nessus-tool/nessus-tool.patch@914043724d20 (annotated)
nessus-tool/nessus-tool.patch
Sat, 06 Oct 2012 16:24:01 +0200
- author
- Michael Schloh von Bennewitz <michael@schloh.com>
- date
- Sat, 06 Oct 2012 16:24:01 +0200
- changeset 727
- 914043724d20
- permissions
- -rw-r--r--
Update to new vendor software version and adjust patch code accordingly.
Unfortunately the vendor has apparently failed to properly test this
release which depends on missing object symbols in libsasl2.a(common.o):
undefined reference to `sasl_randcreate'
undefined reference to `sasl_mkchal'
undefined reference to `sasl_utf8verify'
undefined reference to `sasl_rand'
undefined reference to `sasl_churn'
undefined reference to `sasl_encode64'
undefined reference to `sasl_decode64'
undefined reference to `sasl_erasebuffer'
undefined reference to `sasl_randfree'
undefined reference to `sasl_strlower'
undefined reference to `get_fqhostname'
...yet to be patched.
| michael@102 | 1 | Index: nessus-core/doc/nessusd.8.in |
| michael@102 | 2 | --- nessus-core/doc/nessusd.8.in.orig 2004-10-19 17:21:05 +0200 |
| michael@102 | 3 | +++ nessus-core/doc/nessusd.8.in 2005-03-23 11:59:54 +0100 |
| michael@102 | 4 | @@ -183,7 +183,7 @@ |
| michael@102 | 5 | .SH USERS MANAGEMENT |
| michael@102 | 6 | |
| michael@102 | 7 | The utility nessus-adduser(8) creates new nessusd users. Each nessusd user |
| michael@102 | 8 | -is attributed a "home", in @NESSUS_STATEDIR@/users/<username>. This home contains the following directories : |
| michael@102 | 9 | +is attributed a "home", in @NESSUSD_STATEDIR@/users/<username>. This home contains the following directories : |
| michael@102 | 10 | .IP auth/ |
| michael@102 | 11 | This directory contains the authentification information for this user. It might contain the file 'dname' if the user is authenticating using a certificate, or 'hash' (or 'passwd') if the user is authenticating using a password. The file 'hash' contains a MD5 hash of the user password, as well as a random seed. The file 'password' should contain the password in clear text. |
| michael@102 | 12 | |
| michael@102 | 13 | @@ -206,7 +206,7 @@ |
| michael@102 | 14 | |
| michael@102 | 15 | |
| michael@102 | 16 | When a user attempts to log in, nessusd first checks that the directory |
| michael@102 | 17 | -@NESSUS_STATEDIR@/users/<username> exists, then hashes the password sent by the user with the random salt found in <username>/auth/hash, and compares it with the password hash stored in the same file. If the users authenticates using a certificate, then nessusd checks that the certificate has been signed by a recognized authority, and makes sure that the dname of the certificate shown by the user is the same as the one in <username>/dname. |
| michael@102 | 18 | +@NESSUSD_STATEDIR@/users/<username> exists, then hashes the password sent by the user with the random salt found in <username>/auth/hash, and compares it with the password hash stored in the same file. If the users authenticates using a certificate, then nessusd checks that the certificate has been signed by a recognized authority, and makes sure that the dname of the certificate shown by the user is the same as the one in <username>/dname. |
| michael@102 | 19 | |
| michael@102 | 20 | |
| michael@102 | 21 | To remove a given user, use the command nessus-rmuser(8). |
| michael@102 | 22 | Index: nessus-core/nessus-mkcert.in |
| michael@102 | 23 | --- nessus-core/nessus-mkcert.in.orig 2004-12-10 20:40:22 +0100 |
| michael@102 | 24 | +++ nessus-core/nessus-mkcert.in 2005-03-23 12:00:24 +0100 |
| michael@102 | 25 | @@ -407,31 +407,12 @@ |
| michael@102 | 26 | |
| michael@102 | 27 | chmod a+r $CACERT $SRVCERT #cln $CLNCERT |
| michael@102 | 28 | |
| michael@102 | 29 | - |
| michael@102 | 30 | -CF=@sysconfdir@/nessus/nessusd.conf |
| michael@102 | 31 | -egrep -v '^ *(pem_password|cert_file|key_file|ca_file|force_pubkey_auth) *=' "$CF" > "$CF.tmp" |
| michael@102 | 32 | -echo "# |
| michael@102 | 33 | -# Added by nessus-mkcert |
| michael@102 | 34 | -# |
| michael@102 | 35 | -cert_file=$SRVCERT |
| michael@102 | 36 | -key_file=$SRVKEY |
| michael@102 | 37 | -ca_file=$CACERT |
| michael@102 | 38 | -# If you decide to protect your private key with a password, |
| michael@102 | 39 | -# uncomment and change next line |
| michael@102 | 40 | -# pem_password=password |
| michael@102 | 41 | -# If you want to force the use of a client certificate, uncomment next line |
| michael@102 | 42 | -# force_pubkey_auth = yes" >> "$CF.tmp" |
| michael@102 | 43 | - |
| michael@102 | 44 | - |
| michael@102 | 45 | - |
| michael@102 | 46 | - |
| michael@102 | 47 | test -z "$QUIET" && header |
| michael@102 | 48 | |
| michael@102 | 49 | if [ -s "$CACERT" -a -s "$CAKEY" -a -s "$SRVCERT" -a -s "$SRVKEY" ]; |
| michael@102 | 50 | then |
| michael@102 | 51 | test -z "$QUIET" && echo "Congratulations. Your server certificate was properly created." |
| michael@102 | 52 | |
| michael@102 | 53 | - mv -f "$CF.tmp" "$CF" |
| michael@102 | 54 | test -z "$QUIET" && { |
| michael@102 | 55 | echo |
| michael@102 | 56 | echo "$CF updated |
