Commit 08199502 authored by SZ Lin (林上智)'s avatar SZ Lin (林上智)

record new upstream branch created by importing openvas-scanner_5.1.0.orig.tar.gz and merge it

parents 43bd8a4c 729a78be
This diff is collapsed.
...@@ -7,7 +7,7 @@ ...@@ -7,7 +7,7 @@
# Jan-Oliver Wagner <jan-oliver.wagner@greenbone.net> # Jan-Oliver Wagner <jan-oliver.wagner@greenbone.net>
# #
# Copyright: # Copyright:
# Copyright (C) 2011-2015 Greenbone Networks GmbH # Copyright (C) 2011-2016 Greenbone Networks GmbH
# #
# This program is free software; you can redistribute it and/or # This program is free software; you can redistribute it and/or
# modify it under the terms of the GNU General Public License # modify it under the terms of the GNU General Public License
...@@ -27,7 +27,7 @@ message ("-- Configuring the Scanner...") ...@@ -27,7 +27,7 @@ message ("-- Configuring the Scanner...")
project (openvas-scanner C) project (openvas-scanner C)
cmake_minimum_required (VERSION 2.6) cmake_minimum_required (VERSION 2.8)
if (POLICY CMP0005) if (POLICY CMP0005)
cmake_policy (SET CMP0005 OLD) cmake_policy (SET CMP0005 OLD)
...@@ -56,18 +56,45 @@ macro (Subversion_GET_REVISION dir variable) ...@@ -56,18 +56,45 @@ macro (Subversion_GET_REVISION dir variable)
endmacro (Subversion_GET_REVISION) endmacro (Subversion_GET_REVISION)
if (NOT CMAKE_BUILD_TYPE MATCHES "Release") if (NOT CMAKE_BUILD_TYPE MATCHES "Release")
if (EXISTS "${CMAKE_SOURCE_DIR}/.svn/") if (EXISTS "${CMAKE_SOURCE_DIR}/.svn/" OR EXISTS "${CMAKE_SOURCE_DIR}/../.svn/")
if (SVN_EXECUTABLE) if (SVN_EXECUTABLE)
Subversion_GET_REVISION(. ProjectRevision) Subversion_GET_REVISION(. ProjectRevision)
set (SVN_REVISION ".SVN.r${ProjectRevision}") set (SVN_REVISION "~svn${ProjectRevision}")
else (SVN_EXECUTABLE) else (SVN_EXECUTABLE)
set (SVN_REVISION ".SVN") set (SVN_REVISION "~svn")
endif (SVN_EXECUTABLE) endif (SVN_EXECUTABLE)
endif (EXISTS "${CMAKE_SOURCE_DIR}/.svn/") endif (EXISTS "${CMAKE_SOURCE_DIR}/.svn/" OR EXISTS "${CMAKE_SOURCE_DIR}/../.svn/")
endif (NOT CMAKE_BUILD_TYPE MATCHES "Release") endif (NOT CMAKE_BUILD_TYPE MATCHES "Release")
# TODO: Check pkg-config (maybe with code like in gsa/CMakeLists.txt). # TODO: Check pkg-config (maybe with code like in gsa/CMakeLists.txt).
## Project version
# The following three variables should be set through the project command once
# we require CMake >= 3.0
set (PROJECT_VERSION_MAJOR 5)
set (PROJECT_VERSION_MINOR 1)
set (PROJECT_VERSION_PATCH 0)
