diff options
| author | Sergey Matveychuk <sem@FreeBSD.org> | 2004-11-06 11:46:44 +0000 |
|---|---|---|
| committer | Sergey Matveychuk <sem@FreeBSD.org> | 2004-11-06 11:46:44 +0000 |
| commit | c2d7ce68a6a91a785a75e481da0749ecb69f1fde (patch) | |
| tree | 30252c7ee5b96eb161c272ab3fa438e9ea35889b /security/nessus | |
| parent | a7e02a606791437f1ec11312f5957358ed5cae8f (diff) | |
| download | ports-c2d7ce68a6a91a785a75e481da0749ecb69f1fde.tar.gz ports-c2d7ce68a6a91a785a75e481da0749ecb69f1fde.zip | |
Notes
Diffstat (limited to 'security/nessus')
| -rw-r--r-- | security/nessus/Makefile | 15 | ||||
| -rw-r--r-- | security/nessus/distinfo | 4 | ||||
| -rw-r--r-- | security/nessus/files/nessusd.conf | 120 | ||||
| -rw-r--r-- | security/nessus/files/nessusd.rules | 8 | ||||
| -rw-r--r-- | security/nessus/pkg-plist | 8 |
5 files changed, 148 insertions, 7 deletions
diff --git a/security/nessus/Makefile b/security/nessus/Makefile index f21dc2a86873..0e1d54ef3037 100644 --- a/security/nessus/Makefile +++ b/security/nessus/Makefile @@ -11,8 +11,7 @@ # WITHOUT_NESSUS_GTK PORTNAME= nessus -PORTVERSION= 2.0.12 -PORTREVISION= 1 +PORTVERSION= 2.2.0 CATEGORIES= security MASTER_SITES= ftp://ftp.nessus.org/pub/nessus/nessus-${PORTVERSION}/src/ \ ftp://ftp.gwdg.de/pub/linux/misc/nessus/nessus-${PORTVERSION}/src/ \ @@ -27,7 +26,7 @@ COMMENT= A security scanner: looks for vulnerabilities in a given network CONFLICTS= nessus-devel-[0-9]* nessus-devel-gtk-[0-9]* \ nessus-devel-gtk2-[0-9]* -LIB_DEPENDS= nasl.2:${PORTSDIR}/security/nessus-libnasl +LIB_DEPENDS= nasl.4:${PORTSDIR}/security/nessus-libnasl DIST_SUBDIR= nessus WRKSRC= ${WRKDIR}/nessus-core @@ -60,8 +59,14 @@ RC_SCRIPTS_SUB= PREFIX=${PREFIX} \ post-install: @${SED} ${RC_SCRIPTS_SUB:S/$/!g/:S/^/ -e s!%%/:S/=/%%!/} \ - ${FILESDIR}/nessusd.sh > ${LOCALBASE}/etc/rc.d/nessusd.sh - @${CHMOD} +x ${LOCALBASE}/etc/rc.d/nessusd.sh + ${FILESDIR}/nessusd.sh > ${PREFIX}/etc/rc.d/nessusd.sh + @${CHMOD} +x ${PREFIX}/etc/rc.d/nessusd.sh + @${SED} -e 's;\$${PREFIX};${PREFIX};' ${FILESDIR}/nessusd.conf \ + > ${PREFIX}/etc/nessus/nessusd.conf.dist + @${SED} -e 's;\$${PREFIX};${PREFIX};' ${FILESDIR}/nessusd.rules \ + > ${PREFIX}/etc/nessus/nessusd.rules.dist + @${CHMOD} 644 ${PREFIX}/etc/nessus/nessusd.conf.dist \ + ${PREFIX}/etc/nessus/nessusd.rules.dist @${SETENV} ${SCRIPTS_ENV} ${SH} ${SCRIPTDIR}/move_nessus .if ! exists(${PREFIX}/var/CA/serverkey.pem) .if ! defined(BATCH) diff --git a/security/nessus/distinfo b/security/nessus/distinfo index bc4e5a14df1d..1e06042c18b5 100644 --- a/security/nessus/distinfo +++ b/security/nessus/distinfo @@ -1,2 +1,2 @@ -MD5 (nessus/nessus-core-2.0.12.tar.gz) = 23017718a25848d3629e57ea2b72a421 -SIZE (nessus/nessus-core-2.0.12.tar.gz) = 649412 +MD5 (nessus/nessus-core-2.2.0.tar.gz) = 16c1b51d81896415af9dfc91a7faf8d9 +SIZE (nessus/nessus-core-2.2.0.tar.gz) = 688545 diff --git a/security/nessus/files/nessusd.conf b/security/nessus/files/nessusd.conf new file mode 100644 index 000000000000..b286cd54301e --- /dev/null +++ b/security/nessus/files/nessusd.conf @@ -0,0 +1,120 @@ +# Configuration file of the Nessus Security Scanner + + + +# Every line starting with a '#' is a comment + +# Path to the security checks folder : +plugins_folder = ${PREFIX}/lib/nessus/plugins + +# Maximum number of simultaneous hosts tested : +max_hosts = 30 + +# Maximum number of simultaneous checks against each host tested : +max_checks = 10 + +# Niceness. If set to 'yes', nessusd will renice itself to 10. +be_nice = no + +# Log file (or 'syslog') : +logfile = ${PREFIX}/var/nessus/logs/nessusd.messages + +# Shall we log every details of the attack ? +log_whole_attack = yes + +# Log the name of the plugins that are loaded by the server ? +log_plugins_name_at_load = no + +# Dump file for debugging output, use `-' for stdout +dumpfile = ${PREFIX}/var/nessus/logs/nessusd.dump + +# Rules file : +rules = ${PREFIX}/etc/nessus/nessusd.rules + +# Users database : +users = ${PREFIX}/etc/nessus/nessusd.users + +# CGI paths to check for (cgi-bin:/cgi-aws:/ can do) +cgi_path = /cgi-bin:/scripts + +# Range of the ports the port scanners will scan : +# 'default' means that Nessus will scan ports found in its +# services file. +port_range = default + +# Optimize the test (recommanded) : +optimize_test = yes + +# Language of the plugins : +language = english + + + +# Optimization : +# Read timeout for the sockets of the tests : +checks_read_timeout = 5 +# Ports against which two plugins should not be run simultaneously : +# non_simult_ports = Services/www, 139, Services/finger +non_simult_ports = 139, 445 +# Maximum lifetime of a plugin (in seconds) : +plugins_timeout = 320 + + +# Safe checks rely on banner grabbing : +safe_checks = yes + + +# Automatically activate the plugins that are depended on +auto_enable_dependencies = yes + + +# Designate hosts by MAC address, not IP address (useful for DHCP networks) +use_mac_addr = no + + +#--- Knowledge base saving (can be configured by the client) : +# Save the knowledge base on disk : +save_knowledge_base = no +# Restore the KB for each test : +kb_restore = no +# Only test hosts whose KB we do not have : +only_test_hosts_whose_kb_we_dont_have = no +# Only test hosts whose KB we already have : +only_test_hosts_whose_kb_we_have = no +# KB test replay : +kb_dont_replay_scanners = no +kb_dont_replay_info_gathering = no +kb_dont_replay_attacks = no +kb_dont_replay_denials = no +kb_max_age = 864000 +#--- end of the KB section + +# Can users upload their plugins ? +plugin_upload = no +# Suffixes of the plugins the user can upload : +plugin_upload_suffixes = .nasl, .inc +# Name of the user who can remotely update the plugins +admin_user = root + + +# If this option is set, Nessus will not scan a network incrementally +# (10.0.0.1, then 10.0.0.2, 10.0.0.3 and so on..) but will attempt to +# slice the workload throughout the whole network (ie: it will scan +# 10.0.0.1, then 10.0.0.127, then 10.0.0.2, then 10.0.0.128 and so on... +slice_network_addresses = no + +# Should consider all the NASL scripts as being signed ? (unsafe if set to 'yes') +nasl_no_signature_check = no + +#end. +# +# Added by nessus-mkcert +# +cert_file=${PREFIX}/com/CA/servercert.pem +key_file=${PREFIX}/var/CA/serverkey.pem +ca_file=${PREFIX}/com/CA/cacert.pem +# If you decide to protect your private key with a password, +# uncomment and change next line +# pem_password=password +# If you want to force the use of a client certificate, uncomment next line +# force_pubkey_auth = yes diff --git a/security/nessus/files/nessusd.rules b/security/nessus/files/nessusd.rules new file mode 100644 index 000000000000..9190158be8c2 --- /dev/null +++ b/security/nessus/files/nessusd.rules @@ -0,0 +1,8 @@ +# +# Nessus rules +# + +# Syntax : accept|reject address/netmask + +# Accept to test anything : +default accept diff --git a/security/nessus/pkg-plist b/security/nessus/pkg-plist index 6c7c66e33bc1..1919a502ea15 100644 --- a/security/nessus/pkg-plist +++ b/security/nessus/pkg-plist @@ -2,6 +2,12 @@ etc/rc.d/nessusd.sh bin/nessus bin/nessus-mkcert-client bin/nessus-mkrand +@unexec if cmp -s %D/etc/nessus/nessusd.conf.dist %D/etc/nessus/nessusd.conf; then rm -f %D/etc/nessus/nessusd.conf; fi +@unexec if cmp -s %D/etc/nessus/nessusd.rules.dist %D/etc/nessus/nessusd.rules; then rm -f %D/etc/nessus/nessusd.rules; fi +etc/nessus/nessusd.conf.dist +etc/nessus/nessusd.rules.dist +@exec if [ ! -f %D/etc/nessus/nessusd.conf ]; then cp %D/etc/nessus/nessusd.conf %D/etc/nessus/nessusd.conf; fi +@exec if [ ! -f %D/etc/nessus/nessusd.rules ]; then cp %D/etc/nessus/nessusd.onf %D/etc/nessus/nessusd.onf; fi include/nessus/config.h include/nessus/includes.h include/nessus/nessus-devel.h @@ -12,6 +18,7 @@ include/nessus/nessustcp.h include/nessus/nessusudp.h include/nessus/ntcompat.h sbin/nessus-adduser +sbin/nessus-check-signature sbin/nessus-mkcert sbin/nessus-rmuser sbin/nessusd @@ -26,3 +33,4 @@ sbin/nessusd @exec mkdir -p %D/lib/nessus/plugins @unexec rmdir %D/lib/nessus/plugins 2>/dev/null || true @unexec rmdir %D/lib/nessus 2>/dev/null || true +@exec if [ ! -f %D/var/CA/serverkey.pem ]; then %D/sbin/nessus-mkcert; fi |