nessus-tool/nessus-tool.patch@4ecfc2416fd8 (annotated)
nessus-tool/nessus-tool.patch
Tue, 29 Mar 2011 19:46:35 +0200
- author
- Michael Schloh von Bennewitz <michael@schloh.com>
- date
- Tue, 29 Mar 2011 19:46:35 +0200
- changeset 333
- 4ecfc2416fd8
- permissions
- -rw-r--r--
Correct and introduce slightly needed logic, leading to better reliability:
Update bash(1) patch logic, correct several buildconf make location
errors, correct failed bash(1) configure invocation, enable perl(1) to
build with unpathed make(1), patch rpm(1) to correctly link with
internal libdb(3), and lastly unsuscessfully try to reorganize rpm patch
hunks.
| michael@102 | 1 | Index: nessus-core/doc/nessusd.8.in |
| michael@102 | 2 | --- nessus-core/doc/nessusd.8.in.orig 2004-10-19 17:21:05 +0200 |
| michael@102 | 3 | +++ nessus-core/doc/nessusd.8.in 2005-03-23 11:59:54 +0100 |
| michael@102 | 4 | @@ -183,7 +183,7 @@ |
| michael@102 | 5 | .SH USERS MANAGEMENT |
| michael@102 | 6 | |
| michael@102 | 7 | The utility nessus-adduser(8) creates new nessusd users. Each nessusd user |
| michael@102 | 8 | -is attributed a "home", in @NESSUS_STATEDIR@/users/<username>. This home contains the following directories : |
| michael@102 | 9 | +is attributed a "home", in @NESSUSD_STATEDIR@/users/<username>. This home contains the following directories : |
| michael@102 | 10 | .IP auth/ |
| michael@102 | 11 | This directory contains the authentification information for this user. It might contain the file 'dname' if the user is authenticating using a certificate, or 'hash' (or 'passwd') if the user is authenticating using a password. The file 'hash' contains a MD5 hash of the user password, as well as a random seed. The file 'password' should contain the password in clear text. |
| michael@102 | 12 | |
| michael@102 | 13 | @@ -206,7 +206,7 @@ |
| michael@102 | 14 | |
| michael@102 | 15 | |
| michael@102 | 16 | When a user attempts to log in, nessusd first checks that the directory |
| michael@102 | 17 | -@NESSUS_STATEDIR@/users/<username> exists, then hashes the password sent by the user with the random salt found in <username>/auth/hash, and compares it with the password hash stored in the same file. If the users authenticates using a certificate, then nessusd checks that the certificate has been signed by a recognized authority, and makes sure that the dname of the certificate shown by the user is the same as the one in <username>/dname. |
| michael@102 | 18 | +@NESSUSD_STATEDIR@/users/<username> exists, then hashes the password sent by the user with the random salt found in <username>/auth/hash, and compares it with the password hash stored in the same file. If the users authenticates using a certificate, then nessusd checks that the certificate has been signed by a recognized authority, and makes sure that the dname of the certificate shown by the user is the same as the one in <username>/dname. |
| michael@102 | 19 | |
| michael@102 | 20 | |
| michael@102 | 21 | To remove a given user, use the command nessus-rmuser(8). |
| michael@102 | 22 | Index: nessus-core/nessus-mkcert.in |
| michael@102 | 23 | --- nessus-core/nessus-mkcert.in.orig 2004-12-10 20:40:22 +0100 |
| michael@102 | 24 | +++ nessus-core/nessus-mkcert.in 2005-03-23 12:00:24 +0100 |
| michael@102 | 25 | @@ -407,31 +407,12 @@ |
| michael@102 | 26 | |
| michael@102 | 27 | chmod a+r $CACERT $SRVCERT #cln $CLNCERT |
| michael@102 | 28 | |
| michael@102 | 29 | - |
| michael@102 | 30 | -CF=@sysconfdir@/nessus/nessusd.conf |
| michael@102 | 31 | -egrep -v '^ *(pem_password|cert_file|key_file|ca_file|force_pubkey_auth) *=' "$CF" > "$CF.tmp" |
| michael@102 | 32 | -echo "# |
| michael@102 | 33 | -# Added by nessus-mkcert |
| michael@102 | 34 | -# |
| michael@102 | 35 | -cert_file=$SRVCERT |
| michael@102 | 36 | -key_file=$SRVKEY |
| michael@102 | 37 | -ca_file=$CACERT |
| michael@102 | 38 | -# If you decide to protect your private key with a password, |
| michael@102 | 39 | -# uncomment and change next line |
| michael@102 | 40 | -# pem_password=password |
| michael@102 | 41 | -# If you want to force the use of a client certificate, uncomment next line |
| michael@102 | 42 | -# force_pubkey_auth = yes" >> "$CF.tmp" |
| michael@102 | 43 | - |
| michael@102 | 44 | - |
| michael@102 | 45 | - |
| michael@102 | 46 | - |
| michael@102 | 47 | test -z "$QUIET" && header |
| michael@102 | 48 | |
| michael@102 | 49 | if [ -s "$CACERT" -a -s "$CAKEY" -a -s "$SRVCERT" -a -s "$SRVKEY" ]; |
| michael@102 | 50 | then |
| michael@102 | 51 | test -z "$QUIET" && echo "Congratulations. Your server certificate was properly created." |
| michael@102 | 52 | |
| michael@102 | 53 | - mv -f "$CF.tmp" "$CF" |
| michael@102 | 54 | test -z "$QUIET" && { |
| michael@102 | 55 | echo |
| michael@102 | 56 | echo "$CF updated |
