network/greenbone-security-assistant: Removed.
Signed-off-by: Dave Woodfall <dave@slackbuilds.org> Signed-off-by: Willy Sudiarto Raharjo <willysr@slackbuilds.org>
This commit is contained in:
parent
626582e5bf
commit
e122832496
|
@ -1,125 +0,0 @@
|
|||
greenbone-security-assistant (UI for OpenVAS)
|
||||
|
||||
This is the UI the Open Vulnerability Assessment System (OpenVAS).
|
||||
|
||||
###### Known Problems ######
|
||||
|
||||
- PDF report generation is broken. This may get fixed in a future slackbuild.
|
||||
|
||||
- All the daemons run as root. There's no (working) configuration options
|
||||
or documentation to change this behavior.
|
||||
|
||||
- There are a number of tests that depend on other software packages that are
|
||||
not available as slackbuilds at this time. Stay tuned.
|
||||
|
||||
- If you're running in a VM environment, or on a headless server, then
|
||||
running haveged is recommended, particularly for step 11 below.
|
||||
|
||||
###### Upgrade Notes ######
|
||||
|
||||
If you're updating from OpenVAS-7 to OpenVAS-8, please note the following.
|
||||
(See: http://www.openvas.org/install-source.html if you're unsure which
|
||||
version you're running.)
|
||||
|
||||
Openvas now uses redis as a temporary database while running scans. You will
|
||||
need redis installed and running, as well as hiredis. See step 2 below on
|
||||
how to configure redis.
|
||||
|
||||
Before running openvas-manager, you'll need to migrate the database. Simply
|
||||
run:
|
||||
# openvasmd --migrate
|
||||
|
||||
###### Installation Instructions ######
|
||||
|
||||
These instructions assume you're familiar with slackbuilds. If not, please
|
||||
refer to http://slackbuilds.org/howto/ .
|
||||
|
||||
1. Build and install hiredis.
|
||||
|
||||
2. Build and install redis. You need to uncomment the following 2 lines in the
|
||||
/etc/redis/redis.conf file:
|
||||
#unixsocket /tmp/redis.sock
|
||||
#unixsocketperm 700
|
||||
Now start up redis:
|
||||
# sh /etc/rc.d/rc.redis start
|
||||
|
||||
3. Build and install openvas-libraries.
|
||||
|
||||
4. Build and install openvas-scanner.
|
||||
|
||||
5. You need a Certificate Authority and server certificate. Run the following
|
||||
command:
|
||||
# openvas-mkcert
|
||||
|
||||
6. You need the NVT's (Network Vulnerability Tests). Run the following
|
||||
command to sync. In the future, you can do this through the
|
||||
greenbone-security-assistant interface. This will take a minute or so
|
||||
with a blazing fast internet connection. YMMV.
|
||||
# openvas-nvt-sync
|
||||
|
||||
7. Start the openvas-scanner daemon.
|
||||
# sh /etc/rc.d/rc.openvassd start
|
||||
|
||||
8. Build and install openvas-manager.
|
||||
|
||||
9. You need client certificates for manager to talk to scanner. Use the
|
||||
following command.
|
||||
# openvas-mkcert-client -n -i
|
||||
|
||||
10. Initialize the manager database. This will take a while, so be patient.
|
||||
# openvasmd --rebuild
|
||||
|
||||
11. You want encrypted credentials in the DB, so do this now.
|
||||
# openvasmd --create-credentials-encryption-key
|
||||
This may take a while, so it's best to create some entropy by skipping to
|
||||
#13-#15 and then coming back, if needed.
|
||||
|
||||
12. Create a user.
|
||||
# openvasmd --create-user=cary
|
||||
If you find the assigned password hard to remember, you can change it
|
||||
right now.
