Skip to content

Instantly share code, notes, and snippets.

Embed
What would you like to do?
AlpineLinux: openvas scripts configuration
#!/bin/sh
# OpenVAS
# $Id$
# Description: Script for checking completeness and readiness
# of OpenVAS.
# Reviewed for Alpine Linux distribution by:
# Francesco Colista <fcolista@alpinelinux.org>
#
# Authors:
# Jan-Oliver Wagner <jan-oliver.wagner@greenbone.net>
# Michael Wiegand <michael.wiegand@greenbone.net>
#
# Copyright:
# Copyright (C) 2011-2015 Greenbone Networks GmbH
#
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License version 2,
# or at your option any later version, as published by the
# Free Software Foundation
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
LOG=/tmp/openvas-check-setup.log
# Current default is OpenVAS-9:
VER=$(apk info -d openvas-libraries | cut -d- -f3 | head -1 | cut -d. -f1)
SCANNER_MAJOR=$(apk info -v | grep openvas-scanner | cut -d- -f3 | cut -d. -f1)
SCANNER_MINOR=$(apk info -v | grep openvas-scanner | cut -d- -f3 | cut -d. -f2)
MANAGER_MAJOR=$(apk info -v | grep openvas-manager | cut -d- -f3 | cut -d. -f1)
MANAGER_MINOR=$(apk info -v | grep openvas-manager | cut -d- -f3 | cut -d. -f2)
GSA_MAJOR=$(apk info -v | grep greenbone | cut -d- -f4 | cut -d. -f1)
GSA_MINOR=$(apk info -v | grep greenbone | cut -d- -f4 | cut -d. -f2)
CLI_MAJOR=$(apk info -v | grep openvas-cli | cut -d- -f3 | cut -d. -f1)
CLI_MINOR=$(apk info -v | grep openvas-cli | cut -d- -f3 | cut -d. -f2)
# Colorize output for a better reading
ERROR=$(echo -en "\033[1;91m ERROR: \e[0m")
OK=$(echo -en "\e[0;32m OK: \e[0m")
FIX=$(echo -en "\e[33m FIX: \e[0m")
WARNING=$(echo -en "\e[93m WARNING: \e[0m")
SUGGEST=$(echo -en "\e[33m SUGGEST: \e[0m")
HINT=$(echo -en "\e[33m HINT: \e[0m")
CHECKING=$(echo -en "\e[96m CHECKING: \e[0m")
echo ""
echo " Test completeness and readiness of OpenVAS-$VER"
echo ""
echo " =] Script based on original openvas-check-setup script and adjusted for Alpine Linux [= "
echo ""
log_and_print() {
echo -e " " $1
echo -e " " $1 >> $LOG
}
check_package() {
apk info -eq $1 && return 0 || return 1
}
check_failed() {
echo ""
echo " $ERROR: Your OpenVAS-$VER installation is not yet complete!"
echo ""
echo "Please follow the instructions marked with FIX above and run this"
echo "script again."
echo ""
exit 1
}
# LOG start
echo "$0 " > $LOG
echo " Mode: $MODE" >> $LOG
echo " Date: " `date -R` >> $LOG
echo "" >> $LOG
echo "$CHECKING for enabled repositories for OpenVAS ... "
if ! $(grep -q testing /etc/apk/repositories); then
log_and_print "$ERROR: No testing repository enabled.";
log_and_print "$FIX: Please add testing repository ." ;
cat <<EOF
If you want to fix the issue, do:"
* echo "http://dl-cdn.alpinelinux.org/alpine/edge/testing" >> /etc/apk/repositories
* apk update
EOF
fi
echo "$CHECKING OpenVAS Scanner ... "
echo "$CHECKING presence of OpenVAS Scanner ..." >> $LOG
if ! $(check_package openvas-scanner); then
log_and_print "$ERROR: No OpenVAS Scanner (openvassd) found.";
log_and_print "$FIX: Please install OpenVAS Scanner." ;
log_and_print "$FIX: apk add openvas-scanner" ;
check_failed
fi
echo "" >> $LOG
echo "$CHECKING OpenVAS Scanner version ..." >> $LOG
VERSION=$(openvassd --version 2>>$LOG | head -1 | sed -e "s/OpenVAS Scanner //")
echo "" >> $LOG
log_and_print "$OK: OpenVAS Scanner is present in version $VERSION."
