gvm: (openvas) v10.0.1

net-analyzer/greenbone-security-assistant/Manifest

@@ -0,0 +1,2 @@
+DIST greenbone-security-assistant-8.0.1-node_modules.tar.gz 34084175 BLAKE2B 17c9e24961b63b957f932e4c5970113499ad65655b42e624284fb22a495d50c12e5f8289da4e17db717885b65909a6e18213fa312052c9c06c9bdc37816204f1 SHA512 552ea55fe218ae2345fa45b43af349825f255ccd86137dd245679efe6abc805d16c4ced3599f644d9b9f2686047b486d5e0c8aa4eaa0cbbf13157b9e2dbc8cc2
+DIST greenbone-security-assistant-8.0.1.tar.gz 1558918 BLAKE2B 75287784ed215300cfb30101d39b06b134092ca2d4311bcca976be23cc289529c6a8d661b99cb28e890c68f27e93a9259681add067749a772b7e3aea28761f3b SHA512 b91c1c4b8073c3ad3d3d636abbaa7881393f1448eae7366636ff618391c199c240e6bc4c848740a4267b4142aa872fb91c0798b8034d152d16016e650fbda2b8

net-analyzer/greenbone-security-assistant/files/greenbone-security-assistant-7.0.3-auth.patch

@@ -0,0 +1,107 @@
+--- gsa-7.0.3/src/gsad_omp.c	2019-02-02 03:22:19.297954361 +0300
++++ gsa-7.0.3/src/gsad_omp.c	2019-02-02 03:27:57.690214371 +0300
+@@ -1366,7 +1366,8 @@
+           || (strstr (param_name, "_id")
+                 == param_name + strlen (param_name) - strlen ("_id"))
+           || (strcmp (param_name, "name") == 0
+-              && strcasecmp (prev_action, "Run Wizard") == 0)
++              && (strcasecmp (prev_action, "Run Wizard") == 0
++                  || strcasecmp (next_cmd, "auth_settings") == 0))
+           || (strcmp (param_name, "get_name") == 0
+               && strcasecmp (next_cmd, "wizard_get") == 0))
+         {
+@@ -25984,7 +25976,7 @@
+ 
+   html = response_from_entity (connection, credentials, params, entity,
+                                (no_redirect && strcmp (no_redirect, "0")),
+-                               NULL, NULL,
++                               NULL, "auth_settings",
+                                NULL, "modify_auth",
+                                "Save Authentication Configuration",
+                                response_data);
+--- gsa-7.0.3/src/html/classic/js/greenbone.js  2018-03-28 16:23:57.000000000 +0300
++++ gsa-7.0.3/src/html/classic/js/greenbone.js  2019-02-02 03:40:37.162714538 +0300
+@@ -1559,6 +1559,9 @@
+           if (reload === 'next') {
+             reload_next(response);
+           }
++          else if (reload === 'window') {
++            location.reload();
++          }
+         },
+         function(jqXHR) {
+           if (jqXHR.status == 0 && jqXHR.readyState == 0) {
+--- gsa-7.0.3/src/html/classic/omp.xsl	2018-03-28 16:23:57.000000000 +0300
++++ gsa-7.0.3/src/html/classic/omp.xsl	2019-02-02 03:44:28.470599715 +0300
+@@ -36775,7 +36822,8 @@
+ <!-- AUTHENTICATION DESCRIPTION -->
+ 
+ <xsl:template match="group" mode="ldapauth">
+-  <div class="section-box" id="ldap-box">
++  <div class="section-box ajax-post" id="ldap-box"
++      data-button="form #save_button" data-reload="window">
+     <form action="/omp" method="post" enctype="multipart/form-data">
+       <input type="hidden" name="token" value="{/envelope/token}"/>
+       <input type="hidden" name="cmd" value="save_auth"/>
+@@ -36784,6 +36832,15 @@
+       <input type="hidden" name="filter" value="{gsa:envelope-filter ()}"/>
+       <!-- group name is e.g. of method:ldap -->
+       <input type="hidden" name="group" value="{@name}"/>
++      <!-- Auth type name for next page -->
++      <input type="hidden" name="name" value="ldap"/>
++
++      <div class="error-dialog">
++        <div class="text-center">
++          <xsl:value-of select="gsa:i18n ('LDAP authentication config could not be modified.')"/>
++        </div>
++      </div>
++
+       <table class="gbntable">
+         <tr class="gbntablehead2">
+           <td><xsl:value-of select="gsa:i18n ('Setting')"/></td>
+@@ -36838,7 +36895,8 @@
+         </tr>
+         <tr>
+           <td colspan="2" style="text-align:right;">
+-            <input type="submit" name="submit" value="{gsa:i18n ('Save')}"/>
++            <input type="submit" name="submit" id="save_button"
++                   value="{gsa:i18n ('Save')}"/>
+           </td>
+         </tr>
+       </table>
+@@ -36847,7 +36905,8 @@
+ </xsl:template>
+ 
+ <xsl:template match="group" mode="radiusauth">
+-  <div class="section-box" id="radius-box">
++  <div class="section-box ajax-post" id="radius-box"
++      data-button="form #save_button" data-reload="window">
+     <form action="/omp" method="post" enctype="multipart/form-data">
+       <input type="hidden" name="token" value="{/envelope/token}"/>
+       <input type="hidden" name="cmd" value="save_auth"/>
+@@ -36856,6 +36915,15 @@
+       <input type="hidden" name="filter" value="{gsa:envelope-filter ()}"/>
+       <!-- group name is e.g. of method:radius_connect -->
+       <input type="hidden" name="group" value="{@name}"/>
++      <!-- Auth type name for next page -->
++      <input type="hidden" name="name" value="radius"/>
++
++      <div class="error-dialog">
++        <div class="text-center">
++          <xsl:value-of select="gsa:i18n ('Radius authentication config could not be modified.')"/>
++        </div>
++      </div>
++
+       <table class="gbntable">
+         <tr class="gbntablehead2">
+           <td><xsl:value-of select="gsa:i18n ('Setting')"/></td>
+@@ -36890,7 +36958,8 @@
+           </tr>
+         <tr>
+           <td colspan="2" style="text-align:right;">
+-            <input type="submit" name="submit" value="{gsa:i18n ('Save')}"/>
++            <input type="submit" name="submit" id="save_button"
++                   value="{gsa:i18n ('Save')}"/>
+           </td>
+         </tr>
+       </table>

net-analyzer/greenbone-security-assistant/files/greenbone-security-assistant-7.0.3-memleak.patch

@@ -0,0 +1,42 @@
+--- gsa-7.0.3/src/gsad_omp.c	2018-03-28 16:23:57.000000000 +0300
++++ gsa-7.0.3/src/gsad_omp.c	2019-02-02 03:12:16.617046562 +0300
+@@ -7737,16 +7738,21 @@
+   g_string_append (xml, command_escaped);
+   g_free (command_escaped);
+ 
++  response = NULL;
+   ret = omp (connection, credentials, &response, &entity, response_data,
+              command->str);
+   g_string_free (command, TRUE);
++
++  if (ret)
++    {
++      free_entity (entity);
++      g_string_free (xml, TRUE);
++    }
++
+   switch (ret)
+     {
+       case 0:
+         break;
+-      case -1:
+-        /* 'omp' set response. */
+-        return response;
+       case 1:
+         response_data->http_status_code = MHD_HTTP_INTERNAL_SERVER_ERROR;
+         return gsad_message (credentials,
+@@ -7770,10 +7776,14 @@
+                              "/omp?cmd=get_tasks", response_data);
+     }
+ 
++  if (omp_success (entity) == 0)
++    set_http_status_from_entity (entity, response_data);
+   g_string_append (xml, response);
+ 
+   g_string_append (xml, "</get_aggregate>");
+ 
++  free_entity (entity);
++  g_free (response);
+   return xsl_transform_omp (connection, credentials, params,
+                             g_string_free (xml, FALSE), response_data);
+ }

net-analyzer/greenbone-security-assistant/files/greenbone-security-assistant-8.0.1-cmakelist.patch

@@ -0,0 +1,30 @@
+--- a/gsad/config/CMakeLists.txt	2019-07-18 20:39:10.331949702 +0300
++++ b/gsad/config/CMakeLists.txt	2019-07-18 20:40:18.946830294 +0300
+@@ -16,27 +16,3 @@
+ # along with this program; if not, write to the Free Software
+ # Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+ 
+-if (NOT SYSTEMD_SERVICE_DIR)
+-  set (SYSTEMD_SERVICE_DIR "${CMAKE_INSTALL_PREFIX}/lib/systemd/system")
+-endif (NOT SYSTEMD_SERVICE_DIR)
+-
+-if (NOT DEFAULT_CONFIG_DIR)
+-  set (DEFAULT_CONFIG_DIR "${CMAKE_INSTALL_PREFIX}/etc/default")
+-endif (NOT DEFAULT_CONFIG_DIR)
+-
+-if (NOT LOGROTATE_DIR)
+-  set (LOGROTATE_DIR "${CMAKE_INSTALL_PREFIX}/etc/logrotate.d")
+-endif (NOT LOGROTATE_DIR)
+-
+-configure_file (gsad.service.in gsad.service)
+-configure_file (gsad.logrotate.in gsad.logrotate)
+-
+-install (FILES ${CMAKE_CURRENT_BINARY_DIR}/gsad.service
+-         DESTINATION ${SYSTEMD_SERVICE_DIR}/)
+-
+-install (FILES ${CMAKE_CURRENT_SOURCE_DIR}/gsad.default
+-         DESTINATION ${DEFAULT_CONFIG_DIR}/ RENAME gsad)
+-
+-install (FILES ${CMAKE_CURRENT_BINARY_DIR}/gsad.logrotate
+-         DESTINATION ${LOGROTATE_DIR}/ RENAME gsad)
+-

net-analyzer/greenbone-security-assistant/files/greenbone-security-assistant-8.0.1-node.patch

@@ -0,0 +1,34 @@
+--- a/gsa/CMakeLists.txt	2019-07-17 16:45:39.000000000 +0300
++++ b/gsa/CMakeLists.txt	2019-07-17 22:24:49.466906757 +0300
+@@ -1095,28 +1095,17 @@
+      ${GSA_JS_SRC_FILES}
+      PARENT_SCOPE)
+ 
+-
+-add_custom_command (OUTPUT node-modules.stamp
+-                    DEPENDS ${GSA_PKG_FILES}
+-                    COMMAND ${INSTALLER} "${INSTALLER_ARGS}" "install"
+-                    COMMAND ${CMAKE_COMMAND} -E touch ${CMAKE_CURRENT_BINARY_DIR}/node-modules.stamp
+-                    WORKING_DIRECTORY ${GSA_SRC_DIR}
+-                    COMMENT "Install gsa-ng js dependencies")
+-
+-
+ add_custom_command (OUTPUT bundle.stamp
+-                    COMMAND ${CMAKE_COMMAND} -E env REACT_APP_VERSION=${PROJECT_VERSION_STRING} ${INSTALLER} "${INSTALLER_ARGS}" run build
++                    COMMAND ${CMAKE_COMMAND} -E env REACT_APP_VERSION=${PROJECT_VERSION_STRING} ${INSTALLER} --offline run build
+                     COMMAND ${CMAKE_COMMAND} -E touch ${CMAKE_CURRENT_BINARY_DIR}/bundle.stamp
+                     WORKING_DIRECTORY ${CMAKE_CURRENT_SOURCE_DIR}
+-                    DEPENDS  ${CMAKE_CURRENT_BINARY_DIR}/node-modules.stamp
+-                             ${GSA_PKG_FILES}
++                    DEPENDS  ${GSA_PKG_FILES}
+                              ${GSA_STATIC_SRC_FILES}
+                              ${GSA_JS_SRC_FILES}
+                     COMMENT "Build gsa-ng install files")
+ 
+ add_custom_target (gsa-ng ALL
+-                   DEPENDS ${CMAKE_CURRENT_BINARY_DIR}/node-modules.stamp
+-                           ${CMAKE_CURRENT_BINARY_DIR}/bundle.stamp)
++                   DEPENDS ${CMAKE_CURRENT_BINARY_DIR}/bundle.stamp)
+ 
+ set (GSA_STATIC_BUILD_FILES
+      ${GSA_BUILD_DIR}/index.html)

net-analyzer/greenbone-security-assistant/files/greenbone-security-assistant-8.0.1-pid.patch

@@ -0,0 +1,11 @@
+--- a/CMakeLists.txt
++++ b/CMakeLists.txt
+@@ -222,7 +222,7 @@ if (NOT DATADIR)
+ endif (NOT DATADIR)
+ 
+ if (NOT GSAD_PID_DIR)
+-  set (GSAD_PID_DIR "${LOCALSTATEDIR}/run")
++  set (GSAD_PID_DIR "/run")
+ endif (NOT GSAD_PID_DIR)
+ 
+ set (OPENVAS_STATE_DIR "${LOCALSTATEDIR}/lib/openvas")

net-analyzer/greenbone-security-assistant/files/greenbone-security-assistant-8.0.1-reactjs.patch

@@ -0,0 +1,20 @@
+--- a/gsa/package.json	2019-07-17 16:45:39.000000000 +0300
++++ b/gsa/package.json	2019-07-17 22:40:31.371899489 +0300
+@@ -66,12 +66,12 @@
+     "x2js": "^3.2.6"
+   },
+   "scripts": {
+-    "test": "react-scripts test",
+-    "test:coverage": "react-scripts test --coverage --maxWorkers 2",
++    "test": "NODE_ENV=production node_modules/react-scripts/bin/react-scripts.js test",
++    "test:coverage": "NODE_ENV=production node_modules/react-scripts/bin/react-scripts.js test --coverage --maxWorkers 2",
+     "lint": "eslint --max-warnings 0 src",
+-    "start": "react-scripts start",
+-    "build": "react-scripts build",
+-    "eject": "react-scripts eject"
++    "start": "NODE_ENV=production node_modules/react-scripts/bin/react-scripts.js start",
++    "build": "NODE_ENV=production node_modules/react-scripts/bin/react-scripts.js build",
++    "eject": "NODE_ENV=production node_modules/react-scripts/bin/react-scripts.js eject"
+   },
+   "devDependencies": {
+     "@types/jest": "^24.0.12",

net-analyzer/greenbone-security-assistant/files/greenbone-security-assistant-8.0.1-sbin.patch

@@ -0,0 +1,12 @@
+--- a/gsad/src/CMakeLists.txt	2019-07-21 23:07:38.375683800 +0300
++++ a/gsad/src/CMakeLists.txt	2019-07-21 23:08:17.301651451 +0300
+@@ -175,7 +175,7 @@
+ ## Install
+ 
+ install (TARGETS gsad
+-         RUNTIME DESTINATION ${SBINDIR}
++         RUNTIME DESTINATION ${BINDIR}
+          LIBRARY DESTINATION ${LIBDIR}
+          ARCHIVE DESTINATION ${LIBDIR}/static)
+ 
+

net-analyzer/greenbone-security-assistant/files/greenbone-security-assistant-8.0.1-uninstall-snippet.patch

@@ -0,0 +1,12 @@
+--- a/gsa/CMakeLists.txt	2019-07-18 23:14:04.639202986 +0300
++++ b/gsa/CMakeLists.txt	2019-07-18 23:21:54.568052589 +0300
+@@ -1116,9 +1116,6 @@
+ install (FILES public/robots.txt
+          DESTINATION ${GSA_DEST_DIR})
+ 
+-# remove old generated files
+-install (CODE "file(REMOVE_RECURSE ${GSA_DEST_DIR}/static)")
+-
+ install (DIRECTORY
+          ${GSA_BUILD_DIR}/static
+          ${GSA_BUILD_DIR}/img

net-analyzer/greenbone-security-assistant/files/gsa-daemon.conf

@@ -0,0 +1,31 @@
+# OpenVAS Security Assistant command args
+# man page --> https://www.mankier.com/8/gsad
+
+# e.g. --foreground | e.g. --no-redirect -- > Don't listen port 80 anymore
+OPENVAS_SECURITY_ASSISTANT_OPTIONS="--no-redirect"
+
+# WebUI adress
+OPENVAS_SECURITY_ASSISTANT_LISTEN_ADDRESS="--listen=127.0.0.1"
+
+# WebUI Port
+OPENVAS_SECURITY_ASSISTANT_LISTEN_PORT="--port=9392"
+
+# WebUI Manager Address
+OPENVAS_SECURITY_ASSISTANT_MANAGER_LISTEN_ADDRESS="--mlisten=127.0.0.1"
+
+# WebUI Manager Port
+OPENVAS_SECURITY_ASSISTANT_MANAGER_LISTEN_PORT="--mport=9390"
+
+# TLS Settings
+OPENVAS_SECURITY_ASSISTANT_GNUTLS_PRIORITIES="--gnutls-priorities=NORMAL"
+
+# If you use reverse proxy you must set OPENVAS_REVERSE_PROXY daemon arg
+# otherwise you will get the below error.
+# --------------------------------------------------------------- 
+# The request contained an unknown or invalid Host header. 
+# If you are trying to access GSA via its hostname or a proxy, 
+# make sure GSA is set up to allow it.
+# ---------------------------------------------------------------
+
+# Reverse Proxy Settings ( e.g. --allow-header-host=subdomain.example.com )
+OPENVAS_REVERSE_PROXY="--allow-header-host="

net-analyzer/greenbone-security-assistant/files/gsa.init

@@ -0,0 +1,14 @@
+#!/sbin/openrc-run
+# Copyright 1999-2019 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+name="Greenbone Security Assistant Daemon"
+command="/usr/sbin/gsad"
+command_args="${OPENVAS_SECURITY_ASSISTANT_OPTIONS} ${OPENVAS_SECURITY_ASSISTANT_LISTEN_ADDRESS} ${OPENVAS_SECURITY_ASSISTANT_LISTEN_PORT} ${OPENVAS_SECURITY_ASSISTANT_MANAGER_LISTEN_ADDRESS} ${OPENVAS_SECURITY_ASSISTANT_MANAGER_LISTEN_PORT} ${OPENVAS_SECURITY_ASSISTANT_GNUTLS_PRIORITIES} ${OPENVAS_REVERSE_PROXY}"
+pidfile="/var/run/gsad.pid"
+command_background="true"
+
+depend() {
+	after bootmisc
+	need localmount net openvas-scanner gvmd
+}

net-analyzer/greenbone-security-assistant/files/gsa.logrotate

@@ -0,0 +1,9 @@
+# logrotate for openvas security agent
+/var/log/openvas/gsad.log {
+	daily
+	rotate 7
+	compress
+	missingok
+	notifempty
+	sharedscripts
+}

net-analyzer/greenbone-security-assistant/files/gsa.nginx.reverse.proxy.example

@@ -0,0 +1,78 @@
+upstream backend {
+    server 127.0.0.1:9392;
+    keepalive 64;
+}
+
+server {
+        listen IP:80;
+        server_name openvas.domain.tdl;
+        return 301 https://openvas.domain.tdl$request_uri;
+}
+
+server {
+        listen IP:443 ssl http2;
+        server_name openvas.domain.tdl;
+        access_log /var/log/nginx/openvas.domain.tdl.access.log;
+        error_log  /var/log/nginx/openvas.domain.tdl.error.log;
+        # Not sourcing directly from file
+        fastcgi_param  SCRIPT_FILENAME    $document_root$fastcgi_script_name;
+	fastcgi_param  QUERY_STRING       $query_string;
+	fastcgi_param  REQUEST_METHOD     $request_method;
+	fastcgi_param  CONTENT_TYPE       $content_type;
+	fastcgi_param  CONTENT_LENGTH     $content_length;
+	fastcgi_param  SCRIPT_NAME        $fastcgi_script_name;
+	fastcgi_param  REQUEST_URI        $request_uri;
+	fastcgi_param  DOCUMENT_URI       $document_uri;
+	fastcgi_param  SERVER_PROTOCOL    $server_protocol;
+	fastcgi_param  REQUEST_SCHEME     $scheme;
+	fastcgi_param  HTTPS              $https;
+	fastcgi_param  GATEWAY_INTERFACE  CGI/1.1;
+	fastcgi_param  SERVER_SOFTWARE    nginx/$nginx_version;
+	fastcgi_param  REMOTE_ADDR        $remote_addr;
+	fastcgi_param  REMOTE_PORT        $remote_port;
+	fastcgi_param  SERVER_ADDR        $server_addr;
+	fastcgi_param  SERVER_PORT        $server_port;
+	fastcgi_param  SERVER_NAME        $server_name;
+	fastcgi_param  REDIRECT_STATUS    200;
+        fastcgi_param  HTTP_PROXY "";
+        fastcgi_param  PATH_INFO          $fastcgi_path_info;
+	fastcgi_param  PATH_TRANSLATED    $document_root$fastcgi_path_info;
+        fastcgi_param  DOCUMENT_ROOT	  $document_root;
+
+        location / {        
+                proxy_set_header   Host             $http_host;
+                proxy_set_header   X-Real-IP        $remote_addr;
+                proxy_set_header   REMOTE_HOST      $remote_addr;
+                proxy_set_header   X-Forwarded-For  $proxy_add_x_forwarded_for;
+                proxy_set_header   X-FORWARDED-PROTOCOL $scheme;
+                proxy_pass https://backend;
+                proxy_http_version 1.1;
+                proxy_pass_request_headers on;
+                proxy_set_header Connection "keep-alive";
+                proxy_store off;
+                gzip on;
+                gzip_proxied any;
+                gzip_types *;
+        }
+
+	resolver 127.0.0.1;
+        resolver_timeout 6s;
+	ssl_certificate /openvas.domain.tdl/fullchain.pem;
+	ssl_certificate_key /openvas.domain.tdl/privkey.pem;
+        ssl_trusted_certificate /openvas.domain.tdl/chain.pem;        
+        ssl_dhparam /openvas.domain.tdl/dhparam.pem;
+        ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
+        ssl_prefer_server_ciphers on;
+        ssl_ciphers ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES256-SHA:ECDHE-ECDSA-DES-CBC3-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:DES-CBC3-SHA:!DSS;
+        ssl_ecdh_curve  secp384r1;
+        ssl_stapling on;
+        ssl_stapling_verify on;
+        ssl_session_cache shared:SSL:40m;
+        ssl_session_timeout 21h;
+        ssl_session_tickets off;
+        ssl_buffer_size 4k;
+        add_header Referrer-Policy no-referrer-when-downgrade;
+        add_header X-Frame-Options "SAMEORIGIN";
+        add_header X-Content-Type-Options "nosniff";
+        add_header X-XSS-Protection "1; mode=block";
+}

net-analyzer/greenbone-security-assistant/files/gsa.service

@@ -0,0 +1,19 @@
+[Unit]
+Description=OpenVAS Manager
+After=network.target
+After=openvas-scanner.service
+After=gvmd.service
+Wants=gvmd.service
+
+[Service]
+Type=forking
+EnvironmentFile=-/etc/openvas/sysconfig/gsa-daemon.conf
+ExecStart=/usr/sbin/gsad $OPENVAS_SECURITY_ASSISTANT_OPTIONS $OPENVAS_SECURITY_ASSISTANT_LISTEN_ADDRESS $OPENVAS_SECURITY_ASSISTANT_LISTEN_PORT $OPENVAS_SECURITY_ASSISTANT_MANAGER_LISTEN_ADDRESS $OPENVAS_SECURITY_ASSISTANT_MANAGER_LISTEN_PORT $OPENVAS_SECURITY_ASSISTANT_GNUTLS_PRIORITIES $OPENVAS_REVERSE_PROXY
+ExecReload=/bin/kill -HUP $MAINPID
+KillMode=mixed
+User=root
+Group=root
+TimeoutSec=1200
+
+[Install]
+WantedBy=multi-user.target

net-analyzer/greenbone-security-assistant/files/gsa.tmpfiles.d

@@ -0,0 +1 @@
+d	/var/cache/openvassd 0775

net-analyzer/greenbone-security-assistant/files/gsad-daemon.conf

@@ -0,0 +1,19 @@
+# Greenbone Security Assistant command args
+
+# e.g. --foreground | e.g. --no-redirect
+GSAD_OPTIONS="--no-redirect"
+
+# GSAD listen adress
+GSAD_LISTEN_ADDRESS="--listen=127.0.0.1"
+
+# GSAD listen port  
+GSAD_LISTEN_PORT="--port=9392"
+
+# GVMD listen address
+GVMD_LISTEN_ADDRESS="--mlisten=127.0.0.1"
+
+# GVMD listen port
+GVMD_LISTEN_PORT="--mport=9390"
+
+# TLS Settings
+GSAD_GNUTLS_PRIORITIES="--gnutls-priorities=NORMAL"

net-analyzer/greenbone-security-assistant/files/gsad.init

@@ -0,0 +1,20 @@
+#!/sbin/openrc-run
+# Copyright 1999-2019 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+: ${GSAD_USER:=gvm}
+: ${GSAD_GROUP:=gvm}
+: ${GSAD_TIMEOUT:=30}
+
+name="Greenbone Security Assistant (GSA)"
+command="/usr/bin/gsad"
+command_args="${GSAD_OPTIONS} ${GSAD_LISTEN_ADDRESS} ${GSAD_LISTEN_PORT} ${GVMD_LISTEN_ADDRESS} ${GVMD_LISTEN_PORT} ${GSAD_GNUTLS_PRIORITIES}"
+command_background="true"
+command_user="${GSAD_USER}:${GSAD_GROUP}"
+pidfile="/run/gsad.pid"
+retry="${GSAD_TIMEOUT}"
+
+depend() {
+	after bootmisc
+	need localmount net gvmd
+}

net-analyzer/greenbone-security-assistant/files/gsad.logrotate

@@ -0,0 +1,13 @@
+# Copyright 1999-2019 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+# Daemon ignore HUP so we use 'copytruncate' instead of 'create' 
+# with safe file size to prevent losing log entries.
+
+/var/log/gvm/gsad.log {
+	compress
+	missingok
+	notifempty
+	sharedscripts
+	copytruncate
+	maxsize 10M
+}

net-analyzer/greenbone-security-assistant/files/gsad.service

@@ -0,0 +1,18 @@
+[Unit]
+Description=Greenbone Security Assistant
+After=network.target
+After=openvassd.service
+After=gvmd.service
+Wants=gvmd.service
+
+[Service]
+Type=forking
+User=gvm
+Group=gvm
+EnvironmentFile=-/etc/gvm/sysconfig/gsad-daemon.conf
+ExecStart=/usr/bin/gsad $GSAD_OPTIONS $GSAD_LISTEN_ADDRESS $GSAD_LISTEN_PORT $GVMD_LISTEN_ADDRESS $GVMD_LISTEN_PORT $GSAD_GNUTLS_PRIORITIES
+Restart=always
+RestartSec=10
+
+[Install]
+WantedBy=multi-user.target

net-analyzer/greenbone-security-assistant/greenbone-security-assistant-8.0.1.ebuild

@@ -0,0 +1,127 @@
+# Copyright 1999-2019 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=7
+
+CMAKE_MAKEFILE_GENERATOR="emake"
+inherit cmake-utils flag-o-matic systemd toolchain-funcs
+
+MY_PN="gsa"
+MY_DN="gsad"
+MY_NODE_N="node_modules"
+
+DESCRIPTION="Greenbone Security Assistant"
+HOMEPAGE="https://www.greenbone.net/en/"
+SRC_URI="https://github.com/greenbone/${MY_PN}/archive/v${PV}.tar.gz -> ${P}.tar.gz
+	 https://github.com/greenbone/gsa/releases/download/v8.0.1/gsa-node-modules-8.0.1.tar.gz -> ${P}-${MY_NODE_N}.tar.gz"
+
+SLOT="0"
+LICENSE="GPL-2+"
+KEYWORDS="~amd64 ~x86"
+IUSE="extras"
+
+DEPEND="
+	dev-libs/libgcrypt:0=
+	dev-libs/libxslt
+	>=net-analyzer/gvm-libs-10.0.1
+	net-libs/gnutls:=
+	net-libs/libmicrohttpd[messages]"
+
+RDEPEND="
+	${DEPEND}
+	!~net-analyzer/greenbone-security-assistant-7.0.3
+	~net-analyzer/openvas-scanner-6.0.1
+	>=net-analyzer/gvmd-8.0.1"
+
+BDEPEND="
+	>=net-libs/nodejs-8.12.0
+	>=sys-apps/yarn-1.15.2
+	virtual/pkgconfig
+	extras? ( app-doc/doxygen[dot]
+		  app-doc/xmltoman
+		  app-text/htmldoc
+		  dev-python/polib
+		  sys-devel/gettext
+	)"
+
+BUILD_DIR="${WORKDIR}/${MY_PN}-${PV}_build"
+S="${WORKDIR}/${MY_PN}-${PV}"
+MY_NODE_DIR="${S}/${MY_PN}/"
+
+PATCHES=(
+	# QA fix for 8.0.0.
+	"${FILESDIR}/${P}-pid.patch"
+	# Disable yarn-fetch during compile.
+	"${FILESDIR}/${P}-node.patch"
+	# Fix react-env path for react.js.
+	"${FILESDIR}/${P}-reactjs.patch"
+	# Remove ugly uninstall-snippet that causes failing re-emerge.
+	"${FILESDIR}/${P}-uninstall-snippet.patch"
+	# Remove unnecessary install paths/files.
+	"${FILESDIR}/${P}-cmakelist.patch"
+	# Install exec. to /usr/bin instead of /usr/sbin
+	"${FILESDIR}/${P}-sbin.patch"
+)
+
+src_prepare() {
+	cmake-utils_src_prepare
+	# We will use pre-generated npm stuff.
+	mv "${WORKDIR}/${MY_NODE_N}" "${MY_NODE_DIR}" || die "couldn't move node_modules"
+	# Update .yarnrc accordingly.
+	echo "--modules-folder ${MY_NODE_DIR}" >> "${S}/${MY_PN}/.yarnrc" || die "echo failed"
+	# QA-Fix | Remove !CLANG doxygen warnings for 8.0.1
+	if use extras; then
+		if ! tc-is-clang; then
+		   local f
+		   for f in gsad/doc/*.in
+		   do
+			sed -i \
+				-e "s*CLANG_ASSISTED_PARSING = NO*#CLANG_ASSISTED_PARSING = NO*g" \
+				-e "s*CLANG_OPTIONS*#CLANG_OPTIONS*g" \
+				"${f}" || die "couldn't disable CLANG parsing"
+		   done
+		fi
+	fi
+}
+
+src_configure() {
+	local mycmakeargs=(
+		"-DCMAKE_INSTALL_PREFIX=${EPREFIX}/usr"
+		"-DLOCALSTATEDIR=${EPREFIX}/var"
+		"-DSYSCONFDIR=${EPREFIX}/etc"
+	)
+	# Add release hardening flags for 8.0.1
+	append-cflags -D_FORTIFY_SOURCE=2 -fstack-protector
+	append-ldflags -Wl,-z,relro -Wl,-z,now
+	cmake-utils_src_configure
+}
+
+src_compile() {
+	cmake-utils_src_compile
+	if use extras; then
+		cmake-utils_src_make -C "${BUILD_DIR}" doc
+		cmake-utils_src_make doc-full -C "${BUILD_DIR}" doc
+		HTML_DOCS=( "${BUILD_DIR}/${MY_DN}/doc/generated/html/." )
+	fi
+	cmake-utils_src_make rebuild_cache
+}
+
+src_install() {
+	cmake-utils_src_install
+
+	insinto /etc/gvm/sysconfig
+	doins "${FILESDIR}/${MY_DN}-daemon.conf"
+
+	dodir /etc/gvm/reverse-proxy
+	insinto /etc/gvm/reverse-proxy
+	doins "${FILESDIR}/${MY_PN}.nginx.reverse.proxy.example"
+	fowners -R gvm:gvm /etc/gvm
+
+	newinitd "${FILESDIR}/${MY_DN}.init" "${MY_DN}"
+	newconfd "${FILESDIR}/${MY_DN}-daemon.conf" "${MY_DN}"
+
+	insinto /etc/logrotate.d
+	newins "${FILESDIR}/${MY_DN}.logrotate" "${MY_DN}"
+
+	systemd_dounit "${FILESDIR}/${MY_DN}.service"
+}

net-analyzer/greenbone-security-assistant/metadata.xml

@@ -0,0 +1,24 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE pkgmetadata SYSTEM "http://www.gentoo.org/dtd/metadata.dtd">
+<pkgmetadata>
+	<maintainer type="person">
+		<email>hasan.calisir@psauxit.com</email>
+		<name>Hasan ÇALIŞIR</name>
+	</maintainer>
+	<maintainer type="project">
+		<email>proxy-maint@gentoo.org</email>
+		<name>Proxy Maintainers</name>
+	</maintainer>
+	<use>
+		<flag name="extras">Pdf results, extra fonts, html docs support</flag>
+	</use>
+	<longdescription lang="en">
+	The Greenbone Security Assistant is the web interface developed for the Greenbone Security Manager appliances.
+	It connects to the Greenbone Vulnerability Manager GVM to provide a full-featured user interface for vulnerability management.
+	Greenbone Security Assistant consists of GSA - The webpage written in React and 
+	GSAD - The HTTP server talking to the GVM daemon.
+	</longdescription>
+	<upstream>
+		<remote-id type="github">greenbone/gsa</remote-id>
+	</upstream>
+</pkgmetadata>

net-analyzer/gvm-libs/Manifest

@@ -0,0 +1 @@
+DIST gvm-libs-10.0.1.tar.gz 198483 BLAKE2B 4f4ddc7a3a1b4d45a51868cf03844365a9c4dd07f17ab53957ac4a1452ecba595885abdf01402a78aa784163aaba60b5c452fb9c2b5a11d38c40706e820c22c2 SHA512 961570e8fa8f89f0b462991bff1bf4e512ed6419cff6871c7432899847fb9edcc9f0adb7c280d12ee69fbb5c8e306c9e4366e2cbbb05fc3bae06795dcfb42206

net-analyzer/gvm-libs/files/gvm-libs-10.0.1-pid.patch

@@ -0,0 +1,11 @@
+--- a/CMakeLists.txt	2019-04-05 11:27:07.000000000 +0300
++++ b/CMakeLists.txt	2019-07-14 23:42:42.723081614 +0300
+@@ -172,7 +172,7 @@
+ endif (NOT DATADIR)
+ 
+ if (NOT GVM_PID_DIR)
+-  set (GVM_PID_DIR "${LOCALSTATEDIR}/run")
++  set (GVM_PID_DIR "/var/lib/gvm")
+ endif (NOT GVM_PID_DIR)
+ 
+ if (NOT GVM_SYSCONF_DIR)

net-analyzer/gvm-libs/gvm-libs-10.0.1.ebuild

@@ -0,0 +1,102 @@
+# Copyright 1999-2019 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=7
+
+CMAKE_MAKEFILE_GENERATOR="emake"
+inherit cmake-utils flag-o-matic toolchain-funcs user
+
+DESCRIPTION="Greenbone vulnerability management libraries, previously named openvas-libraries"
+HOMEPAGE="https://www.greenbone.net/en/"
+SRC_URI="https://github.com/greenbone/gvm-libs/archive/v${PV}.tar.gz -> ${P}.tar.gz"
+
+SLOT="0"
+LICENSE="GPL-2+"
+KEYWORDS="~amd64 ~x86"
+IUSE="extras ldap radius"
+
+DEPEND="
+	app-crypt/gpgme:=
+	dev-libs/hiredis
+	dev-libs/libgcrypt:=
+	dev-perl/UUID
+	net-libs/gnutls:=
+	net-libs/libssh:=
+	sys-libs/zlib
+	ldap? ( net-nds/openldap )
+	radius? ( net-dialup/freeradius-client )"
+
+RDEPEND="
+	${DEPEND}
+	!net-analyzer/openvas-libraries"
+
+BDEPEND="
+	sys-devel/bison
+	sys-devel/flex
+	virtual/pkgconfig
+	extras? ( app-doc/doxygen[dot]
+		  app-doc/xmltoman
+		  app-text/htmldoc
+		  dev-perl/CGI
+		  dev-perl/SQL-Translator
+	)"
+
+PATCHES=(
+	# Creating pid on build time instead of relying daemon!
+	# QA fix for 10.0.1.
+	"${FILESDIR}/${P}-pid.patch"
+)
+
+pkg_setup() {
+	enewgroup gvm 495
+	enewuser gvm 495 -1 /var/lib/gvm gvm
+}
+
+src_prepare() {
+	cmake-utils_src_prepare
+	# QA-Fix | Remove doxygen warnings for !CLANG
+	if use extras; then
+		if ! tc-is-clang; then
+		   local f
+		   for f in doc/*.in
+		   do
+			sed -i \
+				-e "s*CLANG_ASSISTED_PARSING = NO*#CLANG_ASSISTED_PARSING = NO*g" \
+				-e "s*CLANG_OPTIONS*#CLANG_OPTIONS*g" \
+				"${f}" || die "couldn't disable CLANG parsing"
+		   done
+		fi
+	fi
+}
+
+src_configure() {
+	local mycmakeargs=(
+		"-DCMAKE_INSTALL_PREFIX=${EPREFIX}/usr"
+		"-DLOCALSTATEDIR=${EPREFIX}/var"
+		"-DSYSCONFDIR=${EPREFIX}/etc"
+		$(usex ldap -DBUILD_WITHOUT_LDAP=0 -DBUILD_WITHOUT_LDAP=1)
+		$(usex radius -DBUILD_WITHOUT_RADIUS=0 -DBUILD_WITHOUT_RADIUS=1)
+	)
+	# Add release hardening flags for 10.0.1
+	append-cflags -Wformat -Wformat-security -D_FORTIFY_SOURCE=2 -fstack-protector
+	append-ldflags -Wl,-z,relro -Wl,-z,now
+	cmake-utils_src_configure
+}
+
+src_compile() {
+	cmake-utils_src_compile
+	if use extras; then
+		cmake-utils_src_make -C "${BUILD_DIR}" doc
+		cmake-utils_src_make doc-full -C "${BUILD_DIR}" doc
+		HTML_DOCS=( "${BUILD_DIR}"/doc/generated/html/. )
+	fi
+	cmake-utils_src_make rebuild_cache
+}
+
+src_install() {
+	cmake-utils_src_install
+
+	# Set proper permissions on required files/directories
+	keepdir /var/lib/gvm
+	fowners -R gvm:gvm /var/lib/gvm
+}

net-analyzer/gvm-libs/metadata.xml

@@ -0,0 +1,23 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE pkgmetadata SYSTEM "http://www.gentoo.org/dtd/metadata.dtd">
+<pkgmetadata>
+	<maintainer type="person">
+		<email>hasan.calisir@psauxit.com</email>
+		<name>Hasan ÇALIŞIR</name>
+	</maintainer>
+	<maintainer type="project">
+		<email>proxy-maint@gentoo.org</email>
+		<name>Proxy Maintainers</name>
+	</maintainer>
+	<use>
+		<flag name="extras">Html docs support</flag>
+	</use>
+	<longdescription lang="en">
+	This is the libraries module for the Greenbone Vulnerability Management Solution.
+	It is used for the Greenbone Security Manager appliances and provides various 
+	functionalities to support the integrated service daemons.
+	</longdescription>
+	<upstream>
+		<remote-id type="github">greenbone/gvm-libs</remote-id>
+	</upstream>
+</pkgmetadata>

net-analyzer/gvm-tools/Manifest

@@ -0,0 +1 @@
+DIST gvm-tools-1.4.1.tar.gz 52020 BLAKE2B 0648c7e26dc0aed02eeeafdc8db45ae88afd8725196457a6a8cdcb888ed7e07c9998fc83c03fd9dd4f7aca1e238b46052653216b7373f98b150f6a181ba1538c SHA512 cd1049311241ad7b4a2d9648b54224ca1636f9620ffd238282bbf1089ab0c3b4e8b8f722c93c6809695bc71b0c7cb2bc3e65561b05269c7737abdc6ddca69aea

net-analyzer/gvm-tools/gvm-tools-1.4.1.ebuild

@@ -0,0 +1,34 @@
+# Copyright 1999-2019 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=7
+
+PYTHON_COMPAT=( python3_{5,6} )
+inherit distutils-r1
+
+DESCRIPTION="Remote control for Greenbone Vulnerability Manager, previously named openvas-cli"
+HOMEPAGE="https://www.greenbone.net/en/"
+SRC_URI="https://github.com/greenbone/gvm-tools/archive/v1.4.1.tar.gz -> ${P}.tar.gz"
+
+SLOT="0"
+LICENSE="GPL-2"
+KEYWORDS="~amd64 ~x86"
+IUSE=""
+
+RDEPEND="
+	dev-python/defusedxml[${PYTHON_USEDEP}]
+	dev-python/lxml[${PYTHON_USEDEP}]
+	dev-python/paramiko[${PYTHON_USEDEP}]
+	dev-python/pythondialog:0[${PYTHON_USEDEP}]
+	dev-python/setuptools[${PYTHON_USEDEP}]
+	!net-analyzer/openvas-cli"
+
+DEPEND="
+	${RDEPEND}"
+
+src_prepare() {
+	distutils-r1_python_prepare_all
+	# Exlude tests & correct FHS/Gentoo policy paths
+	sed -i "s/packages=find_packages(),.*/packages=find_packages(exclude=['tests*', 'docs']),/" "$S"/setup.py || die
+	sed -i -e "s*''*'/usr/share/doc/${P}'*g" "$S"/setup.py || die
+}

net-analyzer/gvm-tools/metadata.xml

@@ -0,0 +1,23 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE pkgmetadata SYSTEM "http://www.gentoo.org/dtd/metadata.dtd">
+<pkgmetadata>
+	<maintainer type="person">
+		<email>hasan.calisir@psauxit.com</email>
+		<name>Hasan ÇALIŞIR</name>
+	</maintainer>
+	<maintainer type="project">
+		<email>proxy-maint@gentoo.org</email>
+		<name>Proxy Maintainers</name>
+	</maintainer>
+	<longdescription lang="en">
+	The Greenbone Vulnerability Management Tools or gvm-tools 
+	in short are a collection of tools that help with remote controlling 
+	a Greenbone Security Manager (GSM) appliance and its 
+	underlying Greenbone Vulnerability Manager (GVM).
+	The tools essentially aid accessing the communication protocols 
+	GMP (Greenbone Management Protocol) and OSP (Open Scanner Protocol).
+	</longdescription>
+	<upstream>
+		<remote-id type="github">greenbone/gvm-tools</remote-id>
+	</upstream>
+</pkgmetadata>

net-analyzer/gvm/gvm-10.0.1.ebuild

@@ -0,0 +1,40 @@
+# Copyright 1999-2019 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=7
+
+inherit eutils
+
+DESCRIPTION="Greenbone Vulnerability Management,previously named OpenVAS"
+HOMEPAGE="https://www.greenbone.net/en/"
+
+SLOT="0"
+LICENSE="GPL-2"
+KEYWORDS="~amd64 ~x86"
+IUSE="cli cron extras +gsa ldap ospd postgres radius sqlite"
+REQUIRED_USE="|| ( postgres sqlite )"
+
+RDEPEND="
+	>=net-analyzer/gvm-libs-10.0.1[extras?,ldap?,radius?]
+	>=net-analyzer/gvmd-8.0.1[extras?,postgres?,sqlite?]
+	~net-analyzer/openvas-scanner-6.0.1[cron?,extras?]
+	!net-analyzer/openvas
+	cli? ( >=net-analyzer/gvm-tools-1.4.1 )
+	gsa? ( ~net-analyzer/greenbone-security-assistant-8.0.1[extras?] )
+	ospd? ( >=net-analyzer/ospd-1.3.2[extras?] )"
+
+pkg_postinst() {
+	elog "Please following the following URL to configure:"
+	elog "https://wiki.alpinelinux.org/wiki/Setting_up_GVM10"
+	elog "Also, change permissions to the following:"
+	elog "chown -R gvm /var/lib/gvm"
+	elog
+	elog "Additional support for extra checks can be get from"
+	optfeature "Web server scanning and testing tool" net-analyzer/nikto
+	optfeature "Portscanner" net-analyzer/nmap
+	optfeature "IPsec VPN scanning, fingerprinting and testing tool" net-analyzer/ike-scan
+	optfeature "Application protocol detection tool" net-analyzer/amap
+	optfeature "ovaldi (OVAL) — an OVAL Interpreter" app-forensics/ovaldi
+	optfeature "Linux-kernel-based portscanner" net-analyzer/portbunny
+	optfeature "Web application attack and audit framework" net-analyzer/w3af
+}

net-analyzer/gvm/metadata.xml

@@ -0,0 +1,27 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE pkgmetadata SYSTEM "http://www.gentoo.org/dtd/metadata.dtd">
+<pkgmetadata>
+	<maintainer type="person">
+		<email>hasan.calisir@psauxit.com</email>
+		<name>Hasan ÇALIŞIR</name>
+	</maintainer>
+	<maintainer type="project">
+		<email>proxy-maint@gentoo.org</email>
+		<name>Proxy Maintainers</name>
+	</maintainer>
+	<use>
+		<flag name="cli">Command Line Interface for OpenVAS Scanner</flag>
+		<flag name="cron">A cron job to update GVM's vulnerability feeds daily</flag>
+		<flag name="extras">Extra fonts, pdf-results! and html docs support</flag>
+		<flag name="gsa">Greenbone Security Assistant (WebUI)</flag>
+		<flag name="ospd">Enable support for scanner wrappers</flag>
+	</use>
+	<longdescription lang="en">
+	GVM previously named OpenVAS stands for Open Vulnerability Assessment System and is a network security scanner 
+	with associated tools like a graphical user front-end. 
+	The core component is a server with a set of network vulnerability tests (NVTs) to detect security problems in remote systems and applications.
+	</longdescription>
+	<upstream>
+		<remote-id type="github">greenbone</remote-id>
+	</upstream>
+</pkgmetadata>

net-analyzer/gvmd/Manifest

@@ -0,0 +1 @@
+DIST gvmd-8.0.1.tar.gz 1495311 BLAKE2B 17419f5fecf7cce07536a5e12f17a61a31d45add185e0e1635515834eca6abd8a6babeb89b8f879ff8cb90b60f3682a19a62403142f4901be3f932b8a44cac68 SHA512 5490b902ad42499657eca9031b396c70a82d3c523985601067e697758f2472d123c4e99b085b963e58888d99224fa2a441a140772c702d7cd60d6424b126bfc8

net-analyzer/gvmd/files/greenbone-certdata-sync.conf

@@ -0,0 +1 @@
+COMMUNITY_CERT_RSYNC_FEED="rsync://feed.openvas.org:/cert-data"

net-analyzer/gvmd/files/greenbone-nvt-sync.conf

@@ -0,0 +1 @@
+COMMUNITY_NVT_RSYNC_FEED="rsync://feed.openvas.org:/nvt-feed"

net-analyzer/gvmd/files/greenbone-scapdata-sync.conf

@@ -0,0 +1 @@
+COMMUNITY_SCAP_RSYNC_FEED="rsync://feed.openvas.org:/scap-data"

net-analyzer/gvmd/files/gvmd-8.0.1-sbin.patch

@@ -0,0 +1,56 @@
+--- a/src/CMakeLists.txt	2019-07-17 17:11:52.000000000 +0300
++++ b/src/CMakeLists.txt	2019-07-21 22:43:17.299106863 +0300
+@@ -248,12 +248,12 @@
+ ## Install
+ 
+ install (TARGETS ${BINARY_NAME}
+-         RUNTIME DESTINATION ${SBINDIR}
++         RUNTIME DESTINATION ${BINDIR}
+          LIBRARY DESTINATION ${LIBDIR}
+          ARCHIVE DESTINATION ${LIBDIR}/static)
+ 
+ install (FILES ${CMAKE_CURRENT_BINARY_DIR}/gvmd
+-         DESTINATION ${SBINDIR})
++         DESTINATION ${BINDIR})
+ 
+ if (BACKEND STREQUAL POSTGRESQL)
+   install (TARGETS gvm-pg-server
+--- a/CMakeLists.txt	2019-07-22 11:31:13.430827400 +0300
++++ b/CMakeLists.txt	2019-07-22 11:32:29.034765809 +0300
+@@ -571,17 +571,17 @@
+          PERMISSIONS OWNER_WRITE OWNER_READ GROUP_READ WORLD_READ)
+ 
+ install (FILES ${CMAKE_BINARY_DIR}/tools/gvm-portnames-update
+-         DESTINATION ${SBINDIR}
++         DESTINATION ${BINDIR}
+          PERMISSIONS OWNER_EXECUTE OWNER_READ OWNER_WRITE
+                      GROUP_READ GROUP_EXECUTE WORLD_READ WORLD_EXECUTE)
+ 
+ install (FILES ${CMAKE_BINARY_DIR}/tools/greenbone-scapdata-sync
+-         DESTINATION ${SBINDIR}
++         DESTINATION ${BINDIR}
+          PERMISSIONS OWNER_EXECUTE OWNER_READ OWNER_WRITE
+                      GROUP_READ GROUP_EXECUTE WORLD_READ WORLD_EXECUTE)
+ 
+ install (FILES ${CMAKE_BINARY_DIR}/tools/greenbone-certdata-sync
+-         DESTINATION ${SBINDIR}
++         DESTINATION ${BINDIR}
+          PERMISSIONS OWNER_EXECUTE OWNER_READ OWNER_WRITE
+                      GROUP_READ GROUP_EXECUTE WORLD_READ WORLD_EXECUTE)
+ 
+@@ -593,13 +593,13 @@
+                      WORLD_READ WORLD_EXECUTE)
+ 
+ install (FILES ${CMAKE_BINARY_DIR}/tools/gvm-migrate-to-postgres
+-         DESTINATION ${SBINDIR}
++         DESTINATION ${BINDIR}
+          PERMISSIONS OWNER_EXECUTE OWNER_READ OWNER_WRITE
+                      GROUP_READ GROUP_EXECUTE WORLD_READ WORLD_EXECUTE)
+ 
+ if (BACKEND STREQUAL SQLITE3)
+   install (FILES ${CMAKE_SOURCE_DIR}/tools/database-statistics-sqlite
+-           DESTINATION ${SBINDIR}
++           DESTINATION ${BINDIR}
+            PERMISSIONS OWNER_EXECUTE OWNER_READ OWNER_WRITE
+                        GROUP_READ GROUP_EXECUTE WORLD_READ WORLD_EXECUTE)
+ endif (BACKEND STREQUAL SQLITE3)

net-analyzer/gvmd/files/gvmd-8.0.1-tmplock.patch

@@ -0,0 +1,34 @@
+--- a/tools/greenbone-certdata-sync.in	2019-07-17 17:11:52.000000000 +0300
++++ b/tools/greenbone-certdata-sync.in	2019-07-22 21:11:36.173099530 +0300
+@@ -494,13 +494,11 @@
+ fi
+ (
+   flock -n 9
+-  date > $LOCK_FILE
+   if [ $? -eq 1 ] ; then
+     log_notice "Sync in progress, exiting."
+     exit 1
+   fi
+   sync_certdata
+-  echo -n > $LOCK_FILE
+-) 9>$LOCK_FILE
++)
+ 
+ exit 0
+--- a/tools/greenbone-scapdata-sync.in	2019-07-17 17:11:52.000000000 +0300
++++ b/tools/greenbone-scapdata-sync.in	2019-07-22 21:12:49.193161531 +0300
+@@ -517,13 +517,11 @@
+ fi
+ (
+   flock -n 9
+-  date > $LOCK_FILE
+   if [ $? -eq 1 ] ; then
+     log_notice "Sync in progress, exiting."
+     exit 1
+   fi
+   sync_scapdata
+-  echo -n > $LOCK_FILE
+-) 9>$LOCK_FILE
++)
+ 
+ exit 0

net-analyzer/gvmd/files/gvmd-daemon.conf

@@ -0,0 +1,29 @@
+# GVMD command args
+
+# e.g --foreground
+GVMD_OPTIONS=""
+
+# Manager listen address unix socket
+# Failing under non-root user (looking for solution)
+GVMD_LISTEN_ADDRESS_UNIX="--unix-socket=/var/run/gvmd.sock"
+
+# Manager listen address TCP
+GVMD_LISTEN_ADDRESS_TCP="--listen=127.0.0.1"
+
+# Manager listen port
+GVMD_PORT="--port=9390"
+
+# Manager unix socket listen owner
+GVMD_LISTEN_OWNER="--listen-owner=gvm"
+
+# Manager unix socket listen group
+GVMD_LISTEN_GROUP="--listen-group=gvm"
+
+# Manager unix socket listen mode
+GVMD_LISTEN_MODE="--listen-mode=755"
+
+# Scanner listen address unix socket
+GVMD_SCANNER_HOST="--scanner-host=/var/run/openvassd.sock"
+
+# TLS settings
+GVMD_GNUTLS_PRIORITIES="--gnutls-priorities=SECURE256:+SUITEB192:+SECURE192:+SECURE128:+SUITEB128:-MD5:-SHA1:-VERS-TLS1.0:-VERS-TLS1.1:-VERS-SSL3.0"

net-analyzer/gvmd/files/gvmd-startpre.sh

@@ -0,0 +1,5 @@
+#!/bin/sh
+
+# Greenbone Vulnerability Manager Systemd ExecStartPre
+touch /var/run/gvm-{checking,create-functions,helping,migrating,serving}
+chown -R gvm:gvm /var/run/gvm-{checking,create-functions,helping,migrating,serving}

net-analyzer/gvmd/files/gvmd.init

@@ -0,0 +1,24 @@
+#!/sbin/openrc-run
+# Copyright 1999-2019 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+: ${GVMD_USER:=gvm}
+: ${GVMD_GROUP:=gvm}
+: ${GVMD_TIMEOUT:=30}
+
+name="Greenbone Vulnerability Manager"
+command=/usr/bin/gvmd
+command_args="${GVMD_OPTIONS} ${GVMD_LISTEN_ADDRESS_TCP} ${GVMD_PORT} ${GVMD_SCANNER_HOST} ${GVMD_GNUTLS_PRIORITIES}"
+command_background="true"
+command_user="${GVMD_USER}:${GVMD_GROUP}"
+pidfile="/run/gvmd.pid"
+retry="${GVMD_TIMEOUT}"
+
+depend() {
+	after bootmisc
+	need localmount net openvassd
+}
+
+start_pre() {
+	/bin/bash /etc/gvm/gvmd-startpre.sh
+}

net-analyzer/gvmd/files/gvmd.logrotate

@@ -0,0 +1,13 @@
+# Copyright 1999-2019 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+# Daemon ignore HUP so we use 'copytruncate' instead of 'create' 
+# with safe file size to prevent losing log entries.
+
+/var/log/gvm/gvmd.log {
+	compress
+	missingok
+	notifempty
+	sharedscripts
+	copytruncate
+	maxsize 10M
+}

net-analyzer/gvmd/files/gvmd.service

@@ -0,0 +1,21 @@
+[Unit]
+Description=Greenbone Vulnerability Manager
+After=network.target
+After=openvassd.service
+Wants=openvassd.service
+Before=gsad.service
+
+[Service]
+Type=forking
+PrivateTmp=yes
+User=gvm
+Group=gvm
+PermissionsStartOnly=true
+EnvironmentFile=-/etc/gvm/sysconfig/gvmd-daemon.conf
+ExecStartPre=-/etc/gvm/gvmd-startpre.sh
+ExecStart=/usr/bin/gvmd $GVMD_OPTIONS $GVMD_LISTEN_ADDRESS_TCP $GVMD_PORT $GVMD_SCANNER_HOST $GVMD_GNUTLS_PRIORITIES
+Restart=on-failure
+RestartSec=10
+
+[Install]
+WantedBy=multi-user.target

net-analyzer/gvmd/gvmd-8.0.1.ebuild

@@ -0,0 +1,120 @@
+# Copyright 1999-2019 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=7
+
+CMAKE_MAKEFILE_GENERATOR="emake"
+inherit cmake-utils flag-o-matic systemd toolchain-funcs
+
+DESCRIPTION="Greenbone vulnerability manager, previously named openvas-manager"
+HOMEPAGE="https://www.greenbone.net/en/"
+SRC_URI="https://github.com/greenbone/gvmd/archive/v${PV}.tar.gz -> ${P}.tar.gz"
+
+SLOT="0"
+LICENSE="GPL-2+"
+KEYWORDS="~amd64 ~x86"
+IUSE="extras +postgres sqlite"
+REQUIRED_USE="|| ( postgres sqlite )"
+
+DEPEND="
+	dev-libs/libgcrypt:0=
+	dev-libs/libical
+	>=net-analyzer/gvm-libs-10.0.1
+	net-libs/gnutls:=[tools]
+	extras?   ( app-text/xmlstarlet
+		    dev-texlive/texlive-latexextra )
+	postgres? ( dev-db/postgresql:* )
+	sqlite?   ( dev-db/sqlite:3 )"
+
+RDEPEND="
+	${DEPEND}
+	!net-analyzer/openvas-manager
+	~net-analyzer/openvas-scanner-6.0.1"
+
+BDEPEND="
+	sys-devel/bison
+	sys-devel/flex
+	virtual/pkgconfig
+	extras? ( app-doc/doxygen[dot]
+		  app-doc/xmltoman
+		  app-text/htmldoc
+		  dev-libs/libxslt
+	)"
+
+PATCHES=(
+	# Install exec. to /usr/bin instead of /usr/sbin
+	"${FILESDIR}/${P}-sbin.patch"
+	# Fix permissions for user gvm.
+	"${FILESDIR}/${P}-tmplock.patch"
+)
+
+src_prepare() {
+	cmake-utils_src_prepare
+	# QA-Fix | Use correct FHS/Gentoo policy paths for 8.0.1
+	sed -i -e "s*share/doc/gvm/html/*share/doc/gvmd-${PV}/html/*g" "$S"/doc/CMakeLists.txt || die
+	sed -i -e "s*/doc/gvm/*/doc/gvmd-${PV}/*g" "$S"/CMakeLists.txt || die
+	# QA-Fix | Remove !CLANG Doxygen warnings for 8.0.1
+	if use extras; then
+		if ! tc-is-clang; then
+		   local f
+		   for f in doc/*.in
+		   do
+			sed -i \
+				-e "s*CLANG_ASSISTED_PARSING = NO*#CLANG_ASSISTED_PARSING = NO*g" \
+				-e "s*CLANG_OPTIONS*#CLANG_OPTIONS*g" \
+				"${f}" || die "couldn't disable CLANG parsing"
+		   done
+		fi
+	fi
+}
+
+src_configure() {
+	local mycmakeargs=(
+		"-DCMAKE_INSTALL_PREFIX=${EPREFIX}/usr"
+		"-DLOCALSTATEDIR=${EPREFIX}/var"
+		"-DSYSCONFDIR=${EPREFIX}/etc"
+	)
+	# Add release hardening flags for 8.0.1
+	append-cflags -Wno-nonnull -Wformat -Wformat-security -D_FORTIFY_SOURCE=2 -fstack-protector
+	append-ldflags -Wl,-z,relro -Wl,-z,now
+	cmake-utils_src_configure
+}
+
+src_compile() {
+	cmake-utils_src_compile
+	if use extras; then
+		cmake-utils_src_make -C "${BUILD_DIR}" doc
+		cmake-utils_src_make doc-full -C "${BUILD_DIR}" doc
+		HTML_DOCS=( "${BUILD_DIR}"/doc/generated/html/. )
+	fi
+	cmake-utils_src_make rebuild_cache
+}
+
+src_install() {
+	cmake-utils_src_install
+
+	dodir /etc/gvm
+	insinto /etc/gvm
+	doins -r "${FILESDIR}"/*sync*
+
+	dodir /etc/gvm/sysconfig
+	insinto /etc/gvm/sysconfig
+	doins "${FILESDIR}/${PN}-daemon.conf"
+
+	exeinto /etc/gvm
+	doexe "${FILESDIR}"/gvmd-startpre.sh
+
+	fowners -R gvm:gvm /etc/gvm
+
+	newinitd "${FILESDIR}/${PN}.init" "${PN}"
+	newconfd "${FILESDIR}/${PN}-daemon.conf" "${PN}"
+
+	insinto /etc/logrotate.d
+	newins "${FILESDIR}/${PN}.logrotate" "${PN}"
+
+	systemd_dounit "${FILESDIR}/${PN}.service"
+
+	# Set proper permissions on required files/directories
+	keepdir /var/lib/gvm/gvmd
+	fowners -R gvm:gvm /var/lib/gvm
+}

net-analyzer/gvmd/metadata.xml

@@ -0,0 +1,25 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE pkgmetadata SYSTEM "http://www.gentoo.org/dtd/metadata.dtd">
+<pkgmetadata>
+	<maintainer type="person">
+		<email>hasan.calisir@psauxit.com</email>
+		<name>Hasan ÇALIŞIR</name>
+	</maintainer>
+	<maintainer type="project">
+		<email>proxy-maint@gentoo.org</email>
+		<name>Proxy Maintainers</name>
+	</maintainer>
+	<use>
+		<flag name="extras">Html docs support</flag>
+	</use>
+	<longdescription lang="en">
+	The Greenbone Vulnerability Manager is the central management service between security scanners and the user clients.
+	It manages the storage of any vulnerability management configurations and of the scan results.
+	Access to data, control commands and workflows is offered via the XML-based Greenbone Management Protocol (GMP).
+	The primary scanner OpenVAS Scanner is controlled directly via protocol OTP while any other 
+	remote scanner is coupled with the Open Scanner Protocol (OSP).
+	</longdescription>
+	<upstream>
+		<remote-id type="github">greenbone/gvmd</remote-id>
+	</upstream>
+</pkgmetadata>

net-analyzer/openvas-scanner/Manifest

@@ -0,0 +1 @@
+DIST openvas-scanner-6.0.1.tar.gz 522100 BLAKE2B af82b41736329bd90ba1ea73a0ace36d4115375f81a7aaff5d3bd50f21cfa3195cdf4012aa952da52c4103a31475de5c5790ef3e2e36180aa06737371fa0e5a0 SHA512 db4087fffe1d50e232fa1e51325cf7f142237e2bd3cc5dcaa1e7058a4871300f352f2c0e700eae72ea9412c347b072e9d1f2eca508b27cb30f36c6895ec95147

net-analyzer/openvas-scanner/files/gvm-feed-sync.cron

@@ -0,0 +1 @@
+0 2 * * * gvm [ -x /etc/gvm/gvm-feed-sync.sh ] && /bin/bash /etc/gvm/gvm-feed-sync.sh > /dev/null

net-analyzer/openvas-scanner/files/gvm-feed-sync.sh

@@ -0,0 +1,45 @@
+#!/bin/sh
+# Copyright 1999-2019 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+# GVM cron script that updates feed.
+
+# Start to update FEED & First NVT.
+try=0
+until [ $try -ge 5 ]; do
+      greenbone-nvt-sync --curl &>/dev/null && break
+      try=$[$try+1]
+      sleep 30
+done
+
+# Check status
+if [ $? -eq 0 ]; then
+   # Avoid your IP temporary banned because of multiple connection
+   sleep 5
+   # Try to update scapdata.
+   try=0
+   until [ $try -ge 5 ]; do
+         greenbone-scapdata-sync &>/dev/null && break
+         try=$[$try+1]
+         sleep 30
+   done
+
+   # Check status
+   if [ $? -eq 0 ]; then
+      # Avoid your IP temporary banned because of multiple connection
+      sleep 5
+      # Try to update certdata
+      try=0
+      until [ $try -ge 5 ]; do
+            greenbone-certdata-sync &>/dev/null && break
+            try=$[$try+1]
+            sleep 30
+      done
+
+       # Check status
+       if [ $? -eq 0 ]; then
+          exit 0
+          else
+             exit 1
+       fi
+   fi
+fi

net-analyzer/openvas-scanner/files/openvas-scanner-5.1.3-cachedir.patch

@@ -0,0 +1,42 @@
+--- openvas-scanner-5.1.3/src/openvassd.c       2018-08-29 19:27:26.000000000 +0300
++++ openvas-scanner-5.1.3/src/openvassd.c       2019-02-04 03:28:24.635539266 +0300
+@@ -103,7 +103,6 @@
+  */
+ static openvassd_option openvassd_defaults[] = {
+   {"plugins_folder", OPENVAS_NVT_DIR},
+-  {"cache_folder", OPENVAS_CACHE_DIR},
+   {"include_folders", OPENVAS_NVT_DIR},
+   {"max_hosts", "30"},
+   {"max_checks", "10"},
+--- openvas-scanner-5.1.3/src/CMakeLists.txt    2018-08-29 19:27:26.000000000 +0300
++++ openvas-scanner-5.1.3/src/CMakeLists.txt    2019-02-04 03:22:20.078824664 +0300
+@@ -68,10 +68,6 @@
+   add_definitions (-DOPENVAS_NVT_DIR=\\\"${OPENVAS_NVT_DIR}\\\")
+ endif (OPENVAS_NVT_DIR)
+ 
+-if (OPENVAS_CACHE_DIR)
+-  add_definitions (-DOPENVAS_CACHE_DIR=\\\"${OPENVAS_CACHE_DIR}\\\")
+-endif (OPENVAS_CACHE_DIR)
+-
+ if (OPENVAS_LOG_DIR)
+   add_definitions (-DOPENVAS_LOG_DIR=\\\"${OPENVAS_LOG_DIR}\\\")
+ endif (OPENVAS_LOG_DIR)
+--- openvas-scanner-5.1.3/CMakeLists.txt	2018-08-29 19:27:26.000000000 +0300
++++ openvas-scanner-5.1.3/CMakeLists.txt	2019-02-04 03:18:37.889999639 +0300
+@@ -166,7 +166,6 @@
+ set (OPENVAS_DATA_DIR    "${DATADIR}/openvas")
+ set (OPENVAS_STATE_DIR   "${LOCALSTATEDIR}/lib/openvas")
+ set (OPENVAS_LOG_DIR     "${LOCALSTATEDIR}/log/openvas")
+-set (OPENVAS_CACHE_DIR   "${LOCALSTATEDIR}/cache/openvas")
+ set (OPENVAS_SYSCONF_DIR "${SYSCONFDIR}/openvas")
+ 
+ if (NOT OPENVAS_NVT_DIR)
+@@ -265,7 +264,6 @@
+          DESTINATION ${DATADIR}/doc/openvas-scanner/ )
+ 
+ install (DIRECTORY DESTINATION ${OPENVAS_NVT_DIR})
+-install (DIRECTORY DESTINATION ${OPENVAS_CACHE_DIR})
+ 
+ ## Tests
+ 
+

net-analyzer/openvas-scanner/files/openvas-scanner-5.1.3-gcc8.patch

@@ -0,0 +1,42 @@
+--- openvas-scanner-5.1.3/src/ntp.c	2018-08-29 19:27:26.000000000 +0300
++++ openvas-scanner-5.1.3/src/ntp.c	2019-02-02 00:57:56.832878754 +0300
+@@ -361,9 +361,7 @@
+ }
+ 
+ /*----------------------------------------------------------
+-
+    Communication protocol: timestamps
+-
+  ----------------------------------------------------------*/
+ 
+ 
+@@ -391,7 +389,7 @@
+ static int
+ __ntp_timestamp_scan_host (int soc, char *msg, char *host)
+ {
+-  char timestr[1024];
++  char timestr[64];
+   char *tmp;
+   time_t t;
+   int len;
+--- openvas-scanner-5.1.3/src/pluginload.c      2018-08-29 19:27:26.000000000 +0300
++++ openvas-scanner-5.1.3/src/pluginload.c      2019-02-02 00:59:24.494774959 +0300
+@@ -250,7 +250,7 @@
+   g_slist_free_full (oids, g_free);
+ }
+ 
+-static int
++static void
+ plugins_reload_from_dir (void *folder)
+ {
+   GSList *files = NULL, *f;
+--- openvas-scanner-5.1.3/src/processes.h       2018-08-29 19:27:26.000000000 +0300
++++ openvas-scanner-5.1.3/src/processes.h       2019-02-02 01:06:42.772908314 +0300
+@@ -28,7 +28,7 @@
+ #ifndef _OPENVAS_THREADS_H
+ #define _OPENVAS_THREADS_H
+ 
+-typedef int (*process_func_t) (void *);
++typedef void (*process_func_t) (void *);
+ pid_t create_process (process_func_t, void *);
+ int terminate_process (pid_t);

net-analyzer/openvas-scanner/files/openvas-scanner-5.1.3-nvt.patch

@@ -0,0 +1,93 @@
+--- openvas-scanner-5.1.3/src/attack.c	2018-08-29 19:27:26.000000000 +0300
++++ openvas-scanner-5.1.3/src/attack.c	2019-02-02 00:44:12.834888067 +0300
+@@ -97,9 +97,7 @@
+ };
+ 
+ /*******************************************************
+-
+ 		PRIVATE FUNCTIONS
+-
+ ********************************************************/
+ 
+ /**
+@@ -996,6 +994,14 @@
+   sched = plugins_scheduler_init
+            (prefs_get ("plugin_set"), prefs_get_bool ("auto_enable_dependencies"),
+             network_phase);
++  if (sched == NULL)
++    {
++      error_message_to_client (global_socket,
++                               "Failed to initialize the plugins scheduler.",
++                               NULL, NULL);
++      return;
++    }
++
+ 
+   max_hosts = get_max_hosts_number ();
+   max_checks = get_max_checks_number ();
+--- openvas-scanner-5.1.3/src/pluginscheduler.c	2018-08-29 19:27:26.000000000 +0300
++++ openvas-scanner-5.1.3/src/pluginscheduler.c	2019-02-02 00:48:03.799598381 +0300
+@@ -486,7 +486,7 @@
+     }
+ }
+ 
+-static void
++static int
+ plugins_scheduler_fill (plugins_scheduler_t sched)
+ {
+   int i;
+@@ -500,6 +500,15 @@
+       int category;
+ 
+       category = nvticache_get_category (element->data);
++      if (category < 0)
++        {
++          log_write ("The NVT with oid %s has not category assigned. This is "
++                     "considered a fatal error, since the NVTI Cache "
++                     "structure stored in Redis is out dated or corrupted.",
++                     (char *) element->data);
++          g_slist_free_full (list, g_free);
++          return 1;
++        }
+       scheduler_plugin = g_malloc0 (sizeof (struct scheduler_plugin));
+       scheduler_plugin->running_state = PLUGIN_STATUS_UNRUN;
+       scheduler_plugin->oid = g_strdup (element->data);
+@@ -529,6 +538,7 @@
+         }
+     }
+ 
++  return 0;
+ }
+ 
+ plugins_scheduler_t
+@@ -540,7 +550,11 @@
+   /* Fill our lists */
+   ret = g_malloc0 (sizeof (*ret));
+   ret->hash = hash_init ();
+-  plugins_scheduler_fill (ret);
++  if (plugins_scheduler_fill (ret))
++    {
++      plugins_scheduler_free (ret);
++      return NULL;
++    }
+ 
+   plugins_scheduler_enable (ret, plugins_list, autoload);
+ 
+@@ -729,9 +743,12 @@
+ void
+ plugins_scheduler_free (plugins_scheduler_t sched)
+ {
+-  int i;
+-  hash_destroy (sched->hash);
+-  for (i = ACT_FIRST; i <= ACT_LAST; i++)
+-    list_destroy (sched->list[i]);
+-  g_free (sched);
++  if (sched)
++    {
++      int i;
++      hash_destroy (sched->hash);
++      for (i = ACT_FIRST; i <= ACT_LAST; i++)
++        list_destroy (sched->list[i]);
++      g_free (sched);
++    }
+ }

