diff options
author | Kent Fritz <fritz.kent@gmail.com> | 2015-02-22 07:20:19 +0700 |
---|---|---|
committer | Willy Sudiarto Raharjo <willysr@slackbuilds.org> | 2015-02-22 07:20:19 +0700 |
commit | 2024922574c76aeb95ea2ebbe5a22f4bb8902640 (patch) | |
tree | 0ca62ea812c4284664f422ff5fdaf60f1cd216c6 /network | |
parent | f13024435d0903a4b35cd1ca6608f70c27b2d315 (diff) |
network/greenbone-security-assistant: Added (UI for OpenVAS).
Signed-off-by: Willy Sudiarto Raharjo <willysr@slackbuilds.org>
Diffstat (limited to 'network')
6 files changed, 314 insertions, 0 deletions
diff --git a/network/greenbone-security-assistant/README b/network/greenbone-security-assistant/README new file mode 100644 index 000000000000..64548f852a10 --- /dev/null +++ b/network/greenbone-security-assistant/README @@ -0,0 +1,107 @@ +greenbone-security-assistant (UI for OpenVAS) + +This is the UI the Open Vulnerability Assessment System (OpenVAS). + +###### Known Problems ###### + +- PDF report generation is broken. This may get fixed in a future slackbuild. + +- The libssh-0.5.4 shipped with Slackware (at the time of this writing) is + broken. If you need to run "credentialed" scans against targets running + OpenSSH 6.7 or beyond (including Slackware), you have 2 options: + 1. Enable diffie-hellman-group1-sha1 as a KexAlgorithm in the sshd_config + of your targets. + 2. Update your libssh to the latest. + You also may have problems with targets running Dropbear SSH server. See + this thread on LinuxQuestions for more information: + http://www.linuxquestions.org/questions/showthread.php?t=4175533193 + +- All the daemons run as root. There's no (working) configuration options + or documentation to change this behavior. + +- There are a number of tests that depend on other software packages that are + not available as slackbuilds at this time. Stay tuned. + +###### Installation Instructions ###### + +These instructions assume you're familiar with slackbuilds. If not, please +refer to http://slackbuilds.org/howto/ . + +1. Build and install openvas-libraries. + +2. Build and install openvas-scanner. + +3. You need a Certificate Authority and server certificate. Run the following + command: +# openvas-mkcert + +4. You need the NVT's (Network Vulnerability Tests). Run the following + command to sync. In the future, you can do this through the + greenbone-security-assistant interface. This will take a minute or so + with a blazing fast internet connection. YMMV. +# openvas-nvt-sync + +5. Start the openvas-scanner daemon. +# /etc/rc.d/rc.openvassd start + +6. Build and install openvas-manager. + +7. You need client certificates for manager to talk to scanner. Use the + following command. +# openvas-mkcert-client -n -i + +8. Initialize the manager database. This will take a while, so be patient. +# openvasmd --rebuild + +9. [Optional] If you want encrypted credentials in the DB, do this now. +# openvasmd --create-credentials-encryption-key + This may take a while, so it's best to create some entropy by skipping to + #11-#13 and then coming back, if needed. + +10. Create a user. +# openvasmd --create-user=cary + If you find the assigned password hard to remember, you can change it + right now. +# openvasmd --user=cary --new-password=mekmitasdigoat + +11. Sync SCAP data. This will take some time. +# openvas-scapdata-sync + +12. Sync CERT data. +# openvas-certdata-sync + +13. Update port names. +# wget http://www.iana.org/assignments/service-names-port-numbers/service-names-port-numbers.xml +# openvas-portnames-update service-names-port-numbers.xml +# rm service-names-port-numbers.xml + +14. Start the openvas-manager daemon. +# /etc/rc.d/rc.openvasmd start + +15. Build and install libmicrohttpd. + +16. Build and install greenbone-security-assistant. + +17. Launch the greenbone-security-assistant. +# /etc/rc.d/rc.gsad start + +18. Point your browser at https://<YOUR IP OR HOSTNAME>:9392 + You'll get a certificate error, of course (fixing this is left as an + excercise for the reader). Log in with your username/password from #10. + +19. [Optional] Build and install openvas-cli. You'll need this if you ever + want to script tests. + +That's it! If you run into any problems, you can try running the +openvas-check-setup script found here: + https://svn.wald.intevation.org/svn/openvas/trunk/tools/openvas-check-setup + +If you don't have a web-server running, you can edit the /etc/rc.d/rc.gsad +script to remove the "-p 9392" option, and it will run on port 443. + +Please let me know if you run into any problems. Patches welcome! + +Have Fun! + +Kent Fritz +mailto:fritz.kent@gmail.com diff --git a/network/greenbone-security-assistant/doinst.sh b/network/greenbone-security-assistant/doinst.sh new file mode 100644 index 000000000000..f431bbcc60d3 --- /dev/null +++ b/network/greenbone-security-assistant/doinst.sh @@ -0,0 +1,26 @@ +config() { + NEW="$1" + OLD="$(dirname $NEW)/$(basename $NEW .new)" + # If there's no config file by that name, mv it over: + if [ ! -r $OLD ]; then + mv $NEW $OLD + elif [ "$(cat $OLD | md5sum)" = "$(cat $NEW | md5sum)" ]; then + # toss the redundant copy + rm $NEW + fi + # Otherwise, we leave the .new copy for the admin to consider... +} + +preserve_perms() { + NEW="$1" + OLD="$(dirname $NEW)/$(basename $NEW .new)" + if [ -e $OLD ]; then + cp -a $OLD ${NEW}.incoming + cat $NEW > ${NEW}.incoming + mv ${NEW}.incoming $NEW + fi + config $NEW +} + +preserve_perms etc/rc.d/rc.gsad.new +config etc/openvas/gsad_log.conf.new diff --git a/network/greenbone-security-assistant/greenbone-security-assistant.SlackBuild b/network/greenbone-security-assistant/greenbone-security-assistant.SlackBuild new file mode 100644 index 000000000000..0407b07b9c62 --- /dev/null +++ b/network/greenbone-security-assistant/greenbone-security-assistant.SlackBuild @@ -0,0 +1,105 @@ +#!/bin/sh + +# Slackware build script for greenbone-security-assistant + +# Copyright 2015 Kent Fritz, Mountain View, CA +# All rights reserved. +# +# Redistribution and use of this script, with or without modification, is +# permitted provided that the following conditions are met: +# +# 1. Redistributions of this script must retain the above copyright +# notice, this list of conditions and the following disclaimer. +# +# THIS SOFTWARE IS PROVIDED BY THE AUTHOR "AS IS" AND ANY EXPRESS OR IMPLIED +# WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF +# MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO +# EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, +# SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, +# PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; +# OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, +# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR +# OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF +# ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + +PRGNAM=greenbone-security-assistant +VERSION=${VERSION:-5.0.5} +BUILD=${BUILD:-1} +TAG=${TAG:-_SBo} + +if [ -z "$ARCH" ]; then + case "$( uname -m )" in + i?86) ARCH=i486 ;; + arm*) ARCH=arm ;; + *) ARCH=$( uname -m ) ;; + esac +fi + +CWD=$(pwd) +TMP=${TMP:-/tmp/SBo} +PKG=$TMP/package-$PRGNAM +OUTPUT=${OUTPUT:-/tmp} + +if [ "$ARCH" = "i486" ]; then + SLKCFLAGS="-O2 -march=i486 -mtune=i686" + LIBDIRSUFFIX="" +elif [ "$ARCH" = "i686" ]; then + SLKCFLAGS="-O2 -march=i686 -mtune=i686" + LIBDIRSUFFIX="" +elif [ "$ARCH" = "x86_64" ]; then + SLKCFLAGS="-O2 -fPIC" + LIBDIRSUFFIX="64" +else + SLKCFLAGS="-O2" + LIBDIRSUFFIX="" +fi + +set -e + +rm -rf $PKG +mkdir -p $TMP $PKG $OUTPUT +cd $TMP +rm -rf $PRGNAM-$VERSION +tar xvf $CWD/$PRGNAM-$VERSION.tar.gz +cd $PRGNAM-$VERSION +chown -R root:root . +find -L . \ + \( -perm 777 -o -perm 775 -o -perm 750 -o -perm 711 -o -perm 555 \ + -o -perm 511 \) -exec chmod 755 {} \; -o \ + \( -perm 666 -o -perm 664 -o -perm 640 -o -perm 600 -o -perm 444 \ + -o -perm 440 -o -perm 400 \) -exec chmod 644 {} \; + +mkdir -p build +cd build + cmake \ + -DCMAKE_C_FLAGS:STRING="$SLKCFLAGS" \ + -DCMAKE_INSTALL_PREFIX=/usr \ + -DLOCALSTATEDIR=/var \ + -DSYSCONFDIR=/etc \ + -DCMAKE_BUILD_TYPE=Release .. + make + make install DESTDIR=$PKG +cd .. + +mkdir -p $PKG/etc/rc.d +cat $CWD/rc.gsad > $PKG/etc/rc.d/rc.gsad.new +chmod 0644 $PKG/etc/rc.d/rc.gsad.new +mv $PKG/etc/openvas/gsad_log.conf $PKG/etc/openvas/gsad_log.conf.new + +find $PKG -print0 | xargs -0 file | grep -e "executable" -e "shared object" | grep ELF \ + | cut -f 1 -d : | xargs strip --strip-unneeded 2> /dev/null || true + +mv $PKG/usr/share/man $PKG/usr +find $PKG/usr/man -type f -exec gzip -9 {} \; +for i in $( find $PKG/usr/man -type l ) ; do ln -s $( readlink $i ).gz $i.gz ; rm $i ; done + +mkdir -p $PKG/usr/doc/$PRGNAM-$VERSION +cp -a CHANGES COPYING ChangeLog INSTALL README $PKG/usr/doc/$PRGNAM-$VERSION +cat $CWD/$PRGNAM.SlackBuild > $PKG/usr/doc/$PRGNAM-$VERSION/$PRGNAM.SlackBuild + +mkdir -p $PKG/install +cat $CWD/slack-desc > $PKG/install/slack-desc +cat $CWD/doinst.sh > $PKG/install/doinst.sh + +cd $PKG +/sbin/makepkg -l y -c n $OUTPUT/$PRGNAM-$VERSION-$ARCH-$BUILD$TAG.${PKGTYPE:-tgz} diff --git a/network/greenbone-security-assistant/greenbone-security-assistant.info b/network/greenbone-security-assistant/greenbone-security-assistant.info new file mode 100644 index 000000000000..d36577433760 --- /dev/null +++ b/network/greenbone-security-assistant/greenbone-security-assistant.info @@ -0,0 +1,10 @@ +PRGNAM="greenbone-security-assistant" +VERSION="5.0.5" +HOMEPAGE="http://www.openvas.org" +DOWNLOAD="http://wald.intevation.org/frs/download.php/1915/greenbone-security-assistant-5.0.5.tar.gz" +MD5SUM="0eb5efc07669e3091babea3bc5b6188e" +DOWNLOAD_x86_64="" +MD5SUM_x86_64="" +REQUIRES="openvas-libraries libmicrohttpd" +MAINTAINER="Kent Fritz" +EMAIL="fritz.kent@gmail.com" diff --git a/network/greenbone-security-assistant/rc.gsad b/network/greenbone-security-assistant/rc.gsad new file mode 100644 index 000000000000..9ed7614a7041 --- /dev/null +++ b/network/greenbone-security-assistant/rc.gsad @@ -0,0 +1,47 @@ +#!/bin/sh +# +# /etc/rc.d/rc.gsad +# +# Start/stop/restart the Greenbone Security Assistant Daemon. +# +# To make Greenbone SA start automatically at boot, make this +# file executable: chmod 755 /etc/rc.d/rc.gsad +# and add to rc.local: +# if [ -x /etc/rc.d/rc.gsad ]; then +# . /etc/rc.d/rc.gsad start +# fi +# + +GSAD_PATH=/usr/sbin +GSAD_BIN=gsad +GSAD_OPTIONS="-p 9392 --timeout=60 --gnutls-priorities=SECURE128:-VERS-SSL3.0" +GSAD_CMD="$GSAD_PATH/$GSAD_BIN $GSAD_OPTIONS" + +gsad_start() { + echo Starting Greenbone Security Assistant: $GSAD_CMD + $GSAD_CMD +} + +gsad_stop() { + echo "Stopping Greenbone Security Assistant" + /bin/killall $GSAD_BIN +} + +gsad_restart() { + gsad_stop + gsad_start +} + +case "$1" in +'start') + gsad_start + ;; +'stop') + gsad_stop + ;; +'restart') + gsad_restart + ;; +*) + echo "usage $0 start|stop|restart" +esac diff --git a/network/greenbone-security-assistant/slack-desc b/network/greenbone-security-assistant/slack-desc new file mode 100644 index 000000000000..a17ed0d15c2f --- /dev/null +++ b/network/greenbone-security-assistant/slack-desc @@ -0,0 +1,19 @@ +# HOW TO EDIT THIS FILE: +# The "handy ruler" below makes it easier to edit a package description. +# Line up the first '|' above the ':' following the base package name, and +# the '|' on the right side marks the last column you can put a character in. +# You must make exactly 11 lines for the formatting to be correct. It's also +# customary to leave one space after the ':' except on otherwise blank lines. + + |-----handy-ruler------------------------------------------------------| +greenbone-security-assistant: greenbone-security-assistant (UI for OpenVAS) +greenbone-security-assistant: +greenbone-security-assistant: This is the UI for the Open Vulnerability Assessment System (OpenVAS). +greenbone-security-assistant: +greenbone-security-assistant: For more information, please refer to the OpenVAS website available +greenbone-security-assistant: at http://www.openvas.org/ . +greenbone-security-assistant: +greenbone-security-assistant: +greenbone-security-assistant: +greenbone-security-assistant: +greenbone-security-assistant: |