Hello community, here is the log from the commit of package openvas-manager for openSUSE:Factory checked in at Tue Mar 22 12:22:49 CET 2011.
-------- New Changes file: --- /dev/null 2010-08-26 16:28:41.000000000 +0200 +++ /mounts/work_src_done/STABLE/openvas-manager/openvas-manager.changes 2011-03-03 01:57:28.000000000 +0100 @@ -0,0 +1,320 @@ +------------------------------------------------------------------- +Thu Mar 3 00:43:42 UTC 2011 - [email protected] + +- Updated to 2.0.2 + * The test infrastructure has been updated. + * A bug which caused the host count to be calculated incorrectly under certain + circumstances has been fixed. + * A number of memory and resource leaks discovered by Felix Wolfsteller have + been closed. + * A bug which caused database migration to fail when upgrading very old + installations has been fixed. + +------------------------------------------------------------------- +Wed Feb 23 18:55:19 UTC 2011 - [email protected] + +- Updated to 2.0.1 + * Support for fallback system reports has been added in case where a full system + report is unavailable. + * The expected location for signatures has been updated to match the FHS related + changes in OpenVAS Scanner. + * The "unscanned_closed" preference now defaults to "yes" for predefined + configs. + * The report format signature infrastructure has been improved. + * A bug which caused valid host names to be reject under certain circumstances + has been fixed. + +------------------------------------------------------------------- +Wed Feb 9 21:18:22 UTC 2011 - [email protected] + +- Updated to 2.0.0 + * The logging behaviour when started with --verbose has been improved. + * The w3af NVT is no longer part of the Full and fast default scan config. + * The build environment has been cleaned up. + +------------------------------------------------------------------- +Fri Feb 4 20:32:00 UTC 2011 - [email protected] + +- Updated to 1.99.4 + * Documentation has been updated. + * OpenVAS Manager now uses pkg-config to find required libraries. + * An issue which caused the creation of overrides to fail under some + circumstances has been fixed. + * The installation is now compliant with Filesystem Hierarchy Standard (FHS + 2.3). + +------------------------------------------------------------------- +Mon Jan 24 13:55:09 UTC 2011 - [email protected] + +- Updated to 1.99.3 + * A security-relevant bug has been fixed regarding email escalation methods. + Configured OpenVAS users were able to damage installation and/or gain higher + privileges. + * An issue which caused database migration to fail under certain circumstances + has been fixed. + * The default log level has been reduced to warning to prevent the logging of + potentially sensitive information in the default configuration. + +------------------------------------------------------------------- +Mon Jan 10 15:03:18 UTC 2011 - [email protected] + +- Updated to 1.99.2 + * The protocol documentation has been brought up to date. + * The output of --version now complies with the GNU Coding Standards. + * Passwords are now masked when loggings LSC package creation commands. + +------------------------------------------------------------------- +Tue Dec 21 13:00:23 UTC 2010 - [email protected] + +- Updated to 1.99.1 + * The protocol documentation has been improved. + * Target credentials for SMB and SSH are now separated. + * Support for setting the port range for a target has been added. + * Hardening flags are now enabled during compile time to increase code quality. + * Support for retrieving the total number of results matching an applied filter + has been added. + +------------------------------------------------------------------- +Fri Dec 10 13:47:09 UTC 2010 - [email protected] + +- Updated to 1.98.3 + * The protocol self-documentation has been improved. + * NTLMSSP is now enabled by default. + * Escalator message now include more information. + * The LaTeX and PDF reports have been made more consistent with the other + report formats. + * An issue which caused internal links in the PDF report to link to wrong + results under certain circumstances has been fixed. + * An issue which caused some existing LSC credential packages to be empty on + subsequent downloads under certain circumstances has been fixed. + +------------------------------------------------------------------- +Fri Dec 3 17:16:14 UTC 2010 - [email protected] + +- Updated to 1.98.2 + * The protocol self-documentation has been improved. + * A number of superfluous log messages has been downgraded or removed. + * A bug which caused issues to be counted incorrectly in the ports overview has + been fixed. + * The generation of PDF and LaTeX reports is now faster. + +------------------------------------------------------------------- +Fri Nov 19 16:47:08 UTC 2010 - [email protected] +- Updated to 1.98.1 + * Report Format plugin framework. All previous reporting features + were converted to plugins. The XML representation of a report + is now the base for any plugin and thus consistency of reports + is improved. + + Report Format Plugins can be set active so that they + appear in the selection lists. Selections can consider + content types so that for example only the plugins with + content type "text" are offered as Email body. + + It is possible to use parameters for the plugins so the + user can adjust the behaviour of the Report Format to + the individual preferences or needs. + + A verification method allows to distribute signatures + for valid plugins via the NVT Feed. + * New default Report Format: TXT for simple text. + * New default Report Format: LaTeX for LaTeX source. + * New sample Report Format: Simple Bar Chart. + Demonstrates how to use Gnuplot for graphical reports. + * New sample Report Format: Simple Topo Plot. + Demonstrates how to use Graphviz for graphical