net-analyzer/openvas-scanner/files/openvas-scanner-6.0.1-sbin.patch

@@ -0,0 +1,21 @@
+--- a/src/CMakeLists.txt	2019-07-21 23:16:18.608251465 +0300
++++ b/src/CMakeLists.txt	2019-07-21 23:17:08.434210058 +0300
+@@ -175,7 +175,7 @@
+ ## Install
+ 
+ install (TARGETS openvassd
+-         RUNTIME DESTINATION ${SBINDIR}
++         RUNTIME DESTINATION ${BINDIR}
+          PERMISSIONS OWNER_EXECUTE OWNER_READ OWNER_WRITE
+          GROUP_READ GROUP_EXECUTE WORLD_READ WORLD_EXECUTE)
+ 
+@@ -183,7 +183,7 @@
+          DESTINATION ${OPENVAS_SYSCONF_DIR})
+ 
+ install (FILES ${CMAKE_BINARY_DIR}/tools/greenbone-nvt-sync
+-         DESTINATION ${SBINDIR}
++         DESTINATION ${BINDIR}
+          PERMISSIONS OWNER_EXECUTE OWNER_READ OWNER_WRITE
+                      GROUP_READ GROUP_EXECUTE WORLD_READ WORLD_EXECUTE)
+ 
+

net-analyzer/openvas-scanner/files/openvas-scanner-daemon.conf

@@ -0,0 +1,9 @@
+# OpenVAS Scanner command args
+
+# e.g --foreground
+OPENVAS_SCANNER_OPTIONS=""
+
+# Scanner listen socket
+OPENVAS_SCANNER_LISTEN_SOCKET="--unix-socket=/var/run/openvassd.sock" 
+
+

net-analyzer/openvas-scanner/files/openvas-scanner.init

@@ -0,0 +1,25 @@
+#!/sbin/openrc-run
+# Copyright 1999-2019 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+name="OpenVAS Scanner"
+command="/usr/sbin/openvassd"
+command_args="${OPENVAS_SCANNER_OPTIONS} ${OPENVAS_SCANNER_LISTEN_SOCKET}"
+pidfile="/var/run/openvassd.pid"
+command_background="true"
+
+depend() {
+	after bootmisc
+	need localmount net redis
+}
+
+start_pre() {
+	checkpath --directory --mode 0775 --quiet /var/cache/openvas
+}
+
+create_cache() {
+	checkpath --directory --mode 0775 --quiet /var/cache/openvas
+	ebegin "Generating initial Cache"
+	/usr/sbin/openvassd --foreground --only-cache
+	eend $?
+}

net-analyzer/openvas-scanner/files/openvas-scanner.logrotate

@@ -0,0 +1,11 @@
+# logrotate for openvas scanner
+/var/log/openvas/openvassd.messages {
+        rotate 4
+        weekly
+        compress
+        delaycompress
+        missingok
+	postrotate
+	    /bin/kill -HUP `pidof openvassd`
+	endscript
+}

net-analyzer/openvas-scanner/files/openvas-scanner.service

@@ -0,0 +1,21 @@
+[Unit]
+Description=OpenVAS Scanner
+After=network.target
+After=redis.service
+Before=gvmd.service
+Requires=redis.service
+
+[Service]
+Type=forking
+EnvironmentFile=-/etc/openvas/sysconfig/openvas-scanner-daemon.conf
+ExecStart=/usr/sbin/openvassd $OPENVAS_SCANNER_OPTIONS $OPENVAS_SCANNER_LISTEN_SOCKET
+ExecReload=/bin/kill -HUP $MAINPID
+Restart=on-failure
+RestartSec=10
+KillMode=mixed
+User=root
+Group=root
+TimeoutSec=1200
+
+[Install]
+WantedBy=multi-user.target

net-analyzer/openvas-scanner/files/openvas-scanner.tmpfiles.d

@@ -0,0 +1 @@
+d	/var/cache/openvassd 0775

net-analyzer/openvas-scanner/files/openvassd-daemon.conf

@@ -0,0 +1,17 @@
+# OpenVAS Scanner command args
+
+# e.g --foreground
+OPENVAS_SCANNER_OPTIONS=""
+
+# Scanner listen socket
+OPENVAS_SCANNER_LISTEN_SOCKET="--unix-socket=/var/run/openvassd.sock" 
+
+# Scanner listen owner
+OPENVAS_SCANNER_LISTEN_OWNER="--listen-owner=gvm"
+
+# Scanner listen group
+OPENVAS_SCANNER_LISTEN_GROUP="--listen-group=gvm"
+
+# Scanner listen mode
+OPENVAS_SCANNER_LISTEN_MODE="--listen-mode=755"
+

net-analyzer/openvas-scanner/files/openvassd.conf

@@ -0,0 +1,53 @@
+#You can get detailed informations from https://linux.die.net/man/8/openvassd
+
+plugins_folder = /var/lib/openvas/plugins
+include_folders = /var/lib/openvas/plugins
+max_hosts = 30
+max_checks = 10
+
+#Resource friendly
+be_nice = no
+
+#Logfile
+logfile = /var/log/openvas/openvassd.messages
+
+log_whole_attack = no
+log_plugins_name_at_load = no
+dumpfile = /var/log/openvas/openvassd.dump
+cgi_path = /cgi-bin:/scripts
+
+#Turn off for push hard but increase false positive and slow down scans
+optimize_test = yes
+
+checks_read_timeout = 5
+network_scan = no
+non_simult_ports = 139, 445
+plugins_timeout = 320
+scanner_plugins_timeout = 36000
+
+#Push harder to target
+safe_checks = no
+
+auto_enable_dependencies = yes
+use_mac_addr = no
+nasl_no_signature_check = yes
+drop_privileges = no
+unscanned_closed = yes
+unscanned_closed_udp = yes
+vhosts = 
+vhosts_ip = 
+report_host_details = yes
+
+#Redis listening socket (must be same with redis socket)
+kb_location = /tmp/redis.sock
+
+timeout_retry = 3
+time_between_request = 0
+
+#Config File
+config_file = /etc/openvas/openvassd.conf
+
+#Certificates (default these are not needed here but setup-check script looking for them)
+cert_file = /var/lib/openvas/CA/servercert.pem
+key_file = /var/lib/openvas/private/CA/serverkey.pem
+ca_file = /var/lib/openvas/CA/cacert.pem

net-analyzer/openvas-scanner/files/openvassd.gvm.conf

@@ -0,0 +1,124 @@
+# You can get detailed informations from https://linux.die.net/man/8/openvassd
+# Configuration file of the OpenVAS Security Scanner
+# Every line starting with a '#' is a comment
+
+[Misc]
+
+# Path to the security checks folder:
+plugins_folder = /var/lib/openvas/plugins
+
+# Path to OpenVAS caching folder:
+cache_folder = /var/cache/openvas
+
+# Path to OpenVAS include directories:
+# (multiple entries are separated with colon ':')
+include_folders = /var/lib/openvas/plugins
+
+# Config File
+config_file = /etc/openvas/openvassd.conf
+
+# Maximum number of simultaneous hosts tested :
+max_hosts = 30
+
+# Maximum number of simultaneous checks against each host tested :
+max_checks = 10
+
+# Niceness. If set to 'yes', openvassd will renice itself to 10.
+be_nice = no
+
+# Log file (or 'syslog') :
+logfile = /var/log/gvm/openvassd.log
+
+# Shall we log every details of the attack ? (disk intensive)
+log_whole_attack = no
+
+# Log the name of the plugins that are loaded by the server ?
+log_plugins_name_at_load = no
+
+# Dump file for debugging output, use `-' for stdout
+dumpfile = /var/log/gvm/openvassd.dump
+
+# Rules file :
+rules = /etc/openvas/openvassd.rules
+
+# CGI paths to check for (cgi-bin:/cgi-aws:/ can do)
+cgi_path = /cgi-bin:/scripts
+
+# Range of the ports the port scanners will scan :
+# 'default' means that OpenVAS will scan ports found in its
+# services file.
+port_range = default
+
+# Optimize the test (recommended) :
+# Turn off for push hard but increase false positive and slow down scans
+optimize_test = yes
+
+# Optimization :
+# Read timeout for the sockets of the tests :
+checks_read_timeout = 5
+
+# Ports against which two plugins should not be run simultaneously :
+# non_simult_ports = Services/www, 139, Services/finger
+non_simult_ports = 139, 445
+
+# Maximum lifetime of a plugin (in seconds) :
+plugins_timeout = 320
+
+# Safe checks rely on banner grabbing & If enabled push harder to target:
+safe_checks = yes
+
+# Automatically activate the plugins that are depended on
+auto_enable_dependencies = yes
+
+# Do not echo data from plugins which have been automatically enabled
+silent_dependencies = no
+
+# Designate hosts by MAC address, not IP address (useful for DHCP networks)
+use_mac_addr = no
+
+
+#--- Knowledge base saving (can be configured by the client) :
+# Save the knowledge base on disk :
+save_knowledge_base = no
+
+# Restore the KB for each test :
+kb_restore = no
+
+# Only test hosts whose KB we do not have :
+only_test_hosts_whose_kb_we_dont_have = no
+
+# Only test hosts whose KB we already have :
+only_test_hosts_whose_kb_we_have = no
+
+# KB test replay :
+kb_dont_replay_scanners = no
+kb_dont_replay_info_gathering = no
+kb_dont_replay_attacks = no
+kb_dont_replay_denials = no
+kb_max_age = 864000
+#--- end of the KB section
+
+# Redis socket default setting
+db_address = /tmp/redis.sock
+
+# If this option is set, OpenVAS will not scan a network incrementally
+# (10.0.0.1, then 10.0.0.2, 10.0.0.3 and so on..) but will attempt to
+# slice the workload throughout the whole network (ie: it will scan
+# 10.0.0.1, then 10.0.0.127, then 10.0.0.2, then 10.0.0.128 and so on...
+slice_network_addresses = no
+
+# Should consider all the NASL scripts as being signed ? (unsafe if set to 'yes')
+nasl_no_signature_check = yes
+
+#Certificates
+cert_file=/var/lib/gvm/CA/servercert.pem
+key_file=/var/lib/gvm/private/CA/serverkey.pem
+ca_file=/var/lib/gvm/CA/cacert.pem
+
+# If you decide to protect your private key with a password,
+# uncomment and change next line
+# pem_password=password
+# If you want to force the use of a client certificate, uncomment next line
+# force_pubkey_auth = yes
+
+#end.

net-analyzer/openvas-scanner/files/openvassd.init

@@ -0,0 +1,14 @@
+#!/sbin/openrc-run
+# Copyright 1999-2019 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+name="Open Vulnerability Assessment Scanner"
+command="/usr/bin/openvassd"
+command_args="${OPENVAS_SCANNER_OPTIONS} ${OPENVAS_SCANNER_LISTEN_SOCKET} ${OPENVAS_SCANNER_LISTEN_OWNER} ${OPENVAS_SCANNER_LISTEN_GROUP} ${OPENVAS_SCANNER_LISTEN_MODE}"
+pidfile="/run/openvassd.pid"
+command_background="true"
+
+depend() {
+	after bootmisc
+	need localmount net redis
+}

net-analyzer/openvas-scanner/files/openvassd.logrotate

@@ -0,0 +1,13 @@
+# Copyright 1999-2019 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+# Daemon ignore HUP so we use 'copytruncate' instead of 'create' 
+# with safe file size to prevent losing log entries.
+
+/var/log/gvm/openvassd.log {
+	compress
+	missingok
+	notifempty
+	sharedscripts
+	copytruncate
+	maxsize 10M
+}

net-analyzer/openvas-scanner/files/openvassd.service

@@ -0,0 +1,16 @@
+[Unit]
+Description=Open Vulnerability Assessment Scanner
+After=network.target
+After=redis.service
+Before=gvmd.service
+Requires=redis.service
+
+[Service]
+Type=forking
+EnvironmentFile=-/etc/openvas/sysconfig/openvassd-daemon.conf
+ExecStart=/usr/bin/openvassd $OPENVAS_SCANNER_OPTIONS $OPENVAS_SCANNER_LISTEN_SOCKET $OPENVAS_SCANNER_LISTEN_OWNER $OPENVAS_SCANNER_LISTEN_GROUP $OPENVAS_SCANNER_LISTEN_MODE
+Restart=on-failure
+RestartSec=10
+
+[Install]
+WantedBy=multi-user.target

