Merge pull request #337 from janowagner/drop_daemon_mode

Drop daemon mode

CMakeLists.txt

@@ -177,7 +177,7 @@ endif (NOT GVM_ACCESS_KEY_DIR)
 
 set (OPENVAS_LIB_INSTALL_DIR     "${LIBDIR}")
 
-set (OPENVASSD_CONF     "${OPENVAS_SYSCONF_DIR}/openvassd.conf")
+set (OPENVAS_CONF     "${OPENVAS_SYSCONF_DIR}/openvas.conf")
 
 set (NVT_TIMEOUT "320")
 set (SCANNER_NVT_TIMEOUT "36000")
@@ -186,18 +186,18 @@ message ("-- Install prefix: ${CMAKE_INSTALL_PREFIX}")
 
 ## Version
 
-set (OPENVASSD_VERSION "${PROJECT_VERSION_STRING}")
+set (OPENVAS_VERSION "${PROJECT_VERSION_STRING}")
 
 # Configure Doxyfile with version number
 configure_file (doc/Doxyfile.in doc/Doxyfile @ONLY)
 configure_file (doc/Doxyfile_full.in doc/Doxyfile_full @ONLY)
 configure_file (doc/Doxyfile_xml.in doc/Doxyfile_xml @ONLY)
-configure_file (doc/openvassd.8.in doc/openvassd.8 @ONLY)
+configure_file (doc/openvas.8.in doc/openvas.8 @ONLY)
 configure_file (doc/redis_config_examples/redis_3_2.conf.in doc/redis_config_examples/redis_3_2.conf @ONLY)
 configure_file (doc/redis_config_examples/redis_4_0.conf.in doc/redis_config_examples/redis_4_0.conf @ONLY)
 configure_file (VERSION.in VERSION @ONLY)
 configure_file (tools/greenbone-nvt-sync.in tools/greenbone-nvt-sync @ONLY)
-configure_file (src/openvassd_log_conf.cmake_in src/openvassd_log.conf)
+configure_file (src/openvas_log_conf.cmake_in src/openvas_log.conf)
 
 ## Program
 

COPYING

@@ -19,16 +19,10 @@ tool with the following command:
 src/CMakeLists.txt: GPL-2+
 src/attack.c: GPL-2
 src/attack.h: GPL-2
-src/comm.c: GPL-2
-src/comm.h: GPL-2
 src/hosts.c: GPL-2
 src/hosts.h: GPL-2
 src/nasl_plugins.c: GPL-2
-src/ntp.c: GPL-2
-src/ntp.h: GPL-2
-src/openvassd.c: GPL-2
-src/otp.c: GPL-2+
-src/otp.h: GPL-2+
+src/openvas.c: GPL-2
 src/pluginlaunch.c: GPL-2
 src/pluginlaunch.h: GPL-2
 src/pluginload.c: GPL-2

INSTALL.md

@@ -109,10 +109,10 @@ Setting up openvas-scanner
 Setting up an openvas-scanner requires the following steps:
 
 1. (optional) You may decide to change the default scanner preferences
-   by setting them in the file `$prefix/etc/openvassd.conf`. If that file does
+   by setting them in the file `$prefix/etc/openvas.conf`. If that file does
    not exist (default), then the default settings are used. You can view
-   them with `openvassd -s`. The output of that command is a valid configuration
-   file. The man page (`man openvassd`) provides details about the available
+   them with `openvas -s`. The output of that command is a valid configuration
+   file. The man page (`man openvas`) provides details about the available
    settings, among these opportunities to restrict access of scanner regarding
    scan targets and interfaces.
 
@@ -155,16 +155,16 @@ Setting up an openvas-scanner requires the following steps:
 
 4. You can launch openvas-scanner using the following command:
 
-       openvassd
+       openvas
 
    Sending `SIGHUP` to the scanner main process will initiate a reload of the
    feed content and of the scanner preferences. This will not affect running
    scans.
 
-   Please note that although you can start `openvassd` as a user without elevated
-   privileges, it is recommended that you start `openvassd` as `root` since a number
+   Please note that although you can start `openvas` as a user without elevated
+   privileges, it is recommended that you start `openvas` as `root` since a number
    of Network Vulnerability Tests (NVTs) require root privileges to perform
-   certain operations like packet forgery. If you run `openvassd` as a user
+   certain operations like packet forgery. If you run `openvas` as a user
    without permission to perform these operations, your scan results are likely
    to be incomplete.
 
@@ -177,7 +177,7 @@ Logging Configuration
 
 If you encounter problems, by default the scanner writes logs to the file
 
-    <install-prefix>/var/log/gvm/openvassd.log
+    <install-prefix>/var/log/gvm/openvas.log
 
 It may contain useful information.The exact location of this file may differ
 depending on your distribution and installation method. Please have this file
@@ -188,14 +188,14 @@ pinpoint the source of your issue.
 
