diff options
Diffstat (limited to 'net-analyzer/ospd-openvas')
| -rw-r--r-- | net-analyzer/ospd-openvas/Manifest | 8 | ||||
| -rw-r--r-- | net-analyzer/ospd-openvas/files/ospd-openvas.confd | 10 | ||||
| -rw-r--r-- | net-analyzer/ospd-openvas/files/ospd-openvas.initd | 17 | ||||
| -rw-r--r-- | net-analyzer/ospd-openvas/files/ospd-openvas.service | 18 | ||||
| -rw-r--r-- | net-analyzer/ospd-openvas/files/ospd.conf | 10 | ||||
| -rw-r--r-- | net-analyzer/ospd-openvas/files/redis.conf.example | 57 | ||||
| -rw-r--r-- | net-analyzer/ospd-openvas/metadata.xml | 16 | ||||
| -rw-r--r-- | net-analyzer/ospd-openvas/ospd-openvas-1.0.0.ebuild | 45 |
8 files changed, 181 insertions, 0 deletions
diff --git a/net-analyzer/ospd-openvas/Manifest b/net-analyzer/ospd-openvas/Manifest new file mode 100644 index 000000000000..c573950dea51 --- /dev/null +++ b/net-analyzer/ospd-openvas/Manifest @@ -0,0 +1,8 @@ +AUX ospd-openvas.confd 226 BLAKE2B c43d443a83515f8890fd5406741a0e5e48d63fbe4e0a9060ee6c3679138ca406478f584bc8da7e24ec9520385509d3f1de609aaefb54ed36371638b2e0fa2c67 SHA512 ef07f02c3900ee431785b2c2e53f04f4fd114f502526ec509c869dcd3a95e4284fc65f05f5ec85280cc05a29a46fba9c74ef3b0b0d618b9c9c1e62d9bb3fc6fa +AUX ospd-openvas.initd 439 BLAKE2B 8f66305b3002e9946dcc9987de5230e2003f5644badbf648d632a29630fa3ade2c6968d82633b7c150896cbd586366837a4df418ce1ecf967f2cd29ad9614177 SHA512 8570c51af127f6d793d2aad8dd35c9592d445bbf92d19d3fe7fe6aaed57a5cbada5ea4d845da722307a63958bc93826c99729a4fdc5a2b57ed74e6032cc7cc09 +AUX ospd-openvas.service 512 BLAKE2B 68d3e676ab5ad2bb5f8122de9e8737f29b9bc95ff7d522e61dfbf079402b1525aacb27cbe93d525f732fb1e564858fb782c8a56fd7deb51aefd2d80cc2c99baa SHA512 d1d9610ee65491f9a712f5380471dc6696a1733b5873647731fd53799aa780666c71c84df58432d460cd5be605ec5d6e44eb3fa0c3803b7c91b572348756cf30 +AUX ospd.conf 189 BLAKE2B 7b4e2941b25cbbd4b7d5f913526977c5663640d4b5c208cd48b95b13ae6c3838eb8b2dba3340a2a1adab163f88fbf46ce1016cce793af7a39ace0ba14c3ff735 SHA512 68f19ac2bafa91719bc34db01eb0ac034205fc334a6dcfee8ea4d4eed2e4e0c1da5d14c6cdc78bfc14dd37c3a30c8aeb85bb9aa365566ea74465f04ecead7ca6 +AUX redis.conf.example 1351 BLAKE2B ad1a99404360b76144944793b2994554799bcc6624abce68524773b7f748075b8bcec79dcf94d2f400132a424a5147a3675d67f48d23a46e28a6afdca83e50a3 SHA512 b5024c26696f49e5d453cef7a0e3838a3fa557b2339a250f95d5367a30564b8a62733c86901ae000f62e916d73162188fbca1c56ed3a078dd99e8e8db1cc2c64 +DIST ospd-openvas-1.0.0.tar.gz 49725 BLAKE2B 230df2f572f345b9ed398e2af120a2fecee87f9f8d8d3c072ca314960f34f7329fe22b002ba0971ba6dc14cd3ca4543120653f89b3085a0f8a932fbeb6ef2682 SHA512 2b2e4f38843265a018a58b7fbd2fde0449d4f6cf3c5c1b7bec02d8390ab257020304f5be1bf2a77f7d28a04f4d1da611fc9b3066bef370dd686dfb8684fce534 +EBUILD ospd-openvas-1.0.0.ebuild 1053 BLAKE2B 2f7a718d305a245b0ee2f044159e8796749c94900b5f829e7a89909388b816cff08ccc90a2affdd84bafbc314b28b8fd898694a2b7c6d830b10270433dceb9da SHA512 4abbeb5cc608975ddb018048c3a4f101c4c49eb44c3a7efa5e9f7b19460df2895f9c85ba1f6b938bc3ac4c031a5926cb51388cd839cc7bb0d596d0003b44be90 +MISC metadata.xml 695 BLAKE2B 6f7c40458fe05cfe7a4ec7adfc34666c88d225097429f942c3a89842e3b6259a10c5b630a7d993a996b636c674d35237fd7fd1e9d4ea5a5dcf8afe31a27faa34 SHA512 03cd8af210753e2cb74e9e50cb94f6fb66a46e71eb58948bdd575be453e5c239dd26d4c1b42582a9d7f838f3e64c9ad980f9489260aa15de25eb919df697546f diff --git a/net-analyzer/ospd-openvas/files/ospd-openvas.confd b/net-analyzer/ospd-openvas/files/ospd-openvas.confd new file mode 100644 index 000000000000..fc776ac49e32 --- /dev/null +++ b/net-analyzer/ospd-openvas/files/ospd-openvas.confd @@ -0,0 +1,10 @@ +# OpenVAS Scanner command args + +# e.g --foreground +OSPD_OPENVAS_OPTIONS="" + +# Scanner listen socket +OSPD_OPENVAS_UNIX_SOCKET="--unix-socket=/tmp/ospd.sock" + +# Scanner listen mode +OSPD_OPENVAS_SOCKET_MODE="--socket-mode=0o777" diff --git a/net-analyzer/ospd-openvas/files/ospd-openvas.initd b/net-analyzer/ospd-openvas/files/ospd-openvas.initd new file mode 100644 index 000000000000..ced28d892dcd --- /dev/null +++ b/net-analyzer/ospd-openvas/files/ospd-openvas.initd @@ -0,0 +1,17 @@ +#!/sbin/openrc-run +# Copyright 2020 Gentoo Authors +# Distributed under the terms of the GNU General Public License v2 + +name="remotely control an OpenVAS Scanner" +command=/usr/bin/ospd-openvas +pidfile="/run/${RC_SVCNAME}.pid" +command_args="${OSPD_OPENVAS_OPTIONS} \ + ${OSPD_OPENVAS_UNIX_SOCKET} \ + ${OSPD_OPENVAS_SOCKET_MODE} \ + --pid-file ${pidfile} \ + --config /etc/openvas/ospd.conf" + +depend() { + after bootmisc + need localmount redis +} diff --git a/net-analyzer/ospd-openvas/files/ospd-openvas.service b/net-analyzer/ospd-openvas/files/ospd-openvas.service new file mode 100644 index 000000000000..f496797d54ff --- /dev/null +++ b/net-analyzer/ospd-openvas/files/ospd-openvas.service @@ -0,0 +1,18 @@ +[Unit] +Description=OSPD OpenVAS +After=network.target networking.service dnsmasq.service redis-server@openvas.service systemd-tmpfiles.service +ConditionKernelCommandLine=!recovery + +[Service] +Type=forking +User=gvm +Group=gvm +ExecStart=/usr/bin/ospd-openvas --config /etc/openvas/ospd.conf --foreground +SuccessExitStatus=SIGKILL +# This works asynchronously, but does not take the daemon down during the reload so it's ok. +Restart=always +RestartSec=60 + +[Install] +WantedBy=multi-user.target +Alias=ospd-openvas.service diff --git a/net-analyzer/ospd-openvas/files/ospd.conf b/net-analyzer/ospd-openvas/files/ospd.conf new file mode 100644 index 000000000000..bac46565001c --- /dev/null +++ b/net-analyzer/ospd-openvas/files/ospd.conf @@ -0,0 +1,10 @@ +[OSPD - openvas] + +#required by gvmd +unix_socket = /tmp/ospd.sock + +#socket_mode = 0o770 +#unix_socket = /run/ospd/ospd-openvas.pid + +log_level = DEBUG +log_file = /var/log/gvm/ospd-openvas.log diff --git a/net-analyzer/ospd-openvas/files/redis.conf.example b/net-analyzer/ospd-openvas/files/redis.conf.example new file mode 100644 index 000000000000..6a41211aaae8 --- /dev/null +++ b/net-analyzer/ospd-openvas/files/redis.conf.example @@ -0,0 +1,57 @@ +bind 127.0.0.1 +protected-mode yes +port 0 +tcp-backlog 511 +unixsocket /tmp/redis.sock +unixsocketperm 700 +timeout 0 +tcp-keepalive 300 +daemonize no +supervised no +pidfile /run/redis/redis.pid +loglevel notice +logfile /var/log/redis/redis.log +databases 16 +always-show-logo yes +stop-writes-on-bgsave-error yes +rdbcompression yes +rdbchecksum yes +dbfilename dump.rdb +dir /var/lib/redis/ +slave-serve-stale-data yes +slave-read-only yes +repl-diskless-sync