.out)"
+
+ rm -rf /tmp/openvas_GVM*
+ COUNTM=$(wc -w <<< "${manager_service}")
+ COUNTS=$(wc -w <<< "${scanner_service}")
+ COUNTA=$(wc -w <<< "${assistant_service}")
+ COUNTR=$(wc -w <<< "${redis_service}")
+
+ if [ -n "$manager_service" ] && [ $manager -eq 1 ]; then
+ if [ "$(systemctl list-unit-files | grep 'enabled' | grep $manager_service | awk '{print $1}')" = "$manager_service" ]; then
+ echo "systemd --> OpenVAS Manager '$manager_service' found."
+ else
+ echo "systemd --> '$manager_service' found but not enabled."
+ echo "are you sure this is the correct systemd service for Openvas Manager"
+ while true; do
+ read -n 1 -p "do you want to enable '$manager_service'? --> (Y)es | (N)o | (Q)uit" answer
+ echo
+ case $answer in
+ [Yy]* ) systemctl enable "$manager_service" &>/dev/null; echo "systemd --> '$manager_service' enabled"; break;;
+ [Nn]* ) manager_service=""; echo "it seems you are not sure.ok i don't use $manager_service"; break;;
+ [Qq]* ) exit;;
+ * ) echo "Please answer yes,no or quit.";;
+ esac
+ done
+ fi
+ fi
+
+ if [ -n "$scanner_service" ] && [ $scanner -eq 1 ]; then
+ if [ "$(systemctl list-unit-files | grep 'enabled' | grep $scanner_service | awk '{print $1}')" = "$scanner_service" ]; then
+ echo "systemd --> OpenVAS Scanner '$scanner_service' found."
+ else
+ echo "systemd --> '$scanner_service' found but not enabled."
+ echo "are you sure this is the correct systemd service for Openvas Scanner"
+ while true; do
+ read -n 1 -p "do you want to enable '$scanner_service'? --> (Y)es | (N)o | (Q)uit" answer
+ echo
+ case $answer in
+ [Yy]* ) systemctl enable "$scanner_service" &>/dev/null; echo "systemd --> '$scanner_service' enabled"; break;;
+ [Nn]* ) scanner_service=""; echo "it seems you are not sure.ok i don't use $scanner_service"; break;;
+ [Qq]* ) exit;;
+ * ) echo "Please answer yes,no or quit.";;
+ esac
+ done
+ fi
+ fi
+
+ if [ -n "$assistant_service" ] && [ $scanner -eq 1 ]; then
+ if [ "$(systemctl list-unit-files | grep 'enabled' | grep $assistant_service | awk '{print $1}')" = "$assistant_service" ]; then
+ echo "systemd --> GSA '$assistant_service' found."
+ else
+ echo "systemd --> '$assistant_service' found but not enabled."
+ echo "are you sure this is the correct systemd service for Greenbone Security Assistant"
+ while true; do
+ read -n 1 -p "do you want to enable '$assistant_service'? --> (Y)es | (N)o | (Q)uit" answer
+ echo
+ case $answer in
+ [Yy]* ) systemctl enable "$assistant_service" &>/dev/null; echo "systemd --> '$assistant_service' enabled"; break;;
+ [Nn]* ) assistant_service=""; echo "it seems you are not sure.ok i don't use $assistant_service"; break;;
+ [Qq]* ) exit;;
+ * ) echo "please answer yes,no or quit.";;
+ esac
+ done
+ fi
+ fi
+
+ if [ -n "$redis_service" ] && [ $scanner -eq 1 ]; then
+ if [ "$(systemctl list-unit-files | grep 'enabled' | grep $redis_service | awk '{print $1}')" = "$redis_service" ]; then
+ echo "systemd --> redis '$redis_service' found."
+ else
+ echo "systemd --> '$redis_service' found but not enabled."
+ echo "are you sure this is the correct systemd service for redis-server"
+ while true; do
+ read -n 1 -p "do you want to enable '$redis_service'? --> (Y)es | (N)o | (Q)uit" answer
+ echo
+ case $answer in
+ [Yy]* ) systemctl enable "$redis_service" &>/dev/null; echo "systemd --> '$redis_service' enabled"; break;;
+ [Nn]* ) redis_service=""; echo "it seems you are not sure.ok i don't use $redis_service"; break;;
+ [Qq]* ) exit;;
+ * ) echo "please answer yes,no or quit.";;
+ esac
+ done
+ fi
+ fi
+
+ if [ $COUNTM -gt 1 ] || [ $COUNTS -gt 1 ] || [ $COUNTR -gt 1 ]; then
+ echo "you have more than one enabled systemd service for single daemon"
+ echo " check OpenVAS and Redis systemd unit files to fix it"
+ exit 1
+ fi
+fi
+
+restart_redis () {
+if [ $redis -eq 0 ]; then
+ systemctl restart redis.service &>/dev/null
+ if [ $? -eq 0 ]; then
+ echo "systemd --> redis.service is restarted."
+ else
+ echo "systemd --> redis.service cannot restarted."
+ exit 1
+ fi
+elif [[ -n "$redis_service" ]]; then
+ systemctl restart "$redis_service" &>/dev/null
+ if [ $? -eq 0 ]; then
+ echo "systemd --> $redis_service is restarted."
+ else
+ echo "systemd --> $redis_service cannot restarted."
+ exit 1
+ fi
+elif [[ -n "$redis_init" ]]; then
+ rc-service redis stop
+ sleep 5
+ rc-service redis start
+ if [ $? -eq 0 ]; then
+ echo "open-rc --> redis is restarted."
+ else
+ echo "open-rc --> redis cannot restarted."
+ exit 1
+ fi
+fi
+}
+
+build_nvt () {
+if ps aux | grep -v "grep" | grep -P "(^|\s)\Kopenvassd:(?=\s|$)" &>/dev/null; then
+ ps aux | grep -v "grep" | grep -P "(^|\s)\Kopenvassd:(?=\s|$)" | awk '{print $2}' | xargs kill -9 &>/dev/null
+ openvassd --foreground --only-cache &>/dev/null
+ if [ $? -eq 0 ]; then
+ echo "building NVT cache is done."
+ else
+ echo "building NVT cache is failed.."
+ exit 1
+ fi
+ else
+ openvassd --foreground --only-cache &>/dev/null
+ if [ $? -eq 0 ]; then
+ echo "building NVT cache is done."
+ else
+ echo "building NVT cache is failed.."
+ exit 1
+ fi
+fi
+}
+
+create_user () {
+GREEN="`tput setaf 2`"
+RED="`tput setaf 1`"
+norm="`tput sgr0`"
+echo "creating WebUI User.."
+openvasmd --create-user=admin --role=Admin &>/tmp/openvas_user.out
+if [ $? -eq 0 ]; then
+ username="admin"
+ password="$(cat /tmp/openvas_user.out | awk '{print $5}' | cut -c2-)"
+ echo "${RED}!WebUI Address : ${GREEN}127.0.0.1:9392"
+ echo "${RED}!WebUI Username: ${GREEN}$username"
+ echo "${RED}!WebUI Password: ${GREEN}${password%??}${norm}"
+ else
+ echo "$(cat /tmp/openvas_user.out)"
+ echo "these are active users for WebUI"
+ openvasmd --get-users
+fi
+rm -rf /tmp/openvas_user.out
+}
+
+# Redis & OpenVAS Scanner socket connection check for Gentoo/Linux
+if [[ -e /etc/redis.conf ]]; then
+ if [ "$(openvassd -s | grep 'kb_location' | awk '{print $3}')" = "$(cat /etc/redis.conf | grep -P '(^|\s)\Kunixsocket(?=\s|$)' | awk '{print $2}')" ]; then
+ echo "redis server properly configured."
+ else
+ redis_sock="$(openvassd -s | grep 'kb_location' | awk '{print $3}')"
+ echo "redis server is not properly configured."
+ echo "be sure redis server listening unix socket at $redis_sock"
+ echo "you can find example redis.conf file in /etc/openvas/redis.conf.example"
+ exit 1
+ fi
+fi
+
+# Redis & OpenVAS Scanner socket connection check for other linux distros
+if [[ -e /etc/redis/redis.conf ]]; then
+ if [ "$(openvassd -s | grep 'kb_location' | awk '{print $3}')" = "$(cat /etc/redis/redis.conf | grep -P '(^|\s)\Kunixsocket(?=\s|$)' | awk '{print $2}')" ]; then
+ echo "redis server properly configured."
+ else
+ redis_sock="$(openvassd -s | grep 'kb_location' | awk '{print $3}')"
+ echo "redis server is not properly configured."
+ echo "be sure redis server listening unix socket at $redis_sock"
+ exit 1
+ fi
+fi
+
+# Create certificates for fresh install
+openvas-manage-certs -a &>/dev/null
+if [ $? -eq 0 ]; then
+ echo "certificates created."
+
+elif [ "$(openvas-manage-certs -a | grep -ow 'Existing')" = "Existing" ]; then
+ echo "certificates already created."
+
+else
+ echo "certificates cannot created."
+ exit 1
+fi
+
+# Start to update FEED & First NVT.
+try=0
+until [ $try -ge 5 ]; do
+ greenbone-nvt-sync &>/dev/null && break
+ echo "can't connected! trying to update greenbone-nvt again.."
+ try=$[$try+1]
+ sleep 30
+done
+
+# Check status
+if [ $? -eq 0 ]; then
+ echo "greenbone-nvt-sync is done."
+ # Avoid your IP temporary banned because of multiple connection
+ sleep 5
+ # Try to update scapdata.
+ try=0
+ until [ $try -ge 5 ]; do
+ greenbone-scapdata-sync &>/dev/null && break
+ echo "can't connected! trying to update greenbone-scapdata again.."
+ try=$[$try+1]
+ sleep 30
+ done
+ # Check status
+ if [ $? -eq 0 ]; then
+ echo "greenbone-scapdata-sync is done."
+ # Avoid your IP temporary banned because of multiple connection
+ sleep 5
+ # Try to update certdata
+ try=0
+ until [ $try -ge 5 ]; do
+ greenbone-certdata-sync &>/dev/null && break
+ echo "can't connected! Trying to update greenbone-certdata again.."
+ try=$[$try+1]
+ sleep 30
+ done
+ # Check status
+ if [ $? -eq 0 ]; then
+ echo "greenbone-certdata-sync is done."
+ echo "building NVT cache this will take some time.."
+ build_nvt
+ # Check OpenVAS-Scanner is running
+ if ps aux | grep -v "grep" | grep -P "(^|\s)\Kopenvassd:(?=\s|$)" &>/dev/null; then
+ echo "OpenVAS-Scanner is running."
+ echo "building Database this will take some time.."
+ openvasmd --rebuild --progress &>/dev/null
+ elif [ $scanner -eq 0 ]; then
+ # Start OpenVAS-Scanner systemd unit & Rebuild Cache
+ echo "systemd --> OpenVAS-Scanner is not running! trying to up.."
+ systemctl start openvas-scanner.service &>/dev/null
+ if [ $? -eq 0 ]; then
+ # Wait for initialize
+ until [ "$(ps aux | grep -v 'grep' | grep -ow 'openvassd: Waiting')" = "openvassd: Waiting" ]; do
+ sleep 15
+ echo "waiting for OpenVAS-Scanner to become ready.."
+ done
+ echo "systemd --> openvas-scanner.service started and waiting for connection."
+ echo "building database this will take some time.."
+ # Rebuild Cache
+ openvasmd --rebuild --progress &>/dev/null
+ else
+ echo "systemd --> openvas-scanner.service cannot started.."
+ exit 1
+ fi
+ elif [[ -n "$scanner_service" ]]; then
+ echo "systemd --> OpenVAS-Scanner is down! trying to up.."
+ systemctl start "$scanner_service" &>/dev/null
+ if [ $? -eq 0 ]; then
+ # Wait for initialize
+ until [ "$(ps aux | grep -v 'grep' | grep -ow 'openvassd: Waiting')" = "openvassd: Waiting" ]; do
+ sleep 15
+ echo "waiting for OpenVAS-Scanner to become ready.."
+ done
+ echo "systemd --> $scanner_service is started and waiting for connection."
+ echo "building database this will take some time.."
+ # Rebuild Cache
+ openvasmd --rebuild --progress &>/dev/null
+ else
+ echo "systemd --> $scanner_service cannot started.."
+ exit 1
+ fi
+ elif [[ -n "$scanner_init" ]]; then
+ # Start OpenVAS-Scanner with init.d (open-rc) & Rebuild Cache
+ echo "open-rc --> OpenVAS-Scanner is down! trying to up.."
+ rc-service openvas-scanner start &>/dev/null
+ if [ $? -eq 0 ]; then
+ # Wait for initialize
+ until [ "$(ps aux | grep -v 'grep' | grep -ow 'openvassd: Waiting')" = "openvassd: Waiting" ]; do
+ sleep 15
+ echo "waiting for OpenVAS-Scanner to become ready.."
+ done
+ echo "rc-service --> openvas-scanner started and waiting for connection."
+ echo "building database this will take some time.."
+ # Rebuild Cache
+ openvasmd --rebuild --progress &>/dev/null
+ else
+ echo "rc-service --> openvas-scanner cannot started.."
+ exit 1
+ fi
+ else
+ echo "OpenVAS-Scanner is not running! Trying to up.."
+ openvassd "$OPENVAS_SCANNER_OPTIONS" "$OPENVAS_SCANNER_LISTEN_SOCKET" &>/dev/null
+ # Wait for initialize
+ if [ $? -eq 0 ]; then
+ until [ "$(ps aux | grep -v 'grep' | grep -ow 'openvassd: Waiting')" = "openvassd: Waiting" ]; do
+ sleep 15
+ echo "waiting for OpenVAS-Scanner to become ready.."
+ done
+ else
+ echo "OpenVAS Scanner cannot started manually.."
+ exit 1
+ fi
+ echo "OpenVAS-Scanner started manually and waiting for connection."
+ echo "building database this will take some time.."
+ # Rebuild Cache
+ openvasmd --rebuild --progress &>/dev/null
+ fi
+ # Check status
+ if [ $? -eq 0 ]; then
+ echo "building database is done"
+ create_user
+ # Restart OpenVAS-Scanner
+ if [ $scanner -eq 0 ]; then
+ ps aux | grep -v "grep" | grep -P "(^|\s)\Kopenvassd:(?=\s|$)" | awk '{print $2}' | xargs kill -9 &>/dev/null
+ restart_redis
+ sleep 3
+ systemctl restart openvas-scanner.service &>/dev/null
+ elif [[ -n "$scanner_service" ]]; then
+ ps aux | grep -v "grep" | grep -P "(^|\s)\Kopenvassd:(?=\s|$)" | awk '{print $2}' | xargs kill -9 &>/dev/null
+ restart_redis
+ sleep 3
+ systemctl restart "$scanner_service" &>/dev/null
+ elif [[ -n "$scanner_init" ]]; then
+ ps aux | grep -v "grep" | grep -P "(^|\s)\Kopenvassd:(?=\s|$)" | awk '{print $2}' | xargs kill -9 &>/dev/null
+ restart_redis
+ sleep 3
+ rc-service openvas-scanner start &>/dev/null
+ else
+ ps aux | grep -v "grep" | grep -P "(^|\s)\Kopenvassd:(?=\s|$)" | awk '{print $2}' | xargs kill -9 &>/dev/null
+ restart_redis
+ sleep 3
+ openvassd "$OPENVAS_SCANNER_OPTIONS" "$OPENVAS_SCANNER_LISTEN_SOCKET" &>/dev/null
+ fi
+ if [ $? -eq 0 ]; then
+ until [ "$(ps aux | grep -v 'grep' | grep -ow 'openvassd: Waiting')" = "openvassd: Waiting" ]; do
+ sleep 10
+ echo "waiting for OpenVAS-Scanner to become ready.."
+ done
+ echo "OpenVAS-Scanner is restarted."
+ # Restart OpenVAS-Manager
+ if [ $manager -eq 0 ]; then
+ ps aux | grep -v "grep" | grep -P "(^|\s)\Kopenvasmd(?=\s|$)" | awk '{print $2}' | xargs kill -9 &>/dev/null
+ sleep 5
+ systemctl restart gvmd.service &>/dev/null
+ if [ $? -eq 0 ]; then
+ success="0"
+ echo "systemd --> gvmd.service is restarted."
+ echo "OpenVAS setup is ok."
+ else
+ echo "systemd --> gvmd.service cannot restarted."
+ echo "OpenVAS setup is not ok!"
+ exit 1
+ fi
+ elif [[ -n "$manager_service" ]]; then
+ ps aux | grep -v "grep" | grep -P "(^|\s)\Kopenvasmd(?=\s|$)" | awk '{print $2}' | xargs kill -9 &>/dev/null
+ sleep 5
+ systemctl restart "$manager_service" &>/dev/null
+ if [ $? -eq 0 ]; then
+ success="0"
+ echo "systemd --> $manager_service is restarted"
+ echo "OpenVAS setup is ok."
+ else
+ echo "systemd --> $manager_service cannot restarted"
+ echo "OpenVAS setup is not ok!"
+ exit 1
+ fi
+ elif [[ -n "$manager_init" ]]; then
+ ps aux | grep -v "grep" | grep -P "(^|\s)\Kopenvasmd(?=\s|$)" | awk '{print $2}' | xargs kill -9 &>/dev/null
+ sleep 5
+ rc-service gvmd start &>/dev/null
+ if [ $? -eq 0 ]; then
+ success="0"
+ echo "open-rc --> gvmd is restarted"
+ echo "OpenVAS setup is ok."
+ else
+ echo "open-rc --> gvmd cannot restarted"
+ echo "OpenVAS setup is not ok!"
+ exit 1
+ fi
+ else
+ ps aux | grep -v "grep" | grep -P "(^|\s)\Kopenvasmd(?=\s|$)" | awk '{print $2}' | xargs kill -9 &>/dev/null
+ sleep 5
+ openvasmd "$OPENVAS_MANAGER_OPTIONS" "$OPENVAS_MANAGER_PORT" "$OPENVAS_MANAGER_LISTEN_ADDRESS" "$OPENVAS_MANAGER_SCANNER_HOST" "$OPENVAS_MANAGER_GNUTLS_PRIORITIES" &>/dev/null
+ if [ $? -eq 0 ]; then
+ success="0"
+ echo "OpenVAS-Manager is restarted manually"
+ echo "OpenVAS setup is ok."
+ else
+ echo "OpenVAS-Manager cannot restarted"
+ echo "OpenVAS setup is not ok!"
+ exit 1
+ fi
+ fi
+ else
+ echo "OpenVAS setup is not ok! OpenVAS-scanner cannot restarted."
+ fi
+ else
+ echo "OpenVAS setup is not ok! OpenVAS database build failed."
+ fi
+ else
+ echo "OpenVAS setup is not ok! OpenVAS Certdata sync failed."
+ fi
+ else
+ echo "OpenVAS setup is not ok! OpenVAS Scapdata sync failed."
+ fi
+ else
+ echo "OpenVAS setup is not ok! OpenVAS NVT sync update failed."
+fi
+
+# Restart WebUI
+if [[ -n "$success" ]] && [ $gsad -eq 0 ]; then
+ WHICHA="$(type gsad | awk '{print $3}')"
+ if [ $assistant -eq 0 ]; then
+ # Time to restart OpenVAS-Security Assistant
+ ps aux | grep -v "grep" | grep -P "(^|\s)\K$WHICHA(?=\s|$)" | awk '{print $2}' | xargs kill -9 &>/dev/null
+ sleep 5
+ systemctl restart gsa.service &>/dev/null
+ if [ $? -eq 0 ]; then
+ echo "systemd --> gsa.service (OpenVAS WebUI) is restarted and ready for connection"
+ else
+ echo "systemd --> gsa.service (OpenVAS-WebUI) cannot restarted"
+ fi
+ elif [[ -n "$assistant_service" ]]; then
+ if [ $COUNTA -eq 1 ]; then
+ ps aux | grep -v "grep" | grep -P "(^|\s)\K$WHICHA(?=\s|$)" | awk '{print $2}' | xargs kill -9 &>/dev/null
+ sleep 5
+ systemctl restart "$assistant_service" &>/dev/null
+ if [ $? -eq 0 ]; then
+ echo "systemd --> $assistant_service (OpenVAS WebUI) is restarted and ready for connection"
+ else
+ echo "systemd --> $assistan_service (OpenVAS WebUI) cannot restarted."
+ fi
+ else
+ echo "systemd --> OpenVAS WebUI cannot restarted! you have multiple enabled systemd services ($assistant_service)"
+ exit 1
+ fi
+ elif [[ -n "$assistant_init" ]]; then
+ ps aux | grep -v "grep" | grep -P "(^|\s)\K$WHICHA(?=\s|$)" | awk '{print $2}' | xargs kill -9 &>/dev/null
+ sleep 5
+ rc-service gsa start &>/dev/null
+ if [ $? -eq 0 ]; then
+ echo "open-rc --> gsa (OpenVAS WebUI) is restarted"
+ else
+ echo "open-rc --> gsa (OpenVAS WebUI) cannot restarted."
+ fi
+ else
+ ps aux | grep -v "grep" | grep -P "(^|\s)\K$WHICHA(?=\s|$)" | awk '{print $2}' | xargs kill -9 &>/dev/null
+ sleep 5
+ gsad "$OPENVAS_SECURITY_ASSISTANT_OPTIONS" "$OPENVAS_SECURITY_ASSISTANT_LISTEN_ADDRESS" "$OPENVAS_SECURITY_ASSISTANT_LISTEN_PORT" "$OPENVAS_SECURITY_ASSISTANT_MANAGER_LISTEN_ADDRESS" "$OPENVAS_SECURITY_ASSISTANT_MANAGER_LISTEN_PORT" "$OPENVAS_SECURITY_ASSISTANT_GNUTLS_PRIORITIES" &>/dev/null
+ if [ $? -eq 0 ]; then
+ echo "OpenVAS WebUI is restarted"
+ else
+ echo "OpenVAS WebUI cannot restarted"
+ fi
+ fi
+fi
diff --git a/net-analyzer/openvas-scanner/files/openvas-feed-sync b/net-analyzer/openvas-scanner/files/openvas-feed-sync
new file mode 100755
index 000000000000..de1c69038aba
--- /dev/null
+++ b/net-analyzer/openvas-scanner/files/openvas-feed-sync
@@ -0,0 +1,627 @@
+#!/bin/bash
+# Copyright 1999-2019 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+# This is OpenVAS cron script that updates feed and reload daemons.
+# Hasan ÇALIŞIR hsntgm@gmail.com | proxy maintainer
+
+# Mail settings
+MAIL_TO="root"
+MAIL_SUBJECT="CronJob-OpenVAS"
+
+# If you don't use systemd or open-rc for OpenVAS daemons you can set start command args here
+# while we manually start/restart them.
+####################################################################################################
+
+# OpenVAS Manager command args
+OPENVAS_MANAGER_OPTIONS="" # e.g --foreground
+OPENVAS_MANAGER_PORT="--port=9390" # Manager listen port
+OPENVAS_MANAGER_LISTEN_ADDRESS="--listen=127.0.0.1" # Manager listen address
+OPENVAS_MANAGER_SCANNER_HOST="--scanner-host=/var/run/openvassd.sock" # Scanner unix socket
+OPENVAS_MANAGER_GNUTLS_PRIORITIES="--gnutls-priorities=SECURE256:+SUITEB192:+SECURE192:+SECURE128:+SUITEB128:-MD5:-SHA1:-VERS-TLS1.0:-VERS-TLS1.1:-VERS-SSL3.0"
+
+# OpenVAS Scanner command args
+OPENVAS_SCANNER_OPTIONS="" # e.g --foreground
+OPENVAS_SCANNER_LISTEN_SOCKET="--unix-socket=/var/run/openvassd.sock" # Scanner listen socket
+
+# OpenVAS Security Assistant command args for reverse proxying | SSL PassThrough
+OPENVAS_SECURITY_ASSISTANT_OPTIONS="--no-redirect" # Don't listen port 80 anymore
+OPENVAS_SECURITY_ASSISTANT_LISTEN_ADDRESS="--listen=127.0.0.1" # WebUI adress
+OPENVAS_SECURITY_ASSISTANT_LISTEN_PORT="--port=9392" # WebUI Port
+OPENVAS_SECURITY_ASSISTANT_MANAGER_LISTEN_ADDRESS="--mlisten=127.0.0.1" # WebUI Manager Address
+OPENVAS_SECURITY_ASSISTANT_MANAGER_PORT="--mport=9390" # WebUI Manager Port
+OPENVAS_SECURITY_ASSISTANT_GNUTLS_PRIORITIES="--gnutls-priorities=NORMAL" # TLS Settings
+
+#####################################################################################################
+
+# Update Environment
+source /etc/profile &>/dev/null
+source /etc/environment &>/dev/null
+source ~/.bash_profile &>/dev/null
+
+# Check the needed executables if they are in our environment and have +x
+if ! [ -x "$(command -v openvasmd)" ] || ! [ -x "$(command -v openvassd)" ] || ! [ -x "$(command -v redis-server)" ]; then
+ path="1"
+ else
+ path="0"
+fi
+
+# Check Security-Assistant is exist
+if ! [ -x "$(command -v gsad)" ]; then
+ gsad="1"
+ else
+ gsad="0"
+fi
+
+# Executables are not in our environment
+if [ $path -eq 1 ]; then
+ echo "OpenVAS CronJob Failed! If you installed OpenVAS to specific location e.g. /opt" | tee -a /tmp/openvas_mail.out
+ echo "please add these PATHS to /etc/profile e.g. 'PATH=$PATH:/opt/openvas/bin:/opt/openvas/sbin'" | tee -a /tmp/openvas_mail.out
+ echo "also sure that they are executable e.g. 'chmod +x /opt/openvas/sbin/openvassd'" | tee -a /tmp/openvas_mail.out
+ echo -e "Subject:$MAIL_SUBJECT\n$(cat /tmp/openvas_mail.out)" | sendmail -t "$MAIL_TO" &>/dev/null
+ exit 1
+fi
+
+# Check systemd if exist
+if command -v systemctl &>/dev/null; then
+ systemctl="0"
+ else
+ systemctl="1"
+fi
+
+# Check open-rc if exist
+if command -v rc-service &>/dev/null; then
+ open_rc="0"
+ else
+ open_rc="1"
+fi
+
+# open-rc variables
+if [ $systemctl -eq 1 ] && [ $open_rc -eq 0 ]; then
+ scanner_init="0"
+ manager_init="0"
+ assistant_init="0"
+ redis_init="0"
+fi
+
+# Check OpenVAS-Scanner systemd unit(common name) is active or enabled
+if [ $systemctl -eq 0 ] && ([ "$(systemctl is-active openvassd.service)" = "active" ] || [ "$(systemctl list-unit-files | grep 'enabled' | grep 'openvassd.service' | awk '{print $1}')" = "openvassd.service" ]); then
+ scanner="0"
+ else
+ scanner="1"
+fi
+
+# Check OpenVAS-Manager systemd unit(common name) is active or enabled
+if [ $systemctl -eq 0 ] && ([ "$(systemctl is-active openvasmd.service)" = "active" ] || [ "$(systemctl list-unit-files | grep 'enabled' | grep 'openvasmd.service' | awk '{print $1}')" = "openvasmd.service" ]); then
+ manager="0"
+ else
+ manager="1"
+fi
+
+# Check OpenVAS-Assistant systemd unit(common name) is active or not
+if [ $systemctl -eq 0 ] && ([ "$(systemctl is-active gsad.service)" = "active" ] || [ "$(systemctl list-unit-files | grep 'enabled' | grep 'gsad.service' | awk '{print $1}')" = "gsad.service" ]); then
+ assistant="0"
+ else
+ assistant="1"
+fi
+
+# Check Redis systemd unit(common name) is active or not
+if [ $systemctl -eq 0 ] && ([ "$(systemctl is-active redis.service)" = "active" ] || [ "$(systemctl list-unit-files | grep 'enabled' | grep 'redis.service' | awk '{print $1}')" = "redis.service" ]); then
+ redis="0"
+ else
+ redis="1"
+fi
+
+# If you don't use common systemd service names for OpenVAS
+# We need to find correct service name for restarting.
+if [ $scanner -eq 1 ] || [ $manager -eq 1 ]; then
+ WHICHM="ExecStart=$(type openvasmd | awk '{print $3}')"
+ WHICHS="ExecStart=$(type openvassd | awk '{print $3}')"
+ WHICHA="ExecStart=$(type gsad | awk '{print $3}')"
+ WHICHR="ExecStart=$(type redis-server | awk '{print $3}')"
+
+ # If you have unordinary systemd services PATH you can add here
+ DIR="/lib/systemd/system/
+ /etc/systemd/system/
+ /usr/lib/systemd/system/
+ /usr/local/lib/systemd/system/"
+
+ # Find OpenVAS daemons systemd files
+ for i in $DIR; do
+ if [ -d "$i" ]; then
+ grep -rilnw "$i" -e "$WHICHM" | cut -d: -f1 | grep -oP "$i\K.*" &>>/tmp/openvas_GVM_manager_service.out
+ grep -rilnw "$i" -e "$WHICHS" | cut -d: -f1 | grep -oP "$i\K.*" &>>/tmp/openvas_GVM_scanner_service.out
+ grep -rilnw "$i" -e "$WHICHA" | cut -d: -f1 | grep -oP "$i\K.*" &>>/tmp/openvas_GVM_assistant_service.out
+ grep -rilnw "$i" -e "$WHICHR" | cut -d: -f1 | grep -oP "$i\K.*" &>>/tmp/openvas_GVM_redis_service.out
+ fi
+ done
+
+ # Time to get our exact systemd service searching in enabled services
+ manager_service="$(while IFS= read -r service; do
+ systemctl list-unit-files | grep "enabled" | grep -P "(^|\s)\K$service(?=\s|$)" | awk '{print $1}'
+ done < /tmp/openvas_GVM_manager_service.out)"
+
+ scanner_service="$(while IFS= read -r service; do
+ systemctl list-unit-files | grep "enabled" | grep -P "(^|\s)\K$service(?=\s|$)" | awk '{print $1}'
+ done < /tmp/openvas_GVM_scanner_service.out)"
+
+ assistant_service="$(while IFS= read -r service; do
+ systemctl list-unit-files | grep "enabled" | grep -P "(^|\s)\K$service(?=\s|$)" | awk '{print $1}'
+ done < /tmp/openvas_GVM_assistant_service.out)"
+
+ redis_service="$(while IFS= read -r service; do
+ systemctl list-unit-files | grep "enabled" | grep -P "(^|\s)\K$service(?=\s|$)" | awk '{print $1}'
+ done < /tmp/openvas_GVM_redis_service.out)"
+
+ rm -rf /tmp/openvas_GVM*
+ COUNTM=$(wc -w <<< "${manager_service}")
+ COUNTS=$(wc -w <<< "${scanner_service}")
+ COUNTA=$(wc -w <<< "${assistant_service}")
+ COUNTR=$(wc -w <<< "${redis_service}")
+
+ if [ $COUNTM -gt 1 ] || [ $COUNTS -gt 1 ] || [ $COUNTR -gt 1 ]; then
+ echo "OpenVAS CronJob Failed! You have multiple enabled systemd service for single OpenVAS daemon or redis" | tee -a /tmp/openvas_mail.out
+ echo -e "Subject:$MAIL_SUBJECT\n$(cat /tmp/openvas_mail.out)" | sendmail -t "$MAIL_TO" &>/dev/null
+ exit 1
+ fi
+fi
+
+# Start to update FEED & First NVT.
+try=0
+until [ $try -ge 5 ]; do
+ greenbone-nvt-sync &>/dev/null && break
+ echo "Can't connected! Trying to update greenbone-nvt again.." &>>/tmp/openvas_mail.out
+ try=$[$try+1]
+ sleep 30
+done
+
+# Check status
+if [ $? -eq 0 ]; then
+ echo "greenbone-nvt-sync is done" &>>/tmp/openvas_mail.out
+ # Avoid your IP temporary banned because of multiple connection
+ sleep 5
+ # Try to update scapdata.
+ try=0
+ until [ $try -ge 5 ]; do
+ greenbone-scapdata-sync &>/dev/null && break
+ echo "Can't connected! Trying to update greenbone-scapdata again.." &>>/tmp/openvas_mail.out
+ try=$[$try+1]
+ sleep 30
+ done
+
+ # Check status
+ if [ $? -eq 0 ]; then
+ echo "greenbone-scapdata-sync is done" &>>/tmp/openvas_mail.out
+ # Avoid your IP temporary banned because of multiple connection
+ sleep 5
+ # Try to update certdata
+ try=0
+ until [ $try -ge 5 ]; do
+ greenbone-certdata-sync &>/dev/null && break
+ echo "Can't connected! Trying to update greenbone-certdata again.." &>>/tmp/openvas_mail.out
+ try=$[$try+1]
+ sleep 30
+ done
+
+ # Check status
+ if [ $? -eq 0 ]; then
+ echo "greenbone-certdata-sync is done" &>>/tmp/openvas_mail.out
+
+ # Check OpenVAS-Scanner is running
+ if ps aux | grep -v "grep" | grep -P "(^|\s)\Kopenvassd:(?=\s|$)" &>/dev/null; then
+ echo "OpenVAS-Scanner is running." &>>/tmp/openvas_mail.out
+ openvasmd --update --progress &>/dev/null
+
+ elif [ $scanner -eq 0 ]; then
+ # Start OpenVAS-Scanner systemd unit & Rebuild Cache
+ echo "OpenVAS-Scanner is down! Trying to up.." &>>/tmp/openvas_mail.out
+ systemctl start openvassd.service &>/dev/null
+
+ if [ $? -eq 0 ]; then
+ # Wait for initialize
+ until [ "$(ps aux | grep -v 'grep' | grep -ow 'openvassd: Waiting')" = "openvassd: Waiting" ]; do
+ sleep 15
+ echo "Waiting for OpenVAS-Scanner to become ready.." &>>/tmp/openvas_mail.out
+ done
+ echo "openvassd.service started and waiting for connection." &>>/tmp/openvas_mail.out
+ # Rebuild Cache
+ openvasmd --update --progress &>/dev/null
+ else
+ echo "openvassd.service cannot started.." | tee -a /tmp/openvas_mail.out
+ echo -e "Subject:$MAIL_SUBJECT\n$(cat /tmp/openvas_mail.out)" | sendmail -t "$MAIL_TO" &>/dev/null
+ exit 1
+ fi
+
+ elif [[ -n "$scanner_service" ]]; then
+ echo "OpenVAS-Scanner is down! Trying to up.." &>>/tmp/openvas_mail.out
+ systemctl start "$scanner_service" &>/dev/null
+
+ if [ $? -eq 0 ]; then
+ # Wait for initialize
+ until [ "$(ps aux | grep -v 'grep' | grep -ow 'openvassd: Waiting')" = "openvassd: Waiting" ]; do
+ sleep 15
+ echo "Waiting for OpenVAS-Scanner to become ready.." &>>/tmp/openvas_mail.out
+ done
+ echo "$scanner_service is started and waiting for connection." &>>/tmp/openvas_mail.out
+ # Rebuild Cache
+ openvasmd --update --progress &>/dev/null
+ else
+ echo "$scanner_service cannot started.." | tee -a /tmp/openvas_mail.out
+ echo -e "Subject:$MAIL_SUBJECT\n$(cat /tmp/openvas_mail.out)" | sendmail -t "$MAIL_TO" &>/dev/null
+ exit 1
+ fi
+
+ elif [[ -n "$scanner_init" ]]; then
+ # Start OpenVAS-Scanner with init.d (open-rc) & Rebuild Cache
+ echo "OpenVAS-Scanner is down! Trying to up.." &>>/tmp/openvas_mail.out
+ rc-service openvassd start &>/dev/null
+
+ if [ $? -eq 0 ]; then
+ # Wait for initialize
+ until [ "$(ps aux | grep -v 'grep' | grep -ow 'openvassd: Waiting')" = "openvassd: Waiting" ]; do
+ sleep 15
+ echo "Waiting for OpenVAS-Scanner to become ready.." &>>/tmp/openvas_mail.out
+ done
+ echo "rc-service --> openvassd started and waiting for connection." &>>/tmp/openvas_mail.out
+ # Rebuild Cache
+ openvasmd --update --progress &>/dev/null
+ else
+ echo "rc-service --> openvassd cannot started.." | tee -a /tmp/openvas_mail.out
+ echo -e "Subject:$MAIL_SUBJECT\n$(cat /tmp/openvas_mail.out)" | sendmail -t "$MAIL_TO" &>/dev/null
+ exit 1
+ fi
+
+ else
+ echo "OpenVAS-Scanner is down! Trying to up.." &>>/tmp/openvas_mail.out
+ openvassd "$OPENVAS_SCANNER_OPTIONS" "$OPENVAS_SCANNER_LISTEN_SOCKET" &>/dev/null
+ # Wait for initialize
+ if [ $? -eq 0 ]; then
+ until [ "$(ps aux | grep -v 'grep' | grep -ow 'openvassd: Waiting')" = "openvassd: Waiting" ]; do
+ sleep 15
+ echo "Waiting for OpenVAS-Scanner to become ready.." &>>/tmp/openvas_mail.out
+ done
+ else
+ echo "OpenVAS Scanner cannot started manually.." | tee -a /tmp/openvas_mail.out
+ echo -e "Subject:$MAIL_SUBJECT\n$(cat /tmp/openvas_mail.out)" | sendmail -t "$MAIL_TO" &>/dev/null
+ exit 1
+ fi
+ echo "OpenVAS-Scanner started manually and waiting for connection." &>>/tmp/openvas_mail.out
+ # Rebuild Cache
+ openvasmd --update --progress &>/dev/null
+ fi
+
+ # Check status
+ if [ $? -eq 0 ]; then
+ echo "Updating NVT cache is done" &>>/tmp/openvas_mail.out
+
+ # Restart OpenVAS-Scanner
+ if [ $scanner -eq 0 ]; then
+ ps aux | grep -v "grep" | grep -P "(^|\s)\Kopenvassd:(?=\s|$)" | awk '{print $2}' | xargs kill -9 &>/dev/null
+ sleep 3
+
+ # Try to restart redis service before OpenVAS-Scanner
+ if [ $redis -eq 0 ]; then
+ systemctl restart redis.service &>/dev/null
+
+ if [ $? -eq 0 ]; then
+ echo "systemd --> redis.service is restarted." &>>/tmp/openvas_mail.out
+ else
+ echo "systemd --> redis.service cannot restarted." | tee -a /tmp/openvas_mail.out
+ echo -e "Subject:$MAIL_SUBJECT\n$(cat /tmp/openvas_mail.out)" | sendmail -t "$MAIL_TO" &>/dev/null
+ exit 1
+ fi
+
+ elif [[ -n "$redis_service" ]]; then
+ systemctl restart "$redis_service" &>/dev/null
+
+ if [ $? -eq 0 ]; then
+ echo "systemd --> $redis_service is restarted." &>>/tmp/openvas_mail.out
+ else
+ echo "systemd --> $redis_service cannot restarted." | tee -a /tmp/openvas_mail.out
+ echo -e "Subject:$MAIL_SUBJECT\n$(cat /tmp/openvas_mail.out)" | sendmail -t "$MAIL_TO" &>/dev/null
+ exit 1
+ fi
+
+ elif [[ -n "$redis_init" ]]; then
+ rc-service redis stop
+ sleep 5
+ rc-service redis start
+
+ if [ $? -eq 0 ]; then
+ echo "open-rc --> redis is restarted." &>>/tmp/openvas_mail.out
+ else
+ echo "open-rc --> redis cannot restarted." | tee -a /tmp/openvas_mail.out
+ echo -e "Subject:$MAIL_SUBJECT\n$(cat /tmp/openvas_mail.out)" | sendmail -t "$MAIL_TO" &>/dev/null
+ exit 1
+ fi
+ fi
+ systemctl restart openvassd.service &>/dev/null
+
+ elif [[ -n "$scanner_service" ]]; then
+ ps aux | grep -v "grep" | grep -P "(^|\s)\Kopenvassd:(?=\s|$)" | awk '{print $2}' | xargs kill -9 &>/dev/null
+ sleep 3
+
+ # Try to restart redis service before OpenVAS-Scanner
+ if [ $redis -eq 0 ]; then
+ systemctl restart redis.service &>/dev/null
+
+ if [ $? -eq 0 ]; then
+ echo "systemd --> redis.service is restarted." &>>/tmp/openvas_mail.out
+ else
+ echo "systemd --> redis.service cannot restarted." | tee -a /tmp/openvas_mail.out
+ echo -e "Subject:$MAIL_SUBJECT\n$(cat /tmp/openvas_mail.out)" | sendmail -t "$MAIL_TO" &>/dev/null
+ exit 1
+ fi
+
+ elif [[ -n "$redis_service" ]]; then
+ systemctl restart "$redis_service" &>/dev/null
+
+ if [ $? -eq 0 ]; then
+ echo "systemd --> $redis_service is restarted." &>>/tmp/openvas_mail.out
+ else
+ echo "systemd --> $redis_service cannot restarted." | tee -a /tmp/openvas_mail.out
+ echo -e "Subject:$MAIL_SUBJECT\n$(cat /tmp/openvas_mail.out)" | sendmail -t "$MAIL_TO" &>/dev/null
+ exit 1
+ fi
+
+ elif [[ -n "$redis_init" ]]; then
+ rc-service redis stop
+ sleep 5
+ rc-service redis start
+
+ if [ $? -eq 0 ]; then
+ echo "open-rc --> redis is restarted." &>>/tmp/openvas_mail.out
+ else
+ echo "open-rc --> redis cannot restarted." | tee -a /tmp/openvas_mail.out
+ echo -e "Subject:$MAIL_SUBJECT\n$(cat /tmp/openvas_mail.out)" | sendmail -t "$MAIL_TO" &>/dev/null
+ exit 1
+ fi
+ fi
+ systemctl restart "$scanner_service" &>/dev/null
+
+ elif [[ -n "$scanner_init" ]]; then
+ ps aux | grep -v "grep" | grep -P "(^|\s)\Kopenvassd:(?=\s|$)" | awk '{print $2}' | xargs kill -9 &>/dev/null
+ sleep 3
+
+ # Try to restart redis service before OpenVAS-Scanner
+ if [ $redis -eq 0 ]; then
+ systemctl restart redis.service &>/dev/null
+
+ if [ $? -eq 0 ]; then
+ echo "systemd --> redis.service is restarted." &>>/tmp/openvas_mail.out
+ else
+ echo "systemd --> redis.service cannot restarted." | tee -a /tmp/openvas_mail.out
+ echo -e "Subject:$MAIL_SUBJECT\n$(cat /tmp/openvas_mail.out)" | sendmail -t "$MAIL_TO" &>/dev/null
+ exit 1
+ fi
+
+ elif [[ -n "$redis_service" ]]; then
+ systemctl restart "$redis_service" &>/dev/null
+
+ if [ $? -eq 0 ]; then
+ echo "systemd --> $redis_service is restarted." &>>/tmp/openvas_mail.out
+ else
+ echo "systemd --> $redis_service cannot restarted." | tee -a /tmp/openvas_mail.out
+ echo -e "Subject:$MAIL_SUBJECT\n$(cat /tmp/openvas_mail.out)" | sendmail -t "$MAIL_TO" &>/dev/null
+ exit 1
+ fi
+
+ elif [[ -n "$redis_init" ]]; then
+ rc-service redis stop
+ sleep 5
+ rc-service redis start
+
+ if [ $? -eq 0 ]; then
+ echo "open-rc --> redis is restarted." &>>/tmp/openvas_mail.out
+ else
+ echo "open-rc --> redis cannot restarted." | tee -a /tmp/openvas_mail.out
+ echo -e "Subject:$MAIL_SUBJECT\n$(cat /tmp/openvas_mail.out)" | sendmail -t "$MAIL_TO" &>/dev/null
+ exit 1
+ fi
+ fi
+ rc-service openvassd start &>/dev/null
+
+ else
+ ps aux | grep -v "grep" | grep -P "(^|\s)\Kopenvassd:(?=\s|$)" | awk '{print $2}' | xargs kill -9 &>/dev/null
+ sleep 3
+
+ # Try to restart redis service before OpenVAS-Scanner
+ if [ $redis -eq 0 ]; then
+ systemctl restart redis.service &>/dev/null
+
+ if [ $? -eq 0 ]; then
+ echo "systemd --> redis.service is restarted." &>>/tmp/openvas_mail.out
+ else
+ echo "systemd --> redis.service cannot restarted." | tee -a /tmp/openvas_mail.out
+ echo -e "Subject:$MAIL_SUBJECT\n$(cat /tmp/openvas_mail.out)" | sendmail -t "$MAIL_TO" &>/dev/null
+ exit 1
+ fi
+
+ elif [[ -n "$redis_service" ]]; then
+ systemctl restart "$redis_service" &>/dev/null
+
+ if [ $? -eq 0 ]; then
+ echo "systemd --> $redis_service is restarted." &>>/tmp/openvas_mail.out
+ else
+ echo "systemd --> $redis_service cannot restarted." | tee -a /tmp/openvas_mail.out
+ echo -e "Subject:$MAIL_SUBJECT\n$(cat /tmp/openvas_mail.out)" | sendmail -t "$MAIL_TO" &>/dev/null
+ exit 1
+ fi
+
+ elif [[ -n "$redis_init" ]]; then
+ rc-service redis stop
+ sleep 5
+ rc-service redis start
+
+ if [ $? -eq 0 ]; then
+ echo "open-rc --> redis is restarted." &>>/tmp/openvas_mail.out
+ else
+ echo "open-rc --> redis cannot restarted." | tee -a /tmp/openvas_mail.out
+ echo -e "Subject:$MAIL_SUBJECT\n$(cat /tmp/openvas_mail.out)" | sendmail -t "$MAIL_TO" &>/dev/null
+ exit 1
+ fi
+ fi
+ openvassd "$OPENVAS_SCANNER_OPTIONS" "$OPENVAS_SCANNER_LISTEN_SOCKET" &>/dev/null
+ fi
+
+ if [ $? -eq 0 ]; then
+ until [ "$(ps aux | grep -v 'grep' | grep -ow 'openvassd: Waiting')" = "openvassd: Waiting" ]; do
+ sleep 10
+ echo "Waiting for OpenVAS-Scanner to become ready.." &>>/tmp/openvas_mail.out
+ done
+ echo "OpenVAS-Scanner is restarted." &>>/tmp/openvas_mail.out
+
+ # Restart OpenVAS-Manager
+ if [ $manager -eq 0 ]; then
+ ps aux | grep -v "grep" | grep -P "(^|\s)\Kopenvasmd(?=\s|$)" | awk '{print $2}' | xargs kill -9 &>/dev/null
+ sleep 5
+ systemctl restart openvasmd.service &>/dev/null
+
+ if [ $? -eq 0 ]; then
+ success="0"
+ echo "systemd --> openvasmd.service is restarted" &>>/tmp/openvas_mail.out
+ echo "OpenVAS CronJob Success!" | tee -a /tmp/openvas_mail.out
+ echo -e "Subject:$MAIL_SUBJECT\n$(cat /tmp/openvas_mail.out)" | sendmail -t "$MAIL_TO" &>/dev/null
+ else
+ echo "systemd --> openvasmd.service cannot restarted" &>>/tmp/openvas_mail.out
+ echo "OpenVAS CronJob Failed!" | tee -a /tmp/openvas_mail.out
+ echo -e "Subject:$MAIL_SUBJECT\n$(cat /tmp/openvas_mail.out)" | sendmail -t "$MAIL_TO" &>/dev/null
+ exit 1
+ fi
+
+ elif [[ -n "$manager_service" ]]; then
+ ps aux | grep -v "grep" | grep -P "(^|\s)\Kopenvasmd(?=\s|$)" | awk '{print $2}' | xargs kill -9 &>/dev/null
+ sleep 5
+ systemctl restart "$manager_service" &>/dev/null
+
+ if [ $? -eq 0 ]; then
+ success="0"
+ echo "systemd --> $manager_service is restarted" &>>/tmp/openvas_mail.out
+ echo "OpenVAS CronJob Success!" | tee -a /tmp/openvas_mail.out
+ echo -e "Subject:$MAIL_SUBJECT\n$(cat /tmp/openvas_mail.out)" | sendmail -t "$MAIL_TO" &>/dev/null
+ else
+ echo "systemd --> $manager_service cannot restarted" &>>/tmp/openvas_mail.out
+ echo "OpenVAS CronJob Failed!" | tee -a /tmp/openvas_mail.out
+ echo -e "Subject:$MAIL_SUBJECT\n$(cat /tmp/openvas_mail.out)" | sendmail -t "$MAIL_TO" &>/dev/null
+ exit 1
+ fi
+
+ elif [[ -n "$manager_init" ]]; then
+ ps aux | grep -v "grep" | grep -P "(^|\s)\Kopenvasmd(?=\s|$)" | awk '{print $2}' | xargs kill -9 &>/dev/null
+ sleep 5
+ rc-service openvasmd start &>/dev/null
+
+ if [ $? -eq 0 ]; then
+ success="0"
+ echo "open-rc --> openvasmd is restarted" &>>/tmp/openvas_mail.out
+ echo "OpenVAS CronJob Success!" | tee -a /tmp/openvas_mail.out
+ echo -e "Subject:$MAIL_SUBJECT\n$(cat /tmp/openvas_mail.out)" | sendmail -t "$MAIL_TO" &>/dev/null
+ else
+ echo "open-rc --> openvasmd cannot restarted" &>>/tmp/openvas_mail.out
+ echo "OpenVAS CronJob Failed!" | tee -a /tmp/openvas_mail.out
+ echo -e "Subject:$MAIL_SUBJECT\n$(cat /tmp/openvas_mail.out)" | sendmail -t "$MAIL_TO" &>/dev/null
+ exit 1
+ fi
+
+ else
+ ps aux | grep -v "grep" | grep -P "(^|\s)\Kopenvasmd(?=\s|$)" | awk '{print $2}' | xargs kill -9 &>/dev/null
+ sleep 5
+ openvasmd "$OPENVAS_MANAGER_OPTIONS" "$OPENVAS_MANAGER_PORT" "$OPENVAS_MANAGER_LISTEN_ADDRESS" "$OPENVAS_MANAGER_SCANNER_HOST" "$OPENVAS_MANAGER_GNUTLS_PRIORITIES" &>/dev/null
+
+ if [ $? -eq 0 ]; then
+ success="0"
+ echo "OpenVAS-Manager is restarted manually" &>>/tmp/openvas_mail.out
+ echo "OpenVAS CronJob Success!" | tee -a /tmp/openvas_mail.out
+ echo -e "Subject:$MAIL_SUBJECT\n$(cat /tmp/openvas_mail.out)" | sendmail -t "$MAIL_TO" &>/dev/null
+ else
+ echo "OpenVAS-Manager cannot restarted" &>>/tmp/openvas_mail.out
+ echo "OpenVAS CronJob Failed!" | tee -a /tmp/openvas_mail.out
+ echo -e "Subject:$MAIL_SUBJECT\n$(cat /tmp/openvas_mail.out)" | sendmail -t "$MAIL_TO" &>/dev/null
+ exit 1
+ fi
+ fi
+ else
+ echo "OpenVAS CronJob Failed! openvas-scanner cannot restarted" | tee -a /tmp/openvas_mail.out
+ echo -e "Subject:$MAIL_SUBJECT\n$(cat /tmp/openvas_mail.out)" | sendmail -t "$MAIL_TO" &>/dev/null
+ fi
+ else
+ echo "OpenVAS CronJob Failed! OpenVAS NVT cache build failed" | tee -a /tmp/openvas_mail.out
+ echo -e "Subject:$MAIL_SUBJECT\n$(cat /tmp/openvas_mail.out)" | sendmail -t "$MAIL_TO" &>/dev/null
+ fi
+ else
+ echo "OpenVAS CronJob Failed! OpenVAS Certdata sync failed!" | tee -a /tmp/openvas_mail.out
+ echo -e "Subject:$MAIL_SUBJECT\n$(cat /tmp/openvas_mail.out)" | sendmail -t "$MAIL_TO" &>/dev/null
+ fi
+ else
+ echo "OpenVAS CronJob Failed! OpenVAS Scapdata sync failed!" | tee -a /tmp/openvas_mail.out
+ echo -e "Subject:$MAIL_SUBJECT\n$(cat /tmp/openvas_mail.out)" | sendmail -t "$MAIL_TO" &>/dev/null
+ fi
+ else
+ echo "OpenVAS CronJob Failed! OpenVAS NVT sync update failed!" | tee -a /tmp/openvas_mail.out
+ echo -e "Subject:$MAIL_SUBJECT\n$(cat /tmp/openvas_mail.out)" | sendmail -t "$MAIL_TO" &>/dev/null
+fi
+rm -rf /tmp/openvas_mail.out
+
+# Restart WebUI
+if [[ -n "$success" ]] && [ $gsad -eq 0 ]; then
+ WHICHA="$(type gsad | awk '{print $3}')"
+
+ if [ $assistant -eq 0 ]; then
+ # Time to restart OpenVAS-Security Assistant
+ ps aux | grep -v "grep" | grep -P "(^|\s)\K$WHICHA(?=\s|$)" | awk '{print $2}' | xargs kill -9 &>/dev/null
+ sleep 5
+ systemctl restart gsad.service &>/dev/null
+
+ if [ $? -eq 0 ]; then
+ echo "systemd --> gsad.service (OpenVAS WebUI) is restarted" | tee -a /tmp/openvas_mail.out
+ echo -e "Subject:$MAIL_SUBJECT\n$(cat /tmp/openvas_mail.out)" | sendmail -t "$MAIL_TO" &>/dev/null
+ else
+ echo "systemd --> gsad.service (OpenVAS-WebUI) cannot restarted" | tee -a /tmp/openvas_mail.out
+ echo -e "Subject:$MAIL_SUBJECT\n$(cat /tmp/openvas_mail.out)" | sendmail -t "$MAIL_TO" &>/dev/null
+ fi
+
+ elif [[ -n "$assistant_service" ]]; then
+ if [ $COUNTA -eq 1 ]; then
+ ps aux | grep -v "grep" | grep -P "(^|\s)\K$WHICHA(?=\s|$)" | awk '{print $2}' | xargs kill -9 &>/dev/null
+ sleep 5
+ systemctl restart "$assistant_service" &>/dev/null
+
+ if [ $? -eq 0 ]; then
+ echo "systemd --> $assistant_service (OpenVAS WebUI) is restarted" | tee -a /tmp/openvas_mail.out
+ echo -e "Subject:$MAIL_SUBJECT\n$(cat /tmp/openvas_mail.out)" | sendmail -t "$MAIL_TO" &>/dev/null
+ else
+ echo "systemd --> $assistan_service (OpenVAS WebUI) cannot restarted." | tee -a /tmp/openvas_mail.out
+ echo -e "Subject:$MAIL_SUBJECT\n$(cat /tmp/openvas_mail.out)" | sendmail -t "$MAIL_TO" &>/dev/null
+ fi
+ else
+ echo "systemd --> OpenVAS WebUI cannot restarted! You have multiple enabled systemd services ($assistant_service)" | tee -a /tmp/openvas_mail.out
+ echo -e "Subject:$MAIL_SUBJECT\n$(cat /tmp/openvas_mail.out)" | sendmail -t "$MAIL_TO" &>/dev/null
+ exit 1
+ fi
+
+ elif [[ -n "$assistant_init" ]]; then
+ ps aux | grep -v "grep" | grep -P "(^|\s)\K$WHICHA(?=\s|$)" | awk '{print $2}' | xargs kill -9 &>/dev/null
+ sleep 5
+ rc-service gsad start &>/dev/null
+
+ if [ $? -eq 0 ]; then
+ echo "open-rc --> gsad (OpenVAS WebUI) is restarted" | tee -a /tmp/openvas_mail.out
+ echo -e "Subject:$MAIL_SUBJECT\n$(cat /tmp/openvas_mail.out)" | sendmail -t "$MAIL_TO" &>/dev/null
+ else
+ echo "open-rc --> gsad (OpenVAS WebUI) cannot restarted." | tee -a /tmp/openvas_mail.out
+ echo -e "Subject:$MAIL_SUBJECT\n$(cat /tmp/openvas_mail.out)" | sendmail -t "$MAIL_TO" &>/dev/null
+ fi
+ else
+ ps aux | grep -v "grep" | grep -P "(^|\s)\K$WHICHA(?=\s|$)" | awk '{print $2}' | xargs kill -9 &>/dev/null
+ sleep 5
+ gsad "$OPENVAS_SECURITY_ASSISTANT_OPTIONS" "$OPENVAS_SECURITY_ASSISTANT_LISTEN_ADDRESS" "$OPENVAS_SECURITY_ASSISTANT_LISTEN_PORT" "$OPENVAS_SECURITY_ASSISTANT_MANAGER_LISTEN_ADDRESS" "$OPENVAS_SECURITY_ASSISTANT_MANAGER_LISTEN_PORT" "$OPENVAS_SECURITY_ASSISTANT_GNUTLS_PRIORITIES" &>/dev/null
+
+ if [ $? -eq 0 ]; then
+ echo "OpenVAS WebUI is restarted" | tee -a /tmp/openvas_mail.out
+ echo -e "Subject:$MAIL_SUBJECT\n$(cat /tmp/openvas_mail.out)" | sendmail -t "$MAIL_TO" &>/dev/null
+ else
+ echo "OpenVAS WebUI cannot restarted" | tee -a /tmp/openvas_mail.out
+ echo -e "Subject:$MAIL_SUBJECT\n$(cat /tmp/openvas_mail.out)" | sendmail -t "$MAIL_TO" &>/dev/null
+ fi
+ fi
+ rm -rf /tmp/openvas_mail.out
+fi
diff --git a/net-analyzer/openvas-scanner/files/openvas-scanner-5.1.3-cachedir.patch b/net-analyzer/openvas-scanner/files/openvas-scanner-5.1.3-cachedir.patch
new file mode 100644
index 000000000000..98c657250197
--- /dev/null
+++ b/net-analyzer/openvas-scanner/files/openvas-scanner-5.1.3-cachedir.patch
@@ -0,0 +1,42 @@
+--- openvas-scanner-5.1.3/src/openvassd.c 2018-08-29 19:27:26.000000000 +0300
++++ openvas-scanner-5.1.3/src/openvassd.c 2019-02-04 03:28:24.635539266 +0300
+@@ -103,7 +103,6 @@
+ */
+ static openvassd_option openvassd_defaults[] = {
+ {"plugins_folder", OPENVAS_NVT_DIR},
+- {"cache_folder", OPENVAS_CACHE_DIR},
+ {"include_folders", OPENVAS_NVT_DIR},
+ {"max_hosts", "30"},
+ {"max_checks", "10"},
+--- openvas-scanner-5.1.3/src/CMakeLists.txt 2018-08-29 19:27:26.000000000 +0300
++++ openvas-scanner-5.1.3/src/CMakeLists.txt 2019-02-04 03:22:20.078824664 +0300
+@@ -68,10 +68,6 @@
+ add_definitions (-DOPENVAS_NVT_DIR=\\\"${OPENVAS_NVT_DIR}\\\")
+ endif (OPENVAS_NVT_DIR)
+
+-if (OPENVAS_CACHE_DIR)
+- add_definitions (-DOPENVAS_CACHE_DIR=\\\"${OPENVAS_CACHE_DIR}\\\")
+-endif (OPENVAS_CACHE_DIR)
+-
+ if (OPENVAS_LOG_DIR)
+ add_definitions (-DOPENVAS_LOG_DIR=\\\"${OPENVAS_LOG_DIR}\\\")
+ endif (OPENVAS_LOG_DIR)
+--- openvas-scanner-5.1.3/CMakeLists.txt 2018-08-29 19:27:26.000000000 +0300
++++ openvas-scanner-5.1.3/CMakeLists.txt 2019-02-04 03:18:37.889999639 +0300
+@@ -166,7 +166,6 @@
+ set (OPENVAS_DATA_DIR "${DATADIR}/openvas")
+ set (OPENVAS_STATE_DIR "${LOCALSTATEDIR}/lib/openvas")
+ set (OPENVAS_LOG_DIR "${LOCALSTATEDIR}/log/openvas")
+-set (OPENVAS_CACHE_DIR "${LOCALSTATEDIR}/cache/openvas")
+ set (OPENVAS_SYSCONF_DIR "${SYSCONFDIR}/openvas")
+
+ if (NOT OPENVAS_NVT_DIR)
+@@ -265,7 +264,6 @@
+ DESTINATION ${DATADIR}/doc/openvas-scanner/ )
+
+ install (DIRECTORY DESTINATION ${OPENVAS_NVT_DIR})
+-install (DIRECTORY DESTINATION ${OPENVAS_CACHE_DIR})
+
+ ## Tests
+
+
diff --git a/net-analyzer/openvas-scanner/files/openvas-scanner-5.1.3-gcc8.patch b/net-analyzer/openvas-scanner/files/openvas-scanner-5.1.3-gcc8.patch
new file mode 100644
index 000000000000..4ec2e786e125
--- /dev/null
+++ b/net-analyzer/openvas-scanner/files/openvas-scanner-5.1.3-gcc8.patch
@@ -0,0 +1,42 @@
+--- openvas-scanner-5.1.3/src/ntp.c 2018-08-29 19:27:26.000000000 +0300
++++ openvas-scanner-5.1.3/src/ntp.c 2019-02-02 00:57:56.832878754 +0300
+@@ -361,9 +361,7 @@
+ }
+
+ /*----------------------------------------------------------
+-
+ Communication protocol: timestamps
+-
+ ----------------------------------------------------------*/
+
+
+@@ -391,7 +389,7 @@
+ static int
+ __ntp_timestamp_scan_host (int soc, char *msg, char *host)
+ {
+- char timestr[1024];
++ char timestr[64];
+ char *tmp;
+ time_t t;
+ int len;
+--- openvas-scanner-5.1.3/src/pluginload.c 2018-08-29 19:27:26.000000000 +0300
++++ openvas-scanner-5.1.3/src/pluginload.c 2019-02-02 00:59:24.494774959 +0300
+@@ -250,7 +250,7 @@
+ g_slist_free_full (oids, g_free);
+ }
+
+-static int
++static void
+ plugins_reload_from_dir (void *folder)
+ {
+ GSList *files = NULL, *f;
+--- openvas-scanner-5.1.3/src/processes.h 2018-08-29 19:27:26.000000000 +0300
++++ openvas-scanner-5.1.3/src/processes.h 2019-02-02 01:06:42.772908314 +0300
+@@ -28,7 +28,7 @@
+ #ifndef _OPENVAS_THREADS_H
+ #define _OPENVAS_THREADS_H
+
+-typedef int (*process_func_t) (void *);
++typedef void (*process_func_t) (void *);
+ pid_t create_process (process_func_t, void *);
+ int terminate_process (pid_t);
diff --git a/net-analyzer/openvas-scanner/files/openvas-scanner-5.1.3-nvt.patch b/net-analyzer/openvas-scanner/files/openvas-scanner-5.1.3-nvt.patch
new file mode 100644
index 000000000000..67091fcf3e3b
--- /dev/null
+++ b/net-analyzer/openvas-scanner/files/openvas-scanner-5.1.3-nvt.patch
@@ -0,0 +1,93 @@
+--- openvas-scanner-5.1.3/src/attack.c 2018-08-29 19:27:26.000000000 +0300
++++ openvas-scanner-5.1.3/src/attack.c 2019-02-02 00:44:12.834888067 +0300
+@@ -97,9 +97,7 @@
+ };
+
+ /*******************************************************
+-
+ PRIVATE FUNCTIONS
+-
+ ********************************************************/
+
+ /**
+@@ -996,6 +994,14 @@
+ sched = plugins_scheduler_init
+ (prefs_get ("plugin_set"), prefs_get_bool ("auto_enable_dependencies"),
+ network_phase);
++ if (sched == NULL)
++ {
++ error_message_to_client (global_socket,
++ "Failed to initialize the plugins scheduler.",
++ NULL, NULL);
++ return;
++ }
++
+
+ max_hosts = get_max_hosts_number ();
+ max_checks = get_max_checks_number ();
+--- openvas-scanner-5.1.3/src/pluginscheduler.c 2018-08-29 19:27:26.000000000 +0300
++++ openvas-scanner-5.1.3/src/pluginscheduler.c 2019-02-02 00:48:03.799598381 +0300
+@@ -486,7 +486,7 @@
+ }
+ }
+
+-static void
++static int
+ plugins_scheduler_fill (plugins_scheduler_t sched)
+ {
+ int i;
+@@ -500,6 +500,15 @@
+ int category;
+
+ category = nvticache_get_category (element->data);
++ if (category < 0)
++ {
++ log_write ("The NVT with oid %s has not category assigned. This is "
++ "considered a fatal error, since the NVTI Cache "
++ "structure stored in Redis is out dated or corrupted.",
++ (char *) element->data);
++ g_slist_free_full (list, g_free);
++ return 1;
++ }
+ scheduler_plugin = g_malloc0 (sizeof (struct scheduler_plugin));
+ scheduler_plugin->running_state = PLUGIN_STATUS_UNRUN;
+ scheduler_plugin->oid = g_strdup (element->data);
+@@ -529,6 +538,7 @@
+ }
+ }
+
++ return 0;
+ }
+
+ plugins_scheduler_t
+@@ -540,7 +550,11 @@
+ /* Fill our lists */
+ ret = g_malloc0 (sizeof (*ret));
+ ret->hash = hash_init ();
+- plugins_scheduler_fill (ret);
++ if (plugins_scheduler_fill (ret))
++ {
++ plugins_scheduler_free (ret);
++ return NULL;
++ }
+
+ plugins_scheduler_enable (ret, plugins_list, autoload);
+
+@@ -729,9 +743,12 @@
+ void
+ plugins_scheduler_free (plugins_scheduler_t sched)
+ {
+- int i;
+- hash_destroy (sched->hash);
+- for (i = ACT_FIRST; i <= ACT_LAST; i++)
+- list_destroy (sched->list[i]);
+- g_free (sched);
++ if (sched)
++ {
++ int i;
++ hash_destroy (sched->hash);
++ for (i = ACT_FIRST; i <= ACT_LAST; i++)
++ list_destroy (sched->list[i]);
++ g_free (sched);
++ }
+ }
diff --git a/net-analyzer/openvas-scanner/files/openvas-scanner-daemon.conf b/net-analyzer/openvas-scanner/files/openvas-scanner-daemon.conf
new file mode 100644
index 000000000000..f14b5aae6f12
--- /dev/null
+++ b/net-analyzer/openvas-scanner/files/openvas-scanner-daemon.conf
@@ -0,0 +1,9 @@
+# OpenVAS Scanner command args
+
+# e.g --foreground
+OPENVAS_SCANNER_OPTIONS=""
+
+# Scanner listen socket
+OPENVAS_SCANNER_LISTEN_SOCKET="--unix-socket=/var/run/openvassd.sock"
+
+
diff --git a/net-analyzer/openvas-scanner/files/openvas-scanner.init b/net-analyzer/openvas-scanner/files/openvas-scanner.init
new file mode 100644
index 000000000000..757b5801f29b
--- /dev/null
+++ b/net-analyzer/openvas-scanner/files/openvas-scanner.init
@@ -0,0 +1,25 @@
+#!/sbin/openrc-run
+# Copyright 1999-2019 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+name="OpenVAS Scanner"
+command="/usr/sbin/openvassd"
+command_args="${OPENVAS_SCANNER_OPTIONS} ${OPENVAS_SCANNER_LISTEN_SOCKET}"
+pidfile="/var/run/openvassd.pid"
+command_background="true"
+
+depend() {
+ after bootmisc
+ need localmount net redis
+}
+
+start_pre() {
+ checkpath --directory --mode 0775 --quiet /var/cache/openvas
+}
+
+create_cache() {
+ checkpath --directory --mode 0775 --quiet /var/cache/openvas
+ ebegin "Generating initial Cache"
+ /usr/sbin/openvassd --foreground --only-cache
+ eend $?
+}
diff --git a/net-analyzer/openvas-scanner/files/openvas-scanner.logrotate b/net-analyzer/openvas-scanner/files/openvas-scanner.logrotate
new file mode 100644
index 000000000000..89f9e6d264df
--- /dev/null
+++ b/net-analyzer/openvas-scanner/files/openvas-scanner.logrotate
@@ -0,0 +1,11 @@
+# logrotate for openvas scanner
+/var/log/openvas/openvassd.messages {
+ rotate 4
+ weekly
+ compress
+ delaycompress
+ missingok
+ postrotate
+ /bin/kill -HUP `pidof openvassd`
+ endscript
+}
diff --git a/net-analyzer/openvas-scanner/files/openvas-scanner.service b/net-analyzer/openvas-scanner/files/openvas-scanner.service
new file mode 100644
index 000000000000..4f30586ab517
--- /dev/null
+++ b/net-analyzer/openvas-scanner/files/openvas-scanner.service
@@ -0,0 +1,21 @@
+[Unit]
+Description=OpenVAS Scanner
+After=network.target
+After=redis.service
+Before=gvmd.service
+Requires=redis.service
+
+[Service]
+Type=forking
+EnvironmentFile=-/etc/openvas/sysconfig/openvas-scanner-daemon.conf
+ExecStart=/usr/sbin/openvassd $OPENVAS_SCANNER_OPTIONS $OPENVAS_SCANNER_LISTEN_SOCKET
+ExecReload=/bin/kill -HUP $MAINPID
+Restart=on-failure
+RestartSec=10
+KillMode=mixed
+User=root
+Group=root
+TimeoutSec=1200
+
+[Install]
+WantedBy=multi-user.target
diff --git a/net-analyzer/openvas-scanner/files/openvas-scanner.tmpfiles.d b/net-analyzer/openvas-scanner/files/openvas-scanner.tmpfiles.d
new file mode 100644
index 000000000000..18e820caec1b
--- /dev/null
+++ b/net-analyzer/openvas-scanner/files/openvas-scanner.tmpfiles.d
@@ -0,0 +1 @@
+d /var/cache/openvassd 0775
diff --git a/net-analyzer/openvas-scanner/files/openvassd.conf b/net-analyzer/openvas-scanner/files/openvassd.conf
index 88f83f4bed97..b218a4a27b02 100644
--- a/net-analyzer/openvas-scanner/files/openvassd.conf
+++ b/net-analyzer/openvas-scanner/files/openvassd.conf
@@ -1,118 +1,53 @@
-# Configuration file of the OpenVAS Security Scanner
+#You can get detailed informations from https://linux.die.net/man/8/openvassd
-# Every line starting with a '#' is a comment
-
-[Misc]
-
-# Path to the security checks folder:
plugins_folder = /var/lib/openvas/plugins
-
-# Path to OpenVAS caching folder:
-cache_folder = /var/cache/openvas
-
-# Path to OpenVAS include directories:
-# (multiple entries are separated with colon ':')
include_folders = /var/lib/openvas/plugins
-
-# Maximum number of simultaneous hosts tested :
max_hosts = 30
-
-# Maximum number of simultaneous checks against each host tested :
max_checks = 10
-# Niceness. If set to 'yes', openvassd will renice itself to 10.
+#Resource friendly
be_nice = no
-# Log file (or 'syslog') :
-logfile = /var/log/openvas/openvassd.log
+#Logfile
+logfile = /var/log/openvas/openvassd.messages
-# Shall we log every details of the attack ? (disk intensive)
log_whole_attack = no
-
-# Log the name of the plugins that are loaded by the server ?
log_plugins_name_at_load = no
-
-# Dump file for debugging output, use `-' for stdout
dumpfile = /var/log/openvas/openvassd.dump
-
-# Rules file :
-rules = /etc/openvas/openvassd.rules
-
-# CGI paths to check for (cgi-bin:/cgi-aws:/ can do)
cgi_path = /cgi-bin:/scripts
-# Range of the ports the port scanners will scan :
-# 'default' means that OpenVAS will scan ports found in its
-# services file.
-port_range = default
-
-# Optimize the test (recommended) :
+#Turn off for push hard but increase false positive and slow down scans
optimize_test = yes
-# Optimization :
-# Read timeout for the sockets of the tests :
checks_read_timeout = 5
-
-# Ports against which two plugins should not be run simultaneously :
-# non_simult_ports = Services/www, 139, Services/finger
+network_scan = no
non_simult_ports = 139, 445
-
-# Maximum lifetime of a plugin (in seconds) :
plugins_timeout = 320
+scanner_plugins_timeout = 36000
-# Safe checks rely on banner grabbing :
-safe_checks = yes
+#Push harder to target
+safe_checks = no
-# Automatically activate the plugins that are depended on
auto_enable_dependencies = yes
-
-# Do not echo data from plugins which have been automatically enabled
-silent_dependencies = no
-
-# Designate hosts by MAC address, not IP address (useful for DHCP networks)
use_mac_addr = no
-
-
-#--- Knowledge base saving (can be configured by the client) :
-# Save the knowledge base on disk :
-save_knowledge_base = no
-
-# Restore the KB for each test :
-kb_restore = no
-
-# Only test hosts whose KB we do not have :
-only_test_hosts_whose_kb_we_dont_have = no
-
-# Only test hosts whose KB we already have :
-only_test_hosts_whose_kb_we_have = no
-
-# KB test replay :
-kb_dont_replay_scanners = no
-kb_dont_replay_info_gathering = no
-kb_dont_replay_attacks = no
-kb_dont_replay_denials = no
-kb_max_age = 864000
-#--- end of the KB section
-
-
-# If this option is set, OpenVAS will not scan a network incrementally
-# (10.0.0.1, then 10.0.0.2, 10.0.0.3 and so on..) but will attempt to
-# slice the workload throughout the whole network (ie: it will scan
-# 10.0.0.1, then 10.0.0.127, then 10.0.0.2, then 10.0.0.128 and so on...
-slice_network_addresses = no
-
-# Should consider all the NASL scripts as being signed ? (unsafe if set to 'yes')
nasl_no_signature_check = yes
-
-#Certificates
-cert_file=/var/lib/openvas/CA/servercert.pem
-key_file=/var/lib/openvas/private/CA/serverkey.pem
-ca_file=/var/lib/openvas/CA/cacert.pem
-
-# If you decide to protect your private key with a password,
-# uncomment and change next line
-# pem_password=password
-# If you want to force the use of a client certificate, uncomment next line
-# force_pubkey_auth = yes
-
-#end.
+drop_privileges = no
+unscanned_closed = yes
+unscanned_closed_udp = yes
+vhosts =
+vhosts_ip =
+report_host_details = yes
+
+#Redis listening socket (must be same with redis socket)
+kb_location = /tmp/redis.sock
+
+timeout_retry = 3
+time_between_request = 0
+
+#Config File
+config_file = /etc/openvas/openvassd.conf
+
+#Certificates (default these are not needed here but setup-check script looking for them)
+cert_file = /var/lib/openvas/CA/servercert.pem
+key_file = /var/lib/openvas/private/CA/serverkey.pem
+ca_file = /var/lib/openvas/CA/cacert.pem
diff --git a/net-analyzer/openvas-scanner/files/redis.conf.example b/net-analyzer/openvas-scanner/files/redis.conf.example
new file mode 100644
index 000000000000..6a41211aaae8
--- /dev/null
+++ b/net-analyzer/openvas-scanner/files/redis.conf.example
@@ -0,0 +1,57 @@
+bind 127.0.0.1
+protected-mode yes
+port 0
+tcp-backlog 511
+unixsocket /tmp/redis.sock
+unixsocketperm 700
+timeout 0
+tcp-keepalive 300
+daemonize no
+supervised no
+pidfile /run/redis/redis.pid
+loglevel notice
+logfile /var/log/redis/redis.log
+databases 16
+always-show-logo yes
+stop-writes-on-bgsave-error yes
+rdbcompression yes
+rdbchecksum yes
+dbfilename dump.rdb
+dir /var/lib/redis/
+slave-serve-stale-data yes
+slave-read-only yes
+repl-diskless-sync no
+repl-diskless-sync-delay 5
+repl-disable-tcp-nodelay no
+slave-priority 100
+lazyfree-lazy-eviction no
+lazyfree-lazy-expire no
+lazyfree-lazy-server-del no
+slave-lazy-flush no
+appendonly no
+appendfilename "appendonly.aof"
+appendfsync everysec
+no-appendfsync-on-rewrite no
+auto-aof-rewrite-percentage 100
+auto-aof-rewrite-min-size 64mb
+aof-load-truncated yes
+aof-use-rdb-preamble no
+lua-time-limit 5000
+slowlog-log-slower-than 10000
+slowlog-max-len 128
+latency-monitor-threshold 0
+notify-keyspace-events ""
+hash-max-ziplist-entries 512
+hash-max-ziplist-value 64
+list-max-ziplist-size -2
+list-compress-depth 0
+set-max-intset-entries 512
+zset-max-ziplist-entries 128
+zset-max-ziplist-value 64
+hll-sparse-max-bytes 3000
+activerehashing yes
+client-output-buffer-limit normal 0 0 0
+client-output-buffer-limit slave 256mb 64mb 60
+client-output-buffer-limit pubsub 32mb 8mb 60
+hz 10
+aof-rewrite-incremental-fsync yes
diff --git a/net-analyzer/openvas-scanner/metadata.xml b/net-analyzer/openvas-scanner/metadata.xml
index 6f49eba8f496..fa26aa942e17 100644
--- a/net-analyzer/openvas-scanner/metadata.xml
+++ b/net-analyzer/openvas-scanner/metadata.xml
@@ -1,5 +1,15 @@
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE pkgmetadata SYSTEM "http://www.gentoo.org/dtd/metadata.dtd">
<pkgmetadata>
-<!-- maintainer-needed -->
+ <maintainer type="person">
+ <email>hasan.calisir@psauxit.com</email>
+ <name>Hasan ÇALIŞIR</name>
+ </maintainer>
+ <maintainer type="project">
+ <email>proxy-maint@gentoo.org</email>
+ <name>Proxy Maintainers</name>
+ </maintainer>
+ <use>
+ <flag name="extras">Html docs support</flag>
+ </use>
</pkgmetadata>
diff --git a/net-analyzer/openvas-scanner/openvas-scanner-5.1.3.ebuild b/net-analyzer/openvas-scanner/openvas-scanner-5.1.3.ebuild
new file mode 100644
index 000000000000..c0e59479a726
--- /dev/null
+++ b/net-analyzer/openvas-scanner/openvas-scanner-5.1.3.ebuild
@@ -0,0 +1,97 @@
+# Copyright 1999-2019 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=7
+
+CMAKE_MAKEFILE_GENERATOR="emake"
+inherit cmake-utils systemd
+MY_PN="openvas-scanner"
+
+DESCRIPTION="A remote security scanner for Linux (OpenVAS-scanner)"
+HOMEPAGE="http://www.openvas.org/"
+SRC_URI="https://github.com/greenbone/${MY_PN}/archive/v${PV}.tar.gz -> ${P}.tar.gz"
+
+SLOT="0"
+LICENSE="GPL-2"
+KEYWORDS="~amd64 ~x86"
+IUSE="extras"
+
+DEPEND="
+ dev-db/redis
+ dev-libs/libgcrypt:0=
+ >=net-analyzer/openvas-libraries-9.0.3
+ net-libs/gnutls:=[tools]
+ net-libs/libssh:=
+ extras? ( dev-perl/CGI )"
+
+RDEPEND="
+ ${DEPEND}
+ !net-analyzer/openvas-tools"
+
+BDEPEND="
+ sys-devel/bison
+ sys-devel/flex
+ virtual/pkgconfig
+ extras? ( app-doc/doxygen[dot]
+ app-doc/xmltoman
+ app-text/htmldoc
+ dev-perl/SQL-Translator
+ )"
+
+PATCHES=(
+ "${FILESDIR}/${P}-gcc8.patch"
+ "${FILESDIR}/${P}-nvt.patch"
+ "${FILESDIR}/${P}-cachedir.patch"
+)
+
+src_prepare() {
+ cmake-utils_src_prepare
+ # Fix for correct FHS/Gentoo policy paths for 5.1.3
+ sed -i "s*/doc/openvas-scanner/*/doc/openvas-scanner-${PV}/*g" "$S"/CMakeLists.txt || die
+ if use extras; then
+ doxygen -u "$S"/doc/Doxyfile_full.in || die
+ fi
+}
+
+src_configure() {
+ local mycmakeargs=(
+ "-DCMAKE_INSTALL_PREFIX=${EPREFIX}/usr"
+ "-DLOCALSTATEDIR=${EPREFIX}/var"
+ "-DSYSCONFDIR=${EPREFIX}/etc"
+ )
+ cmake-utils_src_configure
+}
+
+src_compile() {
+ cmake-utils_src_compile
+ if use extras; then
+ cmake-utils_src_make -C "${BUILD_DIR}" doc
+ cmake-utils_src_make doc-full -C "${BUILD_DIR}" doc
+ HTML_DOCS=( "${BUILD_DIR}"/doc/generated/html/. )
+ fi
+}
+
+src_install() {
+ cmake-utils_src_install
+
+ insinto /etc/openvas
+ doins "${FILESDIR}"/openvassd.conf "${FILESDIR}"/redis.conf.example
+
+ insinto /etc/openvas/sysconfig
+ doins "${FILESDIR}"/${MY_PN}-daemon.conf
+
+ insinto /etc/openvas/scripts
+ doins "${FILESDIR}"/openvas-feed-sync "${FILESDIR}"/first-start
+ fperms 0755 /etc/openvas/scripts/{openvas-feed-sync,first-start}
+
+ newinitd "${FILESDIR}/${MY_PN}.init" ${MY_PN}
+ newconfd "${FILESDIR}/${MY_PN}-daemon.conf" ${MY_PN}
+
+ insinto /etc/logrotate.d
+ newins "${FILESDIR}/${MY_PN}.logrotate" ${MY_PN}
+
+ systemd_newtmpfilesd "${FILESDIR}/${MY_PN}.tmpfiles.d" ${MY_PN}.conf
+ systemd_dounit "${FILESDIR}"/${MY_PN}.service
+
+ keepdir /var/lib/openvas/plugins
+}