# Set beta version if this is a beta release series,
# unset if this is a stable release series.
#set (PROJECT_BETA_RELEASE 1)
if (SVN_REVISION)
set (PROJECT_VERSION_SVN "${SVN_REVISION}")
endif (SVN_REVISION)
# If PROJECT_BETA_RELEASE is set, the version string will be set to:
# "major.minor+beta${PROJECT_BETA_RELEASE}"
# If PROJECT_BETA_RELEASE is NOT set, the version string will be set to:
# "major.minor.patch"
if (PROJECT_BETA_RELEASE)
set (PROJECT_VERSION_SUFFIX "+beta${PROJECT_BETA_RELEASE}")
else (PROJECT_BETA_RELEASE)
set (PROJECT_VERSION_SUFFIX ".${PROJECT_VERSION_PATCH}")
endif (PROJECT_BETA_RELEASE)
set (PROJECT_VERSION_STRING "${PROJECT_VERSION_MAJOR}.${PROJECT_VERSION_MINOR}${PROJECT_VERSION_SUFFIX}")
## CPack configuration ## CPack configuration
set (CPACK_CMAKE_GENERATOR "Unix Makefiles") set (CPACK_CMAKE_GENERATOR "Unix Makefiles")
...@@ -81,41 +108,16 @@ set (CPACK_SOURCE_GENERATOR "TGZ") ...@@ -81,41 +108,16 @@ set (CPACK_SOURCE_GENERATOR "TGZ")
set (CPACK_SOURCE_TOPLEVEL_TAG "") set (CPACK_SOURCE_TOPLEVEL_TAG "")
set (CPACK_SYSTEM_NAME "") set (CPACK_SYSTEM_NAME "")
set (CPACK_TOPLEVEL_TAG "") set (CPACK_TOPLEVEL_TAG "")
set (CPACK_PACKAGE_VERSION_MAJOR "5")
set (CPACK_PACKAGE_VERSION_MINOR "0")
# Use this scheme for stable releases set (CPACK_PACKAGE_VERSION "${PROJECT_VERSION_STRING}${PROJECT_VERSION_SVN}")
set (CPACK_PACKAGE_VERSION_PATCH "7${SVN_REVISION}")
set (CPACK_PACKAGE_VERSION "${CPACK_PACKAGE_VERSION_MAJOR}.${CPACK_PACKAGE_VERSION_MINOR}.${CPACK_PACKAGE_VERSION_PATCH}")
# Use this scheme for +betaN and +rcN releases:
#set (CPACK_PACKAGE_VERSION_PATCH "+beta1${SVN_REVISION}")
#set (CPACK_PACKAGE_VERSION "${CPACK_PACKAGE_VERSION_MAJOR}.${CPACK_PACKAGE_VERSION_MINOR}${CPACK_PACKAGE_VERSION_PATCH}")
set (CPACK_PACKAGE_FILE_NAME "${PROJECT_NAME}-${CPACK_PACKAGE_VERSION}") set (CPACK_PACKAGE_FILE_NAME "${PROJECT_NAME}-${CPACK_PACKAGE_VERSION}")
set (CPACK_SOURCE_PACKAGE_FILE_NAME "${PROJECT_NAME}-${CPACK_PACKAGE_VERSION}") set (CPACK_SOURCE_PACKAGE_FILE_NAME "${PROJECT_NAME}-${CPACK_PACKAGE_VERSION}")
set (CPACK_PACKAGE_VENDOR "The OpenVAS Project") set (CPACK_PACKAGE_VENDOR "The OpenVAS Project")
set (CPACK_SOURCE_IGNORE_FILES set (CPACK_SOURCE_IGNORE_FILES
"${CMAKE_BINARY_DIR}"
"/.svn/" "/.svn/"
"/_CPack_Packages/"
"/CMakeFiles/"
"cmake$"
"swp$" "swp$"
"Cache.txt$"
".tar.gz"
"install_manifest.txt"
"Makefile"
"/doc/generated/"
"log.conf$"
"Doxyfile$"
"Doxyfile_full$"
"openvassd.8$"
"VERSION$"
"tools/openvas-mkcert$"
"tools/openvas-mkcert-client$"
"tools/openvas-nvt-sync$"
"tools/greenbone-nvt-sync$"
"doc/example_redis_2_4.conf$"
"doc/example_redis_2_6.conf$"
) )
include (CPack) include (CPack)
...@@ -157,22 +159,21 @@ endif (NOT DATADIR) ...@@ -157,22 +159,21 @@ endif (NOT DATADIR)
#if (NOT SYSCONFDIR) #if (NOT SYSCONFDIR)
# set (SYSCONFDIR "${CMAKE_INSTALL_PREFIX}/etc") # set (SYSCONFDIR "${CMAKE_INSTALL_PREFIX}/etc")
#endif (NOT SYSCONFDIR) #endif (NOT SYSCONFDIR)
if (NOT OPENVAS_RUN_DIR)
set (OPENVAS_RUN_DIR "${LOCALSTATEDIR}/run")
endif (NOT OPENVAS_RUN_DIR)
set (OPENVAS_DATA_DIR "${DATADIR}/openvas") set (OPENVAS_DATA_DIR "${DATADIR}/openvas")
set (OPENVAS_STATE_DIR "${LOCALSTATEDIR}/lib/openvas") set (OPENVAS_STATE_DIR "${LOCALSTATEDIR}/lib/openvas")
set (OPENVAS_LOG_DIR "${LOCALSTATEDIR}/log/openvas") set (OPENVAS_LOG_DIR "${LOCALSTATEDIR}/log/openvas")
set (OPENVAS_CACHE_DIR "${LOCALSTATEDIR}/cache/openvas") set (OPENVAS_CACHE_DIR "${LOCALSTATEDIR}/cache/openvas")