 Logging is configured entirely by the file
 
-    <install-prefix>/etc/openvas/openvassd_log.conf
+    <install-prefix>/etc/openvas/openvas_log.conf
 
 The configuration is divided into domains like this one
 
     [sd   main]
     prepend=%t %p
     prepend_time_format=%Y-%m-%d %Hh%M.%S %Z
-    file=/var/log/gvm/openvassd.log
+    file=/var/log/gvm/openvas.log
     level=128
 
 The `level` field controls the amount of logging that is written.

doc/greenbone-nvt-sync.8

@@ -18,12 +18,12 @@ In case no subscription key is present, the update synchronisation will use the
 The script 
 .B greenbone-nvt-sync
 will fetch all new and updated security checks and install them at the proper
-location. Once this is done OpenVAS Scanner, openvassd(8) will automatically detect
+location. Once this is done OpenVAS Scanner, openvas(8) will automatically detect
 that new and updated NVTs are present and consider them for next activities.
 
 .SH SEE ALSO
 For more information see:
-.BR openvassd(8),
+.BR openvas(8),
 .br
 
 .SH AUTHOR

doc/openvas-nasl.1

@@ -67,7 +67,7 @@ Output debug information to stderr.
 Set KB key to value. Can be used multiple times.
 
 .SH SEE ALSO
-.BR openvassd (8).
+.BR openvas (8).
 .SH HISTORY
 NASL comes from a private project called 'pkt_forge', which was written in late 1998 by Renaud Deraison and which was an interactive shell to forge and send raw IP packets (this pre-dates Perl's Net::RawIP by a couple of weeks). It was then extended to do a wide range of network-related operations and integrated into the scanner as 'NASL'. 
 

doc/openvassd.8.in → doc/openvas.8.in

@@ -1,37 +1,36 @@
-.TH OpenVASSD 8 "January 2011" "Greenbone Vulnerability Management" "User Manuals"
+.TH OpenVAS 8 "June 2019" "Greenbone Vulnerability Management" "User Manuals"
 .SH NAME
-openvassd \- The Scanner of the Greenbone Vulnerability Management
+openvas \- The Scanner of the Greenbone Vulnerability Management
 .SH SYNOPSIS
-.BI "openvassd [\|-v\|] [\|-h\|]  [\|-c " config-file\| "]
-.BI " [\|-D\|] [\|-R\|] [\|-P\|] [\|-q\|] [\|-f\|]"
+.BI "openvas [\|-v\|] [\|-h\|]  [\|-c " config-file\| "] [\|--vendor-version " string\| "] [\|--scan-start " scan-uuid\| "]
+.BI " [\|-u\|] [\|-s\|] [\|-y\|]"
 
 .SH DESCRIPTION
 .B Greenbone Vulnerability Management (GVM)
 is a vulnerability auditing and management framework made up of several modules.
 The OpenVAS Scanner,
-.BR openvassd
+.BR openvas
 is in charge of executing many security tests against many
 target hosts in a highly optimized way.
 
 
-.BR openvassd
-inspects the remote hosts and attempts to list all the vulnerabilities and common
-misconfigurations that affects them. Note that openvassd will run in daemon mode
-by default (unless you specify \-f as an option).
+.BR openvas
+inspects the remote hosts to list all the vulnerabilities and common
+misconfigurations that affects them.
+
+It is a command line tool with parameters to update the feed of vulnerability tests and to start a scan.
+The second part of the interface is the redis store where the parameters about a scan task
+need to be placed and from where the results can be retrieved.
 
 .SH OPTIONS
 .TP 
 .BI "-c " <config-file> ", --config-file=" <config-file>
 Use the alternate configuration file instead of 
-.I @OPENVASSD_CONF@
-
-.TP 
-.B "-f, --foreground"
-Make the scanner stay in foreground (non-daemon mode)
+.I @OPENVAS_CONF@
 
 .TP 
 .B "-v, --version"
-Writes the version number and exits
+Prints the version number and exits
 
 .TP
 .B "-h, --help"
@@ -41,16 +40,20 @@ Show a summary of the commands
 .BI "--scan-start=" <scan-uuid>
 ID for a single scan task. The scanner will start the scan with the data already loaded in a redis KB, which will be found using the given scan-id.
 
+.TP
+.B "-u, --update-vt-info"
+Updates VT info into redis store from VT files.
+
 .TP
 .BI "--vendor-version=" <vendor-version>
 Use the alternate vendor instead of the default one during scans.
 
