Commit 0f07bb9e authored by Mati's avatar Mati

Imported Upstream version 3.3.1

parent 0244d8b9
openvas-scanner 3.3.1 (2012-04-24)
This is the first maintenance release of the openvas-scanner 3.3 module for the Open
Vulnerability Assessment System release 5 (OpenVAS-5).
This release contains fixes for the CMake build infrastructure and an updated
greenbone-nvt-sync script. It also raises the glib and gnutls dependencies to
the minimum of what OpenVAS Libraries requires (currently glib 2.16 and gnutls
2.2).
Many thanks to everyone who has contributed to the 3.3.1 release:
Lukas Grunwald, Jan-Oliver Wagner and Michael Wiegand.
Main changes compared to 3.3.0:
* The CMake infrastructure has been cleaned up to ensure that compilation with
modern gccs works.
* The greenbone-nvt-sync script has been updated.
* OpenVAS Scanner now requires at least glib 2.16 and gnutls 2.2, matching the
requirements of OpenVAS Libraries.
openvas-scanner 3.3.0 (2012-03-25)
This is the first release of the openvas-scanner 3.3 module for the Open
Vulnerability Assessment System release 5 (OpenVAS-5). Compared
to the previous major release it covers a set of various improvements.
Many thanks to everyone who has contributed to the 3.3.0 release:
Henri Doreau, Stephan Kleine, Matthew Mundell, Jan-Oliver Wagner and Michael
Wiegand.
Main changes compared to 3.2.x:
* New: scanner preference "reverse_lookup", defaulting to "no" (the previous
behaviour)
* Changed: For network wide scanning, mandatory keys are ignored.
* Changed: Don't start the second scan phase when network scan is enabled and
user requests "stop" during the first phase.
* New: Send an ERRMSG to the client when terminating a process.
* Changed: Do not force execution of ACT_INIT category.
* Fixed: A number of potential resource leaks.
* Fixed: A number of compiler warnings when compiling with gcc 4.6.
* Fixed: Usage of the mktemp template in openvas-nvt-sync.
* Removed: Support for shared sockets.
* New: The scanner options "network_scan" and "report_host_details" have been
added to the default scanner options.
* The greenbone-nvt-sync script has been updated.
* OpenVAS Scanner now uses UTC internally.
* The optional use of the external tool "ovaldi" has been made more secure.
* NVT management code has been updated to reflect the updated openvas-libraries
API.
* Further improvements to the build system.
openvas-scanner 3.3+rc1 (2012-03-11)
This is the first release candidate of the openvas-scanner 3.3 module for the Open
Vulnerability Assessment System (OpenVAS). It will be part of the upcoming
"OpenVAS-5".
This release fixes some minor issues detecting during beta testing.
Many thanks to everyone who has contributed to this release:
Henri Dorea, Matthew Mundell and Michael Wiegand.
Main changes compared to 3.3+beta2:
* New scanner preference "reverse_lookup", defaulting to "no" (the previous
behaviour)
* For network wide scanning, mandatory keys are ignored.
* Don't start the second scan phase when network scan is enabled and
user requests "stop" during the first phase.
* Send an ERRMSG to the client when terminating a process.
* Furter improvements to the build system.
openvas-scanner 3.3+beta2 (2011-10-10) openvas-scanner 3.3+beta2 (2011-10-10)
This is the second beta release of the openvas-scanner 3.3 module for the Open This is the second beta release of the openvas-scanner 3.3 module for the Open
......
