Author: jan
Date: 2007-07-05 16:06:48 +0200 (Thu, 05 Jul 2007)
New Revision: 257
Added:
trunk/openvas-client/doc/openvasclient-mkcert.1
trunk/openvas-client/doc/openvasclient-mkrand.1
trunk/openvas-client/openvasclient-mkcert.in
trunk/openvas-client/ssl/openvasclient-mkrand.c
Removed:
trunk/openvas-client/doc/nessusclient-mkcert.1
trunk/openvas-client/doc/nessusclient-mkrand.1
trunk/openvas-client/nessusclient-mkcert.in
trunk/openvas-client/ssl/nessusclient-mkrand.c
Modified:
trunk/openvas-client/ChangeLog
trunk/openvas-client/Makefile
trunk/openvas-client/configure
trunk/openvas-client/configure.in
trunk/openvas-client/ssl/Makefile
Log:
Another series of name changes.
Prevents name clash with installed NessusClient 1.x package.
* configure.in: Renamed nessusclient-mkcert to openvasclient-mkcert.
* configure: updated.
* Makefile: Renamed nessusclient-mkcert to openvasclient-mkcert.
Renamed nessusclient-mkrand to openvasclient-mkrand.
* nessusclient-mkcert.in: Renamed to openvasclient-mkcert.in.
* openvasclient-mkcert.in: New. Former nessusclient-mkcert.in.
* ssl/nessusclient-mkrand.c: Renamed to openvasclient-mkrand.c
* ssl/openvasclient-mkrand.c: New. Former nessusclient-mkrand.c.
* ssl/Makefile: Renamed nessusclient-mkrand to openvasclient-mkrand.
* doc/nessusclient-mkcert.1: Renamed to openvasclient-mkcert.1.
* doc/openvasclient-mkcert.1: New. Former nessusclient-mkcert.1.
* doc/nessusclient-mkrand.1: Renamed to openvasclient-mkrand.1.
* doc/openvasclient-mkrand.1: New. Former nessusclient-mkrand.1.
Modified: trunk/openvas-client/ChangeLog
===================================================================
--- trunk/openvas-client/ChangeLog 2007-07-05 13:42:59 UTC (rev 256)
+++ trunk/openvas-client/ChangeLog 2007-07-05 14:06:48 UTC (rev 257)
@@ -1,5 +1,35 @@
2007-07-05 Jan-Oliver Wagner <[EMAIL PROTECTED]>
+ Another series of name changes.
+ Prevents name clash with installed NessusClient 1.x package.
+
+ * configure.in: Renamed nessusclient-mkcert to openvasclient-mkcert.
+
+ * configure: updated.
+
+ * Makefile: Renamed nessusclient-mkcert to openvasclient-mkcert.
+ Renamed nessusclient-mkrand to openvasclient-mkrand.
+
+ * nessusclient-mkcert.in: Renamed to openvasclient-mkcert.in.
+
+ * openvasclient-mkcert.in: New. Former nessusclient-mkcert.in.
+
+ * ssl/nessusclient-mkrand.c: Renamed to openvasclient-mkrand.c
+
+ * ssl/openvasclient-mkrand.c: New. Former nessusclient-mkrand.c.
+
+ * ssl/Makefile: Renamed nessusclient-mkrand to openvasclient-mkrand.
+
+ * doc/nessusclient-mkcert.1: Renamed to openvasclient-mkcert.1.
+
+ * doc/openvasclient-mkcert.1: New. Former nessusclient-mkcert.1.
+
+ * doc/nessusclient-mkrand.1: Renamed to openvasclient-mkrand.1.
+
+ * doc/openvasclient-mkrand.1: New. Former nessusclient-mkrand.1.
+
+2007-07-05 Jan-Oliver Wagner <[EMAIL PROTECTED]>
+
Removed reference to Tenable in GUI on request by Renaud Deraison.
* nessus/xpm/logo_tenable.xpm: Removed.