openvassd -s >> $LOG 2>&1
echo "$CHECKING OpenVAS Scanner CA cert ..." >> $LOG
CAFILE=`openvassd -s 2>>$LOG | grep ca_file | sed -e "s/^ca_file = //"`
if [ ! -e $CAFILE ]; then
log_and_print "$ERROR: No CA certificate file of OpenVAS Scanner found."
log_and_print "$FIX: Run 'openvas-manage-certs -a'."
check_failed
fi
echo "" >> $LOG
log_and_print "$OK: OpenVAS Scanner CA Certificate is present as $CAFILE."
echo "$CHECKING presence of redis ..." >> $LOG
if ! $(check_package redis); then
log_and_print "$ERROR: No redis-server installation found.";
log_and_print "$FIX: You should install redis-server for improved scalability and ability to trace/debug the KB";
check_failed
else
VERSION=`redis-server --version | awk '{ print $3 }'`
log_and_print "$OK: redis-server is present in version $VERSION."
HAVE_REDIS=1
fi
echo "" >> $LOG
if [ $HAVE_REDIS -eq "1" ]; then
echo "$CHECKING if redis-server is configured properly to run with openVAS ..." >> $LOG
REDISSOCKET=`openvassd -s 2>>$LOG | grep kb_location | sed -e "s/^kb_location = //"`
if [ -z "$REDISSOCKET" ]; then
log_and_print "$ERROR: scanner is not configured to use a redis-server socket."
log_and_print "$FIX: Configure the kb_location setting of the scanner to the path of the redis-server socket."
check_failed
else
log_and_print "$OK: scanner (kb_location setting) is configured properly using the redis-server socket: $REDISSOCKET"
echo "$CHECKING if redis-server is running ..." >> $LOG
if [ -e $REDISSOCKET ]; then
log_and_print "$OK: redis-server is running and listening on socket: $REDISSOCKET."
else
log_and_print "$ERROR: redis-server is not running or not listening on socket: $REDISSOCKET"
log_and_print "$FIX: Please read the instruction in the README.alpine: /usr/share/doc/openvas-scanner/README.alpine"
check_failed
fi
fi
log_and_print "$OK: redis-server configuration is OK and redis-server is running."
fi
echo "" >> $LOG
echo "$CHECKING NVT collection ..." >> $LOG
PLUGINSFOLDER=`openvassd -s 2>>$LOG | grep plugins_folder | sed -e "s/^plugins_folder = //"`
if [ ! -d $PLUGINSFOLDER ]; then
log_and_print "$ERROR: Directory containing the NVT collection not found."
log_and_print "$FIX: Run a NVT synchronization script like openvas-nvt-sync or greenbone-nvt-sync."
check_failed
fi
OLDPLUGINSFOLDER=`echo "$PLUGINSFOLDER" | grep -q -v "/var/" 2>&1`
if [ $? -eq "0" ]; then
CONFFILE=`openvassd -s 2>>$LOG | grep config_file | sed -e "s/^config_file = //"`
log_and_print "$ERROR: Your OpenVAS Scanner configuration seems to be from a pre-OpenVAS-4 installation and contains non-FHS compliant paths."
log_and_print "$FIX: Delete your OpenVAS Scanner Configuration file ($CONFFILE)."
check_failed
fi
NVTCOUNT=`find $PLUGINSFOLDER -name "*nasl" | wc -l`
if [ $NVTCOUNT -lt "10" ]; then
log_and_print "$ERROR: The NVT collection is very small."
log_and_print "$FIX: Run greenbone-nvt-sync synchronization script."
check_failed
fi
echo "" >> $LOG
log_and_print "$OK: NVT collection in $PLUGINSFOLDER contains $NVTCOUNT NVTs."
