nessus-tool/nessus-tool.spec@f8813e60f168
nessus-tool/nessus-tool.spec
Fri, 03 Aug 2012 20:11:53 +0200
- author
- Michael Schloh von Bennewitz <michael@schloh.com>
- date
- Fri, 03 Aug 2012 20:11:53 +0200
- changeset 470
- f8813e60f168
- parent 102
- 8db7071256b6
- permissions
- -rw-r--r--
Neutralize buggy code causing OpenPKG to have 'fatal problems' in
spite of correct installation, configuration, and operation. An
administrator suffering from this failure is even unable to
uninstall the flawed software.
1 ##
2 ## nessus-tool.spec -- OpenPKG RPM Package Specification
3 ## Copyright (c) 2000-2008 OpenPKG Foundation e.V. <http://openpkg.net/>
4 ##
5 ## Permission to use, copy, modify, and distribute this software for
6 ## any purpose with or without fee is hereby granted, provided that
7 ## the above copyright notice and this permission notice appear in all
8 ## copies.
9 ##
10 ## THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESSED OR IMPLIED
11 ## WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
12 ## MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
13 ## IN NO EVENT SHALL THE AUTHORS AND COPYRIGHT HOLDERS AND THEIR
14 ## CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
15 ## SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
16 ## LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF
17 ## USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
18 ## ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
19 ## OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT
20 ## OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
21 ## SUCH DAMAGE.
22 ##
24 # package information
25 Name: nessus-tool
26 Summary: Nessus Security Scanner (Tool)
27 URL: http://www.nessus.org/
28 Vendor: Renaud Deraison
29 Packager: OpenPKG Foundation e.V.
30 Distribution: OpenPKG Community
31 Class: EVAL
32 Group: Monitoring
33 License: GPL
34 Version: 2.2.11
35 Release: 20090106
37 # package options
38 %option with_fsl yes
40 # list of sources
41 Source0: ftp://ftp.nessus.org/pub/nessus/nessus-%{version}/src/nessus-core-%{version}.tar.gz
42 Source1: ftp://ftp.nessus.org/pub/nessus/nessus-%{version}/src/nessus-plugins-GPL-%{version}.tar.gz
43 Source2: nessusd.conf
44 Source3: nessusd.rules
45 Source4: nessusd.users
46 Source5: rc.nessus
47 Source6: fsl.nessus
48 Patch0: nessus-tool.patch
50 # build information
51 Prefix: %{l_prefix}
52 BuildRoot: %{l_buildroot}
53 BuildPreReq: OpenPKG, openpkg >= 20060823, X11, gcc, make
54 PreReq: OpenPKG, openpkg >= 20060823, X11
55 BuildPreReq: nessus-libs, glib2, gtk2, openssl
56 PreReq: nessus-libs, glib2, gtk2, openssl
57 %if "%{with_fsl}" == "yes"
58 BuildPreReq: fsl >= 1.3.0
59 PreReq: fsl >= 1.3.0
60 %endif
61 AutoReq: no
62 AutoReqProv: no
64 %description
65 This is the Tool package of the Nessus Security Scanner, a security
66 scanner which will audit remotely a given network and determine
67 whether attackers may break into it, or misuse it in some way.
69 %track
70 prog nessus-tool:nessus-core = {
71 version = %{version}
72 url = ftp://ftp.nessus.org/pub/nessus/
73 regex = (nessus-\d+\.\d+\.\d+[a-z]?)
74 url = ftp://ftp.nessus.org/pub/nessus/__NEWVER__/src/
75 regex = nessus-core-(__VER__)\.tar\.gz
76 }
77 prog nessus-tool:nessus-plugins = {
78 version = %{version}
79 url = ftp://ftp.nessus.org/pub/nessus/
80 regex = (nessus-\d+\.\d+\.\d+[a-z]?)
81 url = ftp://ftp.nessus.org/pub/nessus/__NEWVER__/src/
82 regex = nessus-core-(__VER__)\.tar\.gz
83 }
85 %prep
86 %setup -q -c
87 %setup -q -T -D -a 1
88 %patch -p0
89 %{l_shtool} subst \
90 -e 's;\(for scripts in scripts/\*\.nasl\) scripts/\*\.nbin;\1;' \
91 -e 's;\(for scripts in scripts/\*\.inc\) scripts/\*\.nlib;\1;' \
92 nessus-plugins/Makefile
94 %build
95 # build nessus-core part
96 ( cd nessus-core
97 CC="%{l_cc}" \
98 CFLAGS="%{l_cflags -O}" \
99 CPPFLAGS="%{l_cppflags}" \
100 LDFLAGS="%{l_fsl_ldflags}" \
101 LIBS="%{l_fsl_libs}" \
102 ./configure \
103 --prefix=%{l_prefix} \
104 --localstatedir=%{l_prefix}/var \
105 --sharedstatedir=%{l_prefix}/var \
106 --enable-unix-socket=%{l_prefix}/var/nessus/nessusd.socket \
107 --disable-syslog \
108 --with-x \
109 --x-includes=`%{l_rc} --query x11_incdir` \
110 --x-libraries=`%{l_rc} --query x11_libdir` \
111 --enable-save-sessions \
112 --enable-save-kb \
113 --enable-release
114 %{l_make} %{l_mflags}
115 ) || exit $?