Modified: trunk/openvas-client/Makefile
===================================================================
--- trunk/openvas-client/Makefile 2007-07-05 13:42:59 UTC (rev 256)
+++ trunk/openvas-client/Makefile 2007-07-05 14:06:48 UTC (rev 257)
@@ -18,8 +18,8 @@
install-bin:
test -d $(DESTDIR)${bindir} || $(INSTALL_DIR) -m 755 $(DESTDIR)${bindir}
- $(INSTALL) -m $(CLIENTMODE) nessusclient-mkcert $(DESTDIR)${bindir}
- $(INSTALL) -m $(CLIENTMODE) ssl/nessusclient-mkrand $(DESTDIR)${bindir}
+ $(INSTALL) -m $(CLIENTMODE) openvasclient-mkcert $(DESTDIR)${bindir}
+ $(INSTALL) -m $(CLIENTMODE) ssl/openvasclient-mkrand $(DESTDIR)${bindir}
sslstuff:
cd ssl && $(MAKE)
@@ -30,8 +30,8 @@
@test -d $(DESTDIR)${mandir}/man8 || $(INSTALL_DIR)
$(DESTDIR)${mandir}/man8
$(INSTALL) -c -m 0444 ${MAN_NESSUS_1}
$(DESTDIR)${mandir}/man1/OpenVAS-Client.1
- $(INSTALL) -c -m 0444 doc/nessusclient-mkcert.1
$(DESTDIR)${mandir}/man1/nessusclient-mkcert.1
- $(INSTALL) -c -m 0444 doc/nessusclient-mkrand.1
$(DESTDIR)${mandir}/man1/nessusclient-mkrand.1
+ $(INSTALL) -c -m 0444 doc/openvasclient-mkcert.1
$(DESTDIR)${mandir}/man1/openvasclient-mkcert.1
+ $(INSTALL) -c -m 0444 doc/openvasclient-mkrand.1
$(DESTDIR)${mandir}/man1/openvasclient-mkrand.1
win32: ${MAN_NESSUS_1}
$(MANROFF) ${MAN_NESSUS_1} > doc/OpenVAS-Client.1.cat
@@ -69,7 +69,7 @@
rm -f nessus.tmpl doc/OpenVAS-Client.1.cat
[ -z "${make_bindir}" ] || rm -f $(make_bindir)/[nN]essus*
rm -f libtool config.cache config.status config.log
- rm -f nessusclient-mkcert
+ rm -f openvasclient-mkcert
rm -f ${MAN_NESSUS_1}
Modified: trunk/openvas-client/configure
===================================================================
--- trunk/openvas-client/configure 2007-07-05 13:42:59 UTC (rev 256)
+++ trunk/openvas-client/configure 2007-07-05 14:06:48 UTC (rev 257)
@@ -10780,7 +10780,7 @@
-ac_config_files="$ac_config_files nessus.tmpl include/corevers.h
nessusclient-mkcert doc/OpenVAS-Client.1"
+ac_config_files="$ac_config_files nessus.tmpl include/corevers.h
openvasclient-mkcert doc/OpenVAS-Client.1"
cat >confcache <<\_ACEOF
# This file is a shell script that caches the results of configure
@@ -11338,7 +11338,7 @@
"include/config.h") CONFIG_HEADERS="$CONFIG_HEADERS include/config.h" ;;
"nessus.tmpl") CONFIG_FILES="$CONFIG_FILES nessus.tmpl" ;;
"include/corevers.h") CONFIG_FILES="$CONFIG_FILES include/corevers.h" ;;
- "nessusclient-mkcert") CONFIG_FILES="$CONFIG_FILES nessusclient-mkcert" ;;
+ "openvasclient-mkcert") CONFIG_FILES="$CONFIG_FILES openvasclient-mkcert"
;;
"doc/OpenVAS-Client.1") CONFIG_FILES="$CONFIG_FILES doc/OpenVAS-Client.1"
;;
*) { { echo "$as_me:$LINENO: error: invalid argument: $ac_config_target" >&5
@@ -11985,6 +11985,6 @@
-chmod +x nessusclient-mkcert
+chmod +x openvasclient-mkcert
exit 0
Modified: trunk/openvas-client/configure.in
===================================================================
--- trunk/openvas-client/configure.in 2007-07-05 13:42:59 UTC (rev 256)
+++ trunk/openvas-client/configure.in 2007-07-05 14:06:48 UTC (rev 257)
@@ -574,9 +574,9 @@
dnl And we put everything in the appropriate files
-AC_OUTPUT(nessus.tmpl include/corevers.h nessusclient-mkcert
doc/OpenVAS-Client.1)
+AC_OUTPUT(nessus.tmpl include/corevers.h openvasclient-mkcert
doc/OpenVAS-Client.1)
-chmod +x nessusclient-mkcert
+chmod +x openvasclient-mkcert
exit 0
Deleted: trunk/openvas-client/doc/nessusclient-mkcert.1
===================================================================
--- trunk/openvas-client/doc/nessusclient-mkcert.1 2007-07-05 13:42:59 UTC
(rev 256)
+++ trunk/openvas-client/doc/nessusclient-mkcert.1 2007-07-05 14:06:48 UTC
(rev 257)
@@ -1,46 +0,0 @@
-.TH NESSUSCLIENT-MKCERT 1 "May 2002" "The Nessus Project" "User Manuals"
-.SH NAME
-nessusclient-mkcert \- Creates a client certificate
-.sp
-.SH SYNOPSIS
-.BI nessusclient-mkcert
-
-.SH DESCRIPTION
-
-The
-.B Nessus Security Scanner
-protects the communication between the client and the server by using SSL. SSL
-requires the server to present a certificate to the client, and the client can
-optionally present a certificate to the server.
-
-This script
-.B nessusclient-mkcert
-generates a client certificate.
-
-
-
-.SH SEE ALSO
-
-.BR nessus (1),\ nessus-mkcert (8),\ openssl(1)
-
-.SH MORE INFORMATION ABOUT THE NESSUS PROJECT
-The canonical places where you will find more information
-about the Nessus project are:
-
-.RS
-.UR
-http://www.nessus.org/
-.UE
-(Official site)
-.br
-.UR
-http://cvs.nessus.org/
-.UE
-(Developers site)
-.RE
-
-.SH AUTHOR
-
-.B nessusclient-mkcert
-was written by Michel Arboi <[EMAIL PROTECTED]> based on
-.B nessus-mkcert
Deleted: trunk/openvas-client/doc/nessusclient-mkrand.1
===================================================================
--- trunk/openvas-client/doc/nessusclient-mkrand.1 2007-07-05 13:42:59 UTC
(rev 256)
+++ trunk/openvas-client/doc/nessusclient-mkrand.1 2007-07-05 14:06:48 UTC
(rev 257)
@@ -1,65 +0,0 @@
-.TH NESSUS-MKRAND 1 "September 2001" "The Nessus Project" "User Manuals"
-.SH NAME
-nessusclient-mkrand \- Creates a file with random bytes
-.sp
-.SH SYNOPSIS
-.BI nessusclient-mkrand\ [\| filename\ [\| entropy \|]\ ]
-
-.SH DESCRIPTION
-
-.LP
-The
-.B Nessus Security Scanner
-protects the communication between the client and the server by using SSL.
-To work securely, the OpenSSL library needs a suitable amount of random bytes.
-On most system, it uses EGD or
-.I /dev/random
-(or
-.IR /dev/urandom ).
-
-On systems which have none of these, Nessus will provide OpenSSL with a file
-full of random bytes generated by
-.B nessusclient-mkrand
-which is stored by default under
-.IR $HOME/.rnd .
-.B nessusclient-mkcert
-and
-.B nessusclient-mkcert
-require user input as a random seed.
-
-By default,
-.B nessusclient-mkrand
-produces a file stored under
-.I $HOME/.rnd
-containing 1024 bytes of entropy.
-
-
-
-.SH SEE ALSO
-
-.BR nessus-adduser (8),\ nessusd (8),\ nessus (1),\ nessusclient-mkcert (8),
-.BR nessusclient-mkcert (1),\ openssl(1)
-
-.SH MORE INFORMATION ABOUT THE NESSUS PROJECT
-The canonical places where you will find more information
-about the Nessus project are:
-
-.RS
-.UR
-http://www.nessus.org/
-.UE
-(Official site)
-.br
-.UR
-http://cvs.nessus.org/
-.UE
-(Developers site)
-.RE
-
-
-.SH AUTHOR
-
-.B nessusclient-mkrand
-was written by Michel Arboi <[EMAIL PROTECTED]>.
