- Update to 2.0.4.

- Add dependency on bpf for the server. - Add "client only" knob. PR: ports/51126 Submitted by: maintainer
svn path=/head/; revision=79310
2024-12-28 05:29:48 +00:00 · 2003-04-19 20:40:13 +00:00 · 2003-04-19 20:40:13 +00:00 · accf206ab8 · 2021-03-31 03:12:20 +00:00
commit accf206ab8
parent 302126f054
13 changed files with 476 additions and 30 deletions
--- a/security/nessus-libnasl/Makefile
+++ b/security/nessus-libnasl/Makefile
@ -6,7 +6,7 @@
 #

 PORTNAME=	nessus-libnasl
-PORTVERSION=	1.2.7
+PORTVERSION=	2.0.4
 CATEGORIES=	security
 MASTER_SITES=	ftp://ftp.nessus.org/pub/nessus/nessus-${PORTVERSION}/src/ \
 		ftp://ftp.gwdg.de/pub/linux/misc/nessus/nessus-${PORTVERSION}/src/ \
@ -19,11 +19,12 @@ DISTNAME=	libnasl-${PORTVERSION}
 MAINTAINER=	udo.schweigert@siemens.com
 COMMENT=	Nessus Attack Scripting Language

-LIB_DEPENDS=	nessus.3:${PORTSDIR}/security/nessus-libraries
+LIB_DEPENDS=	nessus.2:${PORTSDIR}/security/nessus-libraries

 DIST_SUBDIR=	nessus
 WRKSRC=		${WRKDIR}/libnasl

+USE_BISON=	YES
 USE_LIBTOOL=	YES
 CONFIGURE_ARGS=	--sharedstatedir=${PREFIX}/etc/nessus/com \
 		--localstatedir=${PREFIX}/etc/nessus/var
--- a/security/nessus-libnasl/distinfo
+++ b/security/nessus-libnasl/distinfo
@ -1 +1 @@
-MD5 (nessus/libnasl-1.2.7.tar.gz) = 7cbe6ba0a2243e4cdddee186da499153
+MD5 (nessus/libnasl-2.0.4.tar.gz) = f3daae4d072fddba92a16284eb241cf0
--- a/security/nessus-libnasl/pkg-plist
+++ b/security/nessus-libnasl/pkg-plist
@ -4,4 +4,4 @@ include/nessus/nasl.h
 lib/libnasl.a
 lib/libnasl.la
 lib/libnasl.so
-lib/libnasl.so.3
+lib/libnasl.so.2
--- a/security/nessus-libraries/Makefile
+++ b/security/nessus-libraries/Makefile
@ -5,8 +5,11 @@
 # $FreeBSD$
 #

+# Define NESSUS_CLIENT_ONLY if you only want to build this for the nessus
+# client.
+
 PORTNAME=	nessus-libraries
-PORTVERSION=	1.2.7
+PORTVERSION=	2.0.4
 CATEGORIES=	security
 MASTER_SITES=	ftp://ftp.nessus.org/pub/nessus/nessus-${PORTVERSION}/src/ \
 		ftp://ftp.gwdg.de/pub/linux/misc/nessus/nessus-${PORTVERSION}/src/ \
@ -22,12 +25,47 @@ COMMENT=	Libraries for Nessus, the security scanner
 DIST_SUBDIR=	nessus
 WRKSRC=		${WRKDIR}/nessus-libraries

+USE_BISON=	YES
 USE_LIBTOOL=	YES
 CONFIGURE_ARGS=	--enable-cipher --sharedstatedir=${PREFIX}/etc/nessus/com \
 		--localstatedir=${PREFIX}/etc/nessus/var
+.if defined(WITH_NESSUS_BPF_SHARE)
+CONFIGURE_ARGS+=	--enable-bpf-sharing
+.endif

