commit: 34e2e746d9d0f2a1f84b57e0297416486b461ddc Author: Jonas Licht <jonas.licht <AT> fem <DOT> tu-ilmenau <DOT> de> AuthorDate: Sat Mar 21 15:15:15 2020 +0000 Commit: Joonas Niilola <juippis <AT> gentoo <DOT> org> CommitDate: Wed Mar 25 13:45:27 2020 +0000 URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=34e2e746
net-analyzer/ospd-openvas: add new package Bug: https://bugs.gentoo.org/713804 Package-Manager: Portage-2.3.89, Repoman-2.3.20 Signed-off-by: Jonas Licht <jonas.licht <AT> fem.tu-ilmenau.de> Closes: https://github.com/gentoo/gentoo/pull/14922 Signed-off-by: Joonas Niilola <juippis <AT> gentoo.org> net-analyzer/ospd-openvas/Manifest | 1 + net-analyzer/ospd-openvas/files/ospd-openvas.confd | 10 ++++ net-analyzer/ospd-openvas/files/ospd-openvas.initd | 17 +++++++ .../ospd-openvas/files/ospd-openvas.service | 18 +++++++ net-analyzer/ospd-openvas/files/ospd.conf | 10 ++++ net-analyzer/ospd-openvas/files/redis.conf.example | 57 ++++++++++++++++++++++ net-analyzer/ospd-openvas/metadata.xml | 16 ++++++ .../ospd-openvas/ospd-openvas-1.0.0.ebuild | 44 +++++++++++++++++ 8 files changed, 173 insertions(+) diff --git a/net-analyzer/ospd-openvas/Manifest b/net-analyzer/ospd-openvas/Manifest new file mode 100644 index 00000000000..00e7b1d401c --- /dev/null +++ b/net-analyzer/ospd-openvas/Manifest @@ -0,0 +1 @@ +DIST ospd-openvas-1.0.0.tar.gz 49725 BLAKE2B 230df2f572f345b9ed398e2af120a2fecee87f9f8d8d3c072ca314960f34f7329fe22b002ba0971ba6dc14cd3ca4543120653f89b3085a0f8a932fbeb6ef2682 SHA512 2b2e4f38843265a018a58b7fbd2fde0449d4f6cf3c5c1b7bec02d8390ab257020304f5be1bf2a77f7d28a04f4d1da611fc9b3066bef370dd686dfb8684fce534 diff --git a/net-analyzer/ospd-openvas/files/ospd-openvas.confd b/net-analyzer/ospd-openvas/files/ospd-openvas.confd new file mode 100644 index 00000000000..fc776ac49e3 --- /dev/null +++ b/net-analyzer/ospd-openvas/files/ospd-openvas.confd @@ -0,0 +1,10 @@ +# OpenVAS Scanner command args + +# e.g --foreground +OSPD_OPENVAS_OPTIONS="" + +# Scanner listen socket +OSPD_OPENVAS_UNIX_SOCKET="--unix-socket=/tmp/ospd.sock" + +# Scanner listen mode +OSPD_OPENVAS_SOCKET_MODE="--socket-mode=0o777" diff --git a/net-analyzer/ospd-openvas/files/ospd-openvas.initd b/net-analyzer/ospd-openvas/files/ospd-openvas.initd new file mode 100644 index 00000000000..ced28d892dc --- /dev/null +++ b/net-analyzer/ospd-openvas/files/ospd-openvas.initd @@ -0,0 +1,17 @@ +#!/sbin/openrc-run +# Copyright 2020 Gentoo Authors +# Distributed under the terms of the GNU General Public License v2 + +name="remotely control an OpenVAS Scanner" +command=/usr/bin/ospd-openvas +pidfile="/run/${RC_SVCNAME}.pid" +command_args="${OSPD_OPENVAS_OPTIONS} \ + ${OSPD_OPENVAS_UNIX_SOCKET} \ + ${OSPD_OPENVAS_SOCKET_MODE} \ + --pid-file ${pidfile} \ + --config /etc/openvas/ospd.conf" + +depend() { + after bootmisc + need localmount redis +} diff --git a/net-analyzer/ospd-openvas/files/ospd-openvas.service b/net-analyzer/ospd-openvas/files/ospd-openvas.service new file mode 100644 index 00000000000..f496797d54f --- /dev/null +++ b/net-analyzer/ospd-openvas/files/ospd-openvas.service @@ -0,0 +1,18 @@ +[Unit] +Description=OSPD OpenVAS +After=network.target networking.service dnsmasq.service redis-server@openvas.service systemd-tmpfiles.service +ConditionKernelCommandLine=!recovery + +[Service] +Type=forking +User=gvm +Group=gvm +ExecStart=/usr/bin/ospd-openvas --config /etc/openvas/ospd.conf --foreground +SuccessExitStatus=SIGKILL +# This works asynchronously, but does not take the daemon down during the reload so it's ok. +Restart=always +RestartSec=60 + +[Install] +WantedBy=multi-user.target +Alias=ospd-openvas.service diff --git a/net-analyzer/ospd-openvas/files/ospd.conf b/net-analyzer/ospd-openvas/files/ospd.conf new file mode 100644 index 00000000000..bac46565001 --- /dev/null +++ b/net-analyzer/ospd-openvas/files/ospd.conf @@ -0,0 +1,10 @@ +[OSPD - openvas] + +#required by gvmd +unix_socket = /tmp/ospd.sock + +#socket_mode = 0o770 +#unix_socket = /run/ospd/ospd-openvas.pid + +log_level = DEBUG +log_file = /var/log/gvm/ospd-openvas.log diff --git a/net-analyzer/ospd-openvas/files/redis.conf.example b/net-analyzer/ospd-openvas/files/redis.conf.example new file mode 100644 index 00000000000..6a41211aaae --- /dev/null +++ b/net-analyzer/ospd-openvas/files/redis.conf.example @@ -0,0 +1,57 @@ +bind 127.0.0.1 +protected-mode yes +port 0 +tcp-backlog 511 +unixsocket /tmp/redis.sock +unixsocketperm 700 +timeout 0 +tcp-keepalive 300 +daemonize no +supervised no +pidfile /run/redis/redis.pid +loglevel notice +logfile /var/log/redis/redis.log +databases 16 +always-show-logo yes +stop-writes-on-bgsave-error yes +rdbcompression yes +rdbchecksum yes +dbfilename dump.rdb +dir /var/lib/redis/ +slave-serve-stale-data yes +slave-read-only yes +repl-diskless-sync no +repl-diskless-sync-delay 5 +repl-disable-tcp-nodelay no +slave-priority 100 +lazyfree-lazy-eviction no +lazyfree-lazy-expire no +lazyfree-lazy-server-del no +slave-lazy-flush no +appendonly no +appendfilename "appendonly.aof" +appendfsync everysec +no-appendfsync-on-rewrite no +auto-aof-rewrite-percentage 100 +auto-aof-rewrite-min-size 64mb +aof-load-truncated yes +aof-use-rdb-preamble no +lua-time-limit 5000 +slowlog-log-slower-than 10000 +slowlog-max-len 128 +latency-monitor-threshold 0 +notify-keyspace-events "" +hash-max-ziplist-entries 512 +hash-max-ziplist-value 64 +list-max-ziplist-size -2 +list-compress-depth 0 +set-max-intset-entries 512 +zset-max-ziplist-entries 128 +zset-max-ziplist-value 64 +hll-sparse-max-bytes 3000 +activerehashing yes +client-output-buffer-limit normal 0 0 0 +client-output-buffer-limit slave 256mb 64mb 60 +client-output-buffer-limit pubsub 32mb 8mb 60 +hz 10 +aof-rewrite-incremental-fsync yes diff --git a/net-analyzer/ospd-openvas/metadata.xml b/net-analyzer/ospd-openvas/metadata.xml new file mode 100644 index 00000000000..d46922d749f --- /dev/null +++ b/net-analyzer/ospd-openvas/metadata.xml @@ -0,0 +1,16 @@ +<?xml version="1.0" encoding="UTF-8"?> +<!DOCTYPE pkgmetadata SYSTEM "http://www.gentoo.org/dtd/metadata.dtd";> +<pkgmetadata> + <maintainer type="person"> + <email>jonas.li...@gmail.com</email> + <name>Jonas Licht</name> + </maintainer> + <maintainer type="project"> + <email>proxy-ma...@gentoo.org</email> + <name>Proxy Maintainers</name> + </maintainer> + <longdescription lang="en"> + This is an OSP server implementation to allow GVM to remotely control OpenVAS. + Once running, you need to configure OpenVAS for the Greenbone Vulnerability Manager, for example via the web interface Greenbone Security Assistant. Then you can create scan tasks to use OpenVAS. + </longdescription> +</pkgmetadata> diff --git a/net-analyzer/ospd-openvas/ospd-openvas-1.0.0.ebuild b/net-analyzer/ospd-openvas/ospd-openvas-1.0.0.ebuild new file mode 100644 index 00000000000..8c2dfcfee26 --- /dev/null +++ b/net-analyzer/ospd-openvas/ospd-openvas-1.0.0.ebuild @@ -0,0 +1,44 @@ +# Copyright 2020 Gentoo Authors +# Distributed under the terms of the GNU General Public License v2 + +EAPI=7 + +PYTHON_COMPAT=( python3_6 ) +inherit distutils-r1 systemd + +DESCRIPTION="This is an OSP server implementation to allow GVM to remotely control OpenVAS" +HOMEPAGE="https://github.com/greenbone/ospd-openvas"; +SRC_URI="https://github.com/greenbone/ospd-openvas/archive/v${PV}.tar.gz -> ${P}.tar.gz" + +LICENSE="GPL-2" +SLOT="0" +KEYWORDS="~amd64 ~x86" +IUSE="" + +DEPEND=" + acct-user/gvm + dev-python/psutil[${PYTHON_USEDEP}] + dev-python/redis-py[${PYTHON_USEDEP}] + net-analyzer/ospd[${PYTHON_USEDEP}] +" +RDEPEND=" + ${DEPEND} + >=net-analyzer/openvas-scanner-7.0.0" +BDEPEND="" + +distutils_enable_tests unittest + +python_install() { + distutils-r1_python_install + + insinto /etc/openvas + doins "${FILESDIR}"/redis.conf.example + doins "${FILESDIR}"/ospd.conf + + fowners -R gvm:gvm /etc/openvas + + newinitd "${FILESDIR}/${PN}.initd" "${PN}" + newconfd "${FILESDIR}/${PN}.confd" "${PN}" + + systemd_dounit "${FILESDIR}/${PN}.service" +}
