Commit 4bb8adef authored by Sophie Brun's avatar Sophie Brun

Merge tag 'upstream/5.0.1' into kali/master

Upstream version 5.0.1
parents a3c5b241 2bc2f0d1
openvas-scanner 4.0.2 (2014-07-31)
openvas-scanner 5.0.1 (2015-04-01)
This is the first maintenance release of the openvas-scanner 5.0 module for
the Open Vulnerability Assessment System release 8 (OpenVAS-8).
This release basically applies some minor improvements
about signal handling and stopping a scan.
Many thanks to everyone who contributed to this release:
Hani Benhabiles
Main changes compared to 5.0.0:
* Dropped the useless otp setting "ntp_keep_communication_alive".
Clients don't need to send this anymore.
* Improved signal handling of the scanner daemon.
* Fixes for stopping scans properly.
* Various code cleanups.
This is the second maintenance release of the openvas-scanner 4.0 module for
the Open Vulnerability Assessment System release 7 (OpenVAS-7).
This release addresses issues in the interaction with the libgcrypt and
libgnutls libraries and updates the script for synchronization with the
Greenbone Security Feed.
openvas-scanner 5.0.0 (2015-03-16)
This is the first release of the openvas-scanner 5.0 module for the Open
Vulnerability Assessment System release 8 (OpenVAS-8). Compared to the previous
major release it now uses a Redis based back end for the internal knowledge
base. It removes support for the scan pausing feature and considerably reduces
memory consumption and provides a number of other improvements.
Many thanks to everyone who contributed to this release:
Benoit Allard, Hani Benhabiles, Henri Doreau, Matthew Mundell, Jan-Oliver Wagner
and Michael Wiegand.
Main changes compared to the 4.0 series:
* OpenVAS Scanner now uses the Redis based knowledge base (KB) back end. This
makes it mandatory to run a Redis server for scanning.
* Support for the scan pausing feature has been removed.
* The commands STOP_ATTACK and OPENVASSD_VERSION have been removed from OTP.
* The scanner will no longer set the obsolete "src" element for the NVTi cache.
* The default key size for certificates produces by the "mkcert" tools has been
changed from 1024 to 4096 bits, the scripts now use SHA-256 instead of SHA-1
as the message digest algorithm.
* The scanner will no longer implicitly launch NVTs from the ACT_SETTINGS
category when scanning.
* When commanded to stop a scan the scanner will now switch to ACT_END instead
of immediately bailing out.
* Memory consumption has been considerably reduced.
* Internal memory management now uses the appropriate glib functions instead of
the custom implementation provided by openvas-libraries used previously.
* The OID of the affected NVT is now reported if an NVT terminates early.
* The scanner now logs a backtrace when a process segfaults.
* The communication of the host scanning status with the client has been
improved to allow for more accurate progress information.
* Library checks during package configuration have been improved and are now
more comprehensive and consistent.
* Handling of linker and compiler flags during package configuration has been
improved and simplified.
* Support for migration of unsigned files to the "private/" subdirectory has
been removed as it was obsolete since the retirement of OpenVAS-5.
* Signal handling has been improved.
* Comprehensive code cleanups.
Main changes compared to 5.0+beta6:
* An issue which caused openvassd process to fail to terminate when a scan was
requested to stop has been fixed.
* Support for migration of unsigned files to the "private/" subdirectory has
been removed as it was obsolete since the retirement of OpenVAS-5.
* Signal handling has been improved.
* Various code cleanups and improvements.
openvas-scanner 5.0+beta6 (2015-02-11)
This is the sixth beta release of the openvas-scanner 5.0 module for the Open
Vulnerability Assessment System (OpenVAS). It will be part of the upcoming
"OpenVAS-8".
This release contains a number of small improvements and cleanups.
Many thanks to everyone who has contributed to this release:
Hani Benhabiles and Michael Wiegand.
Main changes compared to 5.0+beta5:
* The communication of the host scanning status with the client has been
improved to allow for more accurate progress information.
* Library checks during package configuration have been improved and are now
more comprehensive and consistent.