...@@ -79,8 +79,11 @@ set (CPACK_SYSTEM_NAME "") ...@@ -79,8 +79,11 @@ set (CPACK_SYSTEM_NAME "")
set (CPACK_TOPLEVEL_TAG "") set (CPACK_TOPLEVEL_TAG "")
set (CPACK_PACKAGE_VERSION_MAJOR "3") set (CPACK_PACKAGE_VERSION_MAJOR "3")
set (CPACK_PACKAGE_VERSION_MINOR "3") set (CPACK_PACKAGE_VERSION_MINOR "3")
set (CPACK_PACKAGE_VERSION_PATCH "+beta2${SVN_REVISION}") set (CPACK_PACKAGE_VERSION_PATCH "1${SVN_REVISION}")
set (CPACK_PACKAGE_VERSION "${CPACK_PACKAGE_VERSION_MAJOR}.${CPACK_PACKAGE_VERSION_MINOR}${CPACK_PACKAGE_VERSION_PATCH}") set (CPACK_PACKAGE_VERSION "${CPACK_PACKAGE_VERSION_MAJOR}.${CPACK_PACKAGE_VERSION_MINOR}.${CPACK_PACKAGE_VERSION_PATCH}")
# Use this scheme for +betaN and +rcN releases:
#set (CPACK_PACKAGE_VERSION_PATCH "+rc2${SVN_REVISION}")
#set (CPACK_PACKAGE_VERSION "${CPACK_PACKAGE_VERSION_MAJOR}.${CPACK_PACKAGE_VERSION_MINOR}${CPACK_PACKAGE_VERSION_PATCH}")
set (CPACK_PACKAGE_FILE_NAME "${PROJECT_NAME}-${CPACK_PACKAGE_VERSION}") set (CPACK_PACKAGE_FILE_NAME "${PROJECT_NAME}-${CPACK_PACKAGE_VERSION}")
set (CPACK_SOURCE_PACKAGE_FILE_NAME "${PROJECT_NAME}-${CPACK_PACKAGE_VERSION}") set (CPACK_SOURCE_PACKAGE_FILE_NAME "${PROJECT_NAME}-${CPACK_PACKAGE_VERSION}")
set (CPACK_PACKAGE_VENDOR "The OpenVAS Project") set (CPACK_PACKAGE_VENDOR "The OpenVAS Project")
...@@ -180,8 +183,8 @@ message ("-- Install prefix: ${CMAKE_INSTALL_PREFIX}") ...@@ -180,8 +183,8 @@ message ("-- Install prefix: ${CMAKE_INSTALL_PREFIX}")
## might occur. ## might occur.
pkg_check_modules (LIBOPENVAS REQUIRED libopenvas>=5.0.0) pkg_check_modules (LIBOPENVAS REQUIRED libopenvas>=5.0.0)
pkg_check_modules (GNUTLS REQUIRED gnutls) pkg_check_modules (GNUTLS REQUIRED gnutls>=2.2)
pkg_check_modules (GLIB REQUIRED glib-2.0) pkg_check_modules (GLIB REQUIRED glib-2.0>=2.16)
message (STATUS "Looking for pcap...") message (STATUS "Looking for pcap...")
find_library (PCAP pcap) find_library (PCAP pcap)
...@@ -211,6 +214,13 @@ execute_process (COMMAND pkg-config --libs libopenvas ...@@ -211,6 +214,13 @@ execute_process (COMMAND pkg-config --libs libopenvas
OUTPUT_VARIABLE OPENVAS_LDFLAGS OUTPUT_VARIABLE OPENVAS_LDFLAGS
OUTPUT_STRIP_TRAILING_WHITESPACE) OUTPUT_STRIP_TRAILING_WHITESPACE)
execute_process (COMMAND pkg-config --cflags gnutls
OUTPUT_VARIABLE GNUTLS_CFLAGS
OUTPUT_STRIP_TRAILING_WHITESPACE)
execute_process (COMMAND pkg-config --libs gnutls
OUTPUT_VARIABLE GNUTLS_LDFLAGS
OUTPUT_STRIP_TRAILING_WHITESPACE)
## Version ## Version
string (REPLACE " string (REPLACE "
...@@ -247,7 +257,7 @@ add_subdirectory (doc) ...@@ -247,7 +257,7 @@ add_subdirectory (doc)
## Install ## Install
install (FILES src/openvassd install (FILES ${CMAKE_BINARY_DIR}/src/openvassd
DESTINATION ${SBINDIR} DESTINATION ${SBINDIR}
PERMISSIONS OWNER_EXECUTE OWNER_READ OWNER_WRITE PERMISSIONS OWNER_EXECUTE OWNER_READ OWNER_WRITE
GROUP_READ GROUP_EXECUTE WORLD_READ WORLD_EXECUTE) GROUP_READ GROUP_EXECUTE WORLD_READ WORLD_EXECUTE)
...@@ -256,16 +266,28 @@ install (FILES src/openvassd ...@@ -256,16 +266,28 @@ install (FILES src/openvassd
#install (FILES openvassd_log.conf #install (FILES openvassd_log.conf
# DESTINATION ${OPENVAS_SYSCONF_DIR}) # DESTINATION ${OPENVAS_SYSCONF_DIR})
install (FILES tools/openvas-adduser tools/openvas-rmuser install (FILES ${CMAKE_BINARY_DIR}/tools/openvas-adduser
