improve this package by adding reasonable default configuration and server run-commands

nessus-tool/nessus-tool.patch

@@ -0,0 +1,21 @@
+Index: doc/nessusd.8.in
+--- doc/nessusd.8.in.orig	2003-08-14 20:22:46.000000000 +0200
++++ doc/nessusd.8.in	2003-10-03 15:14:48.000000000 +0200
+@@ -169,7 +169,7 @@
+ .SH USERS MANAGEMENT
+ 
+ The utility nessus-adduser(8) creates new nessusd users. Each nessusd user
+-is attributed a "home", in @NESSUS_STATEDIR@/users/<username>. This home contains the following directories :
++is attributed a "home", in @NESSUSD_STATEDIR@/users/<username>. This home contains the following directories :
+ .IP auth/
+ This directory contains the authentification information for this user. It might contain the file 'dname' if the user is authenticating using a certificate, or 'hash' (or 'passwd') if the user is authenticating using a password. The file 'hash' contains a MD5 hash of the user password, as well as a random seed. The file 'password' should contain the password in clear text.
+ 
+@@ -192,7 +192,7 @@
+ 
+ 
+ When a user attempts to log in, nessusd first checks that the directory
+-@NESSUS_STATEDIR@/users/<username> exists, then hashes the password sent by the user with the random salt found in <username>/auth/hash, and compares it with the password hash stored in the same file. If the users authenticates using a certificate, then nessusd checks that the certificate has been signed by a recognized authority, and makes sure that the dname of the certificate shown by the user is the same as the one in <username>/dname.
++@NESSUSD_STATEDIR@/users/<username> exists, then hashes the password sent by the user with the random salt found in <username>/auth/hash, and compares it with the password hash stored in the same file. If the users authenticates using a certificate, then nessusd checks that the certificate has been signed by a recognized authority, and makes sure that the dname of the certificate shown by the user is the same as the one in <username>/dname.
+ 
+ 
+ To remove a given user, use the command nessus-rmuser(8).

nessus-tool/nessus-tool.spec

@@ -38,14 +38,19 @@ Release:      20031003
 #   list of sources
 Source0:      ftp://ftp.nessus.org/pub/nessus/nessus-%{version}/src/nessus-core-%{version}.tar.gz
 Source1:      ftp://ftp.nessus.org/pub/nessus/nessus-%{version}/src/nessus-plugins-%{version}.tar.gz
+Source2:      nessusd.conf
+Source3:      nessusd.rules
+Source4:      nessusd.users
+Source5:      rc.nessus
+Patch0:       nessus-tool.patch
 
 #   build information
 Prefix:       %{l_prefix}
 BuildRoot:    %{l_buildroot}
 BuildPreReq:  OpenPKG, openpkg >= 20030103, X11, gcc, make
 PreReq:       OpenPKG, openpkg >= 20030103, X11
-BuildPreReq:  nessus-libs, glib, gtk
-PreReq:       nessus-libs, glib, gtk
+BuildPreReq:  nessus-libs, glib, gtk, openssl
+PreReq:       nessus-libs, glib, gtk, openssl
 AutoReq:      no
 AutoReqProv:  no
 
@@ -57,74 +62,113 @@ AutoReqProv:  no
 %prep
     %setup0 -q -c
     %setup1 -q -T -D -a 1
+    cd nessus-core
+    %patch0 -p0
 
 %build
     #   build nessus-core part
-    pushd nessus-core
-    CC="%{l_cc}" \
-    CFLAGS="%{l_cflags -O}" \
-    CPPFLAGS="%{l_cppflags}" \
-    LDFLAGS="%{l_ldflags}" \
-    ./configure \
-        --prefix=%{l_prefix} \
-        --enable-unix-socket=%{l_prefix}/var/nessus-tool/nessus.socket \
-        --disable-syslog \
-        --with-x \
-        --x-includes=`%{l_prefix}/etc/rc --query x11_incdir` \
-        --x-libraries=`%{l_prefix}/etc/rc --query x11_libdir` \
-        --enable-gtk
-    %{l_make} %{l_mflags -O}
-    popd
+    ( cd nessus-core
+      CC="%{l_cc}" \
+      CFLAGS="%{l_cflags -O}" \
+      CPPFLAGS="%{l_cppflags}" \
+      LDFLAGS="%{l_ldflags}" \
+      ./configure \
+          --prefix=%{l_prefix} \
+          --localstatedir=%{l_prefix}/var/nessus \
+          --sharedstatedir=%{l_prefix}/var/nessus \
+          --enable-unix-socket=%{l_prefix}/var/nessus/nessusd.socket \
+          --disable-syslog \
+          --with-x \
+          --x-includes=`%{l_prefix}/etc/rc --query x11_incdir` \
+          --x-libraries=`%{l_prefix}/etc/rc --query x11_libdir` \
+          --enable-save-sessions \
+          --enable-save-kb \
+          --enable-release
+      %{l_make} %{l_mflags -O}
+    ) || exit $?
 
     #   temporarily install nessus-core for nessus-plugins building
-    pushd nessus-core
-    nessus_core=`pwd`
-    %{l_make} %{l_mflags -O} \
-        install DESTDIR=${nessus_core}/tmp
-    popd
+    nessus_core=`pwd`/nessus-core
+    ( cd nessus-core
+      %{l_make} %{l_mflags -O} \
+          install DESTDIR=${nessus_core}/tmp
+    ) || exit $?
 
     #   build nessus-plugins part
-    pushd nessus-plugins
-    CC="%{l_cc}" \
-    CFLAGS="-I${nessus_core}/tmp%{l_prefix}/include/nessus %{l_cflags -O}" \
-    CPPFLAGS="-I${nessus_core}/tmp%{l_prefix}/include/nessus %{l_cppflags}" \
-    LDFLAGS="%{l_ldflags}" \
-    ./configure \
-        --prefix=%{l_prefix} \
-        --enable-install="`%{l_shtool} echo -e %u`" \
-        --enable-shared
-    %{l_shtool} subst \
-        -e 's;getinterfaces;local_getinterfaces;g' \
-        -e 's;routethrough;local_routethrough;g' \
-        -e 's;ipaddr2devname;local_ipaddr2devname;g' \
-        -e 's;islocalhost;local_islocalhost;g' \
-        -e 's;get_random_bytes;local_get_random_bytes;g' \
-        -e 's;getsourceip;local_getsourceip;g' \
-        plugins/nmap_osfingerprint/*.[ch]
-    %{l_make} %{l_mflags -O}
-    popd
+    ( cd nessus-plugins
+      CC="%{l_cc}" \
+      CFLAGS="-I${nessus_core}/tmp%{l_prefix}/include/nessus %{l_cflags -O}" \
+      CPPFLAGS="-I${nessus_core}/tmp%{l_prefix}/include/nessus %{l_cppflags}" \
+      LDFLAGS="%{l_ldflags}" \
+      ./configure \
+          --prefix=%{l_prefix} \
+          --enable-install="`%{l_shtool} echo -e %u`" \
+          --enable-shared
+      %{l_shtool} subst \
+          -e 's;getinterfaces;local_getinterfaces;g' \
+          -e 's;routethrough;local_routethrough;g' \
+          -e 's;ipaddr2devname;local_ipaddr2devname;g' \
+          -e 's;islocalhost;local_islocalhost;g' \
+          -e 's;get_random_bytes;local_get_random_bytes;g' \
+          -e 's;getsourceip;local_getsourceip;g' \
+          plugins/nmap_osfingerprint/*.[ch]
+      %{l_make} %{l_mflags -O}
+    ) || exit $?
 
 %install
     rm -rf $RPM_BUILD_ROOT
 
     #   install nessus-core part
-    pushd nessus-core
-    %{l_make} %{l_mflags} install DESTDIR=$RPM_BUILD_ROOT
-    popd
+    ( cd nessus-core
+      %{l_make} %{l_mflags} install DESTDIR=$RPM_BUILD_ROOT
+    ) || exit $?
 
     #   install nessus-plugins part
-    pushd nessus-plugins
-    %{l_make} %{l_mflags} install DESTDIR=$RPM_BUILD_ROOT
-    popd
+    ( cd nessus-plugins
+      %{l_make} %{l_mflags} install DESTDIR=$RPM_BUILD_ROOT
+    ) || exit $?
 
     #   strip down installation
     strip $RPM_BUILD_ROOT%{l_prefix}/bin/* >/dev/null 2>&1 || true
 
+    #   install default configuration
+    %{l_shtool} install -c -m 644 \
+        %{SOURCE nessusd.conf} \
+        %{SOURCE nessusd.rules} \
+        %{SOURCE nessusd.users} \
+        $RPM_BUILD_ROOT%{l_prefix}/etc/nessus/
+
+    #   install run-command script
+    %{l_shtool} mkdir -f -p -m 755 \
+        $RPM_BUILD_ROOT%{l_prefix}/etc/rc.d
+    %{l_shtool} install -c -m 755 %{l_value -s -a} \
+        %{SOURCE rc.nessus} $RPM_BUILD_ROOT%{l_prefix}/etc/rc.d/
+
     #   determine installation files
-    %{l_rpmtool} files -v -ofiles -r$RPM_BUILD_ROOT %{l_files_std}
+    %{l_rpmtool} files -v -ofiles -r$RPM_BUILD_ROOT \
+        %{l_files_std} \
+        '%config %{l_prefix}/etc/nessus/*'
 