* Handling of linker and compiler flags during package configuration has been
improved and simplified.
openvas-scanner 5.0+beta5 (2015-01-12)
This is the fifth beta release of the openvas-scanner 5.0 module for the Open
Vulnerability Assessment System (OpenVAS). It will be part of the upcoming
"OpenVAS-8".
This release contains a number of small improvements and cleanups.
Many thanks to everyone who has contributed to this release:
Hani Benhabiles, Jan-Oliver Wagner and Michael Wiegand.
Main changes compared to 4.0.1:
* Ensure libgcrypt is properly linked and initialized.
* Avoid closing file descriptor which may be in use by GnuTLS 3.x.
* Minor updates to greenbone-nvt-sync.
Main changes compared to 5.0+beta4:
* The NVT file name is now used correctly when enabling dependencies.
* The preference "kb_location" has been added to the list of "scanner only"
preferences.
* The scanner will no longer set the obsolete "src" element for the NVTi cache.
* The greenbone-nvt-sync script is now generated by the build process.
* Version information has been updated and improved.
* Superfluous includes and redundant linking commands have been removed.
* Various code cleanups and improvements.
openvas-scanner 5.0+beta4 (2014-11-20)
This is the fourth beta release of the openvas-scanner 5.0 module for the Open
Vulnerability Assessment System (OpenVAS). It will be part of the upcoming
"OpenVAS-8".
This release considerably improves memory management.
Many thanks to everyone who has contributed to this release:
Hani Benhabiles, Henri Doreau and Jan-Oliver Wagner.
Main changes compared to 5.0+beta3:
* Upon stop signal, the scanner will switch to ACT_END instead
of immediately bailing out.
* Considerable reduction of memory consumption.
* Various code cleanups and improvements.
* Increase buffer size for preferences to allow for upto 69K NVTs.
* Log backtrace when a process segfaults.
* Refactored preferences module.
openvas-scanner 5.0+beta3 (2014-10-14)
This is the third beta release of the openvas-scanner 5.0 module for the Open
Vulnerability Assessment System (OpenVAS). It will be part of the upcoming
"OpenVAS-8".
This release further improves memory management and fixes memory leaks. It also
contains adjustments for changes in the NVTi cache API and produces more useful
information when an NVT terminates early.
Many thanks to everyone who has contributed to this release:
Hani Benhabiles and Jan-Oliver Wagner.
Main changes compared to 5.0+beta2:
* Memory management has been improved and memory leaks have been fixed.
* Adjustments for NVTi cache API changes.
* If an NVT terminates early, the OID of the affected NVT is reported.
* Adjustments for further changes in OpenVAS Libraries.
openvas-scanner 5.0+beta2 (2014-09-22)
This is the second beta release of the openvas-scanner 5.0 module for the Open
Vulnerability Assessment System (OpenVAS). It will be part of the upcoming
"OpenVAS-8".
This release contains further comprehensive code-cleanups, especially regarding
internal calls for memory management. It also removes an exception for NVTs from
the ACT_SETTINGS category regarding implicit launches during a scan and makes
the location of the redis socket configurable.
Many thanks to everyone who has contributed to this release:
Hani Benhabiles, Henri Doreau, Jan-Oliver Wagner and Michael Wiegand.
Main changes compared to 5.0+beta1:
* The scanner will no longer implicitly launch NVTs from the ACT_SETTINGS
category when scanning.
* Internal memory management now uses the appropriate glib functions instead of
the custom implementation provided by openvas-libraries used previously.
* The location of the redis socket is now configurable.
* Further comprehensive code-cleanups.
openvas-scanner 5.0+beta1 (2014-08-21)
This is the first beta release of the openvas-scanner 5.0 module for the Open
Vulnerability Assessment System (OpenVAS). It will be part of the upcoming
"OpenVAS-8".
Main new feature of 5.0 compared to 4.0 is the switch to redis-based
Knowledge Base (KB), making it mandatory to run a redis-server.
Many thanks to everyone who has contributed to this release:
Hani Benhabiles, Henri Doreau, Matthew Mundell, Jan-Oliver Wagner and
Michael Wiegand.