echo "$CHECKING status of signature checking in OpenVAS Scanner ..." >> $LOG
NOSIGCHECK=`openvassd -s 2>>$LOG | grep nasl_no_signature_check | sed -e "s/^nasl_no_signature_check = //"`
if [ $NOSIGCHECK != "no" ]; then
log_and_print "$WARNING: Signature checking of NVTs is not enabled in OpenVAS Scanner."
log_and_print "$SUGGEST: Enable signature checking (see http://www.openvas.org/trusted-nvts.html)."
log_and_print "$SUGGEST: Please run: sed -i -e \"s/nasl_no_signature_check.*/nasl_no_signature_check\=no/g\" /etc/openvas/openvassd.conf"
else
log_and_print "$OK: Signature checking of NVTs is enabled in OpenVAS Scanner."
fi
echo "" >> $LOG
CACHEFOLDER=`openvassd -s 2>>$LOG | grep cache_folder | sed -e "s/^cache_folder = //"`
CACHECOUNT=`find $CACHEFOLDER -name "*nvti" | wc -l`
if [ $CACHECOUNT -lt $NVTCOUNT ]; then
log_and_print "$WARNING: The initial NVT cache has not yet been generated."
log_and_print "$SUGGEST: Start OpenVAS Scanner for the first time to generate the cache."
log_and_print "$SUGGEST: Please run: rc-service openvassd create_cache && rc-service openvassd start";
else
log_and_print "$OK: The NVT cache in $CACHEFOLDER contains $CACHECOUNT files for $NVTCOUNT NVTs."
fi
echo "" >> $LOG
echo "$CHECKING OpenVAS Manager ... "
echo "$CHECKING presence of OpenVAS Manager ..." >> $LOG
if ! $(check_package openvas-manager); then
log_and_print "$ERROR: No OpenVAS Manager (openvasmd) found.";
log_and_print "$FIX: Please install OpenVAS Manager.";
log_and_print "$FIX: Please run: apk add openvas-manager";
check_failed
fi
echo "" >> $LOG
VERSION=`openvasmd --version | head -1 | sed -e "s/OpenVAS Manager //"`
echo "" >> $LOG
log_and_print "$OK: OpenVAS Manager is present in version $VERSION."
echo "$CHECKING OpenVAS Manager client certificate ..." >> $LOG
CERTDIR=`dirname $CAFILE`
CLIENTCERTFILE="$CERTDIR/clientcert.pem"
if [ ! -e $CLIENTCERTFILE ]; then
log_and_print "$ERROR: No client certificate file of OpenVAS Manager found."
log_and_print "$FIX: Run 'openvas-manage-certs -a'."
check_failed
fi
echo "" >> $LOG
log_and_print "$OK: OpenVAS Manager client certificate is present as $CLIENTCERTFILE."
echo "$CHECKING OpenVAS Manager database ..." >> $LOG
# Guess openvas state dir from $PLUGINSFOLDER
STATEDIR=`dirname $PLUGINSFOLDER`
TASKSDB="$STATEDIR/mgr/tasks.db"
if [ ! -e $TASKSDB ]; then
log_and_print "$ERROR: No OpenVAS Manager database found. (Tried: $TASKSDB)"
log_and_print "$FIX: Run 'openvasmd --rebuild' while OpenVAS Scanner is running."
OPENVASSD_RUNNING=`ps -Af | grep -ic "[o]penvassd: waiting for incoming connections"`
if [ $OPENVASSD_RUNNING -eq "0" ]; then
log_and_print "$WARNING: OpenVAS Scanner is NOT running!" ;
log_and_print "$SUGGEST: Start OpenVAS Scanner (openvassd)." ;
log_and_print "$SUGGEST: Please run: rc-service openvassd start" ;
fi
check_failed
fi
echo "" >> $LOG
log_and_print "$OK: OpenVAS Manager database found in $TASKSDB."
echo "$CHECKING access rights of OpenVAS Manager database ..." >> $LOG
TASKSDBPERMS=`stat -c "%a" "$TASKSDB"`
if [ "$TASKSDBPERMS" != "600" ]; then
log_and_print "$ERROR: The access rights of the OpenVAS Manager database are incorrect."
log_and_print "$FIX: Run 'chmod 600 $TASKSDB'."
check_failed
fi
echo "" >> $LOG
log_and_print "$OK: Access rights for the OpenVAS Manager database are correct."
echo "$CHECKING sqlite3 presence ..." >> $LOG
if $(check_package sqlite); then
log_and_print "$OK: sqlite3 found, extended checks of the OpenVAS Manager installation enabled."