set (OPENVAS_PID_DIR "${LOCALSTATEDIR}/run")
set (OPENVAS_SYSCONF_DIR "${SYSCONFDIR}/openvas") set (OPENVAS_SYSCONF_DIR "${SYSCONFDIR}/openvas")
set (OPENVAS_NVT_DIR "${OPENVAS_STATE_DIR}/plugins") if (NOT OPENVAS_NVT_DIR)
set (OPENVAS_NVT_DIR "${OPENVAS_STATE_DIR}/plugins")
endif (NOT OPENVAS_NVT_DIR)
set (OPENVAS_LIB_INSTALL_DIR "${LIBDIR}") set (OPENVAS_LIB_INSTALL_DIR "${LIBDIR}")
set (OPENVAS_SCANNER_CERTIFICATE "${OPENVAS_STATE_DIR}/CA/servercert.pem")
set (OPENVAS_SCANNER_KEY "${OPENVAS_STATE_DIR}/private/CA/serverkey.pem")
set (OPENVAS_CLIENT_CERTIFICATE "${OPENVAS_STATE_DIR}/CA/clientcert.pem")
set (OPENVAS_CLIENT_KEY "${OPENVAS_STATE_DIR}/private/CA/clientkey.pem")
set (OPENVAS_CA_CERTIFICATE "${OPENVAS_STATE_DIR}/CA/cacert.pem")
set (OPENVASSD_MESSAGES "${OPENVAS_LOG_DIR}/openvassd.messages") set (OPENVASSD_MESSAGES "${OPENVAS_LOG_DIR}/openvassd.messages")
set (OPENVASSD_DEBUGMSG "${OPENVAS_LOG_DIR}/openvassd.dump") set (OPENVASSD_DEBUGMSG "${OPENVAS_LOG_DIR}/openvassd.dump")
...@@ -185,11 +186,10 @@ message ("-- Install prefix: ${CMAKE_INSTALL_PREFIX}") ...@@ -185,11 +186,10 @@ message ("-- Install prefix: ${CMAKE_INSTALL_PREFIX}")
## Dependency checks ## Dependency checks
pkg_check_modules (LIBOPENVAS_NASL REQUIRED libopenvas_nasl>=8.0.2) pkg_check_modules (LIBOPENVAS_NASL REQUIRED libopenvas_nasl>=9.0.0)
pkg_check_modules (LIBOPENVAS_BASE REQUIRED libopenvas_base>=8.0.2) pkg_check_modules (LIBOPENVAS_BASE REQUIRED libopenvas_base>=9.0.0)
pkg_check_modules (LIBOPENVAS_MISC REQUIRED libopenvas_misc>=8.0.2) pkg_check_modules (LIBOPENVAS_MISC REQUIRED libopenvas_misc>=9.0.0)
pkg_check_modules (LIBOPENVAS_OMP REQUIRED libopenvas_omp>=8.0.2) pkg_check_modules (GLIB REQUIRED glib-2.0>=2.32)
pkg_check_modules (GLIB REQUIRED glib-2.0>=2.16)
message (STATUS "Looking for libgcrypt...") message (STATUS "Looking for libgcrypt...")
find_library (GCRYPT gcrypt) find_library (GCRYPT gcrypt)
...@@ -207,8 +207,7 @@ endif (NOT GCRYPT) ...@@ -207,8 +207,7 @@ endif (NOT GCRYPT)
## Version ## Version
string (REPLACE " set (OPENVASSD_VERSION "${PROJECT_VERSION_STRING}")
" "" OPENVASSD_VERSION ${CPACK_PACKAGE_VERSION})
# Configure Doxyfile with version number # Configure Doxyfile with version number
configure_file (doc/Doxyfile.in doc/Doxyfile @ONLY) configure_file (doc/Doxyfile.in doc/Doxyfile @ONLY)
...@@ -217,19 +216,18 @@ configure_file (doc/openvassd.8.in doc/openvassd.8 @ONLY) ...@@ -217,19 +216,18 @@ configure_file (doc/openvassd.8.in doc/openvassd.8 @ONLY)
configure_file (doc/example_redis_2_4.conf.in doc/example_redis_2_4.conf @ONLY) configure_file (doc/example_redis_2_4.conf.in doc/example_redis_2_4.conf @ONLY)
configure_file (doc/example_redis_2_6.conf.in doc/example_redis_2_6.conf @ONLY) configure_file (doc/example_redis_2_6.conf.in doc/example_redis_2_6.conf @ONLY)
configure_file (VERSION.in VERSION @ONLY) configure_file (VERSION.in VERSION @ONLY)
configure_file (tools/openvas-mkcert.in tools/openvas-mkcert @ONLY)
configure_file (tools/openvas-mkcert-client.in tools/openvas-mkcert-client @ONLY)
configure_file (tools/openvas-nvt-sync.in tools/openvas-nvt-sync @ONLY)
configure_file (tools/greenbone-nvt-sync.in tools/greenbone-nvt-sync @ONLY) configure_file (tools/greenbone-nvt-sync.in tools/greenbone-nvt-sync @ONLY)
# TODO: Once Scanner has a proper logging mechanism like Manager. # TODO: Once Scanner has a proper logging mechanism like Manager.