 INSTALLS_SHLIB=	YES

 MAN1=		nessus-config.1

+.if ! defined(NESSUS_CLIENT_ONLY)
+pre-configure:
+	@if [ ! -c /dev/bpf1 ]; then \
+	    ${ECHO} "********************************************************";\
+	    ${ECHO} "*                   W a r n i n g                      *";\
+	    ${ECHO} "*                                                      *";\
+	    ${ECHO} "* Nessus needs Berkeley Packet Filter (bpf).           *";\
+	    ${ECHO} "* To use nessus, your kernel must be rebuilt with bpf, *";\
+	    ${ECHO} "* and make bpf devices on /dev directory.              *";\
+	    ${ECHO} "*                                                      *";\
+	    ${ECHO} "* Be sure to build as many bpf devices as you need.    *";\
+	    ${ECHO} "* For more info on this read files/README.BPF          *";\
+	    ${ECHO} "********************************************************";\
+	    ${FALSE}; \
+	fi
+.if ! defined(WITH_NESSUS_BPF_SHARE)
+	@if [ ! -c /dev/bpf40 ]; then \
+	    ${ECHO} "********************************************************";\
+	    ${ECHO} "*                   W a r n i n g                      *";\
+	    ${ECHO} "*                                                      *";\
+	    ${ECHO} "* Nessus needs many bpf devices. If you can't rebuild  *";\
+	    ${ECHO} "* your kernel with more than 40 bpf devices (as        *";\
+	    ${ECHO} "* described in files/README.BPF) then build this port  *";\
+	    ${ECHO} "* with \"make -DWITH_NESSUS_BPF_SHARE\"                  *";\
+	    ${ECHO} "*                                                      *";\
+	    ${ECHO} "********************************************************";\
+	    ${FALSE}; \
+	fi
+.endif
+.endif
+
 .include <bsd.port.mk>
--- a/security/nessus-libraries/distinfo
+++ b/security/nessus-libraries/distinfo
@ -1 +1 @@
-MD5 (nessus/nessus-libraries-1.2.7.tar.gz) = f0daff274e11dac64c294cd57a59579f
+MD5 (nessus/nessus-libraries-2.0.4.tar.gz) = bc33f4c5aeddc82a3443c5191f1b680b
--- a/security/nessus-libraries/files/README.BPF
+++ b/security/nessus-libraries/files/README.BPF
@ -0,0 +1,46 @@
+Nessus uses the pcap library, which uses the
+berkeley packet filter (bpf) to do its job.
+
+Since Nessus used multiple processes, several pcap-aware plugins will
+need to access the the bpf at the same time. 
+
+This means that you need to recompile your kernel with the
+following option :
+
+For FreeBSD 5.x:
+pseudo-device   bpfilter
+
+For FreeBSD 4.x:
+pseudo-device   bpfilter NUM
+
+Where 'NUM' is the number of bpf you want -- it should be equal to
+the 'max hosts number' option you enter in nessusd x the
+'max plugins' option.
+	   
+If for instance you want to have 10 nessusd running at the same time,
+each running 5 plugins in parallel, you should create 50 (10 * 5) bpfs
+(as nessusd is extremely lightweight, you can expect to have this amount
+ of processes running at the same time)
+
+If you plan to scan a whole network, we recommand you create at least
+100 of them.
+
+Once your kernel has been rebuilt, get root, cd to /dev
+and do  :
+
+  i=0; while [ $i -lt 100];
+  do
+  ./MAKEDEV bpf$i
+  let i=$i+1
+  done
+
+On FreeBSD, you can directly do :
+      ./MAKEDEV bpf+100
+
+(For FreeBSD 5.x this is not needed since the devfs creates devices when needed)
+
+If you can not recompile your kernel, you can try to run the configure
+script with the option --enable-bpf-sharing. In this case, nessusd will
+try to share one /dev/bpf among multiple processes and do the filtering
+in userland. NOTE THAT THIS OPTION IS HIGHLY EXPERIMENTAL AND WE DO 
+NOT RECOMMAND ENABLING IT.
--- a/security/nessus-libraries/files/patch-aa
+++ b/security/nessus-libraries/files/patch-aa
@ -1,10 +1,10 @@
--- Makefile.orig	Thu May 31 15:51:08 2001
-+++ Makefile	Wed Oct 10 20:16:14 2001
-@@ -46,7 +46,6 @@
+--- Makefile.orig	Tue Jan 21 15:25:01 2003
+++ Makefile	Wed Jan 22 08:40:19 2003
+@@ -51,7 +51,6 @@
 	cd libhosts_gatherer && ${MAKE} install
- 	cd libpcap-nessus && ${MAKE} install 
 