reports. + * New sample Report Format: Simple Pie Chart. + Demonstrates how to use PyChart for graphical reports. + * New sample Report Format: Simple Map Plot. + Demonstrates how to use MapServer and GDAL for graphical reports. + * New sample Report Format: Sourcefire Host Input. + Demonstrates that Report Formats can be used to build connectors. + * Master-Slave feature. Any OpenVAS Manager can use one or many other + OpenVAS Manager as slave to run scans. The whole scan task + is transferred to the slave, results are continuously reported + to the Master during scan process. After the scan is finished + all data are removed from the slave. + + The master can also retrieve system reports from the slave and + thus can collect the performance overview for all configured slaves. + * New Escalator: HTTP GET. This allows for example to access + text message (SMS) gateways or ticket management systems. + * Extended Escalator: For EMail escalation it is now possible + to select from configured Report Formats to be included in the + Email body. + * Agents: A verification method was added. This allows to + distribute signatures for valid agents via the NVT Feed. + * Credentials: Can now be edited. This allows to change the login + name or password without the need to create a new scan configuration. + * Credentials: Auto-generated installer packages are now created on + the fly. If the generators are improved, it is now easy to create + an updated package for already existing credentials. + * OMP self-documentation: Part of the Managers' XML-based communication protocol + OMP 2.0 is to deliver the full specification and documentation of the + protocol itself (command "HELP"). It can be retrieved as XML-, + RNC- or HTML representation. + * Targets: Various opportunities have been added to specify and combine IP ranges. + * Tasks: The task overview is delivered much faster now. + * Reports: The report filtering is much faster now. + +------------------------------------------------------------------- +Sun Oct 31 18:28:35 UTC 2010 - [email protected] + +- Updated to 1.0.3 + * Two bugs which caused the manager to fail to give adequate replies on certain + report and scan config requests have been fixed. + * A bug which caused PDF reports to be unavailable for reports which contained + certain unicode character has been fixed. + +------------------------------------------------------------------- +Tue Aug 17 14:26:50 UTC 2010 - [email protected] + +- Updated to 1.0.2 + * A bug which could cause changes in derived scan configs to affect predefined + scan configs under certain circumstances has been fixed. + +------------------------------------------------------------------- +Mon Aug 9 14:39:18 UTC 2010 - [email protected] + +- Updated to 1.0.1 + * A fix for incorrect preference values in the database has been adjusted to + work with GSA 1.0.1 as well. + +------------------------------------------------------------------- +Thu Jul 29 13:40:57 UTC 2010 - [email protected] + +- Updated to 1.0.0 + * A number of build issues has been addressed. + * The code documentation has been updated. + * Code cleanup: Internal error handling has been made more consistent. + * A potential ressource leak identified by static analysis has been fixed. + * A bug which caused NVT preferences to be displayed incorrectly has been + fixed. + +------------------------------------------------------------------- +Fri Jul 16 16:06:30 UTC 2010 - [email protected] + +- Updated to 1.0.0.rc1 ++++ 123 more lines (skipped) ++++ between /dev/null ++++ and /mounts/work_src_done/STABLE/openvas-manager/openvas-manager.changes calling whatdependson for head-i586 New: ---- debian.changelog debian.compat debian.control debian.openvas-manager.default debian.openvas-manager.dirs debian.openvas-manager.init debian.openvas-manager.install debian.openvas-manager.logrotate debian.rules openvas-manager-2.0.2.tar.gz openvas-manager.changes openvas-manager.dsc openvas-manager.spec openvasmd.init.fedora openvasmd.init.mandriva openvasmd.init.suse openvasmd.logrotate ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ openvas-manager.spec ++++++ # # spec file for package openvas-manager # # Copyright (c) 2011 SUSE LINUX Products GmbH, Nuernberg, Germany. # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed # upon. The license for this file, and modifications and additions to the # file, is the same license as for the pristine package itself (unless the # license for the pristine package is not an Open Source License, in which # case the license is the MIT License). An "Open Source License" is a # license that conforms to the Open Source Definition (Version 1.9) # published by the Open Source Initiative. # Please submit bugfixes or comments via http://bugs.opensuse.org/ # # norootforbuild Name: openvas-manager Version: 2.0.2 Release: 1 License: GNU GPL v2 or later Group: Productivity/Networking/Security Url: http://www.openvas.org Source0: %{name}-%{version}.tar.gz Source1: openvasmd.logrotate Source2: debian.openvas-manager.default Source3: openvasmd.init.suse Source4: openvasmd.init.fedora Source5: openvasmd.init.mandriva BuildRoot: %{_tmppath}/%{name}-%{version}-build %if 0%{?fedora_version} || 0%{?scientificlinux_version} BuildRequires: sqlite-devel %endif %if 0%{?mandriva_version} BuildRequires: libsqlite3-devel BuildRequires: pinentry-gtk2 %endif %if 0%{?suse_version} BuildRequires: sqlite3-devel PreReq: %insserv_prereq PreReq: %fillup_prereq %endif BuildRequires: cmake >= 2.6.0 BuildRequires: doxygen BuildRequires: glib2-devel BuildRequires: libopenvas-devel BuildRequires: pkgconfig Requires: logrotate Summary: Manager Module of OpenVAS %description The OpenVAS-Manager is a layer between OpenVAS-Scanner and various client applications such as OpenVAS-Client or Greenbone Security Assistant. Among other features, it adds server-side storage of scan results and it makes it unnecessary for scan clients to keep connection until a scan finishes. %prep %setup -q %build %if 0%{?mandriva_version} %serverbuild %endif export CFLAGS="$RPM_OPT_FLAGS" %__mkdir build cd build cmake .. -DCMAKE_VERBOSE_MAKEFILE=ON \ -DCMAKE_INSTALL_PREFIX=%{_prefix} \ -DSYSCONFDIR=%{_sysconfdir} \ -DLOCALSTATEDIR=%{_localstatedir} \ -DCMAKE_BUILD_TYPE=release %__make %{?