HAVE_SQLITE=1
else
log_and_print "$WARNING: Could not find sqlite3 binary, extended manager checks of the OpenVAS Manager installation are disabled.";
log_and_print "$SUGGEST: Please run: apk add sqlite";
HAVE_SQLITE=0
fi
echo "" >> $LOG
if [ $HAVE_SQLITE -eq "1" ]; then
echo "$CHECKING OpenVAS Manager database revision ..." >> $LOG
TASKSDBREV=`sqlite3 $TASKSDB "select value from meta where name='database_version';"`
if [ -z $TASKSDBREV ]; then
log_and_print "$ERROR: Could not determine database revision, database corrupt or in invalid format."
log_and_print "$FIX: Delete database at $TASKSDB and rebuild it."
check_failed
else
log_and_print "$OK: OpenVAS Manager database is at revision $TASKSDBREV."
fi
echo "$CHECKING database revision expected by OpenVAS Manager ..." >> $LOG
MANAGERDBREV=`openvasmd --version | grep "Manager DB revision" | sed -e "s/.*\ //"`
if [ -z $MANAGERDBREV ]; then
log_and_print "$ERROR: Could not determine database revision expected by OpenVAS Manager."
log_and_print "$FIX: Ensure OpenVAS Manager is installed correctly."
check_failed
else
log_and_print "$OK: OpenVAS Manager expects database at revision $MANAGERDBREV."
fi
if [ $TASKSDBREV -lt $MANAGERDBREV ]; then
log_and_print "$ERROR: Database schema is out of date."
log_and_print "$FIX: Run 'openvasmd --migrate'."
check_failed
else
log_and_print "$OK: Database schema is up to date."
fi
echo "$CHECKING OpenVAS Manager database (NVT data) ..." >> $LOG
DBNVTCOUNT=`sqlite3 $TASKSDB "select count(*) from nvts;"`
if [ $DBNVTCOUNT -lt 20000 ]; then
log_and_print "$ERROR: The number of NVTs in the OpenVAS Manager database is too low."
log_and_print "$FIX: Make sure OpenVAS Scanner is running with an up-to-date NVT collection and run 'openvasmd --rebuild'."
OPENVASSD_RUNNING=`ps -Af | grep -ic "[o]penvassd: waiting for incoming connections"`
if [ $OPENVASSD_RUNNING -eq "0" ]; then
log_and_print "$WARNING: OpenVAS Scanner is NOT running!" ;
log_and_print "$SUGGEST: Start OpenVAS Scanner (openvassd)." ;
log_and_print "$SUGGEST: Please run: rc-service openvassd start" ;
fi
check_failed
else
log_and_print "$OK: OpenVAS Manager database contains information about $DBNVTCOUNT NVTs."
fi
fi
echo "$CHECKING if users exist ..." >> $LOG
USERCOUNT=`openvasmd --get-users | sed -e "/^$/d" | wc -l`
if [ $USERCOUNT -eq "0" ]; then
log_and_print "$ERROR: No users found. You need to create at least one user to log in."
log_and_print " It is recommended to have at least one user with role Admin."
log_and_print "$FIX: create a user by running 'openvasmd --create-user=<name> --role=Admin && openvasmd --user=<name> --new-password=<password>'"
check_failed
else
log_and_print "$OK: At least one user exists."