|
||||
# openvasmd --user=cary --new-password=mekmitasdigoat
|
||||
|
||||
13. Sync SCAP data. This will take some time.
|
||||
# openvas-scapdata-sync
|
||||
|
||||
14. Sync CERT data.
|
||||
# openvas-certdata-sync
|
||||
|
||||
15. Update port names.
|
||||
# wget http://www.iana.org/assignments/service-names-port-numbers/service-names-port-numbers.xml
|
||||
# openvas-portnames-update service-names-port-numbers.xml
|
||||
# rm service-names-port-numbers.xml
|
||||
|
||||
16. Start the openvas-manager daemon.
|
||||
# sh /etc/rc.d/rc.openvasmd start
|
||||
|
||||
17. Build and install libmicrohttpd.
|
||||
|
||||
18. Build and install greenbone-security-assistant.
|
||||
|
||||
19. Launch the greenbone-security-assistant.
|
||||
# sh /etc/rc.d/rc.gsad start
|
||||
|
||||
20. Open file:///var/lib/openvas/CA/cacert.pem in your browser to import the
|
||||
certificate that you created in step 5 above.
|
||||
|
||||
21. Point your browser at https://<YOUR HOSTNAME>:9392 and log in with your
|
||||
username/password from #12.
|
||||
|
||||
22. [Optional] Build and install openvas-cli. You'll need this if you ever
|
||||
want to script tests.
|
||||
|
||||
That's it! If you run into any problems, you can try running the
|
||||
openvas-check-setup script found here:
|
||||
https://svn.wald.intevation.org/svn/openvas/trunk/tools/openvas-check-setup
|
||||
|
||||
If you don't have a web-server running, you can edit the /etc/rc.d/rc.gsad
|
||||
script to remove the "-p 9392" option, and it will run on port 443.
|
||||
|
||||
Please let me know if you run into any problems. Patches welcome!
|
||||
|
||||
Have Fun!
|
||||
|
||||
Kent Fritz
|
||||
mailto:fritz.kent@gmail.com
|
|
@ -1,26 +0,0 @@
|
|||
config() {
|
||||
NEW="$1"
|
||||
OLD="$(dirname $NEW)/$(basename $NEW .new)"
|
||||
# If there's no config file by that name, mv it over:
|
||||
if [ ! -r $OLD ]; then
|
||||
mv $NEW $OLD
|
||||
elif [ "$(cat $OLD | md5sum)" = "$(cat $NEW | md5sum)" ]; then
|
||||
# toss the redundant copy
|
||||
rm $NEW
|
||||
fi
|
||||
# Otherwise, we leave the .new copy for the admin to consider...
|
||||
}
|
||||
|
||||
preserve_perms() {
|
||||
NEW="$1"
|
||||
OLD="$(dirname $NEW)/$(basename $NEW .new)"
|
||||
if [ -e $OLD ]; then
|
||||
cp -a $OLD ${NEW}.incoming
|
||||
cat $NEW > ${NEW}.incoming
|
||||
mv ${NEW}.incoming $NEW
|
||||
fi
|
||||
config $NEW
|
||||
}
|
||||
|
||||
preserve_perms etc/rc.d/rc.gsad.new
|
||||
config etc/openvas/gsad_log.conf.new
|
|
@ -1,115 +0,0 @@
|
|||
#!/bin/bash
|
||||
|
||||
# Slackware build script for greenbone-security-assistant
|
||||
|
||||
# Copyright 2015,2017 Kent Fritz, Mountain View, CA
|
||||
# All rights reserved.
|
||||
#
|
||||
# Redistribution and use of this script, with or without modification, is
|
||||
# permitted provided that the following conditions are met:
|
||||
#
|
||||
# 1. Redistributions of this script must retain the above copyright
|
||||
# notice, this list of conditions and the following disclaimer.
|
||||
#
|
||||
# THIS SOFTWARE IS PROVIDED BY THE AUTHOR "AS IS" AND ANY EXPRESS OR IMPLIED
|
||||
# WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
|
||||
# MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO
|
||||
# EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
|
||||
# SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
|
||||
# PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS;
|
||||
# OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
|
||||
# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR
|
||||
# OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF
|
||||
# ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
|
||||
|
||||
cd $(dirname $0) ; CWD=$(pwd)
|
||||
|
||||
PRGNAM=greenbone-security-assistant
|
||||
VERSION=${VERSION:-6.0.12}
|
||||
BUILD=${BUILD:-1}
|
||||
TAG=${TAG:-_SBo}
|
||||
PKGTYPE=${PKGTYPE:-tgz}
|
||||
|
||||
if [ -z "$ARCH" ]; then
|
||||
case "$( uname -m )" in
|
||||
i?86) ARCH=i586 ;;
|
||||
arm*) ARCH=arm ;;
|
||||
*) ARCH=$( uname -m ) ;;