_smp_mflags} VERBOSE=1 %install pushd build %__make install DESTDIR=%{buildroot} popd %__install -Dm 0644 doc/openvasmd.8 %{buildroot}%{_mandir}/man8/openvasmd.8 %__install -Dm 0644 %{_sourcedir}/openvasmd.logrotate %{buildroot}%{_sysconfdir}/logrotate.d/openvas-manager %if 0%{?suse_version} %__install -Dm 0755 %{_sourcedir}/openvasmd.init.suse %{buildroot}%{_initrddir}/openvas-manager %__ln_s %{_initrddir}/openvas-manager %{buildroot}%{_sbindir}/rcopenvas-manager %__install -Dm 0644 %{_sourcedir}/debian.openvas-manager.default %{buildroot}%{_var}/adm/fillup-templates/sysconfig.openvas-manager %endif %if 0%{?fedora_version} || 0%{?scientificlinux_version} %__install -Dm 0755 %{_sourcedir}/openvasmd.init.fedora %{buildroot}%{_initrddir}/openvas-manager %__install -Dm 0644 %{_sourcedir}/debian.openvas-manager.default %{buildroot}%{_sysconfdir}/sysconfig/openvas-manager %endif %if 0%{?mandriva_version} %__install -Dm 0755 %{_sourcedir}/openvasmd.init.mandriva %{buildroot}%{_initrddir}/openvas-manager %__install -Dm 0644 %{_sourcedir}/debian.openvas-manager.default %{buildroot}%{_sysconfdir}/sysconfig/openvas-manager %endif %__mkdir_p %{buildroot}%{_localstatedir}/lib/openvas/mgr %__mkdir_p %{buildroot}%{_localstatedir}/log/openvas touch %{buildroot}%{_localstatedir}/log/openvas/openvasmd.log %clean test "%{buildroot}" != "/" && %__rm -rf %{buildroot} %post %if 0%{?suse_version} %fillup_and_insserv openvas-manager %endif %if 0%{?mandriva_version} %_post_service openvas-manager %endif %if 0%{?fedora_version} || 0%{?scientificlinux_version} # only rpm -i (not rpm {-U|-F}) if [ $1 = 1 ]; then /sbin/chkconfig --add openvas-manager fi %endif %preun %if 0%{?suse_version} %stop_on_removal openvas-manager %endif %if 0%{?mandriva_version} %_preun_service openvas-manager %endif %if 0%{?fedora_version} || 0%{?scientificlinux_version} # only rpm -e (not rpm {-U|-F}) if [ $1 = 0 ]; then /sbin/service openvas-manager stop > /dev/null 2>&1 || : /sbin/chkconfig --del openvas-manager fi %endif %postun %if 0%{?suse_version} %restart_on_update openvas-manager %insserv_cleanup %endif %if 0%{?fedora_version} || 0%{?scientificlinux_version} # only rpm {-U|-F} (not rpm -e) if [ $1 = 1 ]; then /sbin/service openvas-manager condrestart fi %endif %files %defattr(-,root,root) %doc CHANGES README %config(noreplace) %{_sysconfdir}/logrotate.d/openvas-manager %dir %{_sysconfdir}/openvas #config(noreplace) %{_sysconfdir}/openvas/openvasmd %config(noreplace) %{_sysconfdir}/openvas/openvasmd_log.conf %{_initrddir}/openvas-manager %{_sbindir}/openvasmd %{_mandir}/man8/openvasmd.8* %{_datadir}/openvas/openvasmd %dir %{_localstatedir}/lib/openvas %{_localstatedir}/lib/openvas/mgr %dir %{_localstatedir}/log/openvas %ghost %{_localstatedir}/log/openvas/openvasmd.log %if 0%{?suse_version} %{_sbindir}/rcopenvas-manager %{_var}/adm/fillup-templates/sysconfig.openvas-manager %else %config(noreplace) %{_sysconfdir}/sysconfig/openvas-manager %endif %changelog ++++++ debian.changelog ++++++ openvas-manager (2.0.2-1) UNRELEASED; urgency=low * New upstream release. - The test infrastructure has been updated. - A bug which caused the host count to be calculated incorrectly under certain circumstances has been fixed. - A number of memory and resource leaks discovered by Felix Wolfsteller have been closed. - A bug which caused database migration to fail when upgrading very old installations has been fixed. -- Stephan Kleine <[email protected]> Thu, 03 Mar 2011 01:41:38 +0100 openvas-manager (2.0.1-1) UNRELEASED; urgency=low * New upstream release. - Support for fallback system reports has been added in case where a full system report is unavailable. - The expected location for signatures has been updated to match the FHS related changes in OpenVAS Scanner. - The "unscanned_closed" preference now defaults to "yes" for predefined configs. - The report format signature infrastructure has been improved. - A bug which caused valid host names to be reject under certain circumstances has been fixed. -- Stephan Kleine <[email protected]> Wed, 23 Feb 2011 19:53:56 +0100 openvas-manager (2.0.0-1) UNRELEASED; urgency=low * New upstream release. - The logging behaviour when started with --verbose has been improved. - The w3af NVT is no longer part of the Full and fast default scan config. - The build environment has been cleaned up. -- Stephan Kleine <[email protected]> Wed, 09 Feb 2011 22:17:04 +0100 openvas-manager (1.99.4-1) UNRELEASED; urgency=low * New upstream release. - Documentation has been updated. - OpenVAS Manager now uses pkg-config to find required libraries. - An issue which caused the creation of overrides to fail under some circumstances has been fixed. - The installation is now compliant with Filesystem Hierarchy Standard (FHS 2.3). -- Stephan Kleine <[email protected]> Fri, 04 Feb 2011 21:30:54 +0100 openvas-manager (1.99.3-1) UNRELEASED; urgency=low * New upstream release. - A security-relevant bug has been fixed regarding email escalation methods. Configured OpenVAS users were able to damage installation and/or gain higher privileges. - An issue which caused database migration to fail under certain circumstances has been fixed. - The default log level has been reduced to warning to prevent the logging of potentially sensitive information in the default configuration. -- Stephan Kleine <[email protected]> Mon, 24 Jan 2011 14:54:44 +0100 openvas-manager (1.99.2-1) UNRELEASED; urgency=low * New upstream release. - The protocol documentation has been brought up to date. - The output of --version now complies with the GNU Coding Standards. - Passwords are now masked when loggings LSC package creation commands. -- Stephan Kleine <[email protected]> Mon, 10 Jan 2011 16:02:16 +0100 openvas-manager (1.99.1-1) UNRELEASED; urgency=low * New upstream release. - The protocol documentation has been improved. - Target credentials for SMB and SSH are now separated. - Support for setting the port range for a target has been added. - Hardening flags are now enabled during compile time to increase code quality. - Support for retrieving the total number of results matching an applied filter has been added. -- Stephan Kleine <[email protected]> Tue, 21 Dec 2010 14:02:16 +0100 openvas-manager (1.98.3-1) UNRELEASED; urgency=low * New upstream release. - The protocol self-documentation has been improved. - NTLMSSP is now enabled by default. - Escalator message now include more information. - The LaTeX and PDF reports have been made more consistent with the other report formats. - An issue which caused internal links in the PDF report to link to wrong results under certain circumstances has been fixed. - An issue which caused some existing LSC credential packages to be empty on subsequent downloads under certain circumstances has been fixed. -- Stephan Kleine <[email protected]> Fri, 10 Dec 2010 14:48:27 +0100 openvas-manager (1.98.2-1) UNRELEASED; urgency=low * New upstream release. - The protocol self-documentation has been improved. - A number of superfluous log messages has been downgraded or removed. - A bug which caused issues to be counted incorrectly in the ports overview has been fixed. - The generation of PDF and LaTeX reports is now faster. -- Stephan Kleine <[email protected]> Fri, 03 Dec 2010 18:14:52 +0100 openvas-manager (1.98.1-1) UNRELEASED; urgency=low * New upstream release. - Report Format plugin framework. All previous reporting features were converted to plugins. The XML representation of a report is now the base for any plugin and thus consistency of reports is improved. Report Format Plugins can be set active so that they appear in the selection lists. Selections can consider content types so that for example only the plugins with content type "text" are offered as Email body. It is possible to use parameters for the plugins so the user can adjust the behaviour of the Report Format to the individual preferences or needs. A verification method allows to distribute signatures for valid plugins via the NVT Feed. - New default Report Format: TXT for simple text. - New default Report Format: LaTeX for LaTeX source. - New sample Report Format: Simple Bar Chart. Demonstrates how to use Gnuplot for graphical reports. - New sample Report Format: Simple Topo Plot. Demonstrates how to use Graphviz for graphical reports. - New sample Report Format: Simple Pie Chart. Demonstrates how to use PyChart for graphical reports. - New sample Report Format: Simple Map Plot. Demonstrates how to use MapServer and GDAL for graphical reports. - New sample Report Format: Sourcefire Host Input. - Demonstrates that Report Formats can be used to build connectors. - Master-Slave feature. Any OpenVAS Manager can use one or many other OpenVAS Manager as slave to run scans. The whole scan task is transferred to the slave, results are continuously reported to the Master during scan process. After the scan is finished all data are removed from the slave. The master can also retrieve system reports from the slave and thus can collect the performance overview for all configured slaves. - New Escalator: HTTP GET. This allows for example to access text message (SMS) gateways or ticket management systems. - Extended Escalator: For EMail escalation it is now possible to select from configured Report Formats to be included in the Email body. - Agents: A verification method was added. This allows to distribute signatures for valid agents via the NVT Feed. - Credentials: Can now be edited. This allows to change the login name or password without the need to create a new scan configuration. - Credentials: Auto-generated installer packages are now created on the fly. If the generators are improved, it is now easy to create an updated package for already existing credentials. - OMP self-documentation: Part of the Managers' XML-based communication protocol OMP 2.0 is to deliver the full specification and documentation of the protocol itself (command "HELP"). It can be retrieved as XML-, RNC- or HTML representation. - Targets: Various opportunities have been added to specify and combine IP ranges. - Tasks: The task overview is delivered much faster now. - Reports: The report filtering is much faster now. -- Stephan Kleine <[email protected]> Fri, 19 Nov 2010 17:49:08 +0100 openvas-manager (1.0.3-1) UNRELEASED; urgency=low * New upstream release. - Two bugs which caused the manager to fail to give adequate replies on certain report and scan config requests have been fixed. - A bug which caused PDF reports to be unavailable for reports which contained certain unicode character has been fixed. -- Stephan Kleine <[email protected]> Sun, 31 Oct 2010 19:29:08 +0100 openvas-manager (1.0.2-1) UNRELEASED; urgency=low * New upstream release. - A bug which could cause changes in derived scan configs to affect predefined scan configs under certain circumstances has been fixed. -- Stephan Kleine <[email protected]> Tue, 17 Aug 2010 16:25:42 +0200 openvas-manager (1.0.1-1) UNRELEASED; urgency=low * New upstream release. - A fix for incorrect preference values in the database has been adjusted to work with GSA 1.0.1 as well. -- Stephan Kleine <[email protected]> Mon, 09 Aug 2010 16:41:26 +0200 openvas-manager (1.0.0-1) UNRELEASED; urgency=low * New upstream release. - A number