changeset
Import package vendor original specs for necessary manipulations.
Fri, 16 Jan 2009 22:39:09 +0100
- author
- Michael Schloh von Bennewitz <michael@schloh.com>
- date
- Fri, 16 Jan 2009 22:39:09 +0100
- changeset 102
- 8db7071256b6
- parent 101
- 8dba60127214
- child 103
- 35f0b90c0457
Import package vendor original specs for necessary manipulations.
1.1 --- /dev/null Thu Jan 01 00:00:00 1970 +0000 1.2 +++ b/nessus-tool/fsl.nessus Fri Jan 16 22:39:09 2009 +0100 1.3 @@ -0,0 +1,16 @@ 1.4 +## 1.5 +## fsl.nessus -- OSSP fsl configuration 1.6 +## 1.7 + 1.8 +ident (nessus)/.+ q{ 1.9 + prefix( 1.10 + prefix="%b %d %H:%M:%S %N <%L> $1[%P]: " 1.11 + ) 1.12 + -> { 1.13 + debug: file( 1.14 + path="@l_prefix@/var/nessus/logs/nessusd.log", 1.15 + perm=0644, jitter=1, monitor=3600 1.16 + ) 1.17 + } 1.18 +}; 1.19 +
2.1 --- /dev/null Thu Jan 01 00:00:00 1970 +0000 2.2 +++ b/nessus-tool/nessus-tool.patch Fri Jan 16 22:39:09 2009 +0100 2.3 @@ -0,0 +1,56 @@ 2.4 +Index: nessus-core/doc/nessusd.8.in 2.5 +--- nessus-core/doc/nessusd.8.in.orig 2004-10-19 17:21:05 +0200 2.6 ++++ nessus-core/doc/nessusd.8.in 2005-03-23 11:59:54 +0100 2.7 +@@ -183,7 +183,7 @@ 2.8 + .SH USERS MANAGEMENT 2.9 + 2.10 + The utility nessus-adduser(8) creates new nessusd users. Each nessusd user 2.11 +-is attributed a "home", in @NESSUS_STATEDIR@/users/<username>. This home contains the following directories : 2.12 ++is attributed a "home", in @NESSUSD_STATEDIR@/users/<username>. This home contains the following directories : 2.13 + .IP auth/ 2.14 + This directory contains the authentification information for this user. It might contain the file 'dname' if the user is authenticating using a certificate, or 'hash' (or 'passwd') if the user is authenticating using a password. The file 'hash' contains a MD5 hash of the user password, as well as a random seed. The file 'password' should contain the password in clear text. 2.15 + 2.16 +@@ -206,7 +206,7 @@ 2.17 + 2.18 + 2.19 + When a user attempts to log in, nessusd first checks that the directory 2.20 +-@NESSUS_STATEDIR@/users/<username> exists, then hashes the password sent by the user with the random salt found in <username>/auth/hash, and compares it with the password hash stored in the same file. If the users authenticates using a certificate, then nessusd checks that the certificate has been signed by a recognized authority, and makes sure that the dname of the certificate shown by the user is the same as the one in <username>/dname. 2.21 ++@NESSUSD_STATEDIR@/users/<username> exists, then hashes the password sent by the user with the random salt found in <username>/auth/hash, and compares it with the password hash stored in the same file. If the users authenticates using a certificate, then nessusd checks that the certificate has been signed by a recognized authority, and makes sure that the dname of the certificate shown by the user is the same as the one in <username>/dname. 2.22 + 2.23 + 2.24 + To remove a given user, use the command nessus-rmuser(8). 2.25 +Index: nessus-core/nessus-mkcert.in 2.26 +--- nessus-core/nessus-mkcert.in.orig 2004-12-10 20:40:22 +0100 2.27 ++++ nessus-core/nessus-mkcert.in 2005-03-23 12:00:24 +0100 2.28 +@@ -407,31 +407,12 @@ 2.29 + 2.30 + chmod a+r $CACERT $SRVCERT #cln $CLNCERT 2.31 + 2.32 +- 2.33 +-CF=@sysconfdir@/nessus/nessusd.conf 2.34 +-egrep -v '^ *(pem_password|cert_file|key_file|ca_file|force_pubkey_auth) *=' "$CF" > "$CF.tmp" 2.35 +-echo "# 2.36 +-# Added by nessus-mkcert 2.37 +-# 2.38 +-cert_file=$SRVCERT 2.39 +-key_file=$SRVKEY 2.40 +-ca_file=$CACERT 2.41 +-# If you decide to protect your private key with a password, 2.42 +-# uncomment and change next line 2.43 +-# pem_password=password 2.44 +-# If you want to force the use of a client certificate, uncomment next line 2.45 +-# force_pubkey_auth = yes" >> "$CF.tmp" 2.46 +- 2.47 +- 2.48 +- 2.49 +- 2.50 + test -z "$QUIET" && header 2.51 + 2.52 + if [ -s "$CACERT" -a -s "$CAKEY" -a -s "$SRVCERT" -a -s "$SRVKEY" ]; 2.53 + then 2.54 + test -z "$QUIET" && echo "Congratulations. Your server certificate was properly created." 2.55 + 2.56 +- mv -f "$CF.tmp" "$CF" 2.57 + test -z "$QUIET" && { 2.58 + echo 2.59 + echo "$CF updated
3.1 --- /dev/null Thu Jan 01 00:00:00 1970 +0000 3.2 +++ b/nessus-tool/nessus-tool.spec Fri Jan 16 22:39:09 2009 +0100 3.3 @@ -0,0 +1,224 @@ 3.4 +## 3.5 +## nessus-tool.spec -- OpenPKG RPM Package Specification 3.6 +## Copyright (c) 2000-2008 OpenPKG Foundation e.V. <http://openpkg.net/> 3.7 +## 3.8 +## Permission to use, copy, modify, and distribute this software for 3.9 +## any purpose with or without fee is hereby granted, provided that 3.10 +## the above copyright notice and this permission notice appear in all 3.11 +## copies. 3.12 +## 3.13 +## THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESSED OR IMPLIED 3.14 +## WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF 3.15 +## MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. 3.16 +## IN NO EVENT SHALL THE AUTHORS AND COPYRIGHT HOLDERS AND THEIR 3.17 +## CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, 3.18 +## SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT 3.19 +## LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF 3.20 +## USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND 3.21 +## ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, 3.22 +## OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT 3.23 +## OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 3.24 +## SUCH DAMAGE. 3.25 +## 3.26 + 3.27 +# package information 3.28 +Name: nessus-tool 3.29 +Summary: Nessus Security Scanner (Tool) 3.30 +URL: http://www.nessus.org/ 3.31 +Vendor: Renaud Deraison 3.32 +Packager: OpenPKG Foundation e.V. 3.33 +Distribution: OpenPKG Community 3.34 +Class: EVAL 3.35 +Group: Monitoring 3.36 +License: GPL 3.37 +Version: 2.2.11 3.38 +Release: 20081120 3.39 + 3.40 +# package options 3.41 +%option with_fsl yes 3.42 + 3.43 +# list of sources 3.44 +Source0: ftp://ftp.nessus.org/pub/nessus/nessus-%{version}/src/nessus-core-%{version}.tar.gz 3.45 +Source1: ftp://ftp.nessus.org/pub/nessus/nessus-%{version}/src/nessus-plugins-GPL-%{version}.tar.gz 3.46 +Source2: nessusd.conf 3.47 +Source3: nessusd.rules 3.48 +Source4: nessusd.users 3.49 +Source5: rc.nessus 3.50 +Source6: fsl.nessus 3.51 +Patch0: nessus-tool.patch 3.52 + 3.53 +# build information 3.54 +Prefix: %{l_prefix} 3.55 +BuildRoot: %{l_buildroot} 3.56 +BuildPreReq: OpenPKG, openpkg >= 20060823, X11, gcc, make 3.57 +PreReq: OpenPKG, openpkg >= 20060823, X11 3.58 +BuildPreReq: nessus-libs, glib2, gtk2, openssl 3.59 +PreReq: nessus-libs, glib2, gtk2, openssl 3.60 +%if "%{with_fsl}" == "yes" 3.61 +BuildPreReq: fsl >= 1.3.0 3.62 +PreReq: fsl >= 1.3.0 3.63 +%endif 3.64 +AutoReq: no 3.65 +AutoReqProv: no 3.66 + 3.67 +%description 3.68 + This is the Tool package of the Nessus Security Scanner, a security 3.69 + scanner which will audit remotely a given network and determine 3.70 + whether attackers may break into it, or misuse it in some way. 3.71 + 3.72 +%track 3.73 + prog nessus-tool:nessus-core = { 3.74 + version = %{version} 3.75 + url = ftp://ftp.nessus.org/pub/nessus/ 3.76 + regex = (nessus-\d+\.\d+\.\d+[a-z]?) 3.77 + url = ftp://ftp.nessus.org/pub/nessus/__NEWVER__/src/ 3.78 + regex = nessus-core-(__VER__)\.tar\.gz 3.79 + } 3.80 + prog nessus-tool:nessus-plugins = { 3.81 + version = %{version} 3.82 + url = ftp://ftp.nessus.org/pub/nessus/ 3.83 + regex = (nessus-\d+\.\d+\.\d+[a-z]?) 3.84 + url = ftp://ftp.nessus.org/pub/nessus/__NEWVER__/src/ 3.85 + regex = nessus-core-(__VER__)\.tar\.gz 3.86 + } 3.87 + 3.88 +%prep 3.89 + %setup -q -c 3.90 + %setup -q -T -D -a 1 3.91 + %patch -p0 3.92 + 3.93 +%build 3.94 + # build nessus-core part 3.95 + ( cd nessus-core 3.96 + CC="%{l_cc}" \ 3.97 + CFLAGS="%{l_cflags -O}" \ 3.98 + CPPFLAGS="%{l_cppflags}" \ 3.99 + LDFLAGS="%{l_fsl_ldflags}" \ 3.100 + LIBS="%{l_fsl_libs}" \ 3.101 + ./configure \ 3.102 + --prefix=%{l_prefix} \ 3.103 + --localstatedir=%{l_prefix}/var \ 3.104 + --sharedstatedir=%{l_prefix}/var \ 3.105 + --enable-unix-socket=%{l_prefix}/var/nessus/nessusd.socket \ 3.106 + --disable-syslog \ 3.107 + --with-x \ 3.108 + --x-includes=`%{l_rc} --query x11_incdir` \ 3.109 + --x-libraries=`%{l_rc} --query x11_libdir` \ 3.110 + --enable-save-sessions \ 3.111 + --enable-save-kb \ 3.112 + --enable-release 3.113 + %{l_make} %{l_mflags} 3.114 + ) || exit $? 3.115 + 3.116 + # temporarily install nessus-core for nessus-plugins building 3.117 + nessus_core=`pwd`/nessus-core 3.118 + ( cd nessus-core 3.119 + %{l_make} %{l_mflags} \ 3.120 + install DESTDIR=${nessus_core}/tmp 3.121 + ) || exit $? 3.122 + 3.123 + # build nessus-plugins part 3.124 + ( cd nessus-plugins 3.125 + CC="%{l_cc}" \ 3.126 + CFLAGS="-I${nessus_core}/tmp%{l_prefix}/include/nessus %{l_cflags -O}" \ 3.127 + CPPFLAGS="-I${nessus_core}/tmp%{l_prefix}/include/nessus %{l_cppflags}" \ 3.128 + LDFLAGS="%{l_fsl_ldflags}" \ 3.129 + LIBS="%{l_fsl_libs}" \ 3.130 + ./configure \ 3.131 + --prefix=%{l_prefix} \ 3.132 + --enable-install="`%{l_shtool} echo -e %u`" \ 3.133 + --enable-shared 3.134 + %{l_shtool} subst \ 3.135 + -e 's;getinterfaces;local_getinterfaces;g' \ 3.136 + -e 's;routethrough;local_routethrough;g' \ 3.137 + -e 's;ipaddr2devname;local_ipaddr2devname;g' \ 3.138 + -e 's;islocalhost;local_islocalhost;g' \ 3.139 + -e 's;get_random_bytes;local_get_random_bytes;g' \ 3.140 + -e 's;getsourceip;local_getsourceip;g' \ 3.141 + plugins/nmap_osfingerprint/*.[ch] 3.142 + %{l_make} %{l_mflags} 3.143 + ) || exit $? 3.144 + 3.145 +%install 3.146 + rm -rf $RPM_BUILD_ROOT 3.147 + 3.148 + %{l_shtool} mkdir -f -p -m 755 \ 3.149 + $RPM_BUILD_ROOT%{l_prefix}/bin 3.150 + 3.151 + # install nessus-core part 3.152 + ( cd nessus-core 3.153 + %{l_make} %{l_mflags} install DESTDIR=$RPM_BUILD_ROOT 3.154 + ) || exit $? 3.155 + 3.156 + # install nessus-plugins part 3.157 + ( cd nessus-plugins 3.158 + %{l_make} %{l_mflags} install DESTDIR=$RPM_BUILD_ROOT 3.159 + ) || exit $? 3.160 + 3.161 + # strip down installation 3.162 + strip $RPM_BUILD_ROOT%{l_prefix}/bin/* >/dev/null 2>&1 || true 3.163 + 3.164 + # install default configuration 3.165 + %{l_shtool} install -c -m 644 %{l_value -s -a} \ 3.166 + %{SOURCE nessusd.conf} \ 3.167 + %{SOURCE nessusd.rules} \ 3.168 + %{SOURCE nessusd.users} \ 3.169 + $RPM_BUILD_ROOT%{l_prefix}/etc/nessus/ 3.170 + 3.171 + # install run-command script 3.172 + %{l_shtool} mkdir -f -p -m 755 \ 3.173 + $RPM_BUILD_ROOT%{l_prefix}/etc/fsl \ 3.174 + $RPM_BUILD_ROOT%{l_prefix}/etc/rc.d 3.175 + %{l_shtool} install -c -m 755 %{l_value -s -a} \ 3.176 + %{SOURCE rc.nessus} $RPM_BUILD_ROOT%{l_prefix}/etc/rc.d/ 3.177 + %{l_shtool} install -c -m 644 %{l_value -s -a} \ 3.178 + %{SOURCE fsl.nessus} $RPM_BUILD_ROOT%{l_prefix}/etc/fsl/ 3.179 + 3.180 + # determine installation files 3.181 + %{l_rpmtool} files -v -ofiles -r$RPM_BUILD_ROOT \ 3.182 + %{l_files_std} \ 3.183 + '%config %{l_prefix}/etc/fsl/fsl.nessus' \ 3.184 + '%config %{l_prefix}/etc/nessus/*' \ 3.185 + '%config %attr(0600,%{l_musr},%{l_mgrp}) %{l_prefix}/etc/nessus/nessusd.conf' 3.186 + 3.187 +%files -f files 3.188 + 3.189 +%clean 3.190 + rm -rf $RPM_BUILD_ROOT 3.191 + 3.192 +%post 3.193 + # after upgrade, restart service 3.194 + if [ $1 -eq 2 ]; then 3.195 + eval `%{l_rc} nessus status 2>/dev/null` 3.196 + [ ".$nessus_active" = .yes ] && %{l_rc} nessus restart 3.197 + fi 3.198 + 3.199 + # on every install, announce certificate 3.200 + if [ $1 -le 2 ]; then 3.201 + if [ ! -f $RPM_INSTALL_PREFIX/var/nessus/CA/servercert.pem ]; then 3.202 + ( echo "For the SSL/TLS based remote client/server connections" 3.203 + echo "between the Nessus server and the Nessus clients, an" 3.204 + echo "X.509 server certificate/key pair is needed. Run the" 3.205 + echo "following command to create it once:" 3.206 + echo " \$ $RPM_INSTALL_PREFIX/sbin/nessus-mkcert" 3.207 + ) | %{l_rpmtool} msg -b -t info 3.208 + fi 3.209 + fi 3.210 + 3.211 + # on initial install, announce useradd 3.212 + if [ $1 -eq 1 ]; then 3.213 + ( echo "Each Nessus user has to be created on the Nessus server" 3.214 + echo "Run the following command to create an individual user:" 3.215 + echo " \$ $RPM_INSTALL_PREFIX/sbin/nessus-adduser" 3.216 + ) | %{l_rpmtool} msg -b -t info 3.217 + fi 3.218 + exit 0 3.219 + 3.220 +%preun 3.221 + # before erase, stop service and remove log files 3.222 + if [ $1 -eq 0 ]; then 3.223 + %{l_rc} nessus stop 2>/dev/null 3.224 + rm -f $RPM_INSTALL_PREFIX/var/nessus/logs/*.log* >/dev/null 2>&1 || true 3.225 + fi 3.226 + exit 0 3.227 +
4.1 --- /dev/null Thu Jan 01 00:00:00 1970 +0000 4.2 +++ b/nessus-tool/nessusd.conf Fri Jan 16 22:39:09 2009 +0100 4.3 @@ -0,0 +1,38 @@ 4.4 +## 4.5 +## nessusd.conf -- Nessus Daemon Configuration 4.6 +## 4.7 + 4.8 +# paths 4.9 +rules = @l_prefix@/etc/nessus/nessusd.rules 4.10 +users = @l_prefix@/etc/nessus/nessusd.users 4.11 +logfile = @l_prefix@/var/nessus/nessusd.log 4.12 +dumpfile = @l_prefix@/var/nessus/nessusd.dump 4.13 +cert_file = @l_prefix@/var/nessus/CA/servercert.pem 4.14 +key_file = @l_prefix@/var/nessus/CA/serverkey.pem 4.15 +ca_file = @l_prefix@/var/nessus/CA/cacert.pem 4.16 +plugins_folder = @l_prefix@/lib/nessus/plugins 4.17 + 4.18 +# options 4.19 +max_hosts = 30 4.20 +max_checks = 10 4.21 +max_threads = 15 4.22 +be_nice = yes 4.23 +log_whole_attack = yes 4.24 +log_plugins_name_at_load = no 4.25 +cgi_path = /cgi-bin:/scripts 4.26 +port_range = default 4.27 +optimize_test = yes 4.28 +checks_read_timeout = 5 4.29 +non_simult_ports = 139, 445 4.30 +plugins_timeout = 320 4.31 +safe_checks = yes 4.32 +auto_enable_dependencies = yes 4.33 +use_mac_addr = no 4.34 +plugin_upload = no 4.35 +plugin_upload_suffixes = .nasl, .inc 4.36 +admin_user = root 4.37 +language = english 4.38 +slice_network_addresses = no 4.39 +#pem_password = password 4.40 +#force_pubkey_auth = yes 4.41 +
5.1 --- /dev/null Thu Jan 01 00:00:00 1970 +0000 5.2 +++ b/nessus-tool/nessusd.rules Fri Jan 16 22:39:09 2009 +0100 5.3 @@ -0,0 +1,11 @@ 5.4 +## 5.5 +## nessusd.rules -- Nessus Daemon Scanning Rules 5.6 +## 5.7 + 5.8 +accept 127.0.0.0/8 5.9 +accept client_ip/32 5.10 +#reject 192.168.1.1/32 5.11 +#reject !192.168.0.0/16 5.12 +default reject 5.13 +#default accept 5.14 +
6.1 --- /dev/null Thu Jan 01 00:00:00 1970 +0000 6.2 +++ b/nessus-tool/nessusd.users Fri Jan 16 22:39:09 2009 +0100 6.3 @@ -0,0 +1,4 @@ 6.4 +## 6.5 +## nessusd.users -- Nessus Daemon Users 6.6 +## 6.7 +
7.1 --- /dev/null Thu Jan 01 00:00:00 1970 +0000 7.2 +++ b/nessus-tool/rc.nessus Fri Jan 16 22:39:09 2009 +0100 7.3 @@ -0,0 +1,60 @@ 7.4 +#!@l_prefix@/bin/openpkg rc 7.5 +## 7.6 +## rc.nessus -- Run-Commands 7.7 +## 7.8 + 7.9 +%config 7.10 + nessus_enable="$openpkg_rc_def" 7.11 + nessus_listen_addr="127.0.0.1" 7.12 + nessus_listen_port="1241" 7.13 + nessus_source_addr="127.0.0.1" 7.14 + nessus_log_prolog="true" 7.15 + nessus_log_epilog="true" 7.16 + nessus_log_numfiles="10" 7.17 + nessus_log_minsize="1M" 7.18 + nessus_log_complevel="9" 7.19 + 7.20 +%common 7.21 + nessus_pidfile="@l_prefix@/var/nessus/nessusd.pid" 7.22 + nessus_signal () { 7.23 + [ -f $nessus_pidfile ] && kill -$1 `cat $nessus_pidfile` 7.24 + } 7.25 + 7.26 +%status -u @l_susr@ -o 7.27 + nessus_usable="unknown" 7.28 + nessus_active="no" 7.29 + rcService nessus enable yes && \ 7.30 + nessus_signal 0 && nessus_active="yes" 7.31 + echo "nessus_enable=\"$nessus_enable\"" 7.32 + echo "nessus_usable=\"$nessus_usable\"" 7.33 + echo "nessus_active=\"$nessus_active\"" 7.34 + 7.35 +%start -p 900 -u @l_susr@ 7.36 + rcService nessus enable yes || exit 0 7.37 + rcService nessus active yes && exit 0 7.38 + @l_prefix@/sbin/nessusd \ 7.39 + --listen="${nessus_listen_addr}" \ 7.40 + --port="${nessus_listen_port}" \ 7.41 + --src-ip="${nessus_source_addr}" \ 7.42 + --background 7.43 + 7.44 +%stop -p 100 -u @l_susr@ 7.45 + rcService nessus enable yes || exit 0 7.46 + rcService nessus active no && exit 0 7.47 + nessus_signal TERM 7.48 + sleep 2 7.49 + 7.50 +%restart -p 900 -u @l_susr@ 7.51 + rcService nessus enable yes || exit 0 7.52 + rcService nessus active no && exit 0 7.53 + rc nessus stop start 7.54 + 7.55 +%daily -u @l_susr@ 7.56 + rcService nessus enable yes || exit 0 7.57 + shtool rotate -f \ 7.58 + -n ${nessus_log_numfiles} -s ${nessus_log_minsize} -d \ 7.59 + -z ${nessus_log_complevel} -m 644 -o @l_susr@ -g @l_mgrp@ \ 7.60 + -P "${nessus_log_prolog}" \ 7.61 + -E "${nessus_log_epilog}; rc nessus restart" \ 7.62 + @l_prefix@/var/nessus/logs/nessusd.log 7.63 +