#configure_file (src/openvassd_log_conf.cmake_in src/openvassd_log.conf) #configure_file (src/openvassd_log_conf.cmake_in src/openvassd_log.conf)
## Program ## Program
set (HARDENING_FLAGS "-Wformat -Wformat-security -O2 -D_FORTIFY_SOURCE=2 -fstack-protector -Wl,-z,relro -Wl,-z,now") set (HARDENING_FLAGS "-Wformat -Wformat-security -O2 -D_FORTIFY_SOURCE=2 -fstack-protector")
set (LINKER_HARDENING_FLAGS "-Wl,-z,relro -Wl,-z,now")
set (GPGME_C_FLAGS "-D_FILE_OFFSET_BITS=64 -DLARGEFILE_SOURCE=1")
set (CMAKE_C_FLAGS_DEBUG "${CMAKE_C_FLAGS_DEBUG} -Werror") set (CMAKE_C_FLAGS_DEBUG "${CMAKE_C_FLAGS_DEBUG} ${GPGME_C_FLAGS} -Werror -Wextra")
set (CMAKE_C_FLAGS "${CMAKE_C_FLAGS} ${HARDENING_FLAGS} -Wall -D_BSD_SOURCE -D_ISOC99_SOURCE -D_SVID_SOURCE -D_DEFAULT_SOURCE") set (CMAKE_C_FLAGS "${CMAKE_C_FLAGS} ${HARDENING_FLAGS} ${GPGME_C_FLAGS} -Wall -D_BSD_SOURCE -D_ISOC99_SOURCE -D_SVID_SOURCE -D_DEFAULT_SOURCE")
add_subdirectory (src) add_subdirectory (src)
...@@ -251,27 +249,15 @@ install (FILES ${CMAKE_BINARY_DIR}/src/openvassd ...@@ -251,27 +249,15 @@ install (FILES ${CMAKE_BINARY_DIR}/src/openvassd
#install (FILES openvassd_log.conf #install (FILES openvassd_log.conf
# DESTINATION ${OPENVAS_SYSCONF_DIR}) # DESTINATION ${OPENVAS_SYSCONF_DIR})
install (FILES ${CMAKE_BINARY_DIR}/tools/openvas-mkcert install (FILES ${CMAKE_BINARY_DIR}/tools/greenbone-nvt-sync
${CMAKE_BINARY_DIR}/tools/openvas-nvt-sync
${CMAKE_BINARY_DIR}/tools/greenbone-nvt-sync
DESTINATION ${SBINDIR} DESTINATION ${SBINDIR}
PERMISSIONS OWNER_EXECUTE OWNER_READ OWNER_WRITE PERMISSIONS OWNER_EXECUTE OWNER_READ OWNER_WRITE
GROUP_READ GROUP_EXECUTE WORLD_READ WORLD_EXECUTE) GROUP_READ GROUP_EXECUTE WORLD_READ WORLD_EXECUTE)
install (FILES ${CMAKE_BINARY_DIR}/tools/openvas-mkcert-client
DESTINATION ${BINDIR}
PERMISSIONS OWNER_EXECUTE OWNER_READ OWNER_WRITE
GROUP_READ GROUP_EXECUTE WORLD_READ WORLD_EXECUTE)
install (FILES ${CMAKE_SOURCE_DIR}/doc/openvas-mkcert-client.1
DESTINATION ${DATADIR}/man/man1 )
install (FILES ${CMAKE_BINARY_DIR}/doc/openvassd.8 install (FILES ${CMAKE_BINARY_DIR}/doc/openvassd.8
DESTINATION ${DATADIR}/man/man8 ) DESTINATION ${DATADIR}/man/man8 )
install (FILES ${CMAKE_SOURCE_DIR}/doc/openvas-mkcert.8 install (FILES ${CMAKE_SOURCE_DIR}/doc/greenbone-nvt-sync.8
${CMAKE_SOURCE_DIR}/doc/openvas-nvt-sync.8
${CMAKE_SOURCE_DIR}/doc/greenbone-nvt-sync.8
DESTINATION ${DATADIR}/man/man8 ) DESTINATION ${DATADIR}/man/man8 )
install (FILES ${CMAKE_BINARY_DIR}/doc/example_redis_2_4.conf install (FILES ${CMAKE_BINARY_DIR}/doc/example_redis_2_4.conf
......
