Date: Mon, 7 Aug 2017 03:48:23 +0000 (UTC) From: Jose Alonso Cardenas Marquez <acm@FreeBSD.org> To: ports-committers@freebsd.org, svn-ports-all@freebsd.org, svn-ports-head@freebsd.org Subject: svn commit: r447483 - in head/security: greenbone-security-assistant9 greenbone-security-assistant9/files openvas8 openvas8-manager openvas8-scanner openvas8/files openvas9 openvas9-manager/files o... Message-ID: <201708070348.v773mNf2072187@repo.freebsd.org>
next in thread | raw e-mail | index | archive | help
Author: acm Date: Mon Aug 7 03:48:23 2017 New Revision: 447483 URL: https://svnweb.freebsd.org/changeset/ports/447483 Log: - Fix rc scripts of OpenVAS 9 ports - Change some entries of openvas8/files/pkg-message - Change some entries of openvas9/files/pkg-message. It reflects socket use of OpenVAS 9 ports. - Fix problems into OpenVAS 9 greenbone*-sync scripts - Add missing dependency (ftp/wget) - Fix socket connection from openvas9-manager to openvas9-scanner - Bump PORTREVISION Added: head/security/openvas9-manager/files/patch-src-scanner.c (contents, props changed) Modified: head/security/greenbone-security-assistant9/Makefile head/security/greenbone-security-assistant9/files/gsad.in head/security/openvas8-manager/Makefile head/security/openvas8-scanner/Makefile head/security/openvas8/Makefile head/security/openvas8/files/pkg-message.in head/security/openvas9-manager/files/openvasmd.in head/security/openvas9-manager/files/patch-tools+greenbone-certdata-sync.in head/security/openvas9-manager/files/patch-tools+greenbone-scapdata-sync.in head/security/openvas9-scanner/Makefile head/security/openvas9-scanner/files/openvassd.in head/security/openvas9-scanner/files/patch-tools_greenbone-nvt-sync.in head/security/openvas9/Makefile head/security/openvas9/files/pkg-message.in Modified: head/security/greenbone-security-assistant9/Makefile ============================================================================== --- head/security/greenbone-security-assistant9/Makefile Mon Aug 7 02:38:08 2017 (r447482) +++ head/security/greenbone-security-assistant9/Makefile Mon Aug 7 03:48:23 2017 (r447483) @@ -2,6 +2,7 @@ PORTNAME= greenbone-security-assistant9 PORTVERSION= 7.0.2 +PORTREVISION= 2 MASTER_SITES= http://wald.intevation.org/frs/download.php/2429/ COMMENT= OpenVAS 9 web interface Modified: head/security/greenbone-security-assistant9/files/gsad.in ============================================================================== --- head/security/greenbone-security-assistant9/files/gsad.in Mon Aug 7 02:38:08 2017 (r447482) +++ head/security/greenbone-security-assistant9/files/gsad.in Mon Aug 7 03:48:23 2017 (r447483) @@ -21,7 +21,7 @@ command="%%PREFIX%%/sbin/gsad" pidfile=/var/run/gsad.pid : ${gsad_enable="NO"} -: ${gsad_flags="--listen=127.0.0.1 --port=8080 --http-only"} +: ${gsad_flags="--listen=127.0.0.1 --port=8080 --http-only --munix-socket=/var/run/openvasmd.sock"} load_rc_config $name run_rc_command "$1" Modified: head/security/openvas8-manager/Makefile ============================================================================== --- head/security/openvas8-manager/Makefile Mon Aug 7 02:38:08 2017 (r447482) +++ head/security/openvas8-manager/Makefile Mon Aug 7 03:48:23 2017 (r447483) @@ -2,7 +2,7 @@ PORTNAME?