 %files -f files
 
 %clean
     rm -rf $RPM_BUILD_ROOT
 
+%post
+    if [ $1 -le 2 ]; then
+        if [ ! -f $RPM_INSTALL_PREFIX/var/nessus/CA/servercert.pem ]; then
+            ( echo "For the SSL/TLS based remote client/server connections"
+              echo "between the Nessus server and the Nessus clients, an"
+              echo "X.509 server certificate/key pair is needed. Run the"
+              echo "following command to create it once:"
+              echo "  \$ $RPM_INSTALL_PREFIX/sbin/nessus-mkcert"
+            ) | %{l_rpmtool} msg -b -t info
+        fi
+    fi
+    if [ $1 -eq 1 ]; then
+        ( echo "Each Nessus user has to be created on the Nessus server"
+          echo "Run the following command to create an individual user:"
+          echo "  \$ $RPM_INSTALL_PREFIX/sbin/nessus-adduser"
+        ) | %{l_rpmtool} msg -b -t info
+    fi
+

nessus-tool/nessusd.conf

@@ -0,0 +1,38 @@
+##
+##  nessusd.conf -- Nessus Daemon Configuration
+##
+
+#   paths
+rules                    = @l_prefix@/etc/nessus/nessusd.rules
+users                    = @l_prefix@/etc/nessus/nessusd.users
+logfile                  = @l_prefix@/var/nessus/nessusd.log
+dumpfile                 = @l_prefix@/var/nessus/nessusd.dump
+cert_file                = @l_prefix@/var/nessus/CA/servercert.pem
+key_file                 = @l_prefix@/var/nessus/CA/serverkey.pem
+ca_file                  = @l_prefix@/var/nessus/CA/cacert.pem
+plugins_folder           = @l_prefix@/lib/nessus/plugins
+
+#   options
+max_hosts                = 30
+max_checks               = 10
+max_threads              = 15
+be_nice                  = yes
+log_whole_attack         = yes
+log_plugins_name_at_load = no
+cgi_path                 = /cgi-bin:/scripts
+port_range               = default
+optimize_test            = yes
+checks_read_timeout      = 5
+non_simult_ports         = 139, 445
+plugins_timeout          = 320
+safe_checks              = yes
+auto_enable_dependencies = yes
+use_mac_addr             = no
+plugin_upload            = no
+plugin_upload_suffixes   = .nasl, .inc
+admin_user               = root
+language                 = english
+slice_network_addresses  = no
+#pem_password            = password
+#force_pubkey_auth       = yes
+

nessus-tool/nessusd.rules

@@ -0,0 +1,11 @@
+##
+##  nessusd.rules -- Nessus Daemon Scanning Rules
+##
+
+accept 127.0.0.0/8
+accept client_ip/32
+#reject 192.168.1.1/32
+#reject !192.168.0.0/16
+default reject
+#default accept
+

nessus-tool/nessusd.users

@@ -0,0 +1,4 @@
+##
+##  nessusd.users -- Nessus Daemon Users
+##
+

nessus-tool/rc.nessus

@@ -0,0 +1,60 @@
+#!@l_prefix@/lib/openpkg/bash @l_prefix@/etc/rc
+##
+##  rc.nessus -- Run-Commands
+##
+
+%config
+    nessus_enable="$openpkg_rc_def"
+    nessus_listen_addr="127.0.0.1"
+    nessus_listen_port="1241"
+    nessus_source_addr="127.0.0.1"
+    nessus_log_prolog="true"
+    nessus_log_epilog="true"
+    nessus_log_numfiles="10"
+    nessus_log_minsize="1M"
+    nessus_log_complevel="9"
+
+%common
+    nessus_pidfile="@l_prefix@/var/nessus/nessusd.pid"
+    nessus_signal () {
+        [ -f $nessus_pidfile ] && kill -$1 `cat $nessus_pidfile`
+    }
+
+%status -u @l_susr@ -o
+    nessus_usable="unknown"
+    nessus_active="no"
+    rcService nessus enable yes && \
+        nessus_signal 0 && nessus_active="yes"
+    echo "nessus_enable=\"$nessus_enable\""
+    echo "nessus_usable=\"$nessus_usable\""
+    echo "nessus_active=\"$nessus_active\""
+
+%start -p 100 -u @l_susr@
+    rcService nessus enable yes || exit 0
+    rcService nessus active yes && exit 0
+    @l_prefix@/sbin/nessusd \
+        --listen="${nessus_listen_addr}" \
+        --port="${nessus_listen_port}" \
+        --src-ip="${nessus_source_addr}" \
+        --background
+
+%stop -p 100 -u @l_susr@
+    rcService nessus enable yes || exit 0
+    rcService nessus active no  && exit 0
+    nessus_signal TERM
+    sleep 2
+
+%restart -p 100 -u @l_susr@
+    rcService nessus enable yes || exit 0
+    rcService nessus active no  && exit 0
+    rc nessus stop start
+
+%daily -u @l_susr@
+    rcService nessus enable yes || exit 0
+    shtool rotate -f \
+        -n ${nessus_log_numfiles} -s ${nessus_log_minsize} -d \
+        -z ${nessus_log_complevel} -m 644 -o @l_susr@ -g @l_mgrp@ \
+        -P "${nessus_log_prolog}" \
+        -E "${nessus_log_epilog} && rc nessus restart" \
+        @l_prefix@/var/nessus/nessusd.log
+