-	$(INSTALL) -m 0444 include/includes.h ${includedir}/nessus
- 	$(INSTALL) -m 0444 include/libnessus.h ${includedir}/nessus
- 	$(INSTALL) -m 0444 include/harglists.h ${includedir}/nessus
- 	$(INSTALL) -m 0444 include/libvers.h   ${includedir}/nessus
+ 
+-	$(INSTALL) -m 0444 include/includes.h $(DESTDIR)${includedir}/nessus
+ 	$(INSTALL) -m 0444 include/libnessus.h $(DESTDIR)${includedir}/nessus
+ 	$(INSTALL) -m 0444 include/harglists.h $(DESTDIR)${includedir}/nessus
+ 	$(INSTALL) -m 0444 include/libvers.h   $(DESTDIR)${includedir}/nessus
--- a/security/nessus-libraries/pkg-plist
+++ b/security/nessus-libraries/pkg-plist
@ -9,15 +9,15 @@ include/nessus/net/bpf.h
 lib/libhosts_gatherer.a
 lib/libhosts_gatherer.la
 lib/libhosts_gatherer.so
-lib/libhosts_gatherer.so.3
+lib/libhosts_gatherer.so.2
 lib/libnessus.a
 lib/libnessus.la
 lib/libnessus.so
-lib/libnessus.so.3
+lib/libnessus.so.2
 lib/libpcap-nessus.a
 lib/libpcap-nessus.la
 lib/libpcap-nessus.so
-lib/libpcap-nessus.so.3
+lib/libpcap-nessus.so.2
 sbin/uninstall-nessus
@dirrm include/nessus/net
@dirrm include/nessus
--- a/security/nessus-plugins/Makefile
+++ b/security/nessus-plugins/Makefile
@ -6,7 +6,7 @@
 #

 PORTNAME=	nessus-plugins
-PORTVERSION=	1.2.7
+PORTVERSION=	2.0.4
 CATEGORIES=	security
 MASTER_SITES=	ftp://ftp.nessus.org/pub/nessus/nessus-${PORTVERSION}/src/ \
 		ftp://ftp.gwdg.de/pub/linux/misc/nessus/nessus-${PORTVERSION}/src/ \
--- a/security/nessus-plugins/distinfo
+++ b/security/nessus-plugins/distinfo
@ -1 +1 @@
-MD5 (nessus/nessus-plugins-1.2.7.tar.gz) = c9a04a6fad043a07ccc9cc7bb14bd726
+MD5 (nessus/nessus-plugins-2.0.4.tar.gz) = 55bfaee0b1e960bd8827b0b2f6859905
--- a/security/nessus-plugins/pkg-plist
+++ b/security/nessus-plugins/pkg-plist
--- a/security/nessus/Makefile
+++ b/security/nessus/Makefile
@ -6,7 +6,7 @@
 #

 PORTNAME=	nessus
-PORTVERSION=	1.2.7
+PORTVERSION=	2.0.4
 CATEGORIES=	security
 MASTER_SITES=	ftp://ftp.nessus.org/pub/nessus/nessus-${PORTVERSION}/src/ \
 		ftp://ftp.gwdg.de/pub/linux/misc/nessus/nessus-${PORTVERSION}/src/ \
@ -19,7 +19,7 @@ DISTNAME=	nessus-core-${PORTVERSION}
 MAINTAINER=	udo.schweigert@siemens.com
 COMMENT=	A security scanner: looks for vulnerabilities in a given network

-LIB_DEPENDS=	nasl.3:${PORTSDIR}/security/nessus-libnasl
+LIB_DEPENDS=	nasl.2:${PORTSDIR}/security/nessus-libnasl

 DIST_SUBDIR=	nessus
 WRKSRC=		${WRKDIR}/nessus-core
@ -44,10 +44,12 @@ MAN1=		nessus.1 nessus-mkrand.1 nessus-mkcert-client.1
 MAN8=		nessusd.8 nessus-adduser.8 nessus-mkcert.8 nessus-rmuser.8

 post-install:
-.if ! defined(BATCH)
 .if ! exists(${PREFIX}/etc/nessus/var/CA/serverkey.pem)
+.if ! defined(BATCH)
 	${PREFIX}/sbin/nessus-mkcert
+.else
+	${PREFIX}/sbin/nessus-mkcert -q
 .endif
-.endif
+.endif 

 .include <bsd.port.post.mk>
--- a/security/nessus/distinfo
+++ b/security/nessus/distinfo
@ -1 +1 @@
-MD5 (nessus/nessus-core-1.2.7.tar.gz) = 0dff0b28cc53144a186a1886f4590d5b
+MD5 (nessus/nessus-core-2.0.4.tar.gz) = 9d7b70390a250f33546cb853b2d693f6