-
-
Copied: trunk/openvas-client/doc/openvasclient-mkcert.1 (from rev 251,
trunk/openvas-client/doc/nessusclient-mkcert.1)
Copied: trunk/openvas-client/doc/openvasclient-mkrand.1 (from rev 251,
trunk/openvas-client/doc/nessusclient-mkrand.1)
Deleted: trunk/openvas-client/nessusclient-mkcert.in
===================================================================
--- trunk/openvas-client/nessusclient-mkcert.in 2007-07-05 13:42:59 UTC (rev
256)
+++ trunk/openvas-client/nessusclient-mkcert.in 2007-07-05 14:06:48 UTC (rev
257)
@@ -1,470 +0,0 @@
-#!/bin/sh
-#
-# nessusclient-mkcert
-#
-# Written by Michel Arboi <[EMAIL PROTECTED]> from nessus-mkcert
-#
-# This script is distributed under the Gnu General Public License (GPL)
-#
-
-case `echo -n` in
-\-n) Xn= ; Xc='\c' ;;
-*) Xn=-n ; Xc=
-esac
-
-umask 022
-
[EMAIL PROTECTED]@
[EMAIL PROTECTED]@
[EMAIL PROTECTED]@
[EMAIL PROTECTED]@
[EMAIL PROTECTED]@
[EMAIL PROTECTED]@/sbin
[EMAIL PROTECTED]@/bin
[EMAIL PROTECTED]@
[EMAIL PROTECTED]@
-
-RANDFLAG=""
-test -n "$egdpath" &&
-{
- RANDFLAG="-rand $egdpath"
-}
-
-PATH=$PATH:$sbindir:$bindir:/usr/ssl/bin:/usr/local/ssl/bin:/opt/ssl/bin
-
-# check if gettext is present
-
-if [ -f /usr/bin/gettext.sh ];
-then
-
- # initialize gettext
-
- . gettext.sh
- export TEXTDOMAIN=nessus-scripts
- export [EMAIL PROTECTED]@/locale
-
-else
-
- # define dummy functions
-
- gettext () {
- echo $Xn "$1" $Xc
- }
-
- eval_gettext () {
- eval_gettext_var="echo $1"
- echo $Xn `eval $eval_gettext_var` $Xc
- }
-
-fi
-
-Bo='('
-Bc=')'
-Hash='#'
-
-echo_no_nl ()
-{
- echo $Xn "$*$Xc"
-}
-
-
-header()
-{
-clear
-echo
"-------------------------------------------------------------------------------"
-gettext " Creation Nessus SSL Client Certificate"; echo
-echo
"-------------------------------------------------------------------------------"
-echo
-}
-#
-
-#
-# We need openssl
-#
-case `openssl version` in
- OpenSSL*)
- ;;
- *)
- gettext "OpenSSL is not properly installed: The 'openssl' command line
utility could not be found (is your \$PATH set properly?)"; echo
- exit 1
-esac
-
-# Check environment
-if [ -z "$HOME" ]; then
- gettext "\$HOME should be defined." 1>&2; echo; exit 1
-fi
-
-#
-# If EGD is not installed, we have to rely on other sources
-# of entropy
-#
-test -z "$RANDFLAG" -a -z "$RANDFILE" &&
-{
- if [ ! -r /dev/random -a ! -r /dev/urandom -a ! -r $HOME/.rnd ];
- then
- header
- gettext "You do not have any suitable random source."; echo
- gettext "You will be asked to type a few random keys on your keyboard to
generate random bytes."; echo
- nessusclient-mkrand $HOME/.rnd 1024
- gettext "Press [ENTER] to continue..."; echo
- fi
-}
-
-
-
-NESSUSPRIV="$localstatedir/nessus/CA"
-NESSUSPUB="$sharedstatedir/nessus/CA"
-
-while [ ! -d "$NESSUSPRIV" ]; do
- gettext "Nessus server 'private' directory: "
- read NESSUSPRIV
-done
-
-while [ ! -d "$NESSUSPUB" ]; do
- gettext "Nessus server 'public' directory: "
- read NESSUSPUB
-done
-
-CAKEY=$NESSUSPRIV/cakey.pem
-CACERT=$NESSUSPUB/cacert.pem
-
-while [ ! -f "$CAKEY" ]; do
- eval_gettext "\$CAKEY: not found or not a file."
- gettext "Nessus CA private key: "
- read CAKEY
-done
-
-while [ ! -f "$CACERT" ]; do
- eval_gettext "\$CACERT: not found or not a file."
- gettext "Nessus CA certificate: "
- read CACERT
-done
-
-for F in "$CAKEY" "$CACERT"; do
- if [ ! -r "$F" ]; then
- eval_gettext "Cannot read \$F" 1>&2; echo; exit 1
- fi
-done
-
-R=x
-while [ "$R" != `gettext "y"` -a "$R" != `gettext "n"` ]; do
- gettext "Do you want to register the users in the Nessus server as soon as
you create their certificates? (y/n): "
- read R
-done
-
-if [ "$R" = `gettext "y"` ]; then
- USERSDIR=$localstatedir/nessus/users
- while [ ! -d "$USERSDIR" ]; do
- eval_gettext "\$USERSDIR: not a directory."; echo
- gettext "Users directory? "
- read USERSDIR
- done
-else
- USERSDIR=""
-fi
-
-umask 066
-
-# Set environment
-BASEDIR=${TMPDIR-/tmp}/nessusclient-mkcert.$$
-mkdir $BASEDIR || exit 1
-
-
-gettext "This script will now ask you the relevant information to create the
SSL client certificates for Nessus."; echo
-
-gettext "Client certificates life time in days [365]: "; read x
-DFL_CERT_LIFETIME=${x:-365}
-
-# Default country = France - Too bad for you, but quicker for my tests!