117 # temporarily install nessus-core for nessus-plugins building
118 nessus_core=`pwd`/nessus-core
119 ( cd nessus-core
120 %{l_make} %{l_mflags} \
121 install DESTDIR=${nessus_core}/tmp
122 ) || exit $?
124 # build nessus-plugins part
125 ( cd nessus-plugins
126 CC="%{l_cc}" \
127 CFLAGS="-I${nessus_core}/tmp%{l_prefix}/include/nessus %{l_cflags -O}" \
128 CPPFLAGS="-I${nessus_core}/tmp%{l_prefix}/include/nessus %{l_cppflags}" \
129 LDFLAGS="%{l_fsl_ldflags}" \
130 LIBS="%{l_fsl_libs}" \
131 ./configure \
132 --prefix=%{l_prefix} \
133 --enable-install="`%{l_shtool} echo -e %u`" \
134 --enable-shared
135 %{l_shtool} subst \
136 -e 's;getinterfaces;local_getinterfaces;g' \
137 -e 's;routethrough;local_routethrough;g' \
138 -e 's;ipaddr2devname;local_ipaddr2devname;g' \
139 -e 's;islocalhost;local_islocalhost;g' \
140 -e 's;get_random_bytes;local_get_random_bytes;g' \
141 -e 's;getsourceip;local_getsourceip;g' \
142 plugins/nmap_osfingerprint/*.[ch]
143 %{l_make} %{l_mflags}
144 ) || exit $?
146 %install
147 rm -rf $RPM_BUILD_ROOT
149 %{l_shtool} mkdir -f -p -m 755 \
150 $RPM_BUILD_ROOT%{l_prefix}/bin
152 # install nessus-core part
153 ( cd nessus-core
154 %{l_make} %{l_mflags} install DESTDIR=$RPM_BUILD_ROOT
155 ) || exit $?
157 # install nessus-plugins part
158 ( cd nessus-plugins
159 %{l_make} %{l_mflags} install DESTDIR=$RPM_BUILD_ROOT
160 ) || exit $?
162 # strip down installation
163 strip $RPM_BUILD_ROOT%{l_prefix}/bin/* >/dev/null 2>&1 || true
165 # install default configuration
166 %{l_shtool} install -c -m 644 %{l_value -s -a} \
167 %{SOURCE nessusd.conf} \
168 %{SOURCE nessusd.rules} \
169 %{SOURCE nessusd.users} \
170 $RPM_BUILD_ROOT%{l_prefix}/etc/nessus/
172 # install run-command script
173 %{l_shtool} mkdir -f -p -m 755 \
174 $RPM_BUILD_ROOT%{l_prefix}/etc/fsl \
175 $RPM_BUILD_ROOT%{l_prefix}/etc/rc.d
176 %{l_shtool} install -c -m 755 %{l_value -s -a} \
177 %{SOURCE rc.nessus} $RPM_BUILD_ROOT%{l_prefix}/etc/rc.d/
178 %{l_shtool} install -c -m 644 %{l_value -s -a} \
179 %{SOURCE fsl.nessus} $RPM_BUILD_ROOT%{l_prefix}/etc/fsl/
181 # determine installation files
182 %{l_rpmtool} files -v -ofiles -r$RPM_BUILD_ROOT \
183 %{l_files_std} \
184 '%config %{l_prefix}/etc/fsl/fsl.nessus' \
185 '%config %{l_prefix}/etc/nessus/*' \
186 '%config %attr(0600,%{l_musr},%{l_mgrp}) %{l_prefix}/etc/nessus/nessusd.conf'
188 %files -f files
190 %clean
191 rm -rf $RPM_BUILD_ROOT
193 %post
194 # after upgrade, restart service
195 if [ $1 -eq 2 ]; then
196 eval `%{l_rc} nessus status 2>/dev/null`
197 [ ".$nessus_active" = .yes ] && %{l_rc} nessus restart
198 fi
200 # on every install, announce certificate
201 if [ $1 -le 2 ]; then
202 if [ ! -f $RPM_INSTALL_PREFIX/var/nessus/CA/servercert.pem ]; then
203 ( echo "For the SSL/TLS based remote client/server connections"
204 echo "between the Nessus server and the Nessus clients, an"
205 echo "X.509 server certificate/key pair is needed. Run the"
206 echo "following command to create it once:"
207 echo " \$ $RPM_INSTALL_PREFIX/sbin/nessus-mkcert"
208 ) | %{l_rpmtool} msg -b -t info
209 fi
210 fi
212 # on initial install, announce useradd
213 if [ $1 -eq 1 ]; then
214 ( echo "Each Nessus user has to be created on the Nessus server"
215 echo "Run the following command to create an individual user:"
216 echo " \$ $RPM_INSTALL_PREFIX/sbin/nessus-adduser"
217 ) | %{l_rpmtool} msg -b -t info
218 fi
219 exit 0
221 %preun
222 # before erase, stop service and remove log files
223 if [ $1 -eq 0 ]; then
224 %{l_rc} nessus stop 2>/dev/null
225 rm -f $RPM_INSTALL_PREFIX/var/nessus/logs/*.log* >/dev/null 2>&1 || true
226 fi
227 exit 0
