OpenPKG CVS Repository
http://cvs.openpkg.org/
____________________________________________________________________________
Server: cvs.openpkg.org Name: Ralf S. Engelschall
Root: /e/openpkg/cvs Email: [EMAIL PROTECTED]
Module: openpkg-src Date: 03-Oct-2003 16:44:42
Branch: HEAD Handle: 2003100315444200
Added files:
openpkg-src/nessus-tool nessus-tool.patch nessusd.conf nessusd.rules
nessusd.users rc.nessus
Modified files:
openpkg-src/nessus-tool nessus-tool.spec
Log:
improve this package by adding reasonable default configuration and
server run-commands
Summary:
Revision Changes Path
1.1 +21 -0 openpkg-src/nessus-tool/nessus-tool.patch
1.6 +92 -48 openpkg-src/nessus-tool/nessus-tool.spec
1.1 +38 -0 openpkg-src/nessus-tool/nessusd.conf
1.1 +11 -0 openpkg-src/nessus-tool/nessusd.rules
1.1 +4 -0 openpkg-src/nessus-tool/nessusd.users
1.1 +60 -0 openpkg-src/nessus-tool/rc.nessus
____________________________________________________________________________
patch -p0 <<'@@ .'
Index: openpkg-src/nessus-tool/nessus-tool.patch
============================================================================
$ cvs diff -u -r0 -r1.1 nessus-tool.patch
--- /dev/null 2003-10-03 16:44:42.000000000 +0200
+++ nessus-tool.patch 2003-10-03 16:44:42.000000000 +0200
@@ -0,0 +1,21 @@
+Index: doc/nessusd.8.in
+--- doc/nessusd.8.in.orig 2003-08-14 20:22:46.000000000 +0200
++++ doc/nessusd.8.in 2003-10-03 15:14:48.000000000 +0200
+@@ -169,7 +169,7 @@
+ .SH USERS MANAGEMENT
+
+ The utility nessus-adduser(8) creates new nessusd users. Each nessusd user
+-is attributed a "home", in @NESSUS_STATEDIR@/users/<username>. This home contains
the following directories :
++is attributed a "home", in @NESSUSD_STATEDIR@/users/<username>. This home contains
the following directories :
+ .IP auth/
+ This directory contains the authentification information for this user. It might
contain the file 'dname' if the user is authenticating using a certificate, or 'hash'
(or 'passwd') if the user is authenticating using a password. The file 'hash' contains
a MD5 hash of the user password, as well as a random seed. The file 'password' should
contain the password in clear text.
+
+@@ -192,7 +192,7 @@
+
+
+ When a user attempts to log in, nessusd first checks that the directory
[EMAIL PROTECTED]@/users/<username> exists, then hashes the password sent by the
user with the random salt found in <username>/auth/hash, and compares it with the
password hash stored in the same file. If the users authenticates using a certificate,
then nessusd checks that the certificate has been signed by a recognized authority,
and makes sure that the dname of the certificate shown by the user is the same as the
one in <username>/dname.
[EMAIL PROTECTED]@/users/<username> exists, then hashes the password sent by the
user with the random salt found in <username>/auth/hash, and compares it with the
password hash stored in the same file. If the users authenticates using a certificate,
then nessusd checks that the certificate has been signed by a recognized authority,
and makes sure that the dname of the certificate shown by the user is the same as the
one in <username>/dname.
+
+
+ To remove a given user, use the command nessus-rmuser(8).
@@ .
patch -p0 <<'@@ .'
Index: openpkg-src/nessus-tool/nessus-tool.spec
============================================================================
$ cvs diff -u -r1.5 -r1.6 nessus-tool.spec
--- openpkg-src/nessus-tool/nessus-tool.spec 3 Oct 2003 10:47:18 -0000 1.5
+++ openpkg-src/nessus-tool/nessus-tool.spec 3 Oct 2003 14:44:42 -0000 1.6
@@ -38,14 +38,19 @@
# list of sources
Source0:
ftp://ftp.nessus.org/pub/nessus/nessus-%{version}/src/nessus-core-%{version}.tar.gz
Source1:
ftp://ftp.nessus.org/pub/nessus/nessus-%{version}/src/nessus-plugins-%{version}.tar.gz
+Source2: nessusd.conf
+Source3: nessusd.rules
+Source4: nessusd.users
+Source5: rc.nessus
+Patch0: nessus-tool.patch
# build information
Prefix: %{l_prefix}
BuildRoot: %{l_buildroot}
BuildPreReq: OpenPKG, openpkg >= 20030103, X11, gcc, make
PreReq: OpenPKG, openpkg >= 20030103, X11
-BuildPreReq: nessus-libs, glib, gtk
-PreReq: nessus-libs, glib, gtk
+BuildPreReq: nessus-libs, glib, gtk, openssl
+PreReq: nessus-libs, glib, gtk, openssl
AutoReq: no
AutoReqProv: no
@@ -57,74 +62,113 @@
%prep
%setup0 -q -c
%setup1 -q -T -D -a 1
+ cd nessus-core
+ %patch0 -p0
%build
# build nessus-core part
- pushd nessus-core
- CC="%{l_cc}" \
- CFLAGS="%{l_cflags -O}" \
- CPPFLAGS="%{l_cppflags}" \
- LDFLAGS="%{l_ldflags}" \
- ./configure \
- --prefix=%{l_prefix} \
- --enable-unix-socket=%{l_prefix}/var/nessus-tool/nessus.socket \
- --disable-syslog \
- --with-x \
- --x-includes=`%{l_prefix}/etc/rc --query x11_incdir` \
- --x-libraries=`%{l_prefix}/etc/rc --query x11_libdir` \
- --enable-gtk
- %{l_make} %{l_mflags -O}
- popd
+ ( cd nessus-core
+ CC="%{l_cc}" \
+ CFLAGS="%{l_cflags -O}" \
+ CPPFLAGS="%{l_cppflags}" \
+ LDFLAGS="%{l_ldflags}" \
+ ./configure \
+ --prefix=%{l_prefix} \
+ --localstatedir=%{l_prefix}/var/nessus \
+ --sharedstatedir=%{l_prefix}/var/nessus \
+ --enable-unix-socket=%{l_prefix}/var/nessus/nessusd.socket \
+ --disable-syslog \
+ --with-x \
+ --x-includes=`%{l_prefix}/etc/rc --query x11_incdir` \
+ --x-libraries=`%{l_prefix}/etc/rc --query x11_libdir` \
+ --enable-save-sessions \
+ --enable-save-kb \
+ --enable-release
+ %{l_make} %{l_mflags -O}
+ ) || exit $?
# temporarily install nessus-core for nessus-plugins building
- pushd nessus-core
- nessus_core=`pwd`
- %{l_make} %{l_mflags -O} \
- install DESTDIR=${nessus_core}/tmp
- popd
+ nessus_core=`pwd`/nessus-core
+ ( cd nessus-core
+ %{l_make} %{l_mflags -O} \
+ install DESTDIR=${nessus_core}/tmp
+ ) || exit $?
# build nessus-plugins part
- pushd nessus-plugins
- CC="%{l_cc}" \
- CFLAGS="-I${nessus_core}/tmp%{l_prefix}/include/nessus %{l_cflags -O}" \
- CPPFLAGS="-I${nessus_core}/tmp%{l_prefix}/include/nessus %{l_cppflags}" \
- LDFLAGS="%{l_ldflags}" \
- ./configure \
- --prefix=%{l_prefix} \
- --enable-install="`%{l_shtool} echo -e %u`" \
- --enable-shared
- %{l_shtool} subst \
- -e 's;getinterfaces;local_getinterfaces;g' \
- -e 's;routethrough;local_routethrough;g' \
- -e 's;ipaddr2devname;local_ipaddr2devname;g' \
- -e 's;islocalhost;local_islocalhost;g' \
- -e 's;get_random_bytes;local_get_random_bytes;g' \
- -e 's;getsourceip;local_getsourceip;g' \
- plugins/nmap_osfingerprint/*.[ch]
- %{l_make} %{l_mflags -O}
- popd
+ ( cd nessus-plugins
+ CC="%{l_cc}" \
+ CFLAGS="-I${nessus_core}/tmp%{l_prefix}/include/nessus %{l_cflags -O}" \
+ CPPFLAGS="-I${nessus_core}/tmp%{l_prefix}/include/nessus %{l_cppflags}" \
+ LDFLAGS="%{l_ldflags}" \
+ ./configure \
+ --prefix=%{l_prefix} \
+ --enable-install="`%{l_shtool} echo -e %u`" \
+ --enable-shared
+ %{l_shtool} subst \
+ -e 's;getinterfaces;local_getinterfaces;g' \
+ -e 's;routethrough;local_routethrough;g' \
+ -e 's;ipaddr2devname;local_ipaddr2devname;g' \
+ -e 's;islocalhost;local_islocalhost;g' \
+ -e 's;get_random_bytes;local_get_random_bytes;g' \
+ -e 's;getsourceip;local_getsourceip;g' \
+ plugins/nmap_osfingerprint/*.[ch]
+ %{l_make} %{l_mflags -O}
+ ) || exit $?