 .SH THE CONFIGURATION FILE 
 
 The default 
-.B openvassd 
+.B openvas
 configuration file,
-.I @OPENVASSD_CONF@
+.I @OPENVAS_CONF@
 contains these options:
 
 .IP plugins_folder
@@ -71,26 +74,26 @@ x
 so you need to find a balance between these two options. Note that launching too many plugins at the same time may disable the remote host, either temporarily (ie: inetd closes its ports) or definitely (the remote host crash because it is asked to do too many things at the same time), so be careful.
 
 .IP log_whole_attack
-If this option is set to 'yes', openvassd will store the name, pid, date and target of each plugin launched. This is helpful for monitoring and debugging purpose, however this option might make openvassd fill your disk rather quickly. 
+If this option is set to 'yes', openvas will store the name, pid, date and target of each plugin launched. This is helpful for monitoring and debugging purpose, however this option might make openvas fill your disk rather quickly. 
 
 .IP log_plugins_name_at_load
-If this option is set to 'yes', openvassd will log the name of each plugin being loaded at startup, or each time it receives the HUP signal.
+If this option is set to 'yes', openvas will log the name of each plugin being loaded at startup, or each time it receives the HUP signal.
 
 .IP cgi_path
-By default, openvassd looks for default CGIs in /cgi-bin and /scripts. You may
+By default, openvas looks for default CGIs in /cgi-bin and /scripts. You may
 change these to something else to reflect the policy of your site. The syntax of this option is the same as the shell $PATH variable: path1:path2:...
 
 .IP port_range
-This is the default range of ports that the scanner plugins will probe. The syntax of this option is flexible, it can be a single range ("1-1500"), several ports ("21,23,80"), several ranges of ports ("1-1500,32000-33000"). Note that you can specify UDP and TCP ports by prefixing each range by T or U. For instance, the following range will make openvassd scan UDP ports 1 to 1024 and TCP ports 1 to 65535 : "T:1-65535,U:1-1024".
+This is the default range of ports that the scanner plugins will probe. The syntax of this option is flexible, it can be a single range ("1-1500"), several ports ("21,23,80"), several ranges of ports ("1-1500,32000-33000"). Note that you can specify UDP and TCP ports by prefixing each range by T or U. For instance, the following range will make openvas scan UDP ports 1 to 1024 and TCP ports 1 to 65535 : "T:1-65535,U:1-1024".
 
 .IP optimize_test
-By default, openvassd does not trust the remote host banners. It means that it will check a webserver claiming to be IIS for Apache flaws, and so on. This behavior might generate false positive and will slow the scan down somehow. If you are sure the banners of the remote host have not been tampered with, you can safely enable this option, which will force the plugins to perform their job only against the services they have been designed to check.
+By default, openvas does not trust the remote host banners. It means that it will check a webserver claiming to be IIS for Apache flaws, and so on. This behavior might generate false positive and will slow the scan down somehow. If you are sure the banners of the remote host have not been tampered with, you can safely enable this option, which will force the plugins to perform their job only against the services they have been designed to check.
 
 .IP test_empty_vhost
 If set to yes, the scanner will also test the target by using empty vhost value in addition to the target's associated vhost values.
 
 .IP checks_read_timeout
-Number of seconds that the security checks will wait for when doing a recv(). You should increase this value if you are running openvassd across a slow network slink (testing a host via a dialup connection for instance)
+Number of seconds that the security checks will wait for when doing a recv(). You should increase this value if you are running openvas across a slow network slink (testing a host via a dialup connection for instance)
 
 .IP timeout_retry
 Number of retries when a socket connection attempt timesout.
@@ -105,7 +108,7 @@ Some devices do not appreciate quick connection establishment and termination ne
 Whether to expand the target host's list of vhosts with values gathered from sources such as reverse-lookup queries and VT checks for SSL/TLS certificates.
 
 .IP non_simult_ports
-Some services (in particular SMB) do not appreciate multiple connections at the same time coming from the same host. This option allows you to prevent openvassd to make two connections on the same given ports at the same time. The syntax of this option is "port1[, port2....]". Note that you can use the KB notation of openvassd to designate a service formally. Ex: "139, Services/www", will prevent openvassd from making two connections at the same time on port 139 and on every port which hosts a web server.
+Some services (in particular SMB) do not appreciate multiple connections at the same time coming from the same host. This option allows you to prevent openvas to make two connections on the same given ports at the same time. The syntax of this option is "port1[, port2....]". Note that you can use the KB notation of openvas to designate a service formally. Ex: "139, Services/www", will prevent openvas from making two connections at the same time on port 139 and on every port which hosts a web server.
 