|
||||
esac
|
||||
fi
|
||||
|
||||
# If the variable PRINT_PACKAGE_NAME is set, then this script will report what
|
||||
# the name of the created package would be, and then exit. This information
|
||||
# could be useful to other scripts.
|
||||
if [ ! -z "${PRINT_PACKAGE_NAME}" ]; then
|
||||
echo "$PRGNAM-$VERSION-$ARCH-$BUILD$TAG.$PKGTYPE"
|
||||
exit 0
|
||||
fi
|
||||
|
||||
TMP=${TMP:-/tmp/SBo}
|
||||
PKG=$TMP/package-$PRGNAM
|
||||
OUTPUT=${OUTPUT:-/tmp}
|
||||
|
||||
if [ "$ARCH" = "i586" ]; then
|
||||
SLKCFLAGS="-O2 -march=i586 -mtune=i686"
|
||||
LIBDIRSUFFIX=""
|
||||
elif [ "$ARCH" = "i686" ]; then
|
||||
SLKCFLAGS="-O2 -march=i686 -mtune=i686"
|
||||
LIBDIRSUFFIX=""
|
||||
elif [ "$ARCH" = "x86_64" ]; then
|
||||
SLKCFLAGS="-O2 -fPIC"
|
||||
LIBDIRSUFFIX="64"
|
||||
else
|
||||
SLKCFLAGS="-O2"
|
||||
LIBDIRSUFFIX=""
|
||||
fi
|
||||
|
||||
set -e
|
||||
|
||||
rm -rf $PKG
|
||||
mkdir -p $TMP $PKG $OUTPUT
|
||||
cd $TMP
|
||||
rm -rf $PRGNAM-$VERSION
|
||||
tar xvf $CWD/$PRGNAM-$VERSION.tar.gz
|
||||
cd $PRGNAM-$VERSION
|
||||
chown -R root:root .
|
||||
find -L . \
|
||||
\( -perm 777 -o -perm 775 -o -perm 750 -o -perm 711 -o -perm 555 \
|
||||
-o -perm 511 \) -exec chmod 755 {} \; -o \
|
||||
\( -perm 666 -o -perm 664 -o -perm 640 -o -perm 600 -o -perm 444 \
|
||||
-o -perm 440 -o -perm 400 \) -exec chmod 644 {} \;
|
||||
|
||||
mkdir -p build
|
||||
cd build
|
||||
cmake \
|
||||
-DCMAKE_C_FLAGS:STRING="$SLKCFLAGS" \
|
||||
-DCMAKE_INSTALL_PREFIX=/usr \
|
||||
-DLOCALSTATEDIR=/var \
|
||||
-DSYSCONFDIR=/etc \
|
||||
-DCMAKE_BUILD_TYPE=Release ..
|
||||
make
|
||||
make install DESTDIR=$PKG
|
||||
cd ..
|
||||
|
||||
mkdir -p $PKG/etc/rc.d
|
||||
cat $CWD/rc.gsad > $PKG/etc/rc.d/rc.gsad.new
|
||||
chmod 0644 $PKG/etc/rc.d/rc.gsad.new
|
||||
mv $PKG/etc/openvas/gsad_log.conf $PKG/etc/openvas/gsad_log.conf.new
|
||||
|
||||
find $PKG -print0 | xargs -0 file | grep -e "executable" -e "shared object" | grep ELF \
|
||||
| cut -f 1 -d : | xargs strip --strip-unneeded 2> /dev/null || true
|
||||
|
||||
mv $PKG/usr/share/man $PKG/usr
|
||||
find $PKG/usr/man -type f -exec gzip -9 {} \;
|
||||
for i in $( find $PKG/usr/man -type l ) ; do ln -s $( readlink $i ).gz $i.gz ; rm $i ; done
|
||||
|
||||
mkdir -p $PKG/usr/doc/$PRGNAM-$VERSION
|
||||
cp -a CHANGES COPYING ChangeLog INSTALL README $PKG/usr/doc/$PRGNAM-$VERSION
|
||||
cat $CWD/$PRGNAM.SlackBuild > $PKG/usr/doc/$PRGNAM-$VERSION/$PRGNAM.SlackBuild
|
||||
|
||||
mkdir -p $PKG/install
|
||||
cat $CWD/slack-desc > $PKG/install/slack-desc
|
||||
cat $CWD/doinst.sh > $PKG/install/doinst.sh
|
||||
|
||||
cd $PKG
|
||||
/sbin/makepkg -l y -c n $OUTPUT/$PRGNAM-$VERSION-$ARCH-$BUILD$TAG.$PKGTYPE
|
|
@ -1,10 +0,0 @@
|
|||
PRGNAM="greenbone-security-assistant"
|
||||
VERSION="6.0.12"
|
||||
HOMEPAGE="http://www.openvas.org"
|
||||
DOWNLOAD="http://wald.intevation.org/frs/download.php/2442/greenbone-security-assistant-6.0.12.tar.gz"
|
||||
MD5SUM="362ddc36292a16d3a55c90bda044b377"
|
||||
DOWNLOAD_x86_64=""
|
||||
MD5SUM_x86_64=""
|
||||
REQUIRES="openvas-libraries libmicrohttpd"
|
||||
MAINTAINER="Kent Fritz"
|
||||
EMAIL="fritz.kent@gmail.com"
|
|
@ -1,47 +0,0 @@
|
|||
#!/bin/sh
|
||||
#
|
||||
# /etc/rc.d/rc.gsad
|
||||
#
|
||||
# Start/stop/restart the Greenbone Security Assistant Daemon.
|
||||
#
|
||||
# To make Greenbone SA start automatically at boot, make this
|
||||
# file executable: chmod 755 /etc/rc.d/rc.gsad
|
||||
# and add to rc.local:
|
||||
# if [ -x /etc/rc.d/rc.gsad ]; then
|
||||
# . /etc/rc.d/rc.gsad start
|
||||
# fi
|
||||
#
|
||||
|
||||
GSAD_PATH=/usr/sbin
|
||||
GSAD_BIN=gsad
|
||||
GSAD_OPTIONS="-p 9392 --timeout=60 --gnutls-priorities=SECURE128:-VERS-SSL3.0"
|
||||
GSAD_CMD="$GSAD_PATH/$GSAD_BIN $GSAD_OPTIONS"
|
||||
|
||||
gsad_start() {
|
||||
echo Starting Greenbone Security Assistant: $GSAD_CMD
|
||||
$GSAD_CMD
|
||||
}
|
||||
|
||||
gsad_stop() {
|
||||
echo "Stopping Greenbone Security Assistant"
|
||||
/bin/killall $GSAD_BIN
|
||||
}
|
||||
|
||||
gsad_restart() {
|
||||
gsad_stop
|
||||
gsad_start
|
||||
}
|
||||
|
||||
case "$1" in
|
||||
'start')
|
||||
gsad_start
|
||||
;;
|
||||
'stop')
|
||||
gsad_stop
|
||||
;;
|
||||
'restart')
|
||||
gsad_restart
|
||||
;;
|
||||
*)
|
||||
echo "usage $0 start|stop|restart"
|
||||
esac
|
|
@ -1,19 +0,0 @@
|
|||
# HOW TO EDIT THIS FILE:
|
||||
# The "handy ruler" below makes it easier to edit a package description.
|
||||
# Line up the first '|' above the ':' following the base package name, and
|
||||
# the '|' on the right side marks the last column you can put a character in.
|
||||
# You must make exactly 11 lines for the formatting to be correct. It's also
|
||||
# customary to leave one space after the ':' except on otherwise blank lines.
|
||||
|
||||
|-----handy-ruler------------------------------------------------------|
|
||||
greenbone-security-assistant: greenbone-security-assistant (UI for OpenVAS)
|
||||
greenbone-security-assistant:
|
||||
greenbone-security-assistant: This is the UI for the Open Vulnerability Assessment System (OpenVAS).
|
||||
greenbone-security-assistant:
|
||||
greenbone-security-assistant: For more information, please refer to the OpenVAS website available
|
||||
greenbone-security-assistant: at http://www.openvas.org/ .
|
||||
greenbone-security-assistant:
|
||||
greenbone-security-assistant:
|
||||
greenbone-security-assistant:
|
||||
greenbone-security-assistant:
|
||||
greenbone-security-assistant:
|
Loading…
Reference in New Issue