no +repl-diskless-sync-delay 5 +repl-disable-tcp-nodelay no +slave-priority 100 +lazyfree-lazy-eviction no +lazyfree-lazy-expire no +lazyfree-lazy-server-del no +slave-lazy-flush no +appendonly no +appendfilename "appendonly.aof" +appendfsync everysec +no-appendfsync-on-rewrite no +auto-aof-rewrite-percentage 100 +auto-aof-rewrite-min-size 64mb +aof-load-truncated yes +aof-use-rdb-preamble no +lua-time-limit 5000 +slowlog-log-slower-than 10000 +slowlog-max-len 128 +latency-monitor-threshold 0 +notify-keyspace-events "" +hash-max-ziplist-entries 512 +hash-max-ziplist-value 64 +list-max-ziplist-size -2 +list-compress-depth 0 +set-max-intset-entries 512 +zset-max-ziplist-entries 128 +zset-max-ziplist-value 64 +hll-sparse-max-bytes 3000 +activerehashing yes +client-output-buffer-limit normal 0 0 0 +client-output-buffer-limit slave 256mb 64mb 60 +client-output-buffer-limit pubsub 32mb 8mb 60 +hz 10 +aof-rewrite-incremental-fsync yes diff --git a/net-analyzer/ospd-openvas/metadata.xml b/net-analyzer/ospd-openvas/metadata.xml new file mode 100644 index 000000000000..d46922d749f9 --- /dev/null +++ b/net-analyzer/ospd-openvas/metadata.xml @@ -0,0 +1,16 @@ +<?xml version="1.0" encoding="UTF-8"?> +<!DOCTYPE pkgmetadata SYSTEM "http://www.gentoo.org/dtd/metadata.dtd"> +<pkgmetadata> + <maintainer type="person"> + <email>jonas.licht@gmail.com</email> + <name>Jonas Licht</name> + </maintainer> + <maintainer type="project"> + <email>proxy-maint@gentoo.org</email> + <name>Proxy Maintainers</name> + </maintainer> + <longdescription lang="en"> + This is an OSP server implementation to allow GVM to remotely control OpenVAS. + Once running, you need to configure OpenVAS for the Greenbone Vulnerability Manager, for example via the web interface Greenbone Security Assistant. Then you can create scan tasks to use OpenVAS. + </longdescription> +</pkgmetadata> diff --git a/net-analyzer/ospd-openvas/ospd-openvas-1.0.0.ebuild b/net-analyzer/ospd-openvas/ospd-openvas-1.0.0.ebuild new file mode 100644 index 000000000000..f7eb63988b62 --- /dev/null +++ b/net-analyzer/ospd-openvas/ospd-openvas-1.0.0.ebuild @@ -0,0 +1,45 @@ +# Copyright 2020 Gentoo Authors +# Distributed under the terms of the GNU General Public License v2 + +EAPI=7 + +PYTHON_COMPAT=( python3_{6,7,8} ) +DISTUTILS_USE_SETUPTOOLS=rdepend +inherit distutils-r1 systemd + +DESCRIPTION="This is an OSP server implementation to allow GVM to remotely control OpenVAS" +HOMEPAGE="https://github.com/greenbone/ospd-openvas" +SRC_URI="https://github.com/greenbone/ospd-openvas/archive/v${PV}.tar.gz -> ${P}.tar.gz" + +LICENSE="GPL-2" +SLOT="0" +KEYWORDS="~amd64 ~x86" +IUSE="" + +DEPEND=" + acct-user/gvm + dev-python/psutil[${PYTHON_USEDEP}] + dev-python/redis-py[${PYTHON_USEDEP}] + net-analyzer/ospd[${PYTHON_USEDEP}] +" +RDEPEND=" + ${DEPEND} + >=net-analyzer/openvas-scanner-7.0.0" +BDEPEND="" + +distutils_enable_tests unittest + +python_install() { + distutils-r1_python_install + + insinto /etc/openvas + doins "${FILESDIR}"/redis.conf.example + doins "${FILESDIR}"/ospd.conf + + fowners -R gvm:gvm /etc/openvas + + newinitd "${FILESDIR}/${PN}.initd" "${PN}" + newconfd "${FILESDIR}/${PN}.confd" "${PN}" + + systemd_dounit "${FILESDIR}/${PN}.service" +} |