of build issues has been addressed. - The code documentation has been updated. - Code cleanup: Internal error handling has been made more consistent. - A potential ressource leak identified by static analysis has been fixed. - A bug which caused NVT preferences to be displayed incorrectly has been fixed. -- Stephan Kleine <[email protected]> Thu, 29 Jul 2010 15:40:02 +0200 openvas-manager (1.0.0.rc1-1) UNRELEASED; urgency=low * New upstream release. - Code cleanup: Internal resource management has been improved to use UUIDs in more places. - Support for agents has been improved. - Support for external target sources has been added. - A bug which caused PDF exports to fail if the NVT description contained certain characters has been fixed. - A bug which caused hosts in the scan result to be sorted incorrectly under certain circumstances has been fixed. - Support for defining threat overrides has been added. - Some OMP commands have been renamed and adjusted to make the protocol more concise and useful. - Support for event logging has been added. - Support for syslog escalators has been added. - The documentation has been updated. -- Stephan Kleine <[email protected]> Fri, 16 Jul 2010 18:04:30 +0200 openvas-manager (1.0.0.beta7-1) UNRELEASED; urgency=low * New upstream release. - A large amount of code which was present in both openvas-manager and openvas-administrator has been moved to openvas-libraries. - An issue that caused started tasks to remain in the "Requested" stage indenfinitely has been fixed. - An issue that caused incorrect values of the scan progress under certain conditions has been fixed. - A new escalator condition has been add: Threat Level Changed. - Open ports are now included in scan reports even if no vulnerability was detected on that port. - Support for CVSS scores and Risk Factors has been improved. - Support for excluding host without any results from the report has been added. -- Stephan Kleine <[email protected]> Sat, 29 May 2010 09:31:25 +0200 openvas-manager (1.0.0.beta6-1) UNRELEASED; urgency=low * New upstream release. - A bug which caused incorrect NVT counts in the scan config under certain circumstances has been fixed. - The manager now uses certificate based authentication. - Support for resuming stopped tasks has been added. - Support for task scheduling has been added. - The openvasmd binary will now install into /usr/sbin instead of /usr/bin. -- Stephan Kleine <[email protected]> Thu, 15 Apr 2010 17:59:16 +0200 openvas-manager (1.0.0.beta5-1) UNRELEASED; urgency=low * New upstream release. - More internal data structures are now identified by UUID and not by name. - Several build issues have been fixed. - Note management has been introduced. - Support for handling ITG and CPE reports has been added. - OTP forwarding is now disabled by default. -- Stephan Kleine <[email protected]> Thu, 04 Mar 2010 19:12:18 +0100 openvas-manager (1.0.0.beta4-1) UNRELEASED; urgency=low * New upstream release. - More internal data structures are now identified by UUID and not by name. - A bug which prevented PDF reports to be generated from certain results due to unescaped LaTeX characters has been fixed. - A number of formatting and casting issues found by Stephan Kleine have been fixed. - The man page has been updated. -- Stephan Kleine <[email protected]> Mon, 08 Feb 2010 12:21:06 +0100 openvas-manager (1.0.0.beta3-1) UNRELEASED; urgency=low * New upstream release. - Nmap is now the default port scanner for predefined configurations. - The man page has been updated. - LSC credential management has been improved. - A number of internal data structures are now identified by UUID and not by name. - The manager now converts all input from the scanner to UTF-8. - The encoding of the LaTeX report has been switch to UTF-8. - A bug that caused some settings to be ignored during scan configuration import has been fixed. -- Stephan Kleine <[email protected]> Fri, 05 Feb 2010 15:19:05 +0100 openvas-manager (1.0.0.beta2-1) UNRELEASED; urgency=low * New upstream release. - Deleting of active reports is prevented. - Introduced ownership for all objects. This makes objects (like a "target") not appear for other users anymore. - Improved ISO-8859-1 to UTF-8 conversion hacks. - Allowed "\" for login names (important for windows) - Send users host restrictions ("rules") via OTP when starting a scan. - Activated NSIS package generator for credentials management. - Filter out potentials passwords from logging. - Introduced UUIDs for users. - Improved PDF report generator. -- Stephan Kleine <[email protected]> Wed, 27 Jan 2010 11:49:33 +0100 openvas-manager (1.0.0.beta1-1) UNRELEASED; urgency=low * Initial package. -- Stephan Kleine <[email protected]> Sat, 23 Jan 2010 09:36:42 +0100 ++++++ debian.compat ++++++ 5 ++++++ debian.control ++++++ Source: openvas-manager Section: admin Priority: optional Maintainer: Stephan Kleine <[email protected]> Build-Depends: debhelper (>= 5), cmake, doxygen, dpatch, hardening-wrapper, libopenvas4-dev, libsqlite3-dev, pkg-config Standards-Version: 3.8.0 Package: openvas-manager Section: net Architecture: any Depends: ${shlibs:Depends}, ${misc:Depends} Description: Manager Module of OpenVAS The OpenVAS-Manager is a layer between OpenVAS-Scanner and various client applications such as OpenVAS-Client or Greenbone Security Assistant. Among other features, it adds server-side storage of scan results and it makes it unnecessary for scan clients to keep connection until a scan finishes. Package: openvas-manager-dbg Section: debug Priority: extra Architecture: any Depends: ${misc:Depends}, openvas-manager (= ${binary:Version}) Description: Manager Module of OpenVAS (debug) The OpenVAS-Manager is a layer between OpenVAS-Scanner and various client applications such as OpenVAS-Client or Greenbone Security Assistant. Among other features, it adds server-side storage of scan results and it makes it unnecessary for scan clients to keep connection until a scan finishes. . This package contains the debugging symbols. ++++++ debian.openvas-manager.default ++++++ # # The file the OpenVAS Manager will use as database. # DATABASE_FILE=/var/lib/openvas/mgr/tasks.db # # The address the OpenVAS Manager will listen on. # MANAGER_ADDRESS=127.0.0.1 # # The port the OpenVAS Manager will listen on. # MANAGER_PORT=9390 # # The address the OpenVAS Scanner is listening on. # SCANNER_ADDRESS=127.0.0.1 # # The port the OpenVAS Scanner is listening on. # SCANNER_PORT=9391 ++++++ debian.openvas-manager.dirs ++++++ var/log/openvas ++++++ debian.openvas-manager.init ++++++ #!