 .IP plugins_timeout
 This is the maximum lifetime, in seconds of a plugin. It may happen that some plugins are slow because of the way they are written or the way the remote server behaves. This option allows you to make sure your scan is never caught in an endless loop because of a non-finishing plugin. Doesn't affect ACT_SCANNER plugins.
@@ -114,10 +117,10 @@ This is the maximum lifetime, in seconds of a plugin. It may happen that some pl
 Like plugins_timeout, but for ACT_SCANNER plugins.
 
 .IP safe_checks
-Most of the time, openvassd attempts to reproduce an exceptional condition to determine if the remote services are vulnerable to certain flaws. This includes the reproduction of buffer overflows or format strings, which may make the remote server crash. If you set this option to 'yes', openvassd will disable the plugins which have the potential to crash the remote services, and will at the same time make several checks rely on the banner of the service tested instead of its behavior towards a certain input. This reduces false positives and makes openvassd nicer towards your network, however this may make you miss important vulnerabilities (as a vulnerability affecting a given service may also affect another one).
+Most of the time, openvas attempts to reproduce an exceptional condition to determine if the remote services are vulnerable to certain flaws. This includes the reproduction of buffer overflows or format strings, which may make the remote server crash. If you set this option to 'yes', openvas will disable the plugins which have the potential to crash the remote services, and will at the same time make several checks rely on the banner of the service tested instead of its behavior towards a certain input. This reduces false positives and makes openvas nicer towards your network, however this may make you miss important vulnerabilities (as a vulnerability affecting a given service may also affect another one).
 
 .IP auto_enable_dependencies
-OpenVAS plugins use the result of each other to execute their job. For instance, a plugin which logs into the remote SMB registry will need the results of the plugin which finds the SMB name of the remote host and the results of the plugin which attempts to log into the remote host. If you want to only select a subset of the plugins available, tracking the dependencies can quickly become tiresome. If you set this option to 'yes', openvassd will automatically enable the plugins that are depended on.
+OpenVAS plugins use the result of each other to execute their job. For instance, a plugin which logs into the remote SMB registry will need the results of the plugin which finds the SMB name of the remote host and the results of the plugin which attempts to log into the remote host. If you want to only select a subset of the plugins available, tracking the dependencies can quickly become tiresome. If you set this option to 'yes', openvas will automatically enable the plugins that are depended on.
 
 .IP source_iface
 Name of the network interface that will be used as the source of connections
@@ -156,8 +159,6 @@ Like hosts_deny. Can't be overridden by the client.
 
 The other options in this file can usually be redefined by the client.
 
-At  log in attempt, openvassd checks that the certificate has been signed by a recognized authority.
-
 .SH NETWORK USAGE
 
 Bear in mind that OpenVAS can be quite network intensive. Even if the
@@ -178,20 +179,19 @@ several parameters that can be modified to reduce network load:
 .IP checks_read_timeout
 The default value is set to 5 seconds, that can
 (should) be increased if network bandwidth is low in the
-openvassd.conf or openvasrc configuration files. Notice that it is recommended
+openvas.conf or openvasrc configuration files. Notice that it is recommended
 to increase this this value, if you are running a test outside your LAN 
 (i.e. to Internet hosts through an Internet connection), to over 10 seconds.
 
 .IP max_hosts
-Number of hosts to test at the same time (this value is set by the OpenVAS
-GUI client or by .openvasrc) it can be as low as you want it to be
+Number of hosts to test at the same time. It can be as low as you want it to be
 (obviously 1 is the minimum)
 
 .IP max_checks
 Number of checks to test at the same time it can be as low as you want it
 to be and it will also reduce network load and improve performance
 (obviously 1 is the minimum)
-Notice that the OpenVAS Scanner will spawn max_hosts * max_checks processes.
+Notice that OpenVAS will spawn max_hosts * max_checks processes.
 
 Other options might be using the QoS features offered by your server
 operating system or your network to improve the bandwidth use.
@@ -212,7 +212,7 @@ to be transferred significantly.
 .SH MORE INFORMATION ABOUT Greenbone Vulnerability Management
 
 The canonical places where you will find more information 
-about the OpenVAS Scanner are: 
+about OpenVAS are: 
 
 .RS
 .UR
@@ -233,4 +233,4 @@ https://www.openvas.org/
 
 .SH AUTHORS
 
-openvassd was forked from nessusd in 2005. Nessusd was written by Renaud Deraison <deraison@cvs.nessus.org>. Most new code since 2005 developed by Greenbone Networks GmbH.
+openvas was forked from nessusd in 2005. Nessusd was written by Renaud Deraison <deraison@cvs.nessus.org>. Most new code since 2005 developed by Greenbone Networks GmbH.

misc/plugutils.c

@@ -584,7 +584,7 @@ get_plugin_preference_fname (struct script_infos *desc, const char *filename)
     return NