mirror of
https://github.com/pentoo/pentoo-overlay
synced 2026-04-20 05:41:12 +02:00
ospd-openvas: init.d script
This commit is contained in:
parent
396e909e47
commit
5076044f24
16 changed files with 141 additions and 162 deletions
|
|
@ -30,7 +30,7 @@ DEPEND="
|
|||
RDEPEND="
|
||||
${DEPEND}
|
||||
!~net-analyzer/greenbone-security-assistant-7.0.3
|
||||
>=net-analyzer/openvas-scanner-6.0.1
|
||||
|| ( >=net-analyzer/openvas-scanner-6.0.1 >=net-analyzer/openvas-7.0.0 )
|
||||
>=net-analyzer/gvmd-8.0.1"
|
||||
|
||||
BDEPEND="
|
||||
|
|
@ -17,9 +17,8 @@ REQUIRED_USE="|| ( postgres sqlite )"
|
|||
RDEPEND="
|
||||
>=net-analyzer/gvm-libs-11.0.0[extras?,ldap?,radius?]
|
||||
>=net-analyzer/gvmd-9.0.0[extras?,postgres?,sqlite?]
|
||||
>=net-analyzer/openvas-scanner-7.0.0[cron?,extras?]
|
||||
>=net-analyzer/openvas-7.0.0
|
||||
>=net-analyzer/ospd-openvas-1.0.0
|
||||
!net-analyzer/openvas
|
||||
cli? ( >=net-analyzer/gvm-tools-2.0.0 )
|
||||
gsa? ( ~net-analyzer/greenbone-security-assistant-8.0.1[extras?] )
|
||||
ospd? ( >=net-analyzer/ospd-2.0.0[extras?] )"
|
||||
|
|
@ -29,7 +29,7 @@ DEPEND="
|
|||
RDEPEND="
|
||||
${DEPEND}
|
||||
!net-analyzer/openvas-manager
|
||||
>=net-analyzer/openvas-scanner-7.0.0"
|
||||
>=net-analyzer/openvas-7.0.0"
|
||||
|
||||
BDEPEND="
|
||||
sys-devel/bison
|
||||
|
|
@ -1,2 +1 @@
|
|||
DIST openvas-scanner-6.0.1.tar.gz 522100 BLAKE2B af82b41736329bd90ba1ea73a0ace36d4115375f81a7aaff5d3bd50f21cfa3195cdf4012aa952da52c4103a31475de5c5790ef3e2e36180aa06737371fa0e5a0 SHA512 db4087fffe1d50e232fa1e51325cf7f142237e2bd3cc5dcaa1e7058a4871300f352f2c0e700eae72ea9412c347b072e9d1f2eca508b27cb30f36c6895ec95147
|
||||
DIST openvas-scanner-7.0.0.tar.gz 428304 BLAKE2B fa0a21127edd2223dbbf533b6c188729a1b6de4977e5667fbc1a45b2c426045cdc73eb58d05df24b8b39d0e47fb445fa704bd1b827bb5ea6403fdb83c6b01fd9 SHA512 ce3e78ce5e1575c5c37b6c2aa77ec8955754029832bafb3fcedd75b48dff309906a97bac052d206f6e93e9e72b8461a131558e849f70b3afce6280a7b06924d1
|
||||
|
|
|
|||
|
|
@ -1,11 +0,0 @@
|
|||
--- a/src/CMakeLists.txt.orig 2019-10-12 10:18:11.514510038 +0800
|
||||
+++ b/src/CMakeLists.txt 2019-10-12 10:20:41.147508674 +0800
|
||||
@@ -200,7 +200,7 @@
|
||||
## Install
|
||||
|
||||
install (TARGETS openvas
|
||||
- RUNTIME DESTINATION ${SBINDIR}
|
||||
+ RUNTIME DESTINATION ${BINDIR}
|
||||
PERMISSIONS OWNER_EXECUTE OWNER_READ OWNER_WRITE
|
||||
GROUP_READ GROUP_EXECUTE WORLD_READ WORLD_EXECUTE)
|
||||
|
||||
|
|
@ -1,138 +0,0 @@
|
|||
# Copyright 1999-2019 Gentoo Authors
|
||||
# Distributed under the terms of the GNU General Public License v2
|
||||
|
||||
EAPI=7
|
||||
|
||||
CMAKE_MAKEFILE_GENERATOR="emake"
|
||||
inherit cmake-utils flag-o-matic systemd toolchain-funcs
|
||||
|
||||
MY_PN="openvas"
|
||||
MY_DN="openvassd"
|
||||
|
||||
DESCRIPTION="Open Vulnerability Assessment Scanner"
|
||||
HOMEPAGE="https://www.greenbone.net/en/"
|
||||
SRC_URI="https://github.com/greenbone/openvas-scanner/archive/v${PV}.tar.gz -> ${P}.tar.gz"
|
||||
|
||||
SLOT="0"
|
||||
LICENSE="GPL-2 GPL-2+"
|
||||
KEYWORDS="~amd64 ~x86"
|
||||
IUSE="cron extras"
|
||||
|
||||
DEPEND="
|
||||
app-crypt/gpgme:=
|
||||
dev-db/redis
|
||||
dev-libs/libgcrypt:=
|
||||
dev-libs/libksba
|
||||
>=net-analyzer/gvm-libs-11.0.0
|
||||
net-analyzer/net-snmp
|
||||
net-libs/gnutls:=
|
||||
net-libs/libpcap
|
||||
net-libs/libssh:=
|
||||
"
|
||||
|
||||
RDEPEND="
|
||||
${DEPEND}
|
||||
!~net-analyzer/openvas-scanner-5.1.3
|
||||
!net-analyzer/openvas-tools"
|
||||
|
||||
BDEPEND="
|
||||
sys-devel/bison
|
||||
sys-devel/flex
|
||||
virtual/pkgconfig
|
||||
extras? ( app-doc/doxygen[dot]
|
||||
app-doc/xmltoman
|
||||
app-text/htmldoc
|
||||
dev-perl/CGI
|
||||
dev-perl/SQL-Translator
|
||||
)"
|
||||
|
||||
BUILD_DIR="${WORKDIR}/${MY_PN}-${PV}_build"
|
||||
S="${WORKDIR}/${MY_PN}-${PV}"
|
||||
|
||||
PATCHES=(
|
||||
# Install exec. to /usr/bin instead of /usr/sbin
|
||||
"${FILESDIR}/${P}-sbin.patch"
|
||||
)
|
||||
|
||||
src_prepare() {
|
||||
cmake-utils_src_prepare
|
||||
# QA-Fix | Correct FHS/Gentoo policy paths for 6.0.1
|
||||
sed -i -e "s*/doc/openvas-scanner/*/doc/openvas-scanner-${PV}/*g" "$S"/src/CMakeLists.txt || die
|
||||
# QA-Fix | Remove !CLANG doxygen warnings for 6.0.1
|
||||
if use extras; then
|
||||
if ! tc-is-clang; then
|
||||
local f
|
||||
for f in doc/*.in
|
||||
do
|
||||
sed -i \
|
||||
-e "s*CLANG_ASSISTED_PARSING = NO*#CLANG_ASSISTED_PARSING = NO*g" \
|
||||
-e "s*CLANG_OPTIONS*#CLANG_OPTIONS*g" \
|
||||
"${f}" || die "couldn't disable CLANG parsing"
|
||||
done
|
||||
fi
|
||||
fi
|
||||
}
|
||||
|
||||
src_configure() {
|
||||
local mycmakeargs=(
|
||||
"-DCMAKE_INSTALL_PREFIX=${EPREFIX}/usr"
