diff options
| author | Jeremy Messenger <mezz@FreeBSD.org> | 2004-10-14 21:19:43 +0000 |
|---|---|---|
| committer | Jeremy Messenger <mezz@FreeBSD.org> | 2004-10-14 21:19:43 +0000 |
| commit | d63f58bc347056d90ab35e1f406a074534f233e8 (patch) | |
| tree | be91b537700c68a125c6d7217e7dd9b02232c6a5 /security/nessus-devel | |
| parent | 6ddc6449197096870237f15d8ce36ee3e3ad1f36 (diff) | |
Notes
Diffstat (limited to 'security/nessus-devel')
| -rw-r--r-- | security/nessus-devel/Makefile | 8 | ||||
| -rw-r--r-- | security/nessus-devel/distinfo | 4 | ||||
| -rw-r--r-- | security/nessus-devel/files/nessusd.conf | 120 | ||||
| -rw-r--r-- | security/nessus-devel/files/nessusd.rules | 8 | ||||
| -rw-r--r-- | security/nessus-devel/pkg-plist | 7 |
5 files changed, 144 insertions, 3 deletions
diff --git a/security/nessus-devel/Makefile b/security/nessus-devel/Makefile index 6a55a05bda12..77e224c8bbad 100644 --- a/security/nessus-devel/Makefile +++ b/security/nessus-devel/Makefile @@ -11,7 +11,7 @@ # WITHOUT_NESSUS_GTK PORTNAME= nessus-devel -PORTVERSION= 2.1.2 +PORTVERSION= 2.1.3 CATEGORIES= security MASTER_SITES= ftp://ftp.nessus.org/pub/nessus/nessus-${PORTVERSION}/src/ \ ftp://ftp.gwdg.de/pub/linux/misc/nessus/nessus-${PORTVERSION}/src/ \ @@ -60,6 +60,12 @@ post-install: @${SED} ${RC_SCRIPTS_SUB:S/$/!g/:S/^/ -e s!%%/:S/=/%%!/} \ ${FILESDIR}/nessusd.sh > ${PREFIX}/etc/rc.d/nessusd.sh @${CHMOD} +x ${PREFIX}/etc/rc.d/nessusd.sh + @${SED} -e 's;\$${PREFIX};${PREFIX};' ${FILESDIR}/nessusd.conf \ + > ${PREFIX}/etc/nessus/nessusd.conf.dist + @${SED} -e 's;\$${PREFIX};${PREFIX};' ${FILESDIR}/nessusd.rules \ + > ${PREFIX}/etc/nessus/nessusd.rules.dist + @${CHMOD} 644 ${PREFIX}/etc/nessus/nessusd.conf.dist \ + ${PREFIX}/etc/nessus/nessusd.rules.dist @${SETENV} ${SCRIPTS_ENV} ${SH} ${SCRIPTDIR}/move_nessus .if ! exists(${PREFIX}/var/CA/serverkey.pem) .if ! defined(BATCH) diff --git a/security/nessus-devel/distinfo b/security/nessus-devel/distinfo index be362712ac0c..195e4485a22c 100644 --- a/security/nessus-devel/distinfo +++ b/security/nessus-devel/distinfo @@ -1,2 +1,2 @@ -MD5 (nessus/nessus-core-2.1.2.tar.gz) = 900b09da8fcf855a6a5bc3257ff2200f -SIZE (nessus/nessus-core-2.1.2.tar.gz) = 673553 +MD5 (nessus/nessus-core-2.1.3.tar.gz) = 71547229f08603d3e1cb06830e424eb4 +SIZE (nessus/nessus-core-2.1.3.tar.gz) = 668507 diff --git a/security/nessus-devel/files/nessusd.conf b/security/nessus-devel/files/nessusd.conf new file mode 100644 index 000000000000..b286cd54301e --- /dev/null +++ b/security/nessus-devel/files/nessusd.conf @@ -0,0 +1,120 @@ +# Configuration file of the Nessus Security Scanner + + + +# Every line starting with a '#' is a comment + +# Path to the security checks folder : +plugins_folder = ${PREFIX}/lib/nessus/plugins + +# Maximum number of simultaneous hosts tested : +max_hosts = 30 + +# Maximum number of simultaneous checks against each host tested : +max_checks = 10 + +# Niceness. If set to 'yes', nessusd will renice itself to 10. +be_nice = no + +# Log file (or 'syslog') : +logfile = ${PREFIX}/var/nessus/logs/nessusd.messages + +# Shall we log every details of the attack ? +log_whole_attack = yes + +# Log the name of the plugins that are loaded by the server ? +log_plugins_name_at_load = no + +# Dump file for debugging output, use `-' for stdout +dumpfile = ${PREFIX}/var/nessus/logs/nessusd.dump + +# Rules file : +rules = ${PREFIX}/etc/nessus/nessusd.rules + +# Users database : +users = ${PREFIX}/etc/nessus/nessusd.users + +# CGI paths to check for (cgi-bin:/cgi-aws:/ can do) +cgi_path = /cgi-bin:/scripts + +# Range of the ports the port scanners will scan : +# 'default' means that Nessus will scan ports found in its +# services file. +port_range = default + +# Optimize the test (recommanded) : +optimize_test = yes + +# Language of the plugins : +language = english + + + +# Optimization : +# Read timeout for the sockets of the tests : +checks_read_timeout = 5 +# Ports against which two plugins should not be run simultaneously : +# non_simult_ports = Services/www, 139, Services/finger +non_simult_ports = 139, 445 +# Maximum lifetime of a plugin (in seconds) : +plugins_timeout = 320 + + +# Safe checks rely on banner grabbing : +safe_checks = yes + + +# Automatically activate the plugins that are depended on +auto_enable_dependencies = yes + + +# Designate hosts by MAC address, not IP address (useful for DHCP networks) +use_mac_addr = no + + +#--- Knowledge base saving (can be configured by the client) : +# Save the knowledge base on disk : +save_knowledge_base = no +# Restore the KB for each test : +kb_restore = no +# Only test hosts whose KB we do not have : +only_test_hosts_whose_kb_we_dont_have = no +# Only test hosts whose KB we already have : +only_test_hosts_whose_kb_we_have = no +# KB test replay : +kb_dont_replay_scanners = no +kb_dont_replay_info_gathering = no +kb_dont_replay_attacks = no +kb_dont_replay_denials = no +kb_max_age = 864000 +#--- end of the KB section + +# Can users upload their plugins ? +plugin_upload = no +# Suffixes of the plugins the user can upload : +plugin_upload_suffixes = .nasl, .inc +# Name of the user who can remotely update the plugins +admin_user = root + + +# If this option is set, Nessus will not scan a network incrementally +# (10.0.0.1, then 10.0.0.2, 10.0.0.3 and so on..) but will attempt to +# slice the workload throughout the whole network (ie: it will scan +# 10.0.0.1, then 10.0.0.127, then 10.0.0.2, then 10.0.0.128 and so on... +slice_network_addresses = no + +# Should consider all the NASL scripts as being signed ? (unsafe if set to 'yes') +nasl_no_signature_check = no + +#end. +# +# Added by nessus-mkcert +# +cert_file=${PREFIX}/com/CA/servercert.pem +key_file=${PREFIX}/var/CA/serverkey.pem +ca_file=${PREFIX}/com/CA/cacert.pem +# If you decide to protect your private key with a password, +# uncomment and change next line +# pem_password=password +# If you want to force the use of a client certificate, uncomment next line +# force_pubkey_auth = yes diff --git a/security/nessus-devel/files/nessusd.rules b/security/nessus-devel/files/nessusd.rules new file mode 100644 index 000000000000..9190158be8c2 --- /dev/null +++ b/security/nessus-devel/files/nessusd.rules @@ -0,0 +1,8 @@ +# +# Nessus rules +# + +# Syntax : accept|reject address/netmask + +# Accept to test anything : +default accept diff --git a/security/nessus-devel/pkg-plist b/security/nessus-devel/pkg-plist index b57fa26d70df..1919a502ea15 100644 --- a/security/nessus-devel/pkg-plist +++ b/security/nessus-devel/pkg-plist @@ -2,6 +2,12 @@ etc/rc.d/nessusd.sh bin/nessus bin/nessus-mkcert-client bin/nessus-mkrand +@unexec if cmp -s %D/etc/nessus/nessusd.conf.dist %D/etc/nessus/nessusd.conf; then rm -f %D/etc/nessus/nessusd.conf; fi +@unexec if cmp -s %D/etc/nessus/nessusd.rules.dist %D/etc/nessus/nessusd.rules; then rm -f %D/etc/nessus/nessusd.rules; fi +etc/nessus/nessusd.conf.dist +etc/nessus/nessusd.rules.dist +@exec if [ ! -f %D/etc/nessus/nessusd.conf ]; then cp %D/etc/nessus/nessusd.conf %D/etc/nessus/nessusd.conf; fi +@exec if [ ! -f %D/etc/nessus/nessusd.rules ]; then cp %D/etc/nessus/nessusd.onf %D/etc/nessus/nessusd.onf; fi include/nessus/config.h include/nessus/includes.h include/nessus/nessus-devel.h @@ -27,3 +33,4 @@ sbin/nessusd @exec mkdir -p %D/lib/nessus/plugins @unexec rmdir %D/lib/nessus/plugins 2>/dev/null || true @unexec rmdir %D/lib/nessus 2>/dev/null || true +@exec if [ ! -f %D/var/CA/serverkey.pem ]; then %D/sbin/nessus-mkcert; fi |