/bin/sh -e # # /etc/init.d/openvas-manager # ### BEGIN INIT INFO # Provides: openvas-manager # Required-Start: $remote_fs # Required-Stop: $remote_fs # Should-Start: # Should-Stop: # Default-Start: # Default-Stop: 0 6 # Short-Description: Start and stop the OpenVAS Manager # Description: Controls the OpenVAS daemon "openvasmd". ### END INIT INFO # time to wait for daemons death, in seconds # don't set it too low or you might not let openvasmd die gracefully DODTIME=5 # Read config [ -r /etc/default/openvas-manager ] && . /etc/default/openvas-manager [ "$DATABASE_FILE" ] && DAEMONOPTS="--database="$DATABASE_FILE [ "$MANAGER_ADDRESS" ] && DAEMONOPTS="$DAEMONOPTS --listen=$MANAGER_ADDRESS" [ "$MANAGER_PORT" ] && DAEMONOPTS="$DAEMONOPTS --port=$MANAGER_PORT" [ "$SCANNER_ADDRESS" ] && DAEMONOPTS="$DAEMONOPTS --slisten=$SCANNER_ADDRESS" [ "$SCANNER_PORT" ] && DAEMONOPTS="$DAEMONOPTS --sport=$SCANNER_PORT" DAEMON=/usr/sbin/openvasmd PIDFILE=/var/run/openvasmd.pid NAME=openvasmd LABEL="OpenVAS Manager" test -x $DAEMON || exit 0 running() { # No pidfile, probably no daemon present # [ ! -f "$PIDFILE" ] && return 1 pid=`cat $PIDFILE` # No pid, probably no daemon present [ -z "$pid" ] && return 1 [ ! -d /proc/$pid ] && return 1 cmd=`cat /proc/$pid/cmdline | tr "\000" "\n"|head -n 1 |cut -d : -f 1` # No openvasmd? [ `basename "$cmd"` != "$NAME" ] && return 1 return 0 } start_daemon() { start-stop-daemon --start --exec $DAEMON -- $DAEMONOPTS 2>&1 >/dev/null errcode=$? # If we don't sleep then running() might not see the pidfile sleep $DODTIME return $errcode } force_stop() { [ ! -e "$PIDFILE" ] && return if running ; then kill -15 $pid # Is it really dead? sleep "$DODTIME"s if running ; then kill -9 $pid sleep "$DODTIME"s if running ; then echo "Cannot kill $LABEL (pid=$pid)!" exit 1 fi fi fi rm -f $PIDFILE } case "$1" in start) echo -n "Starting $LABEL: " if start_daemon && running ; then echo "openvasmd." else echo "ERROR." exit 1 fi ;; stop) echo -n "Stopping $LABEL: " if running ; then start-stop-daemon --stop --pidfile $PIDFILE --quiet --oknodo --exec $DAEMON sleep "$DODTIME"s fi if running; then force_stop fi echo "openvasmd." ;; restart) echo -n "Restarting $LABEL: " if running; then start-stop-daemon --stop --pidfile $PIDFILE --quiet --oknodo --exec $DAEMON sleep "$DODTIME"s fi if running; then force_stop fi if start_daemon && running ; then echo "openvasmd." else echo "ERROR." exit 1 fi ;; reload|force-reload) echo -n "Reloading $LABEL configuration files: " start-stop-daemon --stop --pidfile $PIDFILE --signal 1 --exec $DAEMON sleep "$DODTIME"s if running ; then echo "done." else echo "ERROR." exit 1 fi ;; status) echo -n "$LABEL is " if running ; then echo "running" else echo " not running." exit 1 fi ;; update) echo "Updating the NVT cache" $DAEMON $DAEMONOPTS --update ;; rebuild) echo "Rebuilding the NVT cache" $DAEMON $DAEMONOPTS --rebuild ;; *) echo "Usage: /etc/init.d/openvas-manager {start|stop|restart|reload|status|update|rebuild}" exit 1 ;; esac exit 0 ++++++ debian.openvas-manager.install ++++++ etc/openvas usr/sbin usr/share/man/man8 usr/share/openvas/openvasmd ++++++ debian.openvas-manager.logrotate ++++++ /var/log/openvas/openvasmd.log { missingok notifempty create 640 root adm daily rotate 7 compress postrotate if [ -s /var/run/openvasmd.pid ]; then kill -1 `cat /var/run/openvasmd.pid`; fi openvaslogs=`ls /var/log/openvas/openvasmd.log.*` if [ -n "$openvaslogs" ]; then chown root:adm $openvaslogs chmod 640 $openvaslogs fi endscript } ++++++ debian.rules ++++++ #!/usr/bin/make -f # -*- makefile -*- # Sample debian/rules that uses debhelper. # This file was originally written by Joey Hess and Craig Small. # As a special exception, when this file is copied by dh-make into a # dh-make output file, you may use that output file without restriction. # This special exception was added by Craig Small in version 0.37 of dh-make. # Uncomment this to turn on verbose mode. export DH_VERBOSE=1 # Enable hardening-wrapper export DEB_BUILD_HARDENING=1 config: config-stamp config-stamp: dh_testdir # Add here commands to configure the package. cmake -DCMAKE_VERBOSE_MAKEFILE=ON -DCMAKE_INSTALL_PREFIX=/usr -DSYSCONFDIR=/etc -DLOCALSTATEDIR=/var -DCMAKE_BUILD_TYPE=release . touch $@ build: build-stamp build-stamp: config-stamp dh_testdir # Add here commands to compile the package. $(MAKE) VERBOSE=1 touch $@ clean: dh_testdir dh_testroot rm -f build-stamp config.stamp # Add here commands to clean up after the build process. dh_clean install: build dh_testdir dh_testroot dh_clean -k dh_installdirs # Add here commands to install the package into debian/tmp $(MAKE) install DESTDIR=$(CURDIR)/debian/tmp install -Dm 0644 doc/openvasmd.8 $(CURDIR)/debian/tmp/usr/share/man/man8/openvasmd.8 # Build architecture-independent files here. binary-indep: build install # We have nothing to do by default. # Build architecture-dependent files here. binary-arch: build install dh_testdir dh_testroot dh_installchangelogs CHANGES dh_installdocs dh_install --sourcedir=debian/tmp dh_installdebconf dh_installlogrotate dh_installinit -n -r -u stop 20 0 6 . dh_installman --sourcedir=debian/tmp dh_link dh_strip --dbg-package=openvas-manager-dbg dh_compress dh_fixperms dh_installdeb dh_shlibdeps dh_gencontrol dh_md5sums dh_builddeb binary: binary-indep binary-arch .PHONY: build clean binary-indep binary-arch binary install ++++++ openvas-manager.dsc ++++++ Format: 1.0 Source: openvas-manager Binary: openvas-manager Architecture: any Version: 2.0.2-1 Maintainer: Stephan Kleine <[email protected]> Homepage: http://www.openvas.org/ Standards-Version: 3.8.0 Build-Depends: debhelper (>= 5), cmake, doxygen, dpatch, hardening-wrapper, libopenvas4-dev, libsqlite3-dev, pkg-config Files: 776ce4e1000137c9aec7863372c8c876 373800 openvas-manager-2.0.2.orig.tar.gz 131e6720b0526ade9405eade0d9150ac 56625 openvas-manager-2.0.2.diff.gz ++++++ openvasmd.init.fedora ++++++ #!