net-analyzer/openvas-scanner/files/redis.conf.example

@@ -0,0 +1,57 @@
+bind 127.0.0.1
+protected-mode yes
+port 0
+tcp-backlog 511
+unixsocket /tmp/redis.sock
+unixsocketperm 700
+timeout 0
+tcp-keepalive 300
+daemonize no
+supervised no
+pidfile /run/redis/redis.pid
+loglevel notice
+logfile /var/log/redis/redis.log
+databases 16
+always-show-logo yes
+stop-writes-on-bgsave-error yes
+rdbcompression yes
+rdbchecksum yes
+dbfilename dump.rdb
+dir /var/lib/redis/
+slave-serve-stale-data yes
+slave-read-only yes
+repl-diskless-sync no
+repl-diskless-sync-delay 5
+repl-disable-tcp-nodelay no
+slave-priority 100
+lazyfree-lazy-eviction no
+lazyfree-lazy-expire no
+lazyfree-lazy-server-del no
+slave-lazy-flush no
+appendonly no
+appendfilename "appendonly.aof"
+appendfsync everysec
+no-appendfsync-on-rewrite no
+auto-aof-rewrite-percentage 100
+auto-aof-rewrite-min-size 64mb
+aof-load-truncated yes
+aof-use-rdb-preamble no
+lua-time-limit 5000
+slowlog-log-slower-than 10000
+slowlog-max-len 128
+latency-monitor-threshold 0
+notify-keyspace-events ""
+hash-max-ziplist-entries 512
+hash-max-ziplist-value 64
+list-max-ziplist-size -2
+list-compress-depth 0
+set-max-intset-entries 512
+zset-max-ziplist-entries 128
+zset-max-ziplist-value 64
+hll-sparse-max-bytes 3000
+activerehashing yes
+client-output-buffer-limit normal 0 0 0
+client-output-buffer-limit slave 256mb 64mb 60
+client-output-buffer-limit pubsub 32mb 8mb 60
+hz 10
+aof-rewrite-incremental-fsync yes

net-analyzer/openvas-scanner/metadata.xml

@@ -0,0 +1,24 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE pkgmetadata SYSTEM "http://www.gentoo.org/dtd/metadata.dtd">
+<pkgmetadata>
+	<maintainer type="person">
+		<email>hasan.calisir@psauxit.com</email>
+		<name>Hasan ÇALIŞIR</name>
+	</maintainer>
+	<maintainer type="project">
+		<email>proxy-maint@gentoo.org</email>
+		<name>Proxy Maintainers</name>
+	</maintainer>
+	<use>
+		<flag name="cron">Install a cron job to update GVM's feed daily.</flag>
+		<flag name="extras">Html docs support</flag>
+	</use>
+	<longdescription lang="en">
+	Open Vulnerability Assessment System (OpenVAS) Scanner is the Greenbone Vulnerability Management (GVM) Solution.
+	It is used for the Greenbone Security Manager appliances and is a full-featured scan engine that executes a continuously 
+	updated and extended feed of Network Vulnerability Tests (NVTs).
+	</longdescription>
+	<upstream>
+		<remote-id type="github">greenbone/openvas-scanner</remote-id>
+	</upstream>
+</pkgmetadata>

net-analyzer/openvas-scanner/openvas-scanner-6.0.1.ebuild

@@ -0,0 +1,138 @@
+# Copyright 1999-2019 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=7
+
+CMAKE_MAKEFILE_GENERATOR="emake"
+inherit cmake-utils flag-o-matic systemd toolchain-funcs
+
+MY_PN="openvas"
+MY_DN="openvassd"
+
+DESCRIPTION="Open Vulnerability Assessment Scanner"
+HOMEPAGE="https://www.greenbone.net/en/"
+SRC_URI="https://github.com/greenbone/openvas-scanner/archive/v${PV}.tar.gz -> ${P}.tar.gz"
+
+SLOT="0"
+LICENSE="GPL-2 GPL-2+"
+KEYWORDS="~amd64 ~x86"
+IUSE="cron extras"
+
+DEPEND="
+	app-crypt/gpgme:=
+	dev-db/redis
+	dev-libs/libgcrypt:=
+	dev-libs/libksba
+	>=net-analyzer/gvm-libs-10.0.1
+	net-analyzer/net-snmp
+	net-libs/gnutls:=
+	net-libs/libpcap
+	net-libs/libssh:=
+"
+
+RDEPEND="
+	${DEPEND}
+	!~net-analyzer/openvas-scanner-5.1.3
+	!net-analyzer/openvas-tools"
+
+BDEPEND="
+	sys-devel/bison
+	sys-devel/flex
+	virtual/pkgconfig
+	extras? ( app-doc/doxygen[dot]
+		  app-doc/xmltoman
+		  app-text/htmldoc
+		  dev-perl/CGI
+		  dev-perl/SQL-Translator
+	)"
+
+BUILD_DIR="${WORKDIR}/${MY_PN}-${PV}_build"
+S="${WORKDIR}/${MY_PN}-${PV}"
+
+PATCHES=(
+	# Install exec. to /usr/bin instead of /usr/sbin
+	"${FILESDIR}/${P}-sbin.patch"
+)
+
+src_prepare() {
+	cmake-utils_src_prepare
+	# QA-Fix | Correct FHS/Gentoo policy paths for 6.0.1
+	sed -i -e "s*/doc/openvas-scanner/*/doc/openvas-scanner-${PV}/*g" "$S"/src/CMakeLists.txt || die
+	# QA-Fix | Remove !CLANG doxygen warnings for 6.0.1
+	if use extras; then
+		if ! tc-is-clang; then
+		   local f
+		   for f in doc/*.in
+		   do
+			sed -i \
+				-e "s*CLANG_ASSISTED_PARSING = NO*#CLANG_ASSISTED_PARSING = NO*g" \
+				-e "s*CLANG_OPTIONS*#CLANG_OPTIONS*g" \
+				"${f}" || die "couldn't disable CLANG parsing"
+		   done
+		fi
+	fi
+}
+
+src_configure() {
+	local mycmakeargs=(
+		"-DCMAKE_INSTALL_PREFIX=${EPREFIX}/usr"
+		"-DLOCALSTATEDIR=${EPREFIX}/var"
+		"-DSYSCONFDIR=${EPREFIX}/etc"
+	)
+	# Add release hardening flags for 6.0.1
+	append-cflags -Wno-format-truncation -Wformat -Wformat-security -D_FORTIFY_SOURCE=2 -fstack-protector
+	append-ldflags -Wl,-z,relro -Wl,-z,now
+	cmake-utils_src_configure
+}
+
+src_compile() {
+	cmake-utils_src_compile
+	if use extras; then
+		cmake-utils_src_make -C "${BUILD_DIR}" doc
+		cmake-utils_src_make doc-full -C "${BUILD_DIR}" doc
+		HTML_DOCS=( "${BUILD_DIR}"/doc/generated/html/. )
+	fi
+	cmake-utils_src_make rebuild_cache
+}
+
+src_install() {
+	cmake-utils_src_install
+
+	dodir /etc/openvas
+	insinto /etc/openvas
+	newins "${FILESDIR}/${MY_DN}.gvm.conf" openvassd.conf
+
+	insinto /etc/openvas
+	doins "${FILESDIR}"/redis.conf.example
+
+	dodir /etc/openvas/sysconfig
+	insinto /etc/openvas/sysconfig
+	doins "${FILESDIR}/${MY_DN}-daemon.conf"
+
+	if use cron; then
+		# Install the cron job if they want it.
+		exeinto /etc/gvm
+		doexe "${FILESDIR}/gvm-feed-sync.sh"
+		fowners gvm:gvm /etc/gvm/gvm-feed-sync.sh
+
+		insinto /etc/cron.d
+		newins "${FILESDIR}"/gvm-feed-sync.cron gvm
+	fi
+
+	fowners -R gvm:gvm /etc/openvas
+
+	newinitd "${FILESDIR}/${MY_DN}.init" "${MY_DN}"
+	newconfd "${FILESDIR}/${MY_DN}-daemon.conf" "${MY_DN}"
+
+	dodir /etc/logrotate.d
+	insinto /etc/logrotate.d
+	newins "${FILESDIR}/${MY_DN}.logrotate" "${MY_DN}"
+
+	systemd_dounit "${FILESDIR}/${MY_DN}.service"
+
+	# Set proper permissions on required files/directories
+	keepdir /var/log/gvm
+	fowners gvm:gvm /var/log/gvm
+	keepdir /var/lib/openvas/{gnupg,plugins}
+	fowners -R gvm:gvm /var/lib/openvas
+}

net-analyzer/ospd/Manifest

@@ -0,0 +1 @@
+DIST ospd-1.3.2.tar.gz 39097 BLAKE2B 4c102e1e6857f89015666950e2d7a107bf81c861f9c6d4d74aab33f77585ea871e353aa95deb3f84a1bb4cd391f40121ca927835ebec9db2545eb8f606e96df7 SHA512 26ec0b45d74df687264ce2d5e42a6f51cfb982f8fe00863294b990ee8db819b7f54ebf3f095094c32c2bc91a51d987ac83f15f4bf15e931d4ffd215b72ac6bec

net-analyzer/ospd/metadata.xml

@@ -0,0 +1,25 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE pkgmetadata SYSTEM "http://www.gentoo.org/dtd/metadata.dtd">
+<pkgmetadata>
+	<maintainer type="person">
+		<email>hasan.calisir@psauxit.com</email>
+		<name>Hasan ÇALIŞIR</name>
+	</maintainer>
+	<maintainer type="project">
+		<email>proxy-maint@gentoo.org</email>
+		<name>Proxy Maintainers</name>
+	</maintainer>
+	<use>
+		<flag name="extras">Html docs support</flag>
+	</use>
+	<longdescription lang="en">
+	OSPD is a base class for scanner wrappers which share the same communication protocol: 
+	OSP (Open Scanner Protocol). OSP creates a unified interface for different security scanners 
+	and makes their control flow and scan results consistently available under the central 
+	Greenbone Vulnerability Manager service.
+	</longdescription>
+	<upstream>
+		<remote-id type="github">greenbone/ospd</remote-id>
+	</upstream>
+</pkgmetadata>
+

net-analyzer/ospd/ospd-1.3.2.ebuild

@@ -0,0 +1,32 @@
+# Copyright 1999-2019 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=7
+
+PYTHON_COMPAT=( python3_{5,6,7} )
+inherit distutils-r1
+
+DESCRIPTION="Base class for scanner wrappers,communication protocol for GVM"
+HOMEPAGE="https://www.greenbone.net/en/"
+SRC_URI="https://github.com/greenbone/ospd/archive/v1.3.2.tar.gz -> ${P}.tar.gz"
+
+SLOT="0"
+LICENSE="GPL-2+"
+KEYWORDS="~amd64 ~x86"
+IUSE="extras"
+
+RDEPEND="
+	dev-python/defusedxml[${PYTHON_USEDEP}]
+	dev-python/lxml[${PYTHON_USEDEP}]
+	dev-python/paramiko[${PYTHON_USEDEP}]"
+
+DEPEND="
+	${RDEPEND}"
+
+python_compile() {
+	if use extras; then
+		bash "${S}"/doc/generate || die
+		HTML_DOCS=( "${S}"/doc/. )
+	fi
+	distutils-r1_python_compile
+}

profiles/pentoo/base/package.accept_keywords/net-analyzer

@@ -145,3 +145,14 @@ net-analyzer/pret
 ~net-analyzer/enteletaor-1.1.1 
 
 net-analyzer/sitadel
+
+
+#OpenVAS
+~net-analyzer/greenbone-security-assistant-8.0.1
+~dev-perl/SQL-Translator-0.110.230
+~net-analyzer/gvm-libs-10.0.1
+~dev-perl/Package-Variant-1.3.2
+~sys-apps/yarn-1.17.3
+~net-analyzer/gvmd-8.0.1
+~net-analyzer/openvas-scanner-6.0.1
+~net-analyzer/gvm-10.0.1

profiles/pentoo/base/package.use/net-analyzer

@@ -12,3 +12,6 @@ net-analyzer/wireshark androiddump ares ciscodump gcrypt geoip gnutls kerberos l
 
 #ipython migration
 net-analyzer/dnsrecon -python_targets_python2_7
+
+#OpenVAS
+net-analyzer/gvm postgres -sqlite