Main changes compared to 4.0.x:
* Switch to the redis-based kowledge base (KB) backend.
This makes it mandatory to run a redis server for scanning.
* Default key size for certificates of "mkcert" tools changed
from 1024 to 4069 bits and use SHA-256 instead of SHA-1.
* Removed scan pausing feature.
* Removed commands STOP_ATTACK and OPENVASSD_VERSION from OTP.
* openvas-manage-certs.sh as initial version to eventually replace
openvas-mkcert and openvas-mkcert-client.
* Various minor improvements.
* Comprehensive code-cleanups.
openvas-scanner 4.0.1 (2014-04-23)
......
......@@ -7,12 +7,12 @@
# Jan-Oliver Wagner <jan-oliver.wagner@greenbone.net>
#
# Copyright:
# Copyright (C) 2011 Greenbone Networks GmbH
# Copyright (C) 2011-2014 Greenbone Networks GmbH
#
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License version 2,
# or, at your option, any later version as published by the Free
# Software Foundation
# This program is free software; you can redistribute it and/or
# modify it under the terms of the GNU General Public License
# as published by the Free Software Foundation; either version 2
# of the License, or (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
......@@ -35,6 +35,10 @@ endif (POLICY CMP0005)
include (FindPkgConfig)
if (NOT PKG_CONFIG_FOUND)
message(FATAL_ERROR "pkg-config executable not found. Aborting.")
endif (NOT PKG_CONFIG_FOUND)
if (NOT CMAKE_BUILD_TYPE)
set (CMAKE_BUILD_TYPE Debug)
endif (NOT CMAKE_BUILD_TYPE)
......@@ -77,11 +81,11 @@ set (CPACK_SOURCE_GENERATOR "TGZ")
set (CPACK_SOURCE_TOPLEVEL_TAG "")
set (CPACK_SYSTEM_NAME "")
set (CPACK_TOPLEVEL_TAG "")
set (CPACK_PACKAGE_VERSION_MAJOR "4")
set (CPACK_PACKAGE_VERSION_MAJOR "5")
set (CPACK_PACKAGE_VERSION_MINOR "0")
# Use this scheme for stable releases
set (CPACK_PACKAGE_VERSION_PATCH "2${SVN_REVISION}")
set (CPACK_PACKAGE_VERSION_PATCH "1${SVN_REVISION}")
set (CPACK_PACKAGE_VERSION "${CPACK_PACKAGE_VERSION_MAJOR}.${CPACK_PACKAGE_VERSION_MINOR}.${CPACK_PACKAGE_VERSION_PATCH}")
# Use this scheme for +betaN and +rcN releases:
#set (CPACK_PACKAGE_VERSION_PATCH "+beta1${SVN_REVISION}")
......@@ -109,6 +113,9 @@ set (CPACK_SOURCE_IGNORE_FILES
"tools/openvas-mkcert$"
"tools/openvas-mkcert-client$"
"tools/openvas-nvt-sync$"
"tools/greenbone-nvt-sync$"
"doc/example_redis_2_4.conf$"
"doc/example_redis_2_6.conf$"
)
include (CPack)
......@@ -176,50 +183,26 @@ set (NVT_TIMEOUT "320")
message ("-- Install prefix: ${CMAKE_INSTALL_PREFIX}")
## Dependency checks
##
## TODO Also check for headers where needed.
## Improve for workflow: First collect list of missing libs, then print the
## list and throw an error, otherwise long install-cmake-install-cmake cycles
## might occur.
pkg_check_modules (LIBOPENVAS REQUIRED libopenvas>=7.0.0)
pkg_check_modules (GNUTLS REQUIRED gnutls>=2.8)
pkg_check_modules (LIBOPENVAS_NASL REQUIRED libopenvas_nasl>=8.0.0)
pkg_check_modules (LIBOPENVAS_BASE REQUIRED libopenvas_base>=8.0.0)
pkg_check_modules (LIBOPENVAS_MISC REQUIRED libopenvas_misc>=8.0.0)
pkg_check_modules (LIBOPENVAS_OMP REQUIRED libopenvas_omp>=8.0.0)
pkg_check_modules (GLIB REQUIRED glib-2.0>=2.16)
message (STATUS "Looking for pcap...")