fi
echo "" >> $LOG
# TODO: Do a check for presence of at least one Admin user.
echo "$CHECKING OpenVAS SCAP database ..." >> $LOG
# Guess openvas state dir from $PLUGINSFOLDER
STATEDIR=`dirname $PLUGINSFOLDER`
SCAPDB="$STATEDIR/scap-data/scap.db"
if [ ! -e $SCAPDB ]; then
log_and_print "$ERROR: No OpenVAS SCAP database found. (Tried: $SCAPDB)"
log_and_print "$FIX: Run SCAP synchronization script : greenbone-scapdata-sync (will take a while...)"
check_failed
fi
echo "" >> $LOG
log_and_print "$OK: OpenVAS SCAP database found in $SCAPDB."
echo "$CHECKING OpenVAS CERT database ..." >> $LOG
# Guess openvas state dir from $PLUGINSFOLDER
STATEDIR=`dirname $PLUGINSFOLDER`
CERTDB="$STATEDIR/cert-data/cert.db"
if [ ! -e $CERTDB ]; then
log_and_print "$ERROR: No OpenVAS CERT database found. (Tried: $CERTDB)"
log_and_print "$FIX: Run CERT synchronization script : greenbone-certdata-sync (will take a while)"
check_failed
fi
echo "" >> $LOG
log_and_print "$OK: OpenVAS CERT database found in $CERTDB."
echo "$CHECKING xsltproc presence ..." >> $LOG
if ! $(check_package libxslt); then
log_and_print "$WARNING: Could not find xsltproc binary, most report formats will not work."
log_and_print "$SUGGEST: Install xsltproc."
log_and_print "$SUGGEST: Please run: apk add xsltproc.";
else
log_and_print "$OK: xsltproc found."
fi
echo "" >> $LOG
echo "$CHECKING status of password policy ..." >> $LOG
CONFFILE=`openvassd -s 2>>$LOG | grep config_file | sed -e "s/^config_file = //"`
CONFDIR=`dirname $CONFFILE`
grep -v "^[#]" $CONFDIR/pwpolicy.conf | grep -v "^$" > /dev/null 2>&1
if [ $? -ne "0" ]; then
log_and_print "$WARNING: Your password policy is empty."
log_and_print "$SUGGEST: Edit the $CONFDIR/pwpolicy.conf file to set a password policy."
log_and_print "$SUGGEST: Please run: sed -i -e 's/^#\!\/\^.*/\!\/\^\.\{8,\}\$\//g' $CONFDIR/pwpolicy.conf && rc-service openvassd restart";
else
log_and_print "$OK: The password policy file at $CONFDIR/pwpolicy.conf contains entries."
fi
echo "" >> $LOG
echo "$CHECKING Greenbone Security Assistant (GSA) ... "
echo "$CHECKING presence of Greenbone Security Assistant ..." >> $LOG
if ! $(check_package greenbone-security-assistant); then
log_and_print "$ERROR: No Greenbone Security Assistant (gsad) found.";
log_and_print: "$FIX: Please install Greenbone Security Assistant";
log_and_print "$HINT: Please run: apk add greenbone-security-assistant.";
check_failed
fi
echo "" >> $LOG
VERSION=`gsad --version | head -1 | sed -e "s/Greenbone Security Assistant //"`
echo "" >> $LOG
log_and_print "$OK: Greenbone Security Assistant is present in version $VERSION."
echo "$CHECKING OpenVAS CLI ... "
if ! $(check_package openvas-cli); then
log_and_print "$ERROR: No OpenVAS CLI (omp) found.";
log_and_print "$FIX: Please install OpenVAS CLI.";
log_and_print "$HINT: Please run: apk add openvas-cli";
check_failed
fi
echo "" >> $LOG
VERSION=`omp --version | head -1 | sed -e "s/OMP Command Line Interface //"`
echo "" >> $LOG
log_and_print "$OK: OpenVAS CLI version $VERSION."
echo "$CHECKING if OpenVAS services are up and running ... "
echo "$CHECKING netstat presence (not busybox) ..." >> $LOG
if ! [ -f /bin/netstat ]; then
log_and_print "$WARNING: Could not find netstat binary, checks of the OpenVAS services are disabled."
log_and_print "$SUGGEST: Install netstat."
log_and_print "$SUGGEST: Please run: apk add net-tools"
HAVE_NETSTAT=0
else
log_and_print "$OK: netstat found, extended checks of the OpenVAS services enabled."