%install
rm -rf $RPM_BUILD_ROOT
# install nessus-core part
- pushd nessus-core
- %{l_make} %{l_mflags} install DESTDIR=$RPM_BUILD_ROOT
- popd
+ ( cd nessus-core
+ %{l_make} %{l_mflags} install DESTDIR=$RPM_BUILD_ROOT
+ ) || exit $?
# install nessus-plugins part
- pushd nessus-plugins
- %{l_make} %{l_mflags} install DESTDIR=$RPM_BUILD_ROOT
- popd
+ ( cd nessus-plugins
+ %{l_make} %{l_mflags} install DESTDIR=$RPM_BUILD_ROOT
+ ) || exit $?
# strip down installation
strip $RPM_BUILD_ROOT%{l_prefix}/bin/* >/dev/null 2>&1 || true
+ # install default configuration
+ %{l_shtool} install -c -m 644 \
+ %{SOURCE nessusd.conf} \
+ %{SOURCE nessusd.rules} \
+ %{SOURCE nessusd.users} \
+ $RPM_BUILD_ROOT%{l_prefix}/etc/nessus/
+
+ # install run-command script
+ %{l_shtool} mkdir -f -p -m 755 \
+ $RPM_BUILD_ROOT%{l_prefix}/etc/rc.d
+ %{l_shtool} install -c -m 755 %{l_value -s -a} \
+ %{SOURCE rc.nessus} $RPM_BUILD_ROOT%{l_prefix}/etc/rc.d/
+
# determine installation files
- %{l_rpmtool} files -v -ofiles -r$RPM_BUILD_ROOT %{l_files_std}
+ %{l_rpmtool} files -v -ofiles -r$RPM_BUILD_ROOT \
+ %{l_files_std} \
+ '%config %{l_prefix}/etc/nessus/*'
%files -f files
%clean
rm -rf $RPM_BUILD_ROOT
+
+%post
+ if [ $1 -le 2 ]; then
+ if [ ! -f $RPM_INSTALL_PREFIX/var/nessus/CA/servercert.pem ]; then
+ ( echo "For the SSL/TLS based remote client/server connections"
+ echo "between the Nessus server and the Nessus clients, an"
+ echo "X.509 server certificate/key pair is needed. Run the"
+ echo "following command to create it once:"
+ echo " \$ $RPM_INSTALL_PREFIX/sbin/nessus-mkcert"
+ ) | %{l_rpmtool} msg -b -t info
+ fi
+ fi
+ if [ $1 -eq 1 ]; then
+ ( echo "Each Nessus user has to be created on the Nessus server"
+ echo "Run the following command to create an individual user:"
+ echo " \$ $RPM_INSTALL_PREFIX/sbin/nessus-adduser"
+ ) | %{l_rpmtool} msg -b -t info
+ fi
@@ .
patch -p0 <<'@@ .'
Index: openpkg-src/nessus-tool/nessusd.conf
============================================================================
$ cvs diff -u -r0 -r1.1 nessusd.conf
--- /dev/null 2003-10-03 16:44:42.000000000 +0200
+++ nessusd.conf 2003-10-03 16:44:42.000000000 +0200
@@ -0,0 +1,38 @@
+##
+## nessusd.conf -- Nessus Daemon Configuration
+##
+
+# paths
+rules = @l_prefix@/etc/nessus/nessusd.rules
+users = @l_prefix@/etc/nessus/nessusd.users
+logfile = @l_prefix@/var/nessus/nessusd.log
+dumpfile = @l_prefix@/var/nessus/nessusd.dump
+cert_file = @l_prefix@/var/nessus/CA/servercert.pem
+key_file = @l_prefix@/var/nessus/CA/serverkey.pem
+ca_file = @l_prefix@/var/nessus/CA/cacert.pem
+plugins_folder = @l_prefix@/lib/nessus/plugins
+
+# options
+max_hosts = 30
+max_checks = 10
+max_threads = 15
+be_nice = yes
+log_whole_attack = yes
+log_plugins_name_at_load = no
+cgi_path = /cgi-bin:/scripts
+port_range = default
+optimize_test = yes
+checks_read_timeout = 5
+non_simult_ports = 139, 445
+plugins_timeout = 320
+safe_checks = yes
+auto_enable_dependencies = yes
+use_mac_addr = no
+plugin_upload = no
+plugin_upload_suffixes = .nasl, .inc
+admin_user = root
+language = english
+slice_network_addresses = no
+#pem_password = password
+#force_pubkey_auth = yes
+
@@ .
patch -p0 <<'@@ .'
Index: openpkg-src/nessus-tool/nessusd.rules
============================================================================
$ cvs diff -u -r0 -r1.1 nessusd.rules
--- /dev/null 2003-10-03 16:44:42.000000000 +0200
+++ nessusd.rules 2003-10-03 16:44:42.000000000 +0200
@@ -0,0 +1,11 @@
+##
+## nessusd.rules -- Nessus Daemon Scanning Rules
+##
+
+accept 127.0.0.0/8
+accept client_ip/32
+#reject 192.168.1.1/32
+#reject !192.168.0.0/16
+default reject
+#default accept
+
@@ .
patch -p0 <<'@@ .'
Index: openpkg-src/nessus-tool/nessusd.users
============================================================================
$ cvs diff -u -r0 -r1.1 nessusd.users
--- /dev/null 2003-10-03 16:44:42.000000000 +0200
+++ nessusd.users 2003-10-03 16:44:42.000000000 +0200
@@ -0,0 +1,4 @@
+##
+## nessusd.users -- Nessus Daemon Users
+##
+
@@ .
patch -p0 <<'@@ .'
Index: openpkg-src/nessus-tool/rc.nessus
============================================================================
$ cvs diff -u -r0 -r1.1 rc.nessus
--- /dev/null 2003-10-03 16:44:42.000000000 +0200
+++ rc.nessus 2003-10-03 16:44:42.000000000 +0200
@@ -0,0 +1,60 @@
[EMAIL PROTECTED]@/lib/openpkg/bash @l_prefix@/etc/rc
+##
+## rc.nessus -- Run-Commands
+##
+
+%config
+ nessus_enable="$openpkg_rc_def"
+ nessus_listen_addr="127.0.0.1"
+ nessus_listen_port="1241"
+ nessus_source_addr="127.0.0.1"
+ nessus_log_prolog="true"
+ nessus_log_epilog="true"
+ nessus_log_numfiles="10"
+ nessus_log_minsize="1M"
+ nessus_log_complevel="9"
+
+%common
+ nessus_pidfile="@l_prefix@/var/nessus/nessusd.pid"
+ nessus_signal () {
+ [ -f $nessus_pidfile ] && kill -$1 `cat $nessus_pidfile`
+ }
+
+%status -u @l_susr@ -o
+ nessus_usable="unknown"
+ nessus_active="no"
+ rcService nessus enable yes && \
+ nessus_signal 0 && nessus_active="yes"
+ echo "nessus_enable=\"$nessus_enable\""
+ echo "nessus_usable=\"$nessus_usable\""
+ echo "nessus_active=\"$nessus_active\""
+
+%start -p 100 -u @l_susr@
+ rcService nessus enable yes || exit 0
+ rcService nessus active yes && exit 0
+ @l_prefix@/sbin/nessusd \
+ --listen="${nessus_listen_addr}" \
+ --port="${nessus_listen_port}" \
+ --src-ip="${nessus_source_addr}" \
+ --background
+
+%stop -p 100 -u @l_susr@
+ rcService nessus enable yes || exit 0
+ rcService nessus active no && exit 0
+ nessus_signal TERM
+ sleep 2
+
+%restart -p 100 -u @l_susr@
+ rcService nessus enable yes || exit 0
+ rcService nessus active no && exit 0
+ rc nessus stop start
+
+%daily -u @l_susr@
+ rcService nessus enable yes || exit 0
+ shtool rotate -f \
+ -n ${nessus_log_numfiles} -s ${nessus_log_minsize} -d \
+ -z ${nessus_log_complevel} -m 644 -o @l_susr@ -g @l_mgrp@ \
+ -P "${nessus_log_prolog}" \
+ -E "${nessus_log_epilog} && rc nessus restart" \
+ @l_prefix@/var/nessus/nessusd.log
+
@@ .
______________________________________________________________________
The OpenPKG Project www.openpkg.org
CVS Repository Commit List [EMAIL PROTECTED]