= openvas8-manager PORTVERSION?= 6.0.11 -PORTREVISION= 1 +PORTREVISION= 2 CATEGORIES= security MASTER_SITES?= http://wald.intevation.org/frs/download.php/2445/ DISTNAME= ${PORTNAME:S/${OPENVAS_VER}//}-${PORTVERSION} @@ -19,7 +19,8 @@ LIB_DEPENDS= libgnutls.so:security/gnutls \ libgpgme.so:security/gpgme \ libgcrypt.so:security/libgcrypt \ libopenvas_base.so:security/openvas${OPENVAS_VER}-libraries -RUN_DEPENDS:= ${BUILD_DEPENDS} +RUN_DEPENDS:= ${BUILD_DEPENDS} \ + wget:ftp/wget CONFLICTS?= ${PORTNAME:S/${OPENVAS_VER}/9/}-* Modified: head/security/openvas8-scanner/Makefile ============================================================================== --- head/security/openvas8-scanner/Makefile Mon Aug 7 02:38:08 2017 (r447482) +++ head/security/openvas8-scanner/Makefile Mon Aug 7 03:48:23 2017 (r447483) @@ -3,7 +3,7 @@ PORTNAME?= openvas8-scanner PORTVERSION?= 5.0.8 -PORTREVISION= 1 +PORTREVISION= 2 CATEGORIES= security MASTER_SITES?= http://wald.intevation.org/frs/download.php/2436/ DISTNAME= ${PORTNAME:S/${OPENVAS_VER}//}-${PORTVERSION} @@ -20,6 +20,7 @@ LIB_DEPENDS= libgcrypt.so:security/libgcrypt \ RUN_DEPENDS= redis-server:databases/redis \ curl:ftp/curl \ rsync:net/rsync \ + wget:ftp/wget \ nmap:security/nmap CONFLICTS?= ${PORTNAME:S/${OPENVAS_VER}/9/}-* Modified: head/security/openvas8/Makefile ============================================================================== --- head/security/openvas8/Makefile Mon Aug 7 02:38:08 2017 (r447482) +++ head/security/openvas8/Makefile Mon Aug 7 03:48:23 2017 (r447483) @@ -3,6 +3,7 @@ PORTNAME= openvas8 PORTVERSION= 8.0 +PORTREVISION= 1 CATEGORIES= security MAINTAINER= acm@FreeBSD.org Modified: head/security/openvas8/files/pkg-message.in ============================================================================== --- head/security/openvas8/files/pkg-message.in Mon Aug 7 02:38:08 2017 (r447482) +++ head/security/openvas8/files/pkg-message.in Mon Aug 7 03:48:23 2017 (r447483) @@ -16,12 +16,13 @@ OpenVAS 8 ports were installed 3) The following steps are neccessary before of you can access to OpenVAS web interface (gsad): + # openvassd # openvas-mkcert # openvas-mkcert-client -n -i - # openvasmd --rebuild --progress # openvas-nvt-sync # openvas-scapdata-sync # openvas-certdata-sync + # openvasmd --rebuild --progress # openvasmd --create-user=admin --role=Admin # openvasmd --user=admin --new-password=yourpassword Modified: head/security/openvas9-manager/files/openvasmd.in ============================================================================== --- head/security/openvas9-manager/files/openvasmd.in Mon Aug 7 02:38:08 2017 (r447482) +++ head/security/openvas9-manager/files/openvasmd.in Mon Aug 7 03:48:23 2017 (r447483) @@ -22,7 +22,7 @@ pidfile=/var/run/openvasmd.pid extra_commands="reload" : ${openvasmd_enable="NO"} -: ${openvasmd_flags="--listen=127.0.0.1"} +: ${openvasmd_flags="--unix-socket=/var/run/${name}.sock --listen=127.0.0.1"} load_rc_config $name run_rc_command "$1" Added: head/security/openvas9-manager/files/patch-src-scanner.c ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ head/security/openvas9-manager/files/patch-src-scanner.c Mon Aug 7 03:48:23 2017 (r447483) @@ -0,0 +1,34 @@ +--- src/scanner.c 2016-11-10 04:58:06.000000000 -0500 ++++ src/scanner.c 2017-08-06 21:58:23.868844000 -0500 +@@ -33,6 +33,7 @@ + #include <assert.h> + #include <unistd.h> + #include <sys/types.h> ++#include <sys/socket.h> + #include <sys/time.h> + #include <sys/stat.h> + #include <sys/un.h> +@@ -586,7 +587,6 @@ + openvas_scanner_connect_unix () + { + struct sockaddr_un addr; +- int len; + + openvas_scanner_socket = socket (AF_UNIX, SOCK_STREAM, 0); + if (openvas_scanner_socket == -1) +@@ -596,10 +596,12 @@ + return -1; + } + ++ memset(&addr, 0, sizeof(struct sockaddr_un)); ++ + addr.sun_family = AF_UNIX; +- strncpy (addr.sun_path, openvas_scanner_unix_path, 108); +- len = strlen (addr.sun_path) + sizeof (addr.sun_family); +- if (connect (openvas_scanner_socket, (struct sockaddr *) &addr, len) == -1) ++ strlcpy(addr.sun_path, openvas_scanner_unix_path, sizeof(addr.sun_path)); ++ ++ if (connect (openvas_scanner_socket, (struct sockaddr *) &addr, SUN_LEN(&addr)) == -1) + { + g_warning ("%s: Failed to connect to scanner (%s): %s\n", __FUNCTION__, + openvas_scanner_unix_path, strerror (errno)); Modified: head/security/openvas9-manager/files/patch-tools+greenbone-certdata-sync.in ============================================================================== --- head/security/openvas9-manager/files/patch-tools+greenbone-certdata-sync.in Mon Aug 7 02:38:08 2017 (r447482) +++ head/security/openvas9-manager/files/patch-tools+greenbone-certdata-sync.in Mon Aug 7 03:48:23 2017 (r447483) @@ -1,11 +1,20 @@ ---- tools/greenbone-certdata-sync.in.orig 2016-11-10 04:58:06.000000000 -0500 -+++ tools/greenbone-certdata-sync.in 2017-07-29 00:06:06.535930000 -0500 +--- tools/greenbone-certdata-sync.in 2016-11-10 04:58:06.000000000 -0500 ++++ tools/greenbone-certdata-sync.in 2017-08-06 13:11:30.155406000 -0500 +@@ -99,7 +99,7 @@ + + # Delay between retries + if [ -z "$SQL_RETRY_DELAY" ]; then +- SQL_RETRY_DELAY="10m" # allowed unit suffixes: see sleep command ++ SQL_RETRY_DELAY="600" # allowed unit suffixes: see sleep command + fi + + # LOG_CMD defines the command to use for logging. To have logger log to stderr @@ -766,7 +766,7 @@ for certfile in $CERT_DIR/CB-K*.xml do [ -e "$certfile" ] || break # No file found - filedate=`stat -c "%Y" $certfile | cut -d " " -f 1 | tr -d "-"` -+ filedate=`stat -c "%m" $certfile | cut -d " " -f 1 | tr -d "-"` ++ filedate=`stat -f "%m" $certfile | cut -d " " -f 1 | tr -d "-"` filedate=$(( $filedate - ( $filedate % 60 ) )) if [ $filedate -gt $DB_LASTUPDATE ] then @@ -14,10 +23,19 @@ do [ -e "$certfile" ] || break # no file found - filedate=`stat -c "%Y" $certfile | cut -d " " -f 1 | tr -d "-"` -+ filedate=`stat -c "%m" $certfile | cut -d " " -f 1 | tr -d "-"` ++ filedate=`stat -f "%m" $certfile | cut -d " " -f 1 | tr -d "-"` filedate=$(( $filedate - ( $filedate % 60 ) )) if [ $filedate -gt $DB_LASTUPDATE ] then +@@ -831,7 +831,7 @@ + + update_cvss + +- LAST_UPDATE_TIMESTAMP=`sed 's/^\(.