HAVE_NETSTAT=1
fi
echo "" >> $LOG
echo "$CHECKING ps presence (not busybox) ..." >> $LOG
if ! [ -f /bin/ps ]; then
log_and_print "$WARNING: Could not find ps binary, checks of the OpenVAS services are disabled."
log_and_print "$SUGGEST: Install ps."
log_and_print "$SUGGEST: Please run: apk add procps"
else
log_and_print "$OK: ps found, extended checks of the OpenVAS services enabled."
fi
echo "" >> $LOG
if [ $HAVE_NETSTAT -eq "1" ]; then
netstat -A inet -A inet6 -ntlp 2> /dev/null >> $LOG
OPENVASMD_HOST=`netstat -antlp 2> /dev/null | grep openvasmd | awk -F\ '{print $4}' | awk -F: 'sub(FS $NF,x)'`
OPENVASMD_PORT=`netstat -antlp 2> /dev/null | grep openvasmd | awk -F\ '{print $4}' | awk -F: '{print $NF}'`
GSAD_HOST=`netstat -antlp 2> /dev/null | grep gsad | awk -F\ '{print $4}' | awk -F: 'sub(FS $NF,x)'`
GSAD_PORT=`netstat -antlp 2> /dev/null | grep gsad | awk -F\ '{print $4}' | awk -F: '{print $NF}' | tail -1`
case "$OPENVASMD_HOST" in
"0.0.0.0"|"::") log_and_print "$OK: OpenVAS Manager is running and listening on all interfaces." ;;
"127.0.0.1") log_and_print "$WARNING: OpenVAS Manager is running and listening only on the local interface."
log_and_print "This means that you will not be able to access the OpenVAS Manager from the"
log_and_print "outside using GSD or OpenVAS CLI."
log_and_print "$SUGGEST: Ensure that OpenVAS Manager listens on all interfaces unless you want"
log_and_print "a local service only."
log_and_print "$SUGGEST: Please run: sed -i -e 's/MANAGER_LISTEN=.*/MANAGER_LISTEN=\"--listen=0.0.0.0\"/g' /etc/conf.d/openvasmd && rc-service openvasmd restart";
;;
"") log_and_print "$ERROR: OpenVAS Manager is NOT running!"
log_and_print "$FIX: Start OpenVAS Manager (openvasmd)."
log_and_print "$FIX: Please run : rc-service openvas-manager start"
OPENVASMD_PORT="-1" ;;
esac
case $OPENVASMD_PORT in
-1) ;;
9390) log_and_print "$OK: OpenVAS Manager is listening on port 9390, which is the default port." ;;
*) log_and_print "$WARNING: OpenVAS Manager is listening on port $OPENVASMD_PORT, which is NOT the default port!"
log_and_print "$SUGGEST: Ensure OpenVAS Manager is listening on port 9390." ;;
esac
case "$GSAD_HOST" in
"0.0.0.0"|"::") log_and_print "$OK: Greenbone Security Assistant is running and listening on all interfaces." ;;
"127.0.0.1") log_and_print "$WARNING: Greenbone Security Assistant is running and listening only on the local interface."
log_and_print "This means that you will not be able to access the Greenbone Security Assistant from the"
log_and_print "outside using a web browser."
log_and_print "$SUGGEST: Ensure that Greenbone Security Assistant listens on all interfaces."
log_and_print "$SUGGEST: Please run: sed -i -e 's/GSAD_LISTEN=.*/GSAD_LISTEN=\"--listen=0.0.0.0\"/g' /etc/conf.d/gsad && rc-service gsad restart";
;;
"") log_and_print "$ERROR: Greenbone Security Assistant is NOT running!"
log_and_print "$FIX: Start Greenbone Security Assistant (gsad)."
log_and_print "$FIX: Please run : rc-service gsad start"
GSAD_PORT="-1" ;;
esac
case $GSAD_PORT in
-1) ;;
80|443|9392) log_and_print "$OK: Greenbone Security Assistant is listening on port $GSAD_PORT, which is the default port." ;;
*) log_and_print "$WARNING: Greenbone Security Assistant is listening on port $GSAD_PORT, which is NOT the default port!"
log_and_print "$SUGGEST: Ensure Greenbone Security Assistant is listening on one of the following ports: 80, 443, 9392." ;;
esac
if [ $OPENVASMD_PORT -eq "-1" ] || [ $GSAD_PORT -eq "-1" ]; then
check_failed
fi
fi
echo "$CHECKING nmap installation ..."
echo "$CHECKING presence of nmap ..." >> $LOG
if $(check_package nmap); then
VERSION=`nmap --version | awk '/Nmap version/ { print $3 }'`
log_and_print "$OK: nmap is present in version $VERSION."
else
log_and_print "$WARNING: No nmap installation found.";
log_and_print "$SUGGEST: You should install nmap for comprehensive network scanning (see http://nmap.org)"
fi
echo "" >> $LOG
echo "$CHECKING presence of optional tools ..."
echo "$CHECKING presence of pdflatex ..." >> $LOG
if $(check_package texlive); then
log_and_print "$OK: pdflatex found."
HAVE_PDFLATEX=1
else
log_and_print "$WARNING: Could not find pdflatex binary, the PDF report format will not work."
log_and_print "$SUGGEST: Install pdflatex."
log_and_print "$SUGGEST: apk add texlive"
HAVE_PDFLATEX=0
fi
echo "" >> $LOG
if [ $HAVE_PDFLATEX -eq "1" ]; then
echo "$CHECKING presence of LaTeX packages required for PDF report generation ..." >> $LOG
PDFTMPDIR=`mktemp -d -t openvas-check-setup-tmp.XXXXXXXXXX`
TEXFILE="$PDFTMPDIR/test.tex"
cat <<EOT > $TEXFILE
\documentclass{article}
\pagestyle{empty}
%\usepackage{color}
\usepackage{tabularx}
\usepackage{geometry}
\usepackage{comment}
\usepackage{longtable}
\usepackage{titlesec}
\usepackage{chngpage}
\usepackage{calc}
\usepackage{url}
\usepackage[utf8x]{inputenc}
\DeclareUnicodeCharacter {135}{{\textascii ?}}
\DeclareUnicodeCharacter {129}{{\textascii ?}}
\DeclareUnicodeCharacter {128}{{\textascii ?}}
\usepackage{colortbl}
% must come last
\usepackage{hyperref}
\definecolor{linkblue}{rgb}{0.11,0.56,1}
\definecolor{inactive}{rgb}{0.56,0.56,0.56}
\definecolor{openvas_debug}{rgb}{0.78,0.78,0.78}
\definecolor{openvas_false_positive}{rgb}{0.2275,0.2275,0.2275}
\definecolor{openvas_log}{rgb}{0.2275,0.2275,0.2275}
\definecolor{openvas_hole}{rgb}{0.7960,0.1137,0.0902}
\definecolor{openvas_note}{rgb}{0.3255,0.6157,0.7961}
\definecolor{openvas_report}{rgb}{0.68,0.74,0.88}
\definecolor{openvas_user_note}{rgb}{1.0,1.0,0.5625}
\definecolor{openvas_user_override}{rgb}{1.0,1.0,0.5625}
\definecolor{openvas_warning}{rgb}{0.9764,0.6235,0.1922}
\hypersetup{colorlinks=true,linkcolor=linkblue,urlcolor=blue,bookmarks=true,bookmarksopen=true}
\usepackage[all]{hypcap}
%\geometry{verbose,a4paper,tmargin=24mm,bottom=24mm}
\geometry{verbose,a4paper}
\setlength{\parskip}{\smallskipamount}
\setlength{\parindent}{0pt}
\title{PDF Report Test}
\pagestyle{headings}
\pagenumbering{arabic}
\begin{document}
This is a test of the PDF generation capabilities of your OpenVAS installation. Please ignore.
\end{document}
EOT
pdflatex -interaction batchmode -output-directory $PDFTMPDIR $TEXFILE > /dev/null 2>&1
if [ ! -f "$PDFTMPDIR/test.pdf" ]; then
log_and_print "$WARNING: PDF generation failed, most likely due to missing LaTeX packages. The PDF report format will not work."
log_and_print "$SUGGEST: Install required LaTeX packages."
log_and_print "$FIX: please copy/paste the following commands: "
cat<< EOF
latest_tlmgr=$(curl -s ftp://ftp.tug.org/historic/systems/texlive/$(date +%Y)/ | grep texmf | grep -v sha | awk '{print $9}')
latest_tlmgr_sum=$(curl -s ftp://ftp.tug.org/historic/systems/texlive/$(date +%Y)/ | grep texmf | grep sha512 | head -1 | awk '{print $9}' )
wget ftp://ftp.tug.org/historic/systems/texlive/\$(date +%Y)/\$latest_tlmgr
wget ftp://ftp.tug.org/historic/systems/texlive/\$(date +%Y)/\$latest_tlmgr_sum
sha512sum -c \$latest_tlmgr_sum && tar -C /usr/share --strip-components=1 -xvf \$latest_tlmgr || echo "Package corrupted. Download it again"
apk fix texlive
EOF
log_and_print "$FIX: Or, if you are lazy, download the following script who does the dirty job for you: "
log_and_print "$FIX: wget https://gist.githubusercontent.com/fcolista/f47eaf2856a637ed9cea3bcfc6b003e6/raw/2807307220e61d200ff86d0be32338bd5cd6beb9/fix-texlive.sh && chmod +x fix-texlive.sh && sh fix-texlive.sh"
else
log_and_print "$OK: PDF generation successful. The PDF report format is likely to work."
fi
if [ -f "$PDFTMPDIR/test.log" ]; then
cat $PDFTMPDIR/test.log >> $LOG
fi
rm -rf $PDFTMPDIR
fi
echo "$CHECKING presence of ssh-keygen ..." >> $LOG
if ! $( check_package openssh-keygen); then
log_and_print "$WARNING: Could not find ssh-keygen binary, LSC credential generation for GNU/Linux targets will not work."
log_and_print "$SUGGEST: Install ssh-keygen."
log_and_print "$SUGGEST: Please run: apk add openssh-keygen"
HAVE_SSHKEYGEN=0
else
log_and_print "$OK: ssh-keygen found, LSC credential generation for GNU/Linux targets is likely to work."
HAVE_SSHKEYGEN=1
fi
echo "" >> $LOG
if [ $HAVE_SSHKEYGEN -eq "1" ]; then
echo "$CHECKING presence of rpm ..." >> $LOG
if $(check_package rpm); then
log_and_print "$OK: rpm found, LSC credential package generation for RPM based targets is likely to work."
HAVE_RPM=1
else
log_and_print "$WARNING: Could not find rpm binary, LSC credential package generation for RPM and DEB based targets will not work."
log_and_print "$SUGGEST: Install rpm."
log_and_print "$SUGGEST: Please run: apk add rpm";
HAVE_RPM=0
fi
echo "" >> $LOG
if [ $HAVE_RPM -eq "1" ]; then
echo "$CHECKING presence of alien ..." >> $LOG
if $(check_package alien); then
log_and_print "$OK: alien found, LSC credential package generation for DEB based targets is likely to work."
HAVE_ALIEN=1
else
log_and_print "$WARNING: Could not find alien binary, LSC credential package generation for DEB based targets will not work."
log_and_print "$SUGGEST: Install alien."
log_and_print "$SUGGEST: Please run: apk add alien";
HAVE_ALIEN=0
fi
echo "" >> $LOG
fi
fi
echo ""
echo "It seems like your OpenVAS-$VER installation is $OK."
echo ""
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment