commit: 7f74fdcab62b1c8f66e62d57bb98d1a1e770b226 Author: Michael Mair-Keimberger <mmk <AT> levelnine <DOT> at> AuthorDate: Mon Dec 26 09:05:13 2022 +0000 Commit: Conrad Kostecki <conikost <AT> gentoo <DOT> org> CommitDate: Mon Dec 26 13:43:56 2022 +0000 URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=7f74fdca
net-analyzer/openvas-scanner: remove unused files Signed-off-by: Michael Mair-Keimberger <mmk <AT> levelnine.at> Closes: https://github.com/gentoo/gentoo/pull/28823 Signed-off-by: Conrad Kostecki <conikost <AT> gentoo.org> .../openvas-scanner/files/gvm-feed-sync-20.8.1.sh | 45 -------- .../openvas-scanner/files/gvm-feed-sync.cron | 1 - .../openvas-scanner/files/gvm-feed-sync.sh | 45 -------- .../openvas-scanner/files/openvassd-daemon.conf | 17 --- .../openvas-scanner/files/openvassd.gvm.conf | 124 --------------------- net-analyzer/openvas-scanner/files/openvassd.init | 14 --- .../openvas-scanner/files/openvassd.service | 16 --- .../openvas-scanner/files/redis.conf.example | 57 ---------- 8 files changed, 319 deletions(-) diff --git a/net-analyzer/openvas-scanner/files/gvm-feed-sync-20.8.1.sh b/net-analyzer/openvas-scanner/files/gvm-feed-sync-20.8.1.sh deleted file mode 100644 index 178f49eb0493..000000000000 --- a/net-analyzer/openvas-scanner/files/gvm-feed-sync-20.8.1.sh +++ /dev/null @@ -1,45 +0,0 @@ -#!/bin/sh -# Copyright 1999-2021 Gentoo Authors -# Distributed under the terms of the GNU General Public License v2 -# GVM cron script that updates feed. - -# Start to update FEED & First NVT. -try=0 -until [ $try -ge 5 ]; do - greenbone-feed-sync --type GVMD_DATA --curl &>/dev/null && break - try=$[$try+1] - sleep 30 -done - -# Check status -if [ $? -eq 0 ]; then - # Avoid your IP temporary banned because of multiple connection - sleep 5 - # Try to update scapdata. - try=0 - until [ $try -ge 5 ]; do - greenbone-feed-sync --type SCAP &>/dev/null && break - try=$[$try+1] - sleep 30 - done - - # Check status - if [ $? -eq 0 ]; then - # Avoid your IP temporary banned because of multiple connection - sleep 5 - # Try to update certdata - try=0 - until [ $try -ge 5 ]; do - greenbone-feed-sync --type CERT &>/dev/null && break - try=$[$try+1] - sleep 30 - done - - # Check status - if [ $? -eq 0 ]; then - exit 0 - else - exit 1 - fi - fi -fi diff --git a/net-analyzer/openvas-scanner/files/gvm-feed-sync.cron b/net-analyzer/openvas-scanner/files/gvm-feed-sync.cron deleted file mode 100644 index 5563b92929b1..000000000000 --- a/net-analyzer/openvas-scanner/files/gvm-feed-sync.cron +++ /dev/null @@ -1 +0,0 @@ -0 2 * * * gvm [ -x /etc/gvm/gvm-feed-sync.sh ] && /bin/bash /etc/gvm/gvm-feed-sync.sh > /dev/null diff --git a/net-analyzer/openvas-scanner/files/gvm-feed-sync.sh b/net-analyzer/openvas-scanner/files/gvm-feed-sync.sh deleted file mode 100644 index ba21632a4d6c..000000000000 --- a/net-analyzer/openvas-scanner/files/gvm-feed-sync.sh +++ /dev/null @@ -1,45 +0,0 @@ -#!/bin/sh -# Copyright 1999-2019 Gentoo Authors -# Distributed under the terms of the GNU General Public License v2 -# GVM cron script that updates feed. - -# Start to update FEED & First NVT. -try=0 -until [ $try -ge 5 ]; do - greenbone-nvt-sync --curl &>/dev/null && break - try=$[$try+1] - sleep 30 -done - -# Check status -if [ $? -eq 0 ]; then - # Avoid your IP temporary banned because of multiple connection - sleep 5 - # Try to update scapdata. - try=0 - until [ $try -ge 5 ]; do - greenbone-scapdata-sync &>/dev/null && break - try=$[$try+1] - sleep 30 - done - - # Check status - if [ $? -eq 0 ]; then - # Avoid your IP temporary banned because of multiple connection - sleep 5 - # Try to update certdata - try=0 - until [ $try -ge 5 ]; do - greenbone-certdata-sync &>/dev/null && break - try=$[$try+1] - sleep 30 - done - - # Check status - if [ $? -eq 0 ]; then - exit 0 - else - exit 1 - fi - fi -fi diff --git a/net-analyzer/openvas-scanner/files/openvassd-daemon.conf b/net-analyzer/openvas-scanner/files/openvassd-daemon.conf deleted file mode 100644 index 6bb70d165355..000000000000 --- a/net-analyzer/openvas-scanner/files/openvassd-daemon.conf +++ /dev/null @@ -1,17 +0,0 @@ -# OpenVAS Scanner command args - -# e.g --foreground -OPENVAS_SCANNER_OPTIONS="" - -# Scanner listen socket -OPENVAS_SCANNER_LISTEN_SOCKET="--unix-socket=/var/run/openvassd.sock" - -# Scanner listen owner -OPENVAS_SCANNER_LISTEN_OWNER="--listen-owner=gvm" - -# Scanner listen group -OPENVAS_SCANNER_LISTEN_GROUP="--listen-group=gvm" - -# Scanner listen mode -OPENVAS_SCANNER_LISTEN_MODE="--listen-mode=755" - diff --git a/net-analyzer/openvas-scanner/files/openvassd.gvm.conf b/net-analyzer/openvas-scanner/files/openvassd.gvm.conf deleted file mode 100644 index 5dfb8b527454..000000000000 --- a/net-analyzer/openvas-scanner/files/openvassd.gvm.conf +++ /dev/null @@ -1,124 +0,0 @@ -# You can get detailed informations from https://linux.die.net/man/8/openvassd -# Configuration file of the OpenVAS Security Scanner -# Every line starting with a '#' is a comment - -[Misc] - -# Path to the security checks folder: -plugins_folder = /var/lib/openvas/plugins - -# Path to OpenVAS caching folder: -cache_folder = /var/cache/openvas - -# Path to OpenVAS include directories: -# (multiple entries are separated with colon ':') -include_folders = /var/lib/openvas/plugins - -# Config File -config_file = /etc/openvas/openvassd.conf - -# Maximum number of simultaneous hosts tested : -max_hosts = 30 - -# Maximum number of simultaneous checks against each host tested : -max_checks = 10 - -# Niceness. If set to 'yes', openvassd will renice itself to 10. -be_nice = no - -# Log file (or 'syslog') : -logfile = /var/log/gvm/openvassd.log - -# Shall we log every details of the attack ? (disk intensive) -log_whole_attack = no - -# Log the name of the plugins that are loaded by the server ? -log_plugins_name_at_load = no - -# Dump file for debugging output, use `-' for stdout -dumpfile = /var/log/gvm/openvassd.dump - -# Rules file : -rules = /etc/openvas/openvassd.rules - -# CGI paths to check for (cgi-bin:/cgi-aws:/ can do) -cgi_path = /cgi-bin:/scripts - -# Range of the ports the port scanners will scan : -# 'default' means that OpenVAS will scan ports found in its -# services file. -port_range = default - -# Optimize the test (recommended) : -# Turn off for push hard but increase false positive and slow down scans -optimize_test = yes - -# Optimization : -# Read timeout for the sockets of the tests : -checks_read_timeout = 5 - -# Ports against which two plugins should not be run simultaneously : -# non_simult_ports = Services/www, 139, Services/finger -non_simult_ports = 139, 445 - -# Maximum lifetime of a plugin (in seconds) : -plugins_timeout = 320 - -# Safe checks rely on banner grabbing & If enabled push harder to target: -safe_checks = yes - -# Automatically activate the plugins that are depended on -auto_enable_dependencies = yes - -# Do not echo data from plugins which have been automatically enabled -silent_dependencies = no - -# Designate hosts by MAC address, not IP address (useful for DHCP networks) -use_mac_addr = no - - -#--- Knowledge base saving (can be configured by the client) : -# Save the knowledge base on disk : -save_knowledge_base = no - -# Restore the KB for each test : -kb_restore = no - -# Only test hosts whose KB we do not have : -only_test_hosts_whose_kb_we_dont_have = no - -# Only test hosts whose KB we already have : -only_test_hosts_whose_kb_we_have = no - -# KB test replay : -kb_dont_replay_scanners = no -kb_dont_replay_info_gathering = no -kb_dont_replay_attacks = no -kb_dont_replay_denials = no -kb_max_age = 864000 -#--- end of the KB section - -# Redis socket default setting -db_address = /tmp/redis.sock - -# If this option is set, OpenVAS will not scan a network incrementally -# (10.0.0.1, then 10.0.0.2, 10.0.0.3 and so on..) but will attempt to -# slice the workload throughout the whole network (ie: it will scan -# 10.0.0.1, then 10.0.0.127, then 10.0.0.2, then 10.0.0.128 and so on... -slice_network_addresses = no - -# Should consider all the NASL scripts as being signed ? (unsafe if set to 'yes') -nasl_no_signature_check = yes - -#Certificates -cert_file=/var/lib/gvm/CA/servercert.pem -key_file=/var/lib/gvm/private/CA/serverkey.pem -ca_file=/var/lib/gvm/CA/cacert.pem - -# If you decide to protect your private key with a password, -# uncomment and change next line -# pem_password=password -# If you want to force the use of a client certificate, uncomment next line -# force_pubkey_auth = yes - -#end. diff --git a/net-analyzer/openvas-scanner/files/openvassd.init b/net-analyzer/openvas-scanner/files/openvassd.init deleted file mode 100644 index 9bd7332134fc..000000000000 --- a/net-analyzer/openvas-scanner/files/openvassd.init +++ /dev/null @@ -1,14 +0,0 @@ -#!/sbin/openrc-run -# Copyright 1999-2019 Gentoo Authors -# Distributed under the terms of the GNU General Public License v2 - -name="Open Vulnerability Assessment Scanner" -command="/usr/bin/openvassd" -command_args="${OPENVAS_SCANNER_OPTIONS} ${OPENVAS_SCANNER_LISTEN_SOCKET} ${OPENVAS_SCANNER_LISTEN_OWNER} ${OPENVAS_SCANNER_LISTEN_GROUP} ${OPENVAS_SCANNER_LISTEN_MODE}" -pidfile="/run/openvassd.pid" -command_background="true" - -depend() { - after bootmisc - need localmount net redis -} diff --git a/net-analyzer/openvas-scanner/files/openvassd.service b/net-analyzer/openvas-scanner/files/openvassd.service deleted file mode 100644 index b7d7df8bbab0..000000000000 --- a/net-analyzer/openvas-scanner/files/openvassd.service +++ /dev/null @@ -1,16 +0,0 @@ -[Unit] -Description=Open Vulnerability Assessment Scanner -After=network.target -After=redis.service -Before=gvmd.service -Requires=redis.service - -[Service] -Type=forking -EnvironmentFile=-/etc/openvas/sysconfig/openvassd-daemon.conf -ExecStart=/usr/bin/openvassd $OPENVAS_SCANNER_OPTIONS $OPENVAS_SCANNER_LISTEN_SOCKET $OPENVAS_SCANNER_LISTEN_OWNER $OPENVAS_SCANNER_LISTEN_GROUP $OPENVAS_SCANNER_LISTEN_MODE -Restart=on-failure -RestartSec=10 - -[Install] -WantedBy=multi-user.target diff --git a/net-analyzer/openvas-scanner/files/redis.conf.example b/net-analyzer/openvas-scanner/files/redis.conf.example deleted file mode 100644 index 6a41211aaae8..000000000000 --- a/net-analyzer/openvas-scanner/files/redis.conf.example +++ /dev/null @@ -1,57 +0,0 @@ -bind 127.0.0.1 -protected-mode yes -port 0 -tcp-backlog 511 -unixsocket /tmp/redis.sock -unixsocketperm 700 -timeout 0 -tcp-keepalive 300 -daemonize no -supervised no -pidfile /run/redis/redis.pid -loglevel notice -logfile /var/log/redis/redis.log -databases 16 -always-show-logo yes -stop-writes-on-bgsave-error yes -rdbcompression yes -rdbchecksum yes -dbfilename dump.rdb -dir /var/lib/redis/ -slave-serve-stale-data yes -slave-read-only yes -repl-diskless-sync no -repl-diskless-sync-delay 5 -repl-disable-tcp-nodelay no -slave-priority 100 -lazyfree-lazy-eviction no -lazyfree-lazy-expire no -lazyfree-lazy-server-del no -slave-lazy-flush no -appendonly no -appendfilename "appendonly.aof" -appendfsync everysec -no-appendfsync-on-rewrite no -auto-aof-rewrite-percentage 100 -auto-aof-rewrite-min-size 64mb -aof-load-truncated yes -aof-use-rdb-preamble no -lua-time-limit 5000 -slowlog-log-slower-than 10000 -slowlog-max-len 128 -latency-monitor-threshold 0 -notify-keyspace-events "" -hash-max-ziplist-entries 512 -hash-max-ziplist-value 64 -list-max-ziplist-size -2 -list-compress-depth 0 -set-max-intset-entries 512 -zset-max-ziplist-entries 128 -zset-max-ziplist-value 64 -hll-sparse-max-bytes 3000 -activerehashing yes -client-output-buffer-limit normal 0 0 0 -client-output-buffer-limit slave 256mb 64mb 60 -client-output-buffer-limit pubsub 32mb 8mb 60 -hz 10 -aof-rewrite-incremental-fsync yes