-if [ ! -z "$LANG" ]; then
- DC=`echo $LANG | sed -n 's/^..*_\(..\)$/\1/p'`
-fi
-X=${DC:=FR}
-eval_gettext "Your country \${Bo}two letter code\${Bc} [\$X]: "; read x
-DFL_COUNTRY=${x:-$DC}
-gettext "Your state or province name [none]: "; read DFL_PROVINCE
-X=Paris;
-eval_gettext "Your location \${Bo}e.g. town\${Bc} [\$X]: "; read x
-DFL_LOCATION=${x:-$X}
-gettext "Your organization [none]: "; read DFL_ORGANIZATION
-gettext "Your organizational unit [none]: "; read DFL_ORGUNIT
-
-#
-
-cat <<EOF>$BASEDIR/stdC.cnf
-RANDFILE = $HOME/.rnd
-#
-[ ca ]
-default_ca = NessusCA
-
-[ NessusCA ]
-dir = $BASEDIR # Where everything is kept
-certs = \$dir # Where the issued certs are kept
-crl_dir = \$dir # Where the issued crl are kept
-database = \$dir/index.txt # database index file.
-new_certs_dir = \$dir # default place for new certs.
-
-certificate = $CACERT # The CA certificate
-serial = \$dir/serial # The current serial number
-crl = \$dir/crl.pem # The current CRL
-private_key = $CAKEY # The private key
-
-x509_extensions = usr_cert # The extentions to add to the
cert
-crl_extensions = crl_ext
-
-default_days = 365 # how long to certify for
-default_crl_days= 30 # how long before next CRL
-default_md = md5 # which md to use.
-preserve = no # keep passed DN ordering
-
-policy = policy_anything
-
-[ policy_anything ]
-countryName = optional
-stateOrProvinceName = optional
-localityName = optional
-organizationName = optional
-organizationalUnitName = optional
-commonName = supplied
-emailAddress = optional
-
-[ req ]
-default_bits = 1024
-distinguished_name = req_distinguished_name
-# attributes = req_attributes
-x509_extensions = v3_ca # The extentions to add to the self signed cert
-
-[ req_distinguished_name ]
-countryName = Country Name (2 letter code)
-countryName_default = FR
-countryName_min = 2
-countryName_max = 2
-
-stateOrProvinceName = State or Province Name (full name)
-stateOrProvinceName_default = Some-State
-
-localityName = Locality Name (eg, city)
-
-0.organizationName = Organization Name (eg, company)
-0.organizationName_default = Internet Widgits Pty Ltd
-
-# we can do this but it is not needed normally :-)
-#1.organizationName = Second Organization Name (eg, company)
-#1.organizationName_default = World Wide Web Pty Ltd
-
-organizationalUnitName = Organizational Unit Name (eg, section)
-#organizationalUnitName_default =
-
-commonName = Common Name (eg, your name or your server\'s
hostname)
-commonName_max = 64
-
-emailAddress = Email Address
-emailAddress_max = 40
-
-# SET-ex3 = SET extension number 3
-
-[ usr_cert ]
-# These extensions are added when 'ca' signs a request.
-# This goes against PKIX guidelines but some CAs do it and some software
-# requires this to avoid interpreting an end user certificate as a CA.
-#basicConstraints=CA:FALSE
-
-# Here are some examples of the usage of nsCertType. If it is omitted
-# the certificate can be used for anything *except* object signing.
-
-# This is OK for an SSL server.
-# nsCertType = nsCertType
-# For normal client use this is typical
-# nsCertType = client, email
-nsCertType = client
-
-keyUsage = nonRepudiation, digitalSignature, keyEncipherment
-
-# This will be displayed in Netscape's comment listbox.
-nsComment = "OpenSSL Generated Certificate"
-
-# PKIX recommendations harmless if included in all certificates.
-subjectKeyIdentifier=hash
-authorityKeyIdentifier=keyid,issuer:always
-
-# This stuff is for subjectAltName and issuerAltname.
-# Import the email address.
-subjectAltName=email:copy
-
-# Copy subject details
-issuerAltName=issuer:copy
-
-#nsCaRevocationUrl = http://www.domain.dom/ca-crl.pem
-#nsBaseUrl
-#nsRevocationUrl
-#nsRenewalUrl
-#nsCaPolicyUrl
-#nsSslServerName
-
-[ v3_ca ]
-# PKIX recommendation.