find_library (PCAP pcap)
message (STATUS "Looking for pcap... ${PCAP}")
if (NOT PCAP)
message (FATAL_ERROR "The pcap library is required.")
endif (NOT PCAP)
execute_process (COMMAND pkg-config --cflags glib-2.0
OUTPUT_VARIABLE GLIB_CFLAGS
OUTPUT_STRIP_TRAILING_WHITESPACE)
execute_process (COMMAND pkg-config --libs glib-2.0
OUTPUT_VARIABLE GLIB_LDFLAGS
OUTPUT_STRIP_TRAILING_WHITESPACE)
execute_process (COMMAND pkg-config --cflags libopenvas
OUTPUT_VARIABLE OPENVAS_CFLAGS
OUTPUT_STRIP_TRAILING_WHITESPACE)
execute_process (COMMAND pkg-config --libs libopenvas
OUTPUT_VARIABLE OPENVAS_LDFLAGS
OUTPUT_STRIP_TRAILING_WHITESPACE)
execute_process (COMMAND pkg-config --cflags gnutls
OUTPUT_VARIABLE GNUTLS_CFLAGS
OUTPUT_STRIP_TRAILING_WHITESPACE)
execute_process (COMMAND pkg-config --libs gnutls
OUTPUT_VARIABLE GNUTLS_LDFLAGS
OUTPUT_STRIP_TRAILING_WHITESPACE)
execute_process (COMMAND libgcrypt-config --libs
OUTPUT_VARIABLE GCRYPT_LDFLAGS
OUTPUT_STRIP_TRAILING_WHITESPACE)
execute_process (COMMAND libgcrypt-config --cflags
OUTPUT_VARIABLE GCRYPT_CFLAGS
OUTPUT_STRIP_TRAILING_WHITESPACE)
message (STATUS "Looking for libgcrypt...")
find_library (GCRYPT gcrypt)
if (NOT GCRYPT)
message (SEND_ERROR "The libgcrypt library is required.")
else (NOT GCRYPT)
message (STATUS "Looking for libgcrypt... ${GCRYPT}")
execute_process (COMMAND libgcrypt-config --libs
OUTPUT_VARIABLE GCRYPT_LDFLAGS
OUTPUT_STRIP_TRAILING_WHITESPACE)
execute_process (COMMAND libgcrypt-config --cflags
OUTPUT_VARIABLE GCRYPT_CFLAGS
OUTPUT_STRIP_TRAILING_WHITESPACE)
endif (NOT GCRYPT)
## Version
......@@ -230,10 +213,13 @@ string (REPLACE "
configure_file (doc/Doxyfile.in doc/Doxyfile @ONLY)
configure_file (doc/Doxyfile_full.in doc/Doxyfile_full @ONLY)
configure_file (doc/openvassd.8.in doc/openvassd.8 @ONLY)
configure_file (doc/example_redis_2_4.conf.in doc/example_redis_2_4.conf @ONLY)
configure_file (doc/example_redis_2_6.conf.in doc/example_redis_2_6.conf @ONLY)
configure_file (VERSION.in VERSION @ONLY)
configure_file (tools/openvas-mkcert.in tools/openvas-mkcert @ONLY)
configure_file (tools/openvas-mkcert-client.in tools/openvas-mkcert-client @ONLY)
configure_file (tools/openvas-nvt-sync.in tools/openvas-nvt-sync @ONLY)
configure_file (tools/greenbone-nvt-sync.in tools/greenbone-nvt-sync @ONLY)
# TODO: Once Scanner has a proper logging mechanism like Manager.
#configure_file (src/openvassd_log_conf.cmake_in src/openvassd_log.conf)
......@@ -242,7 +228,7 @@ configure_file (tools/openvas-nvt-sync.in tools/openvas-nvt-sync @ONLY)
set (HARDENING_FLAGS "-Wformat -Wformat-security -O2 -D_FORTIFY_SOURCE=2 -fstack-protector -Wl,-z,relro -Wl,-z,now")
set (CMAKE_C_FLAGS_DEBUG "${CMAKE_C_FLAGS_DEBUG} -Werror")
set (CMAKE_C_FLAGS "${CMAKE_C_FLAGS} ${HARDENING_FLAGS} -Wall -D_BSD_SOURCE -D_ISOC99_SOURCE -D_SVID_SOURCE")
set (CMAKE_C_FLAGS "${CMAKE_C_FLAGS} ${HARDENING_FLAGS} -Wall -D_BSD_SOURCE -D_ISOC99_SOURCE -D_SVID_SOURCE -D_DEFAULT_SOURCE")
add_subdirectory (src)
......@@ -267,11 +253,7 @@ install (FILES ${CMAKE_BINARY_DIR}/src/openvassd
install (FILES ${CMAKE_BINARY_DIR}/tools/openvas-mkcert
${CMAKE_BINARY_DIR}/tools/openvas-mkcert-client
${CMAKE_BINARY_DIR}/tools/openvas-nvt-sync
DESTINATION ${SBINDIR}
PERMISSIONS OWNER_EXECUTE OWNER_READ OWNER_WRITE
GROUP_READ GROUP_EXECUTE WORLD_READ WORLD_EXECUTE)
install (FILES ${CMAKE_SOURCE_DIR}/tools/greenbone-nvt-sync
${CMAKE_BINARY_DIR}/tools/greenbone-nvt-sync
DESTINATION ${SBINDIR}
PERMISSIONS OWNER_EXECUTE OWNER_READ OWNER_WRITE
GROUP_READ GROUP_EXECUTE WORLD_READ WORLD_EXECUTE)
......@@ -284,6 +266,10 @@ install (FILES ${CMAKE_SOURCE_DIR}/doc/openvas-mkcert.8
${CMAKE_SOURCE_DIR}/doc/greenbone-nvt-sync.8
DESTINATION ${DATADIR}/man/man8 )
install (FILES ${CMAKE_BINARY_DIR}/doc/example_redis_2_4.conf
${CMAKE_BINARY_DIR}/doc/example_redis_2_6.conf
DESTINATION ${DATADIR}/doc/openvas-scanner/ )
install (DIRECTORY DESTINATION ${OPENVAS_NVT_DIR})
install (DIRECTORY DESTINATION ${OPENVAS_CACHE_DIR})
......
......@@ -17,20 +17,16 @@ as changes were applied:
src/attack.[c|h]: GPLv2
src/comm.[c|h]: GPLv2
src/hosts.[c|h]: GPLv2
src/locks.[c|h]: GPLv2
src/log.[c|h]: GPLv2
src/nasl_plugins.c: GPLv2
src/ntp.[c|h]: GPLv2
src/openvassd.c: GPLv2
src/otp.[c|h]: GPLv2+
src/piic.[c|h]: GPLv2
src/pluginlaunch.[c|h]: GPLv2
src/pluginload.[c|h]: GPLv2
src/pluginscheduler.[c|h]: GPLv2
src/plugs_req.[c|h]: GPLv2
src/preferences.[c|h]: GPLv2
src/processes.[c|h]: GPLv2
src/save_kb.[c|h]: GPLv2
src/sighand.[c|h]: GPLv2
src/utils.[c|h]: GPLv2
......
This diff is collapsed.
......@@ -12,9 +12,10 @@ Prerequisites for openvas-scanner
Prerequisites:
* cmake
* glib-2.0 >= 2.16
* gnutls >= 2.8
* openvas-libraries >= 7.0.0
* libgcrypt
* openvas-libraries >= 8.0.0
* pkg-config
* redis >= 2.4.0
Prerequisites for building documentation:
* Doxygen
......@@ -128,7 +129,22 @@ Setting up an openvas-scanner requires the following steps:
without permission to perform these operations, your scan results are very
likely to be incomplete.
5) Once the scanner has started, openvas-manager can act as a client and control
5) The scanner needs a running redis server to temporarily store information
gathered on the scanned hosts. Redis 2.4 and newer is supported but 2.6
is recommended. See doc/redis_config.txt to see how to setup and run a redis
server.
Two examples are installed which you may use directly for a quick start:
$ redis-server /share/doc/openvas-scanner/example_redis_2_4.conf
or
$ redis-server /share/doc/openvas-scanner/example_redis_2_6.conf
or copy the example to another location, edit and use the copy instead.
6) Once the scanner has started, openvas-manager can act as a client and control
the scanner. The actual user interfaces (for example GSA or CLI-OMP)
will only interact with the manager, not the scanner.
......
......@@ -9,15 +9,15 @@
# Copyright:
# Copyright (C) 2011 Greenbone Networks GmbH
#
# This library is free software; you can redistribute it and/or
# modify it under the terms of the GNU Library General Public
# License as published by the Free Software Foundation; either
# version 2 of the License, or (at your option) any later version.
# This program is free software; you can redistribute it and/or
# modify it under the terms of the GNU General Public License
# as published by the Free Software Foundation; either version 2
# of the License, or (at your option) any later version.
#
# This library is distributed in the hope that it will be useful,
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
# Library General Public License for more details.
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
......
This diff is collapsed.
This diff is collapsed.
......@@ -54,7 +54,7 @@ cipher suites.
Sets the path to a PEM file containing Diffie-Hellman parameters. Needed for key
DHE-based key exchange algorithms that provide Perfect Forward Secrecy.
This file could be generated using tools like "openssl dhparam" and
"certtool --genrate-dh-params".
"certtool \-\-generate-dh-params".
.TP
.B "-f, --foreground"
......@@ -180,7 +180,7 @@ Like hosts_deny. Can't be overridden by the client.
The other options in this file can usually be redefined by the client.
At log in attempt, openvassd checks that the certificate has been signed by a recognized authority, and makes sure that the dname of the certificate shown by the user is the same as the one in file dname.
At log in attempt, openvassd checks that the certificate has been signed by a recognized authority.
.SH NETWORK USAGE
......@@ -232,7 +232,7 @@ resend the packets twice if no response is received.
A very rough estimate is that a full scan for UDP, TCP and RPC as well as
all NASL scripts may result in 8 to 32 MB worth of traffic per scanned host.
Reducing the amount of tested part and such will reduce the amount of data
to be transfered significantly.
to be transferred significantly.
.SH SEE ALSO
.BR openvas-mkcert (8)
......
= Redis KB server =
== Presentation ==
Redis (http://redis.io) is used to store and access the KB. Scans won't run if
they cannot access the server and might be significantly slowed down if redis is
not properly configured.
The feature has been developed with neither cluster mode nor replication
enabled. Redis 2.4 and 2.6 are supported. Versions 2.6 and higher are
recommended.
== Connection ==
OpenVAS can currently only access redis via a unix socket. This choice has been
made for the sake of speed and security. No authentication is supported yet, we
rely on filesystem permissions to protect the KBs.
The path to the unix socket is '/tmp/redis.sock' by default, and can be changed
using the 'kb_location' parameter.
On the redis side, use the following directives:
port 0 # prevent redis from listening on a TCP socket
unixsocket /tmp/redis.sock
unixsocketperm 700
timeout 0
== Database number ==
Multiple KBs can be served in parallel, for multiple hosts scanned by one or
several tasks. This is done using redis databases, which are independent
namepaces. The DB#0, which is where every new connected client starts, is
reserved and used to schedule concurrent accesses to the available namespaces.
It contains a single variable, called 'OpenVAS.__GlobalDBIndex'. This variable
is a bitmap of the different namespaces. When opening a new DB, the scanner will
look for the first bit that is not set, starting from 1 to the maximum number of
available DBs. If none is found, the scanner will enter a wait and retry loop.
Otherwise, it will (atomically, along with the check) set the bit to 1 and
switch to the selected namespace.
It is therefore important that redis exports enough databases. This number can
be calculated using the following formula:
#DB = 1 + (#of parallel tasks) * (#of parallel hosts)
When using network scan, add one slot for the network DB.
