[Openvas-distro] OpenBSD port OpenVAS v2

Nigel J. Taylor njtaylor at asterisk.demon.co.uk
Tue Feb 17 03:01:15 CET 2009


For anyone interested attached is a port for OpenBSD. (Also sent to
ports at openbsd.org).

to build the complete set of packages.
extract the port into /usr/ports/security in the ports tree.

cd /usr/ports/security/openvas
make package

This port includes

opevas-libraries 2.0.1
openvas-libnasl 2.0.1
openvas-server 2.0.0
openvas-plugins 1.0.5
  split into
     openvas-plugins - just .nes files.
     openvas-plugins-scripts - arch independent/optional.
       openvas-nvt-sync can be used to download instead.
openvas-client 2.0.1
sladinstaller 1.1.2


The patch files show the changes made. Some notes I made are below.

Regards

Nigel Taylor



Running openvas on OpenBSD

nikto.nasl - searches for nikto.pl, openbsd this is installed just as nikto,
nikto.pl doesn't exist. (Temporary workaround is to add a soft link).


Relocation of OpenVAS directories for OpenBSD.

1. /var/openvas is used rather than /var/lib/openvas, /var/lib is not normally
present on OpenBSD, Nessus used /var/nessus.

2. /var/openvas/plugins is used for openvas-nvt-sync and openvasd
/usr/local/lib/openvas/plugins still used for openvas-plugins, expected to copy
from there into /var/openvas/plugins, and then run openvas-nvt-sync, also allows
 package install, deinstall without issues because openvas-nvt-sync updated
files after the install, also already present on LiveCD. Only want /usr updated
when package or OS changes.

3. /usr/local/share/doc/openvas-manual changed to
/usr/local/share/doc/openvas.

4. /usr/local/share/examples/openvas added and openvas-services placed in the
directory and expected to be copied to /var/openvas. Packages should not
overwrite the running previous installed configuration.


OpenBSD Porting - v1.0/v2.0

(Note openvasd v2 crashes if /var/openvas/plugins/.desc is not removed if v1 had
been used).

uname -o is used in a couple of Makefile's (openvas-client / sladinstaller), the
-o option is not supported under OpenBSD, changed to uname. Should this be
handled in configure not using uname in Makefiles.


/bin/bash used in openvas-nvt-sync, changed to /bin/sh, bash is not in the base
OS, not adding bash package just for the sake of one script. $Id$ used in
openvas-nvt-sync, causes problem with cvs/rcs (only because it gets
included in a patch).


openvas-adduser -
chmod 700 /var/openvas (was /var/lib/openvas) changed to
chmod 700 /var/openvas/users (not sure this should even be required should have
been set on installation). required for openvas-nvt-sync to work under a
different user to root prefer to download under unprivileged account,
/var/openvas should be 750 then /var/openvas/plugins can have owner other than
root. Issue using account other than root openvas-nvt-sync is unable to signal
openvasd to reload plugins.


server / openvas.tmpl.in - issue with include directories during compiles missed
out /usr/local/include.

openvas-check-singnature.c - getopt.h include missing compile failed. (v1.0)

openvas-nvt-sync.in - findcmd SRCH added extra directories to search
# whence rsync
/usr/local/bin/rsync
# whence md5
/bin/md5

md5sum replaced by md5, --status removed on command line and -q added before -c.
(would it be better just to configure once in /etc/openvas/.)

openvas-plugins delivered as two packages openvas-plugins-scripts contains all
nasl scripts, inc files and is arch independant (also not necessary to deliver
scripts if openvas-nvt-sync is run). openvas-plugins the rest just the .nes
files. (Should .nasl,.inc be put in directories separate from the .nes files,
and openvasd given multiple locatations to search for plugins .nes files).

libnasl nasl/Makefile LINK = $(LIBTOOL) --mode=link added
COMPILE changed to include --mode=compile
--mode install changed to --mode=install
--mode=final removed (creating a package so not required).

nasl/lsearch added config.h include, reintroduced #ifndef HAVE_LFIND as included
in standard libraries on OpenBSD.

nasl.tmpl.in - GNUTLS library not being included -lgnutls added, needs more
work, temporary workaround.

libraries

ftp_funcs.c - #include <sys/socket.h> added.

hg_dns_axfr.c - added hg_get16 as per mail list.

ids_send.c - #include <sys/socket.h> added.

pcap.c - #include <resolv.h> removed (OpenBSD doesn't use resolv lib any more).
#include <sys/socket.h> - added
#include <netinet/in.h> - added
#include "pcap_openvas.h" - removed.

plugutils.c - #include <wait.h> changed to #include <sys/wait.h> (V1.0)

popen.c #include <sys/time>.h added (V1.0)
#include <sys/resource.h> added

system.c #include "config.h" added

www_funcs.c #include <netinet/in.h> added

libraries/configure.in - pcap library routine pcap_restart doesn't exist in pcap
lib - change to AC_HAVE_LIBRARY,
resolv libraries do not exist any more depreciated changed to AC_HAVE_LIBRARY
some issue with gnutls library (v2.0.0) - temporary fix.
(patch for configure included, no need to rerun autoconf for the port).

libopenvas, libopenvas_hg - Makefile libtool changed to --mode=




-------------- next part --------------
A non-text attachment was scrubbed...
Name: openvas2.0.tgz
Type: application/octet-stream
Size: 48347 bytes
Desc: not available
Url : http://lists.wald.intevation.org/pipermail/openvas-distro/attachments/20090217/b8359e8a/openvas2.0-0001.obj


More information about the Openvas-distro mailing list