tools/openvas-mkcert tools/openvas-mkcert-client ${CMAKE_BINARY_DIR}/tools/openvas-rmuser
tools/greenbone-nvt-sync tools/openvas-nvt-sync ${CMAKE_BINARY_DIR}/tools/openvas-mkcert
${CMAKE_BINARY_DIR}/tools/openvas-mkcert-client
${CMAKE_BINARY_DIR}/tools/openvas-nvt-sync
DESTINATION ${SBINDIR} DESTINATION ${SBINDIR}
PERMISSIONS OWNER_EXECUTE OWNER_READ OWNER_WRITE PERMISSIONS OWNER_EXECUTE OWNER_READ OWNER_WRITE
GROUP_READ GROUP_EXECUTE WORLD_READ WORLD_EXECUTE) GROUP_READ GROUP_EXECUTE WORLD_READ WORLD_EXECUTE)
install (FILES doc/openvas-adduser.8 doc/openvas-mkcert.8 install (FILES ${CMAKE_SOURCE_DIR}/tools/greenbone-nvt-sync
doc/openvas-nvt-sync.8 doc/openvas-rmuser.8 doc/openvassd.8 DESTINATION ${SBINDIR}
doc/greenbone-nvt-sync.8 PERMISSIONS OWNER_EXECUTE OWNER_READ OWNER_WRITE
GROUP_READ GROUP_EXECUTE WORLD_READ WORLD_EXECUTE)
install (FILES ${CMAKE_BINARY_DIR}/doc/openvassd.8
DESTINATION ${DATADIR}/man/man8 )
install (FILES ${CMAKE_SOURCE_DIR}/doc/openvas-adduser.8
${CMAKE_SOURCE_DIR}/doc/openvas-mkcert.8
${CMAKE_SOURCE_DIR}/doc/openvas-nvt-sync.8
${CMAKE_SOURCE_DIR}/doc/openvas-rmuser.8
${CMAKE_SOURCE_DIR}/doc/greenbone-nvt-sync.8
DESTINATION ${DATADIR}/man/man8 ) DESTINATION ${DATADIR}/man/man8 )
install (DIRECTORY DESTINATION ${OPENVAS_NVT_DIR}) install (DIRECTORY DESTINATION ${OPENVAS_NVT_DIR})
......
2012-04-24 Michael Wiegand <michael.wiegand@greenbone.net>
Preparing the openvas-scanner 3.3.1 release.
* CHANGES: Updated.
2012-04-24 Michael Wiegand <michael.wiegand@greenbone.net>
Clean up CMake infrastructure and ensure that compilation with modern
gccs works.
* CMakeLists.txt: Retrieve GnuTLS flags via pkg-config. Remove setting
of OPENVAS_LIB_INSTALL_DIR and OPENVAS_HEADER_INSTALL_DIR as they are
retrieved via pkg-config now.
* src/CMakeLists.txt: Remove handling of now superfluous
OPENVAS_LIB_INSTALL_DIR and OPENVAS_HEADER_INSTALL_DIR. Set link
libraries via target_link_libraries and not via LINK_FLAGS since this
breaks compilation with more modern gccs. Take more libraries from
pkg-config output instead of hardcoding them.
2012-04-20 Michael Wiegand <michael.wiegand@greenbone.net>
* tools/greenbone-nvt-sync: Move check for ENABLED further down to
allow options like --identify to work.
2012-04-20 Michael Wiegand <michael.wiegand@greenbone.net>
* tools/greenbone-nvt-sync: Add switch to refresh scanner cache and
manager database without requiring network access.
2012-04-13 Michael Wiegand <michael.wiegand@greenbone.net>
* tools/greenbone-nvt-sync: Add switch to disable the sync script.
2012-04-04 Michael Wiegand <michael.wiegand@greenbone.net>
* tools/greenbone-nvt-sync: Add ssh options to disable strict host key
checking. Patch suggested by Lukas Grunwald.
2012-03-28 Jan-Oliver Wagner <jan-oliver.wagner@greenbone.net>
* CMakeLists.txt, INSTALL: Set dependency for glib and gnutls
to minimum of what openvas-libraries requires.
2012-03-27 Jan-Oliver Wagner <jan-oliver.wagner@greenbone.net>
* CMakeLists.txt: Fixed svn revisioning.
2012-03-25 Jan-Oliver Wagner <jan-oliver.wagner@greenbone.net>
Post release version bump.
* CMakeLists.txt: Set version to 3.3.1
2012-03-25 Jan-Oliver Wagner <jan-oliver.wagner@greenbone.net>
Preparing the openvas-scanner 3.3.0 release.
* CHANGES: Updated.