...@@ -30,7 +30,4 @@ src/processes.[c|h]: GPLv2 ...@@ -30,7 +30,4 @@ src/processes.[c|h]: GPLv2
src/sighand.[c|h]: GPLv2 src/sighand.[c|h]: GPLv2
src/utils.[c|h]: GPLv2 src/utils.[c|h]: GPLv2
tools/greenbone-nvt-sync: GPLv2+ tools/greenbone-nvt-sync.in: GPLv2+
tools/openvas-mkcert-client.in: GPLv2
tools/openvas-mkcert.in: GPLv2
tools/openvas-nvt-sync.in: GPLv2
This diff is collapsed.
...@@ -2,7 +2,7 @@ INSTALLATION INSTRUCTIONS FOR OPENVAS-SCANNER ...@@ -2,7 +2,7 @@ INSTALLATION INSTRUCTIONS FOR OPENVAS-SCANNER
============================================= =============================================
Please note: The reference system used by most of the developers is Debian Please note: The reference system used by most of the developers is Debian
Debian GNU/Linux 'Wheezy' 7. The build might fail on any other systems. Debian GNU/Linux 'Jessie' 8. The build might fail on any other systems.
Also it is necessary to install dependent development packages. Also it is necessary to install dependent development packages.
...@@ -10,10 +10,10 @@ Prerequisites for openvas-scanner ...@@ -10,10 +10,10 @@ Prerequisites for openvas-scanner
--------------------------------- ---------------------------------
Prerequisites: Prerequisites:
* cmake * cmake >= 2.8
* glib-2.0 >= 2.16 * libopenvas_nasl, libopenvas_base, libopenvas_misc >= 9.0.0
* glib-2.0 >= 2.32
* libgcrypt * libgcrypt
* openvas-libraries >= 8.0.2
* pkg-config * pkg-config
* redis >= 2.4.0 * redis >= 2.4.0
...@@ -67,17 +67,7 @@ Setting up openvas-scanner ...@@ -67,17 +67,7 @@ Setting up openvas-scanner
Setting up an openvas-scanner requires the following steps: Setting up an openvas-scanner requires the following steps:
1) The scanner service communicate through an SSL connection. 1) (optional) You may decide to change the default scanner preferences
In order to establish this connection, the scanner needs to have
an SSL certificate it can present to the client to prove its identity. You
can interactively create this certificate by using the following command:
$ openvas-mkcert
This command will guide you through the certificate creation and place the
certificates in the correct locations on your system.
2) (optional) You may decide to change the default scanner preferences
by setting them in the file $prefix/etc/openvassd.conf. If that file does by setting them in the file $prefix/etc/openvassd.conf. If that file does
not exist (default), then the default settings are used. You can view not exist (default), then the default settings are used. You can view
them with "openvassd -s". The output of that command is a valid configuration them with "openvassd -s". The output of that command is a valid configuration
...@@ -85,27 +75,42 @@ Setting up an openvas-scanner requires the following steps: ...@@ -85,27 +75,42 @@ Setting up an openvas-scanner requires the following steps:
settings, among these opportunities to restrict access of scanner regarding settings, among these opportunities to restrict access of scanner regarding
scan targets and interfaces. scan targets and interfaces.
3) In order to run vulnerability scans, you will need a collection of Network 2) In order to run vulnerability scans, you will need a collection of Network
Vulnerability Tests (NVTs) that can be run by openvas-scanner. Initially, Vulnerability Tests (NVTs) that can be run by openvas-scanner. Initially,
your NVT collection will be empty. It is recommended that you synchronize your NVT collection will be empty. It is recommended that you synchronize
with an NVT feed service before starting openvas-scanner for the first time. with an NVT feed service before starting openvas-scanner for the first time.
Your installation is preconfigured to synchronize with the OpenVAS NVT Feed. Simply execute the following command. It will retrieve over 50,000 NVTs.
Simply execute the following command to receive thousands of NVTs from this
feed service:
$ openvas-nvt-sync $ greenbone-nvt-sync
This tool will use the Greenbone Security Feed in case a Greenbone
subscription key is present. Else, the Community Feed will be used.
Please note that you will need at least one of the following tools for a Please note that you will need at least one of the following tools for a
successful synchronization: successful synchronization:
* rsync * rsync
* wget * wget
* curl * curl
NVT feeds are usually updated a few times per week. Be sure to update your NVT feeds are updated on a regular basis. Be sure to update your NVT collection
NVT collection regularly to detect the latest threats. regularly to detect the latest threats.
Please visit the OpenVAS website for more information on available NVT feeds
and instructions for integrating feeds into your scanner installation. 3) The scanner needs a running redis server to temporarily store information
gathered on the scanned hosts. Redis 2.4 and newer is supported but 2.6
is recommended. See doc/redis_config.txt to see how to setup and run a redis
server.
Two examples are installed which you may use directly for a quick start:
$ redis-server /share/doc/openvas-scanner/example_redis_2_4.conf
or
$ redis-server /share/doc/openvas-scanner/example_redis_2_6.conf
or copy the example to another location, edit and use the copy instead.
4) You can launch openvas-scanner using the following command: 4) You can launch openvas-scanner using the following command:
...@@ -126,37 +131,18 @@ Setting up an openvas-scanner requires the following steps: ...@@ -126,37 +131,18 @@ Setting up an openvas-scanner requires the following steps:
privileges, it is recommended that you start openvassd as root since a number privileges, it is recommended that you start openvassd as root since a number
of Network Vulnerability Tests (NVTs) require root privileges to perform of Network Vulnerability Tests (NVTs) require root privileges to perform
certain operations like packet forgery. If you run openvassd as a user certain operations like packet forgery. If you run openvassd as a user
without permission to perform these operations, your scan results are very without permission to perform these operations, your scan results are likely
likely to be incomplete. to be incomplete.
5) The scanner needs a running redis server to temporarily store information
gathered on the scanned hosts. Redis 2.4 and newer is supported but 2.6
is recommended. See doc/redis_config.txt to see how to setup and run a redis
server.
Two examples are installed which you may use directly for a quick start:
$ redis-server /share/doc/openvas-scanner/example_redis_2_4.conf
or 5) Once the scanner has started, openvas-manager can act as a client and control
$ redis-server /share/doc/openvas-scanner/example_redis_2_6.conf
or copy the example to another location, edit and use the copy instead.
6) Once the scanner has started, openvas-manager can act as a client and control
the scanner. The actual user interfaces (for example GSA or CLI-OMP) the scanner. The actual user interfaces (for example GSA or CLI-OMP)
will only interact with the manager, not the scanner. will only interact with the manager, not the scanner.
You will be guided through creation of user accounts by the INSTALL file
of OpenVAS Manager.
If you encounter problems, the files /var/log/openvas/openvassd.messages and If you encounter problems, the files /var/log/openvas/openvassd.messages and
/var/log/openvas/openvassd.dump may contain useful information. (The exact /var/log/openvas/openvassd.dump may contain useful information. The exact
location of these files may differ depending on your distribution and location of these files may differ depending on your distribution and
installation method.) Please have these files ready when contacting the OpenVAS installation method. Please have these files ready when contacting the OpenVAS
developers through the OpenVAS mailing list or the online chat or submitting bug developers through the OpenVAS mailing list or the online chat or submitting bug
reports at http://bugs.openvas.org/ as they may help to pinpoint the source of reports at http://bugs.openvas.org/ as they may help to pinpoint the source of
your issue. your issue.
......
# see git-dpm(1) from git-dpm package # see git-dpm(1) from git-dpm package
0ab8b06a63586dad92abaf822a7a7a69ecc9b8fe 729a78be9e682d976f15cbf9324d3d468a6038ae
0ab8b06a63586dad92abaf822a7a7a69ecc9b8fe 729a78be9e682d976f15cbf9324d3d468a6038ae
0ab8b06a63586dad92abaf822a7a7a69ecc9b8fe 729a78be9e682d976f15cbf9324d3d468a6038ae
0ab8b06a63586dad92abaf822a7a7a69ecc9b8fe 729a78be9e682d976f15cbf9324d3d468a6038ae
openvas-scanner_5.0.7.orig.tar.gz openvas-scanner_5.1.0.orig.tar.gz
ca5ba1a65ff34a8cb8c014cb09129434e319d689 3e22be534053d2306c196045aea1ae624088ad71
238419 256594
debianTag="debian/%e%v" debianTag="debian/%e%v"
patchedTag="patched/%e%v" patchedTag="patched/%e%v"
upstreamTag="upstream/%e%u" upstreamTag="upstream/%e%u"
openvas-scanner (5.1.0-1) UNRELEASED; urgency=medium
* Import new upstream release
-- SZ Lin (林上智) <szlin@cs.nctu.edu.tw> Mon, 14 Nov 2016 13:52:47 +0800
openvas-scanner (5.0.7-2) unstable; urgency=medium openvas-scanner (5.0.7-2) unstable; urgency=medium
* Fix typo in zh_TW.po * Fix typo in zh_TW.po
......
This source diff could not be displayed because it is too large. You can view the blob instead.
This source diff could not be displayed because it is too large. You can view the blob instead.
.\" Hey, EMACS: -*- nroff -*- .\" Hey, EMACS: -*- nroff -*-
.TH GREENBONE-NVT-SYNC 8 "January 2011" "The OpenVAS Project" "User Manuals" .TH GREENBONE-NVT-SYNC 8 "January 2011" "The OpenVAS Project" "User Manuals"
.SH NAME .SH NAME
greenbone-nvt-sync \- updates the OpenVAS security checks from Greenbone Security Feed greenbone-nvt-sync \- updates the OpenVAS NVTs from Greenbone Security Feed or Community Feed
.SH SYNOPSIS .SH SYNOPSIS
.B greenbone-nvt-sync .B greenbone-nvt-sync
.SH DESCRIPTION .SH DESCRIPTION
...@@ -10,22 +10,24 @@ The ...@@ -10,22 +10,24 @@ The
performs several security checks. These are called Network Vulnerability Tests performs several security checks. These are called Network Vulnerability Tests
(NVTs) and are mostly implemented in the programming language NASL. Some NVTs are (NVTs) and are mostly implemented in the programming language NASL. Some NVTs are
wrappers for external tools. wrappers for external tools.
As new security holes are published every day, new NVTs appear in the As new vulnerabilities are published every day, new NVTs appear in the
Greenbone Security Feed. This feed is commercial and requires a respective subscription key. Greenbone Security Feed. This feed is commercial and requires a respective subscription key.
The OpenVAS project offers a free Feed which can be issued via openvas-nvt-sync(8). In case no subscription key is present, the update synchronisation will use the Community Feed instead.
.br .br
The script The script
.B greenbone-nvt-sync .B greenbone-nvt-sync
will fetch all new and updated security checks and install them at the proper will fetch all new and updated security checks and install them at the proper
location. Once this is done it will try to restart the openvas-scanner(8) location. Once this is done it will send a signal to the OpenVAS Scanner, openvassd(8)
so that the new NVTs are loaded and considered for new security scans. If your installation so that the new NVTs are loaded and considered for new security scans. If your installation
does not allow automatic restart, you need to restart the scanner manually. does not allow automatic restart, you need to restart the scanner manually.
Subsequent to the scanner, the script also tries to send a signal to the OpenVAS Manager
openvasmd(8) so that the information about the NVTs are also updated into the Manager database.
.SH SEE ALSO .SH SEE ALSO
For more information see: For more information see:
.BR openvassd(8), .BR openvassd(8),
.BR openvas-nvt-feed(8) .BR openvasmd(8)
.br .br
.SH AUTHOR .SH AUTHOR
......
.TH OPENVAS-MKCERT-CLIENT 1 "May 2002" "The OpenVAS Project" "User Manuals"
.SH NAME
openvas-mkcert-client \- Creates a client certificate
.sp
.SH SYNOPSIS
.BI openvas-mkcert-client
.SH DESCRIPTION
The
.B OpenVAS Security Scanner
protects the communication between the client and the server by using SSL. SSL
requires the server to present a certificate to the client, and the client can
optionally present a certificate to the server.
This script
.B openvas-mkcert-client
generates a client certificate.
.SH SEE ALSO
.BR openvassd (8),\ openvas-mkcert (8),\ openssl(1)
.SH MORE INFORMATION ABOUT THE OpenVAS PROJECT
The canonical places where you will find more information
about the OpenVAS project are:
.RS
.UR
http://www.openvas.org/
.UE
(Official site)
.br
.UR
http://cvs.openvas.org/
.UE
(Developers site)
.RE
.SH AUTHOR
.B openvas-mkcert-client
was written by Michel Arboi <arboi@bigfoot.com> based on
.B openvas-mkcert
.TH OpenVAS-MKCERT 8 "January 2011" "The OpenVAS Project" "User Manuals"
.SH NAME
openvas-mkcert \- Creates a scanner certificate
.sp
.SH SYNOPSIS
.B openvas-mkcert
.RB [ -q ]
.RB [ -f ]
.SH DESCRIPTION
The
.B OpenVAS Scanner
protects its communication with clients by using SSL. SSL
requires the scanner to present a certificate to the client, and the client can
optionally present a certificate to the scanner.
This script
.B openvas-mkcert
creates a certificate authority (if none exists already) and generates the
scanner certificate.