-subjectKeyIdentifier=hash
-authorityKeyIdentifier=keyid:always,issuer:always
-
-# This is what PKIX recommends but some broken software chokes on critical
-# extensions.
-basicConstraints = critical,CA:true
-# So we do this instead.
-#basicConstraints = CA:true
-
-# Key usage: this is typical for a CA certificate. However since it will
-# prevent it being used as an test self-signed certificate it is best
-# left out by default.
-keyUsage = cRLSign, keyCertSign
-nsCertType = sslCA
-EOF
-
-#
-echo 01 > $BASEDIR/serial
-touch $BASEDIR/index.txt
-
-echo "**********"
-gettext "We are going to ask you some question for each client certificate. ";
echo
-gettext "If some question has a default answer, you can force an empty answer
by entering a single dot '.'"; echo
-echo "*********"
-
-
-I=1; ANOTHER=`gettext "y"`
-
-while [ "$ANOTHER" != `gettext "n"` ]; do
- PSEUDO=""
- while [ -z "$PSEUDO" ]; do
- eval_gettext "User \${Hash}\$I name \${Bo}e.g. Nessus username\${Bc}: "
- read PSEUDO
- CERTFILE="$BASEDIR/cert_$PSEUDO.pem"
- KEYFILE="$BASEDIR/key_$PSEUDO.pem"
- REQFILE="$BASEDIR/req_$PSEUDO.pem"
- DNFILE="$USERSDIR/$PSEUDO/auth/dname" # Not wise if USERSDIR is not set
- if [ -f "$CERTFILE" -o -f "$KEYFILE" -o -f "$DNFILE" ]; then
- A=""
- while [ -z "$A" ]; do
- gettext "Certificate, key or Nessus DN file(s) already exist.";
echo
- gettext "Do you want to go on and overwrite it/them? (y/n) "
- read A
- if [ "$A" = `gettext "n"` ]; then PSEUDO=""; fi
- done
- fi
- done
-
- eval_gettext "Client certificates life time in days [\$DFL_CERT_LIFETIME]:
"
- read x
- CERT_LIFETIME=${x:-$DFL_CERT_LIFETIME}
- X=$DFL_COUNTRY
- eval_gettext "Country \${Bo}two letter code\${Bc} [\$X]: "; read x
- COUNTRY=${x:-$DFL_COUNTRY}
- X=$DFL_PROVINCE
- eval_gettext "State or province name [\$X]: "; read x
- PROVINCE=${x:-$DFL_PROVINCE}
- X=$DFL_LOCATION
- eval_gettext "Location \${Bo}e.g. town\${Bc} [\$X]: "; read x
- LOCATION=${x:-$DFL_LOCATION}
- X=$DFL_ORGANIZATION
- eval_gettext "Organization [\$X]: "; read x
- ORGANIZATION=${x:-$DFL_ORGANIZATION}
- X=$DFL_ORGUNIT
- eval_gettext "Organization unit [\$X]: "; read x
- ORGUNIT=${x:-$DFL_ORGUNIT}
- gettext "e-Mail []: "; read EMAIL
-
- # Client key
- openssl genrsa -out $KEYFILE 1024
-
- # Client certificate "request"
-echo "${COUNTRY:-.}
-${PROVINCE:-.}
-${LOCATION:-.}
-${ORGANIZATION:-.}
-${ORGUNIT:-.}
-$PSEUDO
-${EMAIL:-.}" |
- openssl req -config $BASEDIR/stdC.cnf -new -key $KEYFILE -out $REQFILE
-
- # Sign the client certificate
- openssl ca -config $BASEDIR/stdC.cnf -name NessusCA -batch -days
$CERT_LIFETIME -in $REQFILE -out $CERTFILE
-
- # Create export file for NessusWX
- NWX_CERTFILE=$BASEDIR/cert_nessuswx_$PSEUDO.pem
- cp $CERTFILE $NWX_CERTFILE
- cat $KEYFILE >> $NWX_CERTFILE
-
- chmod a+r $CERTFILE
- chmod a+r $NWX_CERTFILE
-
- if [ ! -z "$USERSDIR" ]; then
-
- #
- # create the auth dir, which contains the user rules,
- # password or cert, and plugin acl
- D="$USERSDIR/$PSEUDO/auth"
- if [ ! -d "$D" ]; then
- mkdir -p "$D"
- chmod 700 "$D"
- fi
-
- #
- # create the user auth/rules file
- #
- R="$USERSDIR/$PSEUDO/auth/rules"
- echo
- gettext "User rules"; echo
- echo "----------"
- eval_gettext "nessusd has a rules system which allows you to restrict
the hosts that \$login has the right to test."; echo
- gettext "For instance, you may want him to be able to scan his own host
only."; echo
- echo
- gettext "Please see the nessus-adduser(8) man page for the rules
syntax."; echo
- echo
- gettext "Enter the rules for this user, and hit ctrl-D once you are
done:"; echo
-
- tmpAddUserFile=$TMPDIR/rules.$$
-
-
- gettext "(the user can have an empty rules set)"; echo
- cat > $tmpAddUserFile || {
- echo "Error - could not write $tmpAddUserFile"
- exit 1
- }
- cp $tmpAddUserFile "$USERSDIR/$PSEUDO/auth/rules"
-
- rm $tmpAddUserFile
-
- #
- # create the cert authentication file auth/dname
- #
- > $DNFILE
- [ ! -z "$COUNTRY" -a "$COUNTRY" != "." ] &&
- echo_no_nl "/C=$COUNTRY" >> $DNFILE
- [ ! -z "$PROVINCE" -a "$PROVINCE" != "." ] &&
- echo_no_nl "/ST=$PROVINCE" >> $DNFILE
- [ ! -z "$LOCATION" -a "$LOCATION" != "." ] &&
- echo_no_nl "/L=$LOCATION" >> $DNFILE
- [ ! -z "$ORGANIZATION" -a "$ORGANIZATION" != "." ] &&
- echo_no_nl "/O=$ORGANIZATION" >> $DNFILE
- [ ! -z "$ORGUNIT" -a "$ORGUNIT" != "." ] &&
- echo_no_nl "/OU=$ORGUNIT" >> $DNFILE
- echo_no_nl "/CN=$PSEUDO" >> $DNFILE
- [ ! -z "$EMAIL" ] && echo_no_nl "/emailAddress=$EMAIL" >> $DNFILE
-
- #
- # create the plugins dir, which contains the user plugins
- #
- E="$USERSDIR/$PSEUDO/plugins"
- if [ ! -d "$E" ]; then
- mkdir -p "$E"
- chmod 700 "$E"
- fi
- gettext "User added to Nessus."; echo
- fi
-
- gettext "Another client certificate? (y/n) "
- read ANOTHER
- I=`expr $I + 1`
-done
-
-eval_gettext "Your client certificates are in \$BASEDIR."; echo
-gettext "You will have to copy them by hand."; echo
-
Copied: trunk/openvas-client/openvasclient-mkcert.in (from rev 251,
trunk/openvas-client/nessusclient-mkcert.in)
Modified: trunk/openvas-client/ssl/Makefile
===================================================================
--- trunk/openvas-client/ssl/Makefile 2007-07-05 13:42:59 UTC (rev 256)
+++ trunk/openvas-client/ssl/Makefile 2007-07-05 14:06:48 UTC (rev 257)
@@ -1,15 +1,15 @@
include ../nessus.tmpl
-OBJS = nessusclient-mkrand.o
+OBJS = openvasclient-mkrand.o
-all : nessusclient-mkrand
+all : openvasclient-mkrand
-nessusclient-mkrand: $(OBJS)
- $(CC) $(OBJS) -o nessusclient-mkrand -lm
+openvasclient-mkrand: $(OBJS)
+ $(CC) $(OBJS) -o openvasclient-mkrand -lm
-nessusclient-mkrand.o: nessusclient-mkrand.c
- $(CC) $(CFLAGS) -c nessusclient-mkrand.c
+openvasclient-mkrand.o: openvasclient-mkrand.c
+ $(CC) $(CFLAGS) -c openvasclient-mkrand.c
clean :
- rm -f *.o nessusclient-mkrand
+ rm -f *.o openvasclient-mkrand
Deleted: trunk/openvas-client/ssl/nessusclient-mkrand.c
===================================================================
--- trunk/openvas-client/ssl/nessusclient-mkrand.c 2007-07-05 13:42:59 UTC
(rev 256)
+++ trunk/openvas-client/ssl/nessusclient-mkrand.c 2007-07-05 14:06:48 UTC
(rev 257)
@@ -1,194 +0,0 @@
-#include <stdio.h>
-#include <stdlib.h>
-#include <string.h>
-#include <math.h>
-#include <sys/time.h>
-#include <signal.h>
-
-/*
- * Copyright (C) 2001 Michel Arboi
- *
- * This program is free software; you can redistribute it and/or modify
- * it under the terms of the GNU General Public License version 2,
- * as published by the Free Software Foundation
- *
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
- * along with this program; if not, write to the Free Software
- * Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
- *
- * *******************************************************************
- * This program generates some random data and store then to a file.