* CMakeLists.txt: Version bump to 3.3.0.
2012-03-11 Jan-Oliver Wagner <jan-oliver.wagner@greenbone.net>
Post release version bump.
* CMakeLists.txt: Set version to 3.3+rc2.
2012-03-11 Jan-Oliver Wagner <jan-oliver.wagner@greenbone.net>
Preparing the openvas-scanner 3.3+rc1 release.
* CHANGES: Updated.
* CMakeLists.txt: Version bump to 3.3+rc1.
2012-03-05 Matthew Mundell <matthew.mundell@greenbone.net>
* src/pluginlaunch.c (update_running_processes): Send an ERRMSG to the
client when terminating a process.
2012-01-27 Henri Doreau <henri.doreau@greenbone.net>
* src/ntp_11.c (ntp_11_parse_input): Delete stop_required arglist entry
instead of setting its value to zero when resuming a scan.
2012-01-27 Henri Doreau <henri.doreau@greenbone.net>
* src/ntp_11.c (ntp_11_parse_input): Reset stop_required variable on
scan resume.
2012-01-27 Henri Doreau <henri.doreau@greenbone.net>
* src/ntp_11.c (ntp_11_parse_input),
src/attack.c (attack_network):
Don't start the second scan phase when network scan is enabled and
user requests "stop" during the first phase.
2012-01-25 Henri Doreau <henri.doreau@greenbone.net>
* src/attack.c (launch_plugin): Ignore script_mandatory_keys
requirements during network-wide scanning phase.
2011-12-28 Jan-Oliver Wagner <jan-oliver.wagner@greenbone.net>
* INSTALL: Re-arranged text a bit and added some Debian 6 info.
2011-11-25 Michael Wiegand <michael.wiegand@greenbone.net>
* src/preferences.c (openvassd_defaults): Add reverse_lookup to the
list of default scanner options with default value "no".
2011-11-23 Michael Wiegand <michael.wiegand@greenbone.net>
* tools/greenbone-nvt-sync: Quote variables in tests to ensure strings
containing spaces are handled correctly.
2011-11-10 Michael Wiegand <michael.wiegand@greenbone.net>
* CMakeLists.txt: Adjust source locations in install command to enable
installation from an out-of-source build.
2011-10-10 Michael Wiegand <michael.wiegand@greenbone.net>
Post release version bump.
* CMakeLists.txt: Set version to 3.3+beta3.
2011-10-10 Michael Wiegand <michael.wiegand@greenbone.net> 2011-10-10 Michael Wiegand <michael.wiegand@greenbone.net>
Preparing the openvas-scanner 3.3+beta2 release. Preparing the openvas-scanner 3.3+beta2 release.
......
INSTALLATION INSTRUCTIONS FOR OPENVAS-SCANNER INSTALLATION INSTRUCTIONS FOR OPENVAS-SCANNER
============================================= =============================================
Please note: The reference system used by most of the developers is Debian Please note: The reference systems used by most of the developers are Debian
GNU/Linux 'Lenny' 5.0. The build might fail on any other systems. Also GNU/Linux 'Lenny' 5.0 and Debian GNU/Linux 'Squeeze' 6.0. The build might fail
it is necessary to install dependent development packages. on any other systems. Also it is necessary to install dependent development
packages.
Compiling openvas-scanner
------------------------- Prerequisites for openvas-scanner
---------------------------------
Prerequisites: Prerequisites:
* cmake * cmake
* glib-2.0 * glib-2.0 >= 2.16
* gnutls * gnutls >= 2.2
* openvas-libraries (5.0+beta2 or later) * openvas-libraries >= 5.0.0
* pkg-config * pkg-config
Prerequisites for building documentation: Prerequisites for building documentation:
...@@ -20,6 +22,10 @@ Prerequisites for building documentation: ...@@ -20,6 +22,10 @@ Prerequisites for building documentation:
* xmltoman (optional, for building man page) * xmltoman (optional, for building man page)
* sqlfairy (optional, for producing database diagram) * sqlfairy (optional, for producing database diagram)
Compiling openvas-scanner
-------------------------
If you have installed required libraries to a non-standard location, remember to If you have installed required libraries to a non-standard location, remember to
set the PKG_CONFIG_PATH environment variable to the location of you pkg-config set the PKG_CONFIG_PATH environment variable to the location of you pkg-config
files before configuring: files before configuring:
......
...@@ -23,7 +23,7 @@ by default (unless you specify -f as an option). ...@@ -23,7 +23,7 @@ by default (unless you specify -f as an option).