/bin/sh # # openvas-manager This starts and stops the OpenVAS Manager. # # chkconfig: 35 75 25 # description: This starts and stops the OpenVAS Manager. # processname: /usr/sbin/openvasmd # config: /etc/openvas/openvasmd.conf # pidfile: /var/run/openvasmd.pid # ### BEGIN INIT INFO # Provides: $openvas-manager ### END INIT INFO # Source function library. . /etc/rc.d/init.d/functions EXEC="/usr/sbin/openvasmd" PROG=$(basename $EXEC) # Check for missing binaries (stale symlinks should not happen) # Note: Special treatment of stop for LSB conformance test -x $EXEC || { echo "$EXEC not installed"; if [ "$1" = "stop" ]; then exit 0; else exit 5; fi; } # Check for existence of needed config file OPENVASMD_CONFIG=/etc/sysconfig/openvas-manager test -r $OPENVASMD_CONFIG || { echo "$OPENVASMD_CONFIG not existing"; if [ "$1" = "stop" ]; then exit 0; else exit 6; fi; } # Read config . $OPENVASMD_CONFIG # Build parameters [ "$DATABASE_FILE" ] && PARAMS="--database="$DATABASE_FILE [ "$MANAGER_ADDRESS" ] && PARAMS="$PARAMS --listen=$MANAGER_ADDRESS" [ "$MANAGER_PORT" ] && PARAMS="$PARAMS --port=$MANAGER_PORT" [ "$SCANNER_ADDRESS" ] && PARAMS="$PARAMS --slisten=$SCANNER_ADDRESS" [ "$SCANNER_PORT" ] && PARAMS="$PARAMS --sport=$SCANNER_PORT" LOCKFILE=/var/lock/subsys/$PROG start() { echo -n $"Starting openvas-manager: " daemon $EXEC $PARAMS RETVAL=$? echo [ $RETVAL -eq 0 ] && touch $LOCKFILE return $RETVAL } stop() { echo -n $"Stopping openvas-manager: " killproc $PROG RETVAL=$? echo [ $RETVAL -eq 0 ] && rm -f $LOCKFILE return $RETVAL } restart() { stop start } reload() { echo -n $"Reloading openvas-manager: " killproc $PROG -HUP RETVAL=$? echo return $RETVAL } force_reload() { restart } fdr_status() { status $PROG } case "$1" in start|stop|restart|reload) $1 ;; force-reload) force_reload ;; status) fdr_status ;; condrestart|try-restart) [ ! -f $LOCKFILE ] || restart ;; update) ## Update the NVT cache and exit. $EXEC $PARAMS --update ;; rebuild) ## Rebuild the NVT cache and exit. $EXEC $PARAMS --rebuild ;; *) echo $"Usage: $0 {start|stop|status|restart|try-restart|reload|force-reload|update|rebuild}" exit 2 esac ++++++ openvasmd.init.mandriva ++++++ #!/bin/sh # # LSB compatible service control script; see http://www.linuxbase.org/spec/ # ### BEGIN INIT INFO # Provides: openvas-manager # Required-Start: $syslog $remote_fs # Should-Start: $time ypbind smtp # Required-Stop: $syslog $remote_fs # Should-Stop: $time ypbind smtp # Default-Start: 3 5 # Default-Stop: 0 1 2 6 # Short-Description: OpenVAS Manager # Description: Start the OpenVAS Manager. ### END INIT INFO # # Source function library. . /etc/rc.d/init.d/functions EXEC="/usr/sbin/openvasmd" PROG=$(basename $EXEC) # Check for missing binaries (stale symlinks should not happen) # Note: Special treatment of stop for LSB conformance test -x $EXEC || { echo "$EXEC not installed"; if [ "$1" = "stop" ]; then exit 0; else exit 5; fi; } # Check for existence of needed config file OPENVASMD_CONFIG=/etc/sysconfig/openvas-manager test -r $OPENVASMD_CONFIG || { echo "$OPENVASMD_CONFIG not existing"; if [ "$1" = "stop" ]; then exit 0; else exit 6; fi; } # Read config . $OPENVASMD_CONFIG # Build parameters [ "$DATABASE_FILE" ] && PARAMS="--database="$DATABASE_FILE [ "$MANAGER_ADDRESS" ] && PARAMS="$PARAMS --listen=$MANAGER_ADDRESS" [ "$MANAGER_PORT" ] && PARAMS="$PARAMS --port=$MANAGER_PORT" [ "$SCANNER_ADDRESS" ] && PARAMS="$PARAMS --slisten=$SCANNER_ADDRESS" [ "$SCANNER_PORT" ] && PARAMS="$PARAMS --sport=$SCANNER_PORT" LOCKFILE=/var/lock/subsys/$PROG start() { echo -n $"Starting openvas-manager: " daemon $EXEC $PARAMS RETVAL=$? echo [ $RETVAL -eq 0 ] && touch $LOCKFILE return $RETVAL } stop() { echo -n $"Stopping openvas-manager: " killproc $PROG RETVAL=$? echo [ $RETVAL -eq 0 ] && rm -f $LOCKFILE return $RETVAL } restart() { stop start } reload() { echo -n $"Reloading openvas-manager: " killproc $PROG -HUP RETVAL=$? echo return $RETVAL } force_reload() { restart } fdr_status() { status $PROG } case "$1" in start|stop|restart|reload) $1 ;; force-reload) force_reload ;; status) fdr_status ;; condrestart|try-restart) [ ! -f $LOCKFILE ] || restart ;; update) ## Update the NVT cache and exit. $EXEC $PARAMS --update ;; rebuild) ## Rebuild the NVT cache and exit. $EXEC $PARAMS --rebuild ;; *) echo $"Usage: $0 {start|stop|status|restart|try-restart|reload|force-reload|update|rebuild}" exit 2 esac ++++++ openvasmd.init.suse ++++++ #!