|
||||
"-DLOCALSTATEDIR=${EPREFIX}/var"
|
||||
"-DSYSCONFDIR=${EPREFIX}/etc"
|
||||
)
|
||||
# Add release hardening flags for 6.0.1
|
||||
append-cflags -Wno-format-truncation -Wformat -Wformat-security -D_FORTIFY_SOURCE=2 -fstack-protector
|
||||
append-ldflags -Wl,-z,relro -Wl,-z,now
|
||||
cmake-utils_src_configure
|
||||
}
|
||||
|
||||
src_compile() {
|
||||
cmake-utils_src_compile
|
||||
if use extras; then
|
||||
cmake-utils_src_make -C "${BUILD_DIR}" doc
|
||||
cmake-utils_src_make doc-full -C "${BUILD_DIR}" doc
|
||||
HTML_DOCS=( "${BUILD_DIR}"/doc/generated/html/. )
|
||||
fi
|
||||
cmake-utils_src_make rebuild_cache
|
||||
}
|
||||
|
||||
src_install() {
|
||||
cmake-utils_src_install
|
||||
|
||||
dodir /etc/openvas
|
||||
insinto /etc/openvas
|
||||
newins "${FILESDIR}/${MY_DN}.gvm.conf" openvassd.conf
|
||||
|
||||
insinto /etc/openvas
|
||||
doins "${FILESDIR}"/redis.conf.example
|
||||
|
||||
dodir /etc/openvas/sysconfig
|
||||
insinto /etc/openvas/sysconfig
|
||||
doins "${FILESDIR}/${MY_DN}-daemon.conf"
|
||||
|
||||
if use cron; then
|
||||
# Install the cron job if they want it.
|
||||
exeinto /etc/gvm
|
||||
doexe "${FILESDIR}/gvm-feed-sync.sh"
|
||||
fowners gvm:gvm /etc/gvm/gvm-feed-sync.sh
|
||||
|
||||
insinto /etc/cron.d
|
||||
newins "${FILESDIR}"/gvm-feed-sync.cron gvm
|
||||
fi
|
||||
|
||||
fowners -R gvm:gvm /etc/openvas
|
||||
|
||||
newinitd "${FILESDIR}/${MY_DN}.init" "${MY_DN}"
|
||||
newconfd "${FILESDIR}/${MY_DN}-daemon.conf" "${MY_DN}"
|
||||
|
||||
dodir /etc/logrotate.d
|
||||
insinto /etc/logrotate.d
|
||||
newins "${FILESDIR}/${MY_DN}.logrotate" "${MY_DN}"
|
||||
|
||||
systemd_dounit "${FILESDIR}/${MY_DN}.service"
|
||||
|
||||
# Set proper permissions on required files/directories
|
||||
keepdir /var/log/gvm
|
||||
fowners gvm:gvm /var/log/gvm
|
||||
keepdir /var/lib/openvas/{gnupg,plugins}
|
||||
fowners -R gvm:gvm /var/lib/openvas
|
||||
}
|
||||
1
net-analyzer/openvas/Manifest
Normal file
1
net-analyzer/openvas/Manifest
Normal file
|
|
@ -0,0 +1 @@
|
|||
DIST openvas-7.0.0.tar.gz 428304 BLAKE2B fa0a21127edd2223dbbf533b6c188729a1b6de4977e5667fbc1a45b2c426045cdc73eb58d05df24b8b39d0e47fb445fa704bd1b827bb5ea6403fdb83c6b01fd9 SHA512 ce3e78ce5e1575c5c37b6c2aa77ec8955754029832bafb3fcedd75b48dff309906a97bac052d206f6e93e9e72b8461a131558e849f70b3afce6280a7b06924d1