\{8\}\)/\1 /' $TIMESTAMP | env TZ="UTC" date +%s -f -` ++ LAST_UPDATE_TIMESTAMP=`date -j -f '%Y%m%d%H%M%S' $(sed 's/$/00/g' $TIMESTAMP) +%s` + + reset_sql_tries + until [ "$try_sql" -eq 0 ] @@ -1045,7 +1045,7 @@ if [ -f "$CERT_DB" ] Modified: head/security/openvas9-manager/files/patch-tools+greenbone-scapdata-sync.in ============================================================================== --- head/security/openvas9-manager/files/patch-tools+greenbone-scapdata-sync.in Mon Aug 7 02:38:08 2017 (r447482) +++ head/security/openvas9-manager/files/patch-tools+greenbone-scapdata-sync.in Mon Aug 7 03:48:23 2017 (r447483) @@ -1,11 +1,41 @@ --- tools/greenbone-scapdata-sync.in 2016-11-10 04:58:06.000000000 -0500 -+++ tools/greenbone-scapdata-sync.in 2017-08-05 22:42:35.986283000 -0500 -@@ -1080,11 +1080,11 @@ ++++ tools/greenbone-scapdata-sync.in 2017-08-06 13:50:52.849680000 -0500 +@@ -89,7 +89,7 @@ + + # Split CVE data files into parts of this size in kB. 0 = no splitting + # The default is 1/30 of the system memory. +-SPLIT_PART_SIZE=$(awk '/MemTotal/ { print int( $2/60) }' /proc/meminfo) ++SPLIT_PART_SIZE=$((($(sysctl hw.physmem | cut -d " " -f2)/1024)/60)) + + # SQLITE3 defines the name of the sqlite binary to call, along with additional + # parameters. +@@ -109,7 +109,7 @@ + + # Delay between retries + if [ -z "$SQL_RETRY_DELAY" ]; then +- SQL_RETRY_DELAY="10m" # allowed unit suffixes: see sleep command ++ SQL_RETRY_DELAY="600" # allowed unit suffixes: see sleep command + fi + + # SCRIPT_NAME is the name the scripts will use to identify itself and to mark +@@ -234,11 +234,6 @@ + + if [ -z "$TMPDIR" ]; then + SYNC_TMP_DIR=/tmp +- # If we have mktemp, create a temporary dir (safer) +- if [ -n "`which mktemp`" ]; then +- SYNC_TMP_DIR=`mktemp -t -d greenbone-scap-data-sync.XXXXXXXXXX` || { log_err "Cannot create temporary directory for file download" ; exit 1 ; } +- trap "rm -rf $SYNC_TMP_DIR" EXIT HUP INT TRAP TERM +- fi + else + SYNC_TMP_DIR="$TMPDIR" + fi +@@ -1080,11 +1075,11 @@ then for ovalfile in $oval_files_sorted_private do - filedate=`stat -c "%Y" "$ovalfile" | cut -d " " -f 1 | tr -d "-"` -+ filedate=`stat -c "%m" "$ovalfile" | cut -d " " -f 1 | tr -d "-"` ++ filedate=`stat -f "%m" "$ovalfile" | cut -d " " -f 1 | tr -d "-"` filedate=$(( $filedate - ( $filedate % 60 ) )) if [ $filedate -gt $DB_LASTUPDATE ] || [ 1 = "$REBUILD_OVAL" ] then @@ -14,7 +44,7 @@ if [ 1 = "$REBUILD_OVAL" ] then -@@ -1153,7 +1153,7 @@ +@@ -1153,7 +1148,7 @@ DIR_STR_LENGTH=$((`echo "$SCAP_DIR" | wc -c` + 1)) oval_files_shortened="" @@ -23,7 +53,7 @@ then for ovalfile in $oval_files_sorted_private do -@@ -1163,7 +1163,7 @@ +@@ -1163,7 +1158,7 @@ fi oval_files_clause="" @@ -32,7 +62,7 @@ then oval_files_clause="AND (xml_file NOT IN ($oval_files_shortened))" fi -@@ -1186,7 +1186,7 @@ +@@ -1186,7 +1181,7 @@ fi # TODO: This is not quite accurate as it uses the timestamp of the non-private data. @@ -41,12 +71,12 @@ reset_sql_tries until [ "$try_sql" -eq 0 ] -@@ -1208,12 +1208,12 @@ +@@ -1208,12 +1203,12 @@ CPEBASE="$SCAP_DIR/official-cpe-dictionary_v2.2.xml" if [ -e $CPEBASE ] then - filedate=`stat -c "%Y" "$CPEBASE" | cut -d " " -f 1 | tr -d "-"` -+ filedate=`stat -c "%m" "$CPEBASE" | cut -d " " -f 1 | tr -d "-"` ++ filedate=`stat -f "%m" "$CPEBASE" | cut -d " " -f 1 | tr -d "-"` filedate=$(( $filedate - ( $filedate % 60 ) )) if [ $filedate -gt $DB_LASTUPDATE ] then @@ -56,12 +86,12 @@ if [ "0" -ne "$SPLIT_PART_SIZE" ] && [ "$filesize" -gt $(($SPLIT_PART_SIZE * 1024)) ] then log_info "File is larger than ${SPLIT_PART_SIZE}k. Splitting into multiple parts" -@@ -1271,13 +1271,13 @@ +@@ -1271,13 +1266,13 @@ for cvefile in $SCAP_DIR/nvdcve-2.0-*.xml do [ -e "$cvefile" ] || break # no file found - filedate=`stat -c "%Y" "$cvefile" | cut -d " " -f 1 | tr -d "-"` -+ filedate=`stat -c "%m" "$cvefile" | cut -d " " -f 1 | tr -d "-"` ++ filedate=`stat -f "%m" "$cvefile" | cut -d " " -f 1 | tr -d "-"` filedate=$(( $filedate - ( $filedate % 60 ) )) if [ $filedate -gt $DB_LASTUPDATE ] then @@ -72,12 +102,12 @@ if [ "0" -ne "$SPLIT_PART_SIZE" ] && [ "$filesize" -gt $(($SPLIT_PART_SIZE * 1024)) ] then log_info "File is larger than ${SPLIT_PART_SIZE}k. Splitting into multiple parts" -@@ -1347,11 +1347,11 @@ +@@ -1347,11 +1342,11 @@ for ovalfile in $oval_files_sorted do - filedate=`stat -c "%Y" "$ovalfile" | cut -d " " -f 1 | tr -d "-"` -+ filedate=`stat -c "%m" "$ovalfile" | cut -d " " -f 1 | tr -d "-"` ++ filedate=`stat -f "%m" "$ovalfile" | cut -d " " -f 1 | tr -d "-"` filedate=$(( $filedate - ( $filedate % 60 ) )) if [ $filedate -gt $DB_LASTUPDATE ] || [ 1 = "$REBUILD_OVAL" ] then @@ -86,7 +116,7 @@ if [ 1 = "$REBUILD_OVAL" ] then -@@ -1403,7 +1403,7 @@ +@@ -1403,7 +1398,7 @@ update_cvss update_placeholders @@ -95,7 +125,7 @@ reset_sql_tries until [ "$try_sql" -eq 0 ] -@@ -1635,7 +1635,7 @@ +@@ -1635,7 +1630,7 @@ then if [ -f "$SCAP_DB" ] then Modified: head/security/openvas9-scanner/Makefile ============================================================================== --- head/security/openvas9-scanner/Makefile Mon Aug 7 02:38:08 2017 (r447482) +++ head/security/openvas9-scanner/Makefile Mon Aug 7 03:48:23 2017 (r447483) @@ -2,6 +2,7 @@ PORTNAME= openvas9-scanner PORTVERSION= 5.1.1 +PORTREVISION= 1 MASTER_SITES= http://wald.intevation.org/frs/download.php/2423/ COMMENT= OpenVAS 9 scanner Modified: head/security/openvas9-scanner/files/openvassd.in ============================================================================== --- head/security/openvas9-scanner/files/openvassd.in Mon Aug 7 02:38:08 2017 (r447482) +++ head/security/openvas9-scanner/files/openvassd.in Mon Aug 7 03:48:23 2017 (r447483) @@ -8,18 +8,21 @@ # # Add the following to /etc/rc.conf[.local] to enable this service # -# openvassd_enable="YES" +# openvassd_enable (bool): Set to NO by default. +# Set it to YES to enable openvassd. +# openvassd_flags (params): Set params used to start openvassd. # . /etc/rc.subr name=openvassd -rcvar=openvassd_enable +rcvar=${name}_enable command="%%PREFIX%%/sbin/openvassd" pidfile=/var/run/openvassd.pid extra_commands="reload" : ${openvassd_enable=NO} +: ${openvassd_flags="--unix-socket=/var/run/${name}.sock"} load_rc_config $name run_rc_command "$1" Modified: head/security/openvas9-scanner/files/patch-tools_greenbone-nvt-sync.in ============================================================================== --- head/security/openvas9-scanner/files/patch-tools_greenbone-nvt-sync.in Mon Aug 7 02:38:08 2017 (r447482) +++ head/security/openvas9-scanner/files/patch-tools_greenbone-nvt-sync.in Mon Aug 7 03:48:23 2017 (r447483) @@ -1,6 +1,18 @@ --- tools/greenbone-nvt-sync.in 2016-11-10 04:57:55.000000000 -0500 -+++ tools/greenbone-nvt-sync.in 2017-07-28 23:31:16.323079000 -0500 -@@ -577,7 +577,7 @@ ++++ tools/greenbone-nvt-sync.in 2017-08-06 13:55:03.833824000 -0500 +@@ -180,11 +180,6 @@ + + if [ -z "$TMPDIR" ]; then + SYNC_TMP_DIR=/tmp +- # If we have mktemp, create a temporary dir (safer) +- if [ -n "`which mktemp`" ]; then +- SYNC_TMP_DIR=`mktemp -t -d greenbone-nvt-sync.XXXXXXXXXX` || { echo "ERROR: Cannot create temporary directory for file download" >&2; exit 1 ; } +- trap "rm -rf $SYNC_TMP_DIR" EXIT HUP INT TRAP TERM +- fi + else + SYNC_TMP_DIR="$TMPDIR" + fi +@@ -577,7 +572,7 @@ log_err "rsync failed, aborting synchronization." exit 1 fi @@ -9,7 +21,7 @@ if [ $? -ne 0 ] ; then if [ -n "$retried" ] then -@@ -650,7 +650,7 @@ +@@ -650,7 +645,7 @@ do_self_test () { Modified: head/security/openvas9/Makefile ============================================================================== --- head/security/openvas9/Makefile Mon Aug 7 02:38:08 2017 (r447482) +++ head/security/openvas9/Makefile Mon Aug 7 03:48:23 2017 (r447483) @@ -3,6 +3,7 @@ PORTNAME= openvas9 PORTVERSION= 9.0 +PORTREVISION= 1 CATEGORIES= security MAINTAINER= acm@FreeBSD.org Modified: head/security/openvas9/files/pkg-message.in ============================================================================== --- head/security/openvas9/files/pkg-message.in Mon Aug 7 02:38:08 2017 (r447482) +++ head/security/openvas9/files/pkg-message.in Mon Aug 7 03:48:23 2017 (r447483) @@ -16,12 +16,11 @@ OpenVAS 9 ports were installed 3) The following steps are neccessary before of you can access to OpenVAS web interface (gsad): - # openvas-mkcert - # openvas-mkcert-client -n -i - # openvasmd --rebuild --progress + # openvassd # greenbone-nvt-sync # greenbone-scapdata-sync # greenbone-certdata-sync + # openvasmd --rebuild --progress # openvasmd --create-user=admin --role=Admin # openvasmd --user=admin --new-password=yourpassword @@ -31,11 +30,11 @@ OpenVAS 9 ports were installed openvasmd_enable="YES" gsad_enable="YES" -5) Start OpenVAS Scanner. It will listen on 127.0.0.1:9391 by default +5) Start OpenVAS Scanner. It will listen on /var/run/openvassd.sock by default # service openvassd restart -6) 5) Start OpenVAS Manager. It will listen on 127.0.0.1:9390 by default +6) 5) Start OpenVAS Manager. It will listen on /var/run/openvasmd.sock by default # service openvasmd restart # openvasmd --rebuild --progress
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201708070348.v773mNf2072187>