/bin/sh # # /etc/init.d/openvas-manager # and its symbolic link # /usr/sbin/rcopenvas-manager # # LSB compatible service control script; see http://www.linuxbase.org/spec/ # ### BEGIN INIT INFO # Provides: openvas-manager # Required-Start: $syslog $remote_fs # Should-Start: $time ypbind smtp # Required-Stop: $syslog $remote_fs # Should-Stop: $time ypbind smtp # Default-Start: 3 5 # Default-Stop: 0 1 2 6 # Short-Description: OpenVAS Manager # Description: Start the OpenVAS Manager. ### END INIT INFO # # Note on runlevels: # 0 - halt/poweroff 6 - reboot # 1 - single user 2 - multiuser without network exported # 3 - multiuser w/ network (text mode) 5 - multiuser w/ network and X11 (xdm) # # Check for missing binaries (stale symlinks should not happen) # Note: Special treatment of stop for LSB conformance OPENVASMD_BIN=/usr/sbin/openvasmd test -x $OPENVASMD_BIN || { echo "$OPENVASMD_BIN not installed"; if [ "$1" = "stop" ]; then exit 0; else exit 5; fi; } # Check for existence of needed config file and read it OPENVASMD_CONFIG=/etc/sysconfig/openvas-manager test -r $OPENVASMD_CONFIG || { echo "$OPENVASMD_CONFIG not existing"; if [ "$1" = "stop" ]; then exit 0; else exit 6; fi; } # Read config . $OPENVASMD_CONFIG # Build parameters [ "$DATABASE_FILE" ] && PARAMS="--database="$DATABASE_FILE [ "$MANAGER_ADDRESS" ] && PARAMS="$PARAMS --listen=$MANAGER_ADDRESS" [ "$MANAGER_PORT" ] && PARAMS="$PARAMS --port=$MANAGER_PORT" [ "$SCANNER_ADDRESS" ] && PARAMS="$PARAMS --slisten=$SCANNER_ADDRESS" [ "$SCANNER_PORT" ] && PARAMS="$PARAMS --sport=$SCANNER_PORT" # Source LSB init functions # providing start_daemon, killproc, pidofproc, # log_success_msg, log_failure_msg and log_warning_msg. # This is currently not used by UnitedLinux based distributions and # not needed for init scripts for UnitedLinux only. If it is used, # the functions from rc.status should not be sourced or used. #. /lib/lsb/init-functions # Shell functions sourced from /etc/rc.status: # rc_check check and set local and overall rc status # rc_status check and set local and overall rc status # rc_status -v be verbose in local rc status and clear it afterwards # rc_status -v -r ditto and clear both the local and overall rc status # rc_status -s display "skipped" and exit with status 3 # rc_status -u display "unused" and exit with status 3 # rc_failed set local and overall rc status to failed # rc_failed <num> set local and overall rc status to <num> # rc_reset clear both the local and overall rc status # rc_exit exit appropriate to overall rc status # rc_active checks whether a service is activated by symlinks . /etc/rc.status # Reset status of this service rc_reset # Return values acc. to LSB for all commands but status: # 0 - success # 1 - generic or unspecified error # 2 - invalid or excess argument(s) # 3 - unimplemented feature (e.g. "reload") # 4 - user had insufficient privileges # 5 - program is not installed # 6 - program is not configured # 7 - program is not running # 8--199 - reserved (8--99 LSB, 100--149 distrib, 150--199 appl) # # Note that starting an already running service, stopping # or restarting a not-running service as well as the restart # with force-reload (in case signaling is not supported) are # considered a success. case "$1" in start) echo -n "Starting openvas-manager " ## Start daemon with startproc(8). If this fails ## the return value is set appropriately by startproc. /sbin/startproc $OPENVASMD_BIN $PARAMS # Remember status and be verbose rc_status -v ;; stop) echo -n "Shutting down openvas-manager " ## Stop daemon with killproc(8) and if this fails ## killproc sets the return value according to LSB. /sbin/killproc -TERM $OPENVASMD_BIN # Remember status and be verbose rc_status -v ;; try-restart|condrestart) ## Do a restart only if the service was active before. ## Note: try-restart is now part of LSB (as of 1.9). ## RH has a similar command named condrestart. if test "$1" = "condrestart"; then echo "${attn} Use try-restart ${done}(LSB)${attn} rather than condrestart ${warn}(RH)${norm}" fi $0 status if test $? = 0; then $0 restart else rc_reset # Not running is not a failure. fi # Remember status and be quiet rc_status ;; restart) ## Stop the service and regardless of whether it was ## running or not, start it again. $0 stop $0 start # Remember status and be quiet rc_status ;; force-reload) ## Signal the daemon to reload its config. Most daemons ## do this on signal 1 (SIGHUP). ## If it does not support it, restart the service if it ## is running. echo -n "Reload service openvas-manager " ## if it supports it: /sbin/killproc -HUP $OPENVASMD_BIN #touch /var/run/openvasmd.pid rc_status -v ## Otherwise: #$0 try-restart #rc_status ;; reload) ## Like force-reload, but if daemon does not support ## signaling, do nothing (!) # If it supports signaling: echo -n "Reload service openvas-manager " /sbin/killproc -HUP $OPENVASMD_BIN #touch /var/run/openvasmd.pid rc_status -v ## Otherwise if it does not support reload: #rc_failed 3 #rc_status -v ;; status) echo -n "Checking for service openvas-manager " ## Check status with checkproc(8), if process is running ## checkproc will return with exit status 0. # Return value is slightly different for the status command: # 0 - service up and running # 1 - service dead, but /var/run/ pid file exists # 2 - service dead, but /var/lock/ lock file exists # 3 - service not running (unused) # 4 - service status unknown :-( # 5--199 reserved (5--99 LSB, 100--149 distro, 150--199 appl.) # NOTE: checkproc returns LSB compliant status values. /sbin/checkproc $OPENVASMD_BIN # NOTE: rc_status knows that we called this init script with # "status" option and adapts its messages accordingly. rc_status -v ;; probe) ## Optional: Probe for the necessity of a reload, print out the ## argument to this init script which is required for a reload. ## Note: probe is not (yet) part of LSB (as of 1.9) test $OPENVASMD_CONFIG -nt /var/run/openvasmd.pid && echo reload ;; update) ## Update the NVT cache and exit. $OPENVASMD_BIN $PARAMS --update ;; rebuild) ## Rebuild the NVT cache and exit. $OPENVASMD_BIN $PARAMS --rebuild ;; *) echo "Usage: $0 {start|stop|status|try-restart|restart|force-reload|reload|probe|update|rebuild}" exit 1 ;; esac rc_exit ++++++ openvasmd.logrotate ++++++ /var/log/openvas/openvasmd.log { daily rotate 7 compress missingok notifempty sharedscripts } ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Remember to have fun... -- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