The desired/needed value should be set to redis.conf, as a 'databases'
directive.
For instance:
databases 128
== Clients numbers ==
Redis can limit the number of clients served concurrently. This can be safely
set to a pretty high number. You can estimate the number of clients that the
server will have to serve:
#CLI = 1 + (#of parallel tasks) * (#of parallel hosts) * (#of concurrent NVTs)
For instance:
maxclients 512
== Debugging and monitoring a scan via redis ==
Once redis-server is started, you can issue the following command to see
everything that happens during the execution.
$ redis-cli -s <path to the redis server socket> MONITOR
The default path is /tmp/redis.sock. Then start the scan or
openvas-nasl. You should be able to follow precisely the interactions
between the scanner and the KB server.
See also: http://redis.io/commands/MONITOR
To enter an interactive mode type
$ redis-cli -s <path to the redis server socket>
redis /tmp/redis.sock> keys *
1) "OpenVAS.__GlobalDBIndex"
redis /tmp/redis.sock> select 1
OK
Then you can search for keys with a pattern ("keys *" will dump all
keys present):
redis /tmp/redis.sock[1]> keys "*ALARM*"
Note that keys will disappear once a scan of a host finished.
When the scanner is not active, the store is empty.
The keys contain sets, not strings. So instead of the "get" command
you need to use "smembers" to view the content:
redis /tmp/redis.sock[1]> smembers Sun/VirtualBox/Lin/Ver
1) "4.3.12.93733"
......@@ -9,10 +9,10 @@
# Copyright:
# Copyright (C) 2011 Greenbone Networks GmbH
#
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License version 2,
# or, at your option, any later version as published by the Free
# Software Foundation
# This program is free software; you can redistribute it and/or
# modify it under the terms of the GNU General Public License
# as published by the Free Software Foundation; either version 2
# of the License, or (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
......@@ -25,14 +25,19 @@
## Program
add_executable (openvassd attack.c comm.c hosts.c locks.c log.c
add_executable (openvassd attack.c comm.c hosts.c log.c
nasl_plugins.c ntp.c openvassd.c otp.c
piic.c pluginlaunch.c pluginload.c
pluginscheduler.c plugs_req.c preferences.c
processes.c save_kb.c sighand.c utils.c)
pluginlaunch.c pluginload.c
pluginscheduler.c plugs_req.c
processes.c sighand.c utils.c)
set_target_properties (openvassd PROPERTIES LINKER_LANGUAGE C)
include_directories (${GLIB_INCLUDE_DIRS} ${LIBOPENVAS_NASL_INCLUDE_DIRS}
${LIBOPENVAS_BASE_INCLUDE_DIRS}
${LIBOPENVAS_MISC_INCLUDE_DIRS}
${LIBOPENVAS_OMP_INCLUDE_DIRS})
if (OPENVASSD_VERSION)
add_definitions (-DOPENVASSD_VERSION=\\\"${OPENVASSD_VERSION}\\\")
endif (OPENVASSD_VERSION)
......@@ -107,11 +112,10 @@ if (NVT_TIMEOUT)
add_definitions (-DNVT_TIMEOUT=${NVT_TIMEOUT})
endif (NVT_TIMEOUT)
target_link_libraries (openvassd
"${OPENVAS_LDFLAGS} ${GLIB_LDFLAGS} ${GCRYPT_LDFLAGS} ${GNUTLS_LDFLAGS}")
set_target_properties (openvassd PROPERTIES COMPILE_FLAGS
"${OPENVAS_CFLAGS} ${GLIB_CFLAGS} ${GNUTLS_CFLAGS}")
target_link_libraries (openvassd ${LIBOPENVAS_NASL_LDFLAGS}
${LIBOPENVAS_BASE_LDFLAGS} ${LIBOPENVAS_MISC_LDFLAGS}
${LIBOPENVAS_OMP_LDFLAGS} ${GLIB_LDFLAGS}
${GCRYPT_LDFLAGS})
## Tests
......@@ -133,11 +137,11 @@ add_dependencies (check splint rats flawfinder)
## Tag files
set (C_FILES "attack.c" "comm.c" "hosts.c" "locks.c" "log.c"
set (C_FILES "attack.c" "comm.c" "hosts.c" "log.c"
"nasl_plugins.c" "ntp.c" "openvassd.c" "otp.c"
"piic.c" "pluginlaunch.c" "pluginload.c"
"pluginscheduler.c" "plugs_req.c" "preferences.c"
"processes.c" "save_kb.c" "sighand.c" "utils.c")
"pluginlaunch.c" "pluginload.c"
"pluginscheduler.c" "plugs_req.c"
"processes.c" "sighand.c" "utils.c")
add_custom_target (etags COMMENT "Building TAGS..."
COMMAND etags ${C_FILES})
add_custom_target (ctags COMMENT "Building tags..."
......
This diff is collapsed.
/* OpenVAS
* $Id: attack.h 18704 2014-02-05 21:04:15Z jan $
* $Id: attack.h 19310 2014-04-23 18:34:32Z hdoreau $
* Description: attack.c header.
*
* Authors: - Renaud Deraison <deraison@nessus.org> (Original pre-fork develoment)
......@@ -29,6 +29,6 @@
#ifndef __OPENVAS_ATTACK_H__
#define __OPENVAS_ATTACK_H__
void attack_network (struct arglist *);
void attack_network (struct arglist *, kb_t *network_kb);
#endif
This diff is collapsed.
/* OpenVAS
* $Id: comm.h 18946 2014-03-11 14:38:14Z kroosec $
* $Id: comm.h 21962 2015-03-27 08:53:21Z kroosec $
* Description: comm.c header.
*
* Authors: - Renaud Deraison <deraison@nessus.org> (Original pre-fork develoment)
......@@ -34,14 +34,11 @@
int comm_init (int);
int comm_loading (int);
void comm_terminate (struct arglist *);
void comm_send_pluginlist (struct arglist *);
void comm_send_preferences (struct arglist *);
void comm_send_rules (struct arglist *);
void comm_wait_order (struct arglist *);
void comm_setup_plugins (struct arglist *, char *);
void client_handler ();
void comm_send_nvt_info (struct arglist *);
void plugin_send_infos (struct arglist *, char *);
void comm_terminate (int);
void comm_send_preferences (int);
int comm_wait_order (struct arglist *);
void comm_setup_plugins (char *);
void comm_send_nvt_info (int);
void plugin_send_infos (int, char *);
#endif
/* OpenVAS
* $Id: hosts.c 18993 2014-03-15 16:29:48Z jan $
* $Id: hosts.c 21952 2015-03-25 16:25:23Z kroosec $
* Description: Basically creates a new process for each tested host.
*
* Authors: - Renaud Deraison <deraison@nessus.org> (Original pre-fork develoment)
......@@ -25,22 +25,18 @@
* Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
*/
#include <stdio.h> /* for fprintf() */
#include <errno.h> /* for errno() */
#include <signal.h> /* for SIGTERM */
#include <sys/wait.h> /* for waitpid() */
#include <string.h> /* for strlen() */
#include <unistd.h> /* for close() */
#include <openvas/misc/network.h> /* for internal_recv */
#include <openvas/misc/internal_com.h> /* for INTERNAL_COMM_MSG_TYPE_CTRL */
#include <openvas/misc/system.h> /* for estrdup */
#include "utils.h"
#include "log.h"
#include "preferences.h"
#include "hosts.h"
#include "ntp.h"
#include "utils.h" /* for data_left() */
#include "log.h" /* for log_write() */
#include "hosts.h" /* for hosts_new() */
#include "ntp.h" /* for ntp_parse_input() */
/**
* @brief Host information, implemented as doubly linked list.
......@@ -49,13 +45,12 @@ struct host
{
char *name;
int soc;
int psoc;
pid_t pid;
struct host *next;
struct host *prev;
};
/** @TODO struct hosts could be stripped down and put in a g_list, or,
* as a g_hash_table (name -> [soc,psoc,pid]), see hosts_get.*/
* as a g_hash_table (name -> [soc,pid]), see hosts_get.*/