.TP .TP
.BI "-c " <config-file> ", --config-file=" <config-file> .BI "-c " <config-file> ", --config-file=" <config-file>
Use the alternate configuration file instead of Use the alternate configuration file instead of
.I /home/michael/openvas-testing/etc/openvas/openvassd.conf .I /home/michael/vol1/openvas-testing/etc/openvas/openvassd.conf
.TP .TP
.BI "-a " <address> ", --listen=" <address> .BI "-a " <address> ", --listen=" <address>
...@@ -81,12 +81,12 @@ Show a summary of the commands ...@@ -81,12 +81,12 @@ Show a summary of the commands
The default The default
.B openvassd .B openvassd
configuration file, configuration file,
.I /home/michael/openvas-testing/etc/openvas/openvassd.conf .I /home/michael/vol1/openvas-testing/etc/openvas/openvassd.conf
contains these options: contains these options:
.IP plugins_folder .IP plugins_folder
Contains the location of the plugins folder. This is usually Contains the location of the plugins folder. This is usually
/home/michael/openvas-testing/var/lib/openvas/plugins, but you may change this. /home/michael/vol1/openvas-testing/var/lib/openvas/plugins, but you may change this.
.IP logfile .IP logfile
path to the logfile. You can enter path to the logfile. You can enter
.I syslog .I syslog
...@@ -159,7 +159,7 @@ The other options in this file can usually be redefined by the client. ...@@ -159,7 +159,7 @@ The other options in this file can usually be redefined by the client.
.SH USERS MANAGEMENT .SH USERS MANAGEMENT
The utility openvas-adduser(8) creates new openvassd users. Each openvassd user The utility openvas-adduser(8) creates new openvassd users. Each openvassd user
is attributed a "home", in /home/michael/openvas-testing/var/lib/openvas/users/<username>. This home contains the following directories : is attributed a "home", in /home/michael/vol1/openvas-testing/var/lib/openvas/users/<username>. This home contains the following directories :
.IP auth/ .IP auth/
This directory contains the authentication information for this user. It might contain the file 'dname' if the user is authenticating using a certificate, or 'hash' (or 'passwd') if the user is authenticating using a password. The file 'hash' contains a MD5 hash of the user password, as well as a random seed. The file 'password' should contain the password in clear text. This directory contains the authentication information for this user. It might contain the file 'dname' if the user is authenticating using a certificate, or 'hash' (or 'passwd') if the user is authenticating using a password. The file 'hash' contains a MD5 hash of the user password, as well as a random seed. The file 'password' should contain the password in clear text.
...@@ -175,7 +175,7 @@ This directory contains the knowledge base (KB) of each host tested by this user ...@@ -175,7 +175,7 @@ This directory contains the knowledge base (KB) of each host tested by this user
When a user attempts to log in, openvassd first checks that the directory When a user attempts to log in, openvassd first checks that the directory
/home/michael/openvas-testing/var/lib/openvas/users/<username> exists, then hashes the password sent by the user with the random salt found in <username>/auth/hash, and compares it with the password hash stored in the same file. If the users authenticates using a certificate, then openvassd checks that the certificate has been signed by a recognized authority, and makes sure that the dname of the certificate shown by the user is the same as the one in <username>/dname. /home/michael/vol1/openvas-testing/var/lib/openvas/users/<username> exists, then hashes the password sent by the user with the random salt found in <username>/auth/hash, and compares it with the password hash stored in the same file. If the users authenticates using a certificate, then openvassd checks that the certificate has been signed by a recognized authority, and makes sure that the dname of the certificate shown by the user is the same as the one in <username>/dname.
To remove a given user, use the command openvas-rmuser(8). To remove a given user, use the command openvas-rmuser(8).
......