|
||||
1
net-analyzer/openvas/files/openvas.conf
Normal file
1
net-analyzer/openvas/files/openvas.conf
Normal file
|
|
@ -0,0 +1 @@
|
|||
db_address = /tmp/redis.sock
|
||||
58
net-analyzer/openvas/openvas-7.0.0.ebuild
Normal file
58
net-analyzer/openvas/openvas-7.0.0.ebuild
Normal file
|
|
@ -0,0 +1,58 @@
|
|||
# Copyright 1999-2019 Gentoo Authors
|
||||
# Distributed under the terms of the GNU General Public License v2
|
||||
|
||||
EAPI=7
|
||||
|
||||
inherit cmake-utils
|
||||
|
||||
DESCRIPTION="Open Vulnerability Assessment Scanner"
|
||||
HOMEPAGE="https://www.greenbone.net/en/"
|
||||
SRC_URI="https://github.com/greenbone/openvas/archive/v${PV}.tar.gz -> ${P}.tar.gz"
|
||||
|
||||
SLOT="0"
|
||||
LICENSE="GPL-2 GPL-2+"
|
||||
KEYWORDS="~amd64 ~x86"
|
||||
IUSE=""
|
||||
|
||||
DEPEND="
|
||||
app-crypt/gpgme:=
|
||||
dev-db/redis
|
||||
dev-libs/libgcrypt:=
|
||||
dev-libs/libksba
|
||||
>=net-analyzer/gvm-libs-11.0.0
|
||||
net-analyzer/net-snmp
|
||||
net-libs/gnutls:=
|
||||
net-libs/libpcap
|
||||
net-libs/libssh:=
|
||||
"
|
||||
|
||||
RDEPEND="
|
||||
${DEPEND}
|
||||
!net-analyzer/openvas-scanner
|
||||
!net-analyzer/openvas-tools"
|
||||
|
||||
BDEPEND="
|
||||
sys-devel/bison
|
||||
sys-devel/flex
|
||||
virtual/pkgconfig
|
||||
"
|
||||
|
||||
src_configure() {
|
||||
local mycmakeargs=(
|
||||
"-DCMAKE_INSTALL_PREFIX=${EPREFIX}/usr"
|
||||
"-DLOCALSTATEDIR=${EPREFIX}/var"
|
||||
"-DSYSCONFDIR=${EPREFIX}/etc"
|
||||
)
|
||||
# Add release hardening flags for 6.0.1
|
||||
# append-cflags -Wno-format-truncation -Wformat -Wformat-security -D_FORTIFY_SOURCE=2 -fstack-protector
|
||||
# append-ldflags -Wl,-z,relro -Wl,-z,now
|
||||
cmake-utils_src_configure
|
||||
}
|
||||
|
||||
src_install() {
|
||||
cmake-utils_src_install
|
||||
|
||||
dodir /etc/openvas
|
||||
insinto /etc/openvas
|
||||
doins "${FILESDIR}/${PN}.conf"
|
||||
}
|
||||
10
net-analyzer/ospd-openvas/files/ospd-openvas.confd
Normal file
10
net-analyzer/ospd-openvas/files/ospd-openvas.confd
Normal file
|
|
@ -0,0 +1,10 @@
|
|||
# OpenVAS Scanner command args
|
||||
|
||||
# e.g --foreground
|
||||
OSPD_OPENVAS_OPTIONS=""
|
||||
|
||||
# Scanner listen socket
|
||||
OSPD_OPENVAS_UNIX_SOCKET="--unix-socket=/tmp/ospd.sock"
|
||||
|
||||
# Scanner listen mode
|
||||
OSPD_OPENVAS_SOCKET_MODE="--socket-mode=0o777"
|
||||
3
net-analyzer/ospd-openvas/files/ospd-openvas.default
Normal file
3
net-analyzer/ospd-openvas/files/ospd-openvas.default
Normal file
|
|
@ -0,0 +1,3 @@
|
|||
# The installation prefix to find the ospd-openvas binary.
|
||||
PATH=<install-prefix>/bin:<install-prefix>/sbin:/usr/local/sbin:/usr/local/bin:/usr/bin:/bin:$PATH
|
||||
PYTHONPATH=<install-prefix>/lib/python3.5/site-packages:$PYTHONPATH
|
||||
21
net-analyzer/ospd-openvas/files/ospd-openvas.initd
Normal file
21
net-analyzer/ospd-openvas/files/ospd-openvas.initd
Normal file
|
|
@ -0,0 +1,21 @@
|
|||
#!/sbin/openrc-run
|
||||
# Copyright 1999-2019 Gentoo Authors
|
||||
# Distributed under the terms of the GNU General Public License v2
|
||||
|
||||
name="remotely control an OpenVAS Scanner"
|
||||
command="/usr/bin/ospd-openvas"
|
||||
|
||||
command_args="${OSPD_OPENVAS_OPTIONS} \
|
||||
${OSPD_OPENVAS_UNIX_SOCKET} \
|
||||
${OSPD_OPENVAS_SOCKET_MODE} \
|
||||
--config /etc/openvas/ospd.conf"
|
||||
|
||||
pidfile="/run/ospd-openvas.pid"
|
||||
|
||||
command_background="true"
|
||||
|
||||
depend() {
|
||||
after bootmisc
|
||||
need localmount gvmd
|
||||
# net redis
|
||||
}
|
||||
21
net-analyzer/ospd-openvas/files/ospd-openvas.service
Normal file
21
net-analyzer/ospd-openvas/files/ospd-openvas.service
Normal file
|
|
@ -0,0 +1,21 @@
|
|||
[Unit]
|
||||
Description=OSPD OpenVAS
|
||||
After=network.target networking.service dnsmasq.service redis-server@openvas.service systemd-tmpfiles.service
|
||||
ConditionKernelCommandLine=!recovery
|
||||
|
||||
[Service]
|
||||
Type=forking
|
||||
EnvironmentFile=/etc/default/ospd-openvas.default
|
||||
Environment="PATH=$PATH"
|
||||
Environment="PYTHONPATH=$PYTHONPATH"
|
||||
User=<username>
|
||||
Group=<groupname>
|
||||
ExecStart=<install-prefix>/bin/ospd-openvas
|
||||
SuccessExitStatus=SIGKILL
|
||||
# This works asynchronously, but does not take the daemon down during the reload so it's ok.
|
||||
Restart=always
|
||||
RestartSec=60
|
||||
|
||||
[Install]
|
||||
WantedBy=multi-user.target
|
||||
Alias=ospd-openvas.service
|
||||
10
net-analyzer/ospd-openvas/files/ospd.conf
Normal file
10
net-analyzer/ospd-openvas/files/ospd.conf
Normal file
|
|
@ -0,0 +1,10 @@
|
|||
[OSPD - openvas]
|
||||
|
||||
#required by gvmd
|
||||
unix_socket = /tmp/ospd.sock
|
||||
|
||||
#socket_mode = 0o770
|
||||
#unix_socket = /run/ospd/ospd-openvas.pid
|
||||
|
||||
log_level = DEBUG
|
||||
log_file = /var/log/gvm/openvas.log
|
||||
|
|
@ -23,10 +23,14 @@ RDEPEND="
|
|||
DEPEND="
|
||||
${RDEPEND}"
|
||||
|
||||
#python_compile() {
|
||||
# if use extras; then
|
||||
# bash "${S}"/doc/generate || die
|
||||
# HTML_DOCS=( "${S}"/doc/. )
|
||||
# fi
|
||||
# distutils-r1_python_compile
|
||||
#}
|
||||
python_install() {
|
||||
distutils-r1_python_install
|
||||
|
||||
dodir /etc/openvas
|
||||
insinto /etc/openvas
|
||||
newins "${FILESDIR}/ospd.conf" ospd.conf
|
||||
|
||||
newinitd "${FILESDIR}/${PN}.initd" "${PN}"
|
||||
newconfd "${FILESDIR}/${PN}.confd" "${PN}"
|
||||
|
||||
}
|
||||
|
|
|
|||
|
|
@ -153,7 +153,8 @@ net-analyzer/sitadel
|
|||
~net-analyzer/greenbone-security-assistant-8.0.1
|
||||
=net-analyzer/gvm-libs-11*
|
||||
=net-analyzer/gvmd-9*
|
||||
=net-analyzer/openvas-scanner-7*
|
||||
=net-analyzer/openvas-scanner-6*
|
||||
=net-analyzer/openvas-7*
|
||||
net-analyzer/ospd-openvas
|
||||
net-analyzer/ospd
|
||||
net-analyzer/gvm-tools
|
||||
|
|
|
|||
Loading…
Reference in a new issue