- * It is useful to OpenSSL users who do not have a /dev/urandom
- * Try something like:
- * nessusclient-mkrand $HOME/.rnd 128
- * *******************************************************************
- *
- * Note: the "entropy estimator" is really crude. The first version probably
- * underestimated it, the current probably over-estimate it.
- * You've been warned!
- *
- * $Id: nessusclient-mkrand.c,v 1.2 2006-08-23 11:15:49 jan Exp $
- *
- */
-
-FILE *fp;
-
-/*
- * Ugly but portable
- */
-
-int
-setup_tty()
-{
-
- return !system("stty -icanon") && !system("stty -echo");
-}
-
-int
-restore_tty()
-{
- return !system("stty echo") && !system("stty icanon");
-}
-
-void
-sighand(sig)
- int sig;
-{
- restore_tty();
- if(fp)fclose(fp);
- exit(1);
-}
-
-int
-usage()
-{
-
- fprintf(stderr, "Usage: nessusclient-mkrand file entropy_in_bits\nNote:
Data will be appended to the file\n");
- exit(1);
-}
-
-int
-main(argc, argv)
- int argc;
- char *argv[];
-{
- int entropy = 1024, i, j, x;
- int prec;
- double e, f, l2 = log(2.0);
- struct timeval tictac;
- unsigned char c, *p;
- int count[256][256], sum[256];
- char * out = NULL;
-
- signal(SIGTERM, sighand);
- signal(SIGINT, sighand);
-
- if(argc > 1 && !strncmp(argv[1], "-h", 2))
- {
- usage();
- }
-
- if(argc > 1)
- out = strdup(argv[1]);
-
- if(argc > 2)
- entropy = atoi(argv[2]);
-
- if (entropy <= 0)
- {
- fprintf(stderr, "I cannot generate zero or less bytes!\n");
- usage();
- }
-
- if(!out)
- {
- char * home = getenv("HOME");
- if(!home)
- {
- fprintf(stderr, "$HOME not set - exiting\n");
- return 1;
- }
- out = malloc(strlen(home) + 7);
- sprintf(out, "%s/.rnd", home);
- }
- if ((fp = fopen(out, "a")) == NULL)
- {
- perror(out);
- return 1;
- }
-
- for (i = 0; i < 256; i ++)
- {
- sum[i] = 0;
- for (j = 0; j < 256; j ++)
- count[i][j] = 0;
- }
-
- fprintf(stderr, "Now please enter random characters\n");
-
- setup_tty();
- prec = 0;
- e = 0.0;
- i = 0;
- while (e < entropy)
- {
- gettimeofday(&tictac, NULL);
- if ((x = getchar()) == EOF)
- {
- perror("getchar");
- break;
- }
-
- c = x;
- for (j = 0, p = (unsigned char*)&tictac; j < sizeof(tictac); j ++)
- c = c * 11 + c % 13 + *(p++);
-
- sum[prec] ++;
- /*
- * 1/48 is linked to the classical "zero probability encoding"
- * that we see in compression algorithm. I chose a conservative
- * value.
- */
- f = log(((double) count[prec][c] + (1. / 48.))
- / (double) sum[prec]) / l2;
- e -= f;
-#if 0
- fprintf(stderr, "c=0x%x f=%g\te=%g\n", c, -f, e);
-#endif
- count[prec][c] ++;
- prec = c;
-
- if (fwrite(&c, 1, 1, fp) < 1)
- {
- perror("fwrite");
- return 1;
- }
- i ++;
- fputs(".", stdout);
- fflush(stdout);
- }
- restore_tty();
-#ifdef DEBUG
- fprintf(stderr, "Estimated entropy = %g bits (= %d bytes)\n",
- e, (int) (e / 8));
- fprintf(stderr, "Estimated entropy per character = %g bits\n", e / i);
-#endif
-#if 0
- if (e < entropy)
- fprintf(stderr, "\n**** WARNING. Entropy is too low ****\n\n");
-#endif
-
- if (fclose(fp) < 0)
- {
- perror("fclose");
- return 1;
- }
-
- fprintf(stderr, "That's enough - thank you\n");
- return 0;
-}
Copied: trunk/openvas-client/ssl/openvasclient-mkrand.c (from rev 251,
trunk/openvas-client/ssl/nessusclient-mkrand.c)
_______________________________________________
Openvas-commits mailing list
[email protected]
http://lists.wald.intevation.org/mailman/listinfo/openvas-commits