...@@ -23,20 +23,6 @@ ...@@ -23,20 +23,6 @@
# along with this program; if not, write to the Free Software # along with this program; if not, write to the Free Software
# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. # Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
## Config
if (OPENVAS_HEADER_INSTALL_DIR)
set (HEADER_TEMP "-I${OPENVAS_HEADER_INSTALL_DIR}")
else (OPENVAS_HEADER_INSTALL_DIR)
set (HEADER_TEMP "")
endif (OPENVAS_HEADER_INSTALL_DIR)
if (OPENVAS_LIB_INSTALL_DIR)
set (LIB_TEMP "-L${OPENVAS_LIB_INSTALL_DIR}")
else (OPENVAS_LIB_INSTALL_DIR)
set (LIB_TEMP "")
endif (OPENVAS_LIB_INSTALL_DIR)
## Program ## Program
add_executable (openvassd attack.c auth.c comm.c hosts.c locks.c log.c add_executable (openvassd attack.c auth.c comm.c hosts.c locks.c log.c
...@@ -130,16 +116,11 @@ if (NVT_TIMEOUT) ...@@ -130,16 +116,11 @@ if (NVT_TIMEOUT)
add_definitions (-DNVT_TIMEOUT=${NVT_TIMEOUT}) add_definitions (-DNVT_TIMEOUT=${NVT_TIMEOUT})
endif (NVT_TIMEOUT) endif (NVT_TIMEOUT)
set_target_properties (openvassd PROPERTIES LINK_FLAGS target_link_libraries (openvassd
"${LIB_TEMP} ${GLIB_LDFLAGS} ${OPENVAS_LDFLAGS}") dl gcrypt "${OPENVAS_LDFLAGS} ${GLIB_LDFLAGS} ${GNUTLS_LDFLAGS}")
target_link_libraries (openvassd gnutls dl gcrypt)
set_target_properties (openvassd PROPERTIES COMPILE_FLAGS set_target_properties (openvassd PROPERTIES COMPILE_FLAGS
"${HEADER_TEMP} ${OPENVAS_CFLAGS} ${GLIB_CFLAGS}") "${OPENVAS_CFLAGS} ${GLIB_CFLAGS} ${GNUTLS_CFLAGS}")
mark_as_advanced (LIB_TEMP)
mark_as_advanced (HEADER_TEMP)
## Tests ## Tests
......
/* OpenVAS /* OpenVAS
* $Id: attack.c 11235 2011-06-28 18:16:11Z jan $ * $Id: attack.c 12526 2012-01-27 10:06:27Z hdoreau $
* Description: Launches the plugins, and manages multithreading. * Description: Launches the plugins, and manages multithreading.
* *
* Authors: - Renaud Deraison <deraison@nessus.org> (Original pre-fork develoment) * Authors: - Renaud Deraison <deraison@nessus.org> (Original pre-fork develoment)
...@@ -263,9 +263,16 @@ launch_plugin (struct arglist *globals, plugins_scheduler_t * sched, ...@@ -263,9 +263,16 @@ launch_plugin (struct arglist *globals, plugins_scheduler_t * sched,
int optimize = preferences_optimize_test (preferences); int optimize = preferences_optimize_test (preferences);
int category = plugin->category; int category = plugin->category;
static int last_status = 0; static int last_status = 0;
gchar *network_scan_status;
gboolean network_scan = FALSE;
strncpy (name, nvti_src (nvti), sizeof (name) - 1); strncpy (name, nvti_src (nvti), sizeof (name) - 1);
name[sizeof (name) - 1] = '\0'; name[sizeof (name) - 1] = '\0';
network_scan_status = arg_get_value (globals, "network_scan_status");
if (network_scan_status != NULL)
if (g_ascii_strcasecmp (network_scan_status, "busy") == 0)
network_scan = TRUE;
if (plug_get_launch (args) != LAUNCH_DISABLED || category == ACT_SETTINGS) /* can we launch it ? */ if (plug_get_launch (args) != LAUNCH_DISABLED || category == ACT_SETTINGS) /* can we launch it ? */
{ {
...@@ -322,22 +329,16 @@ launch_plugin (struct arglist *globals, plugins_scheduler_t * sched, ...@@ -322,22 +329,16 @@ launch_plugin (struct arglist *globals, plugins_scheduler_t * sched,
else else
{ {
kb_item_add_int (kb, asc_id, 1); kb_item_add_int (kb, asc_id, 1);
gchar *network_scan_status = arg_get_value (globals, "network_scan_status"); if (network_scan)
if (network_scan_status != NULL) save_kb_write_int (globals, "network", asc_id, 1);
{
if (g_ascii_strcasecmp (network_scan_status, "busy") == 0)
{
save_kb_write_int (globals, "network", asc_id, 1);
}
}
else else
save_kb_write_int (globals, hostname, asc_id, 1); save_kb_write_int (globals, hostname, asc_id, 1);
} }
} }
// Do not launch NVT if mandatory key is missing (e.g. an important tool /* Do not launch NVT if mandatory key is missing (e.g. an important tool
// was not found) * was not found). This is ignored during network wide scanning phases. */
if (mandatory_requirements_met (kb, plugin)) if (network_scan || mandatory_requirements_met (kb, plugin))
error = NULL; error = NULL;
else else
error = "because a mandatory key is missing"; error = "because a mandatory key is missing";
...@@ -963,6 +964,7 @@ attack_network (struct arglist *globals) ...@@ -963,6 +964,7 @@ attack_network (struct arglist *globals)
int network_phase = 0; int network_phase = 0;
gchar *network_targets; gchar *network_targets;
int do_network_scan = 0; int do_network_scan = 0;
int scan_stopped;
gettimeofday (&then, NULL); gettimeofday (&then, NULL);
...@@ -1295,6 +1297,8 @@ scan_stop: ...@@ -1295,6 +1297,8 @@ scan_stop:
} }
stop: stop:
scan_stopped = GPOINTER_TO_SIZE(arg_get_value (globals, "stop_required"));
hg_cleanup (hg_globals); hg_cleanup (hg_globals);
arg_free_all (rejected_hosts); arg_free_all (rejected_hosts);
...@@ -1304,7 +1308,7 @@ stop: ...@@ -1304,7 +1308,7 @@ stop:
log_write ("Total time to scan all hosts : %ld seconds\n", log_write ("Total time to scan all hosts : %ld seconds\n",
now.tv_sec - then.tv_sec); now.tv_sec - then.tv_sec);
if (do_network_scan && network_phase) if (do_network_scan && network_phase && !scan_stopped)
return attack_network (globals); return attack_network (globals);
return 0; return 0;
......
/* OpenVAS /* OpenVAS
* $Id: ntp_11.c 11288 2011-07-10 20:26:24Z jan $ * $Id: ntp_11.c 12529 2012-01-27 12:46:22Z hdoreau $
* Description: OpenVAS Communication Manager; it manages the OpenVAS Transfer Protocol, * Description: OpenVAS Communication Manager; it manages the OpenVAS Transfer Protocol,
* version 1.1 and 1.2. * version 1.1 and 1.2.
* *
...@@ -142,6 +142,7 @@ ntp_11_parse_input (struct arglist *globals, char *input) ...@@ -142,6 +142,7 @@ ntp_11_parse_input (struct arglist *globals, char *input)
case CREQ_RESUME_WHOLE_TEST: case CREQ_RESUME_WHOLE_TEST:
log_write ("Resuming the whole test (requested by client)"); log_write ("Resuming the whole test (requested by client)");
hosts_resume_all (); hosts_resume_all ();
arg_del_value (globals, "stop_required");
result = NTP_RESUME_WHOLE_TEST; result = NTP_RESUME_WHOLE_TEST;
break; break;
...@@ -151,6 +152,8 @@ ntp_11_parse_input (struct arglist *globals, char *input) ...@@ -151,6 +152,8 @@ ntp_11_parse_input (struct arglist *globals, char *input)
case CREQ_STOP_WHOLE_TEST: case CREQ_STOP_WHOLE_TEST:
log_write ("Stopping the whole test (requested by client)"); log_write ("Stopping the whole test (requested by client)");
arg_add_value (globals, "stop_required", ARG_INT, sizeof (int),
GSIZE_TO_POINTER (1));
hosts_stop_all (); hosts_stop_all ();
result = NTP_STOP_WHOLE_TEST; result = NTP_STOP_WHOLE_TEST;
break; break;
...@@ -169,6 +172,8 @@ ntp_11_parse_input (struct arglist *globals, char *input) ...@@ -169,6 +172,8 @@ ntp_11_parse_input (struct arglist *globals, char *input)
t[0] = '\0'; t[0] = '\0';
log_write ("user %s : stopping attack against %s\n", user, s); log_write ("user %s : stopping attack against %s\n", user, s);
hosts_stop_host (globals, s); hosts_stop_host (globals, s);
arg_add_value (globals, "stop_required", ARG_INT, sizeof (int),
GSIZE_TO_POINTER (1));
ntp_1x_timestamp_host_scan_interrupted (globals, s); ntp_1x_timestamp_host_scan_interrupted (globals, s);
ntp_11_show_end (globals, s, 0); ntp_11_show_end (globals, s, 0);
break; break;
......
/* OpenVAS /* OpenVAS
* $Id: pluginlaunch.c 11288 2011-07-10 20:26:24Z jan $ * $Id: pluginlaunch.c 12955 2012-03-05 18:01:51Z mattm $
* Description: Manages the launching of plugins within processes. * Description: Manages the launching of plugins within processes.
* *
* Authors: - Renaud Deraison <deraison@nessus.org> (Original pre-fork develoment) * Authors: - Renaud Deraison <deraison@nessus.org> (Original pre-fork develoment)
...@@ -215,9 +215,6 @@ update_running_processes () ...@@ -215,9 +215,6 @@ update_running_processes ()
if (processes[i].pid > 0) if (processes[i].pid > 0)
{ {
// If process dead or timed out // If process dead or timed out
/** @todo communicate, e.g. send log message. Stub:
* internal_send (processes[i].upstream_soc, "SERVER <|> LOG <|> hostname <|> general/tcp <|> NVT was killed due to timeout (of %d seconds). <|> OID <|> SERVER\n", INTERNAL_COMM_MSG_TYPE_DATA);
*/
if (processes[i].alive == 0 if (processes[i].alive == 0
|| (processes[i].timeout > 0 || (processes[i].timeout > 0
&& ((now.tv_sec - processes[i].start.tv_sec) > && ((now.tv_sec - processes[i].start.tv_sec) >
...@@ -225,9 +222,33 @@ update_running_processes () ...@@ -225,9 +222,33 @@ update_running_processes ()
{ {
if (processes[i].alive) if (processes[i].alive)
{ {
struct arglist *desc;
gchar *msg;
const char *host;
nvti_t *nvti;
if (log_whole) if (log_whole)
log_write ("%s (pid %d) is slow to finish - killing it\n", log_write ("%s (pid %d) is slow to finish - killing it\n",
processes[i].name, processes[i].pid); processes[i].name, processes[i].pid);
desc = processes[i].plugin->arglist->value;
nvti = arg_get_value (desc, "NVTI");
host = plug_get_hostname (desc);
msg = g_strdup_printf ("SERVER"
" <|> ERRMSG"
" <|> %s"
" <|> general/tcp"
" <|> NVT timed out after %d seconds."
" <|> %s"
" <|> SERVER\n",
host ? host : "HOST",
processes[i].timeout,
nvti ? nvti_oid (nvti) : "0");
internal_send (processes[i].upstream_soc,
msg,
INTERNAL_COMM_MSG_TYPE_DATA);
g_free (msg);
terminate_process (processes[i].pid); terminate_process (processes[i].pid);
processes[i].alive = 0; processes[i].alive = 0;
} }
......
/* OpenVAS /* OpenVAS
* $Id: preferences.c 11105 2011-06-08 12:48:44Z mwiegand $ * $Id: preferences.c 12196 2011-11-25 13:46:52Z mwiegand $
* Description: Loads the preferences set in openvassd.conf into the memory. * Description: Loads the preferences set in openvassd.conf into the memory.
* *
* Authors: - Renaud Deraison <deraison@nessus.org> (Original pre-fork develoment) * Authors: - Renaud Deraison <deraison@nessus.org> (Original pre-fork develoment)
...@@ -111,6 +111,7 @@ static openvassd_option openvassd_defaults[] = { ...@@ -111,6 +111,7 @@ static openvassd_option openvassd_defaults[] = {
{"cert_file", SCANNERCERT}, {"cert_file", SCANNERCERT},
{"key_file", SCANNERKEY}, {"key_file", SCANNERKEY},
{"ca_file", CACERT}, {"ca_file", CACERT},
{"reverse_lookup", "no"},
{NULL, NULL} {NULL, NULL}
}; };
......
...@@ -28,7 +28,7 @@ ...@@ -28,7 +28,7 @@
# with some characters in order to make it newer than # with some characters in order to make it newer than
# any follow-up version to prevent that your version # any follow-up version to prevent that your version
# will be overwritten. # will be overwritten.
VERSION=20111010 VERSION=20120413
# SETTINGS # SETTINGS
# ======== # ========
...@@ -64,6 +64,14 @@ PORT=24 ...@@ -64,6 +64,14 @@ PORT=24
# Directory where pidfiles are located # Directory where pidfiles are located
PIDFILEDIR="/var/run" PIDFILEDIR="/var/run"
# If ENABLED is set to 0, the sync script will not perform a synchronization.
ENABLED=1
# If REFRESH_ONLY is set to 1, the sync script will only update the OpenVAS
# Scanner cache and the OpenVAS Manager database. This can be controlled via
# the --refresh parameter.
REFRESH_ONLY=0
if [ ! -w $LOGDIR ] if [ ! -w $LOGDIR ]
then then
NOLOG=1 NOLOG=1
...@@ -91,7 +99,7 @@ init_sync () ...@@ -91,7 +99,7 @@ init_sync ()
fi fi
SCANNER_BINARY=`command -v openvassd`