.SH OPTIONS
.I -q
quickly generates a new certificate, without asking any question
.I -f
force overwriting of already existing certificate files
.SH SEE ALSO
.BR openvassd (8),\ openvas-mkcert-client (1),\ openssl(1)
.SH MORE INFORMATION ABOUT THE OpenVAS PROJECT
The canonical places where you will find more information
about the OpenVAS project are:
.RS
.UR
http://www.openvas.org/
.UE
(Official site)
.br
.SH AUTHOR
.B openvas-mkcert
was derived from nessus-mkcert which is was written by Michel
Arboi <arboi@alussinan.org> and Renaud Deraison <deraison@cvs.nessus.org>
.\" Hey, EMACS: -*- nroff -*-
.TH OPENVAS-NVT-SYNC 8 "January 2014" "The OpenVAS Project" "User Manuals"
.SH NAME
openvas-nvt-sync \- updates the OpenVAS security checks from OpenVAS NVT Feed
.SH SYNOPSIS
.B openvas-nvt-sync
.SH DESCRIPTION
The
.B OpenVAS Security Scanner
performs several security checks, each of them being coded as an external
plugin coded in NASL. As new security holes are published every day, new
plugins appear on the OpenVAS site (www.openvas.org)
.br
The script
.B openvas-nvt-sync
will fetch all the newest security checks for you and install them at the proper
location. Once this is done you will need to either restart openvas-scanner(8)
or send a SIGHUP to its main process so that it loads the new checks and uses them
for new security scans.
.br
.B openvas-nvt-sync
uses rsync(1) and md5sum(1) to do its job. In order to download the
new plugins the machine where the script runs needs to have
access to rsync.openvas.org using the rsync protocol (TCP/UDP port 873).
If you are behind a web proxy you can configure rsync to use it through the
use of the RSYNC_PROXY environment variable. For more information see
rsync(1).
.SH SECURITY NOTES
.B openvas-nvt-sync
uses rsync(1) to retrieve the archive of the new plugins. The scripts
provided by the OpenVAS project might
.B not be signed.
Consequently, if somewhere where to poison your DNS server and force this
script to retrieve NASL plugins on another site he would force
your OpenVAS server to execute NASL scripts when running security tests.
Even if this might not do much harm (see the NASL reference guide
for more information on that subject) you should be very careful
when doing this.
.SH SEE ALSO
For more information see:
.BR rsync(1),
.BR openvassd(8),
.br
There is more information available at
.B /usr/share/doc/openvas-plugins
on Debian systems.
.PP
You can find additional information about the OpenVAS project in
http://www.openvas.org
.SH AUTHOR
This manual page was written by
Javier Fern\['a]ndez-Sanguino Pe\[~n]a <jfs@debian.org>
for the Debian GNU/Linux system (but may be used on other systems).
.PP
The
.B openvas-nvt-sync
script was written by various authors, mainly from Greenbone Networks GmbH.
...@@ -2,8 +2,8 @@ ...@@ -2,8 +2,8 @@
.SH NAME .SH NAME
openvassd \- The Scanner of the Open Vulnerability Assessment System (OpenVAS) openvassd \- The Scanner of the Open Vulnerability Assessment System (OpenVAS)
.SH SYNOPSIS .SH SYNOPSIS
.BI "openvassd [\|-v\|] [\|-h\|] [\|-c " config-file\| "] [\|-a " address\| .BI "openvassd [\|-v\|] [\|-h\|] [\|-c " config-file\| "]
.BI "] [\|-p " port-number\| "] [\|-D\|] [\|-R\|] [\|-P\|] [\|-q\|] [\|-f\|]" .BI " [\|-D\|] [\|-R\|] [\|-P\|] [\|-q\|] [\|-f\|]"
.SH DESCRIPTION .SH DESCRIPTION
.B OpenVAS .B OpenVAS
...@@ -25,37 +25,6 @@ by default (unless you specify \-f as an option). ...@@ -25,37 +25,6 @@ by default (unless you specify \-f as an option).
Use the alternate configuration file instead of Use the alternate configuration file instead of
.I @OPENVASSD_CONF@ .I @OPENVASSD_CONF@
.TP
.BI "-a " <address> ", --listen=" <address>
Tell the scanner to only listen to connections on the address
.I <address>
which is an IP, not a machine name. For instance,
"openvassd \-a 192.168.1.1"
will make
.B openvassd
only listen to requests going to
.I 192.168.1.1
This option is useful if you are running openvassd on a gateway and if you don't
want people on the outside to connect to your
.BR openvassd .
.TP
.BI "-p " <port-number> ", --port=" <port-number>
Tell the scanner to listen on connection on the port <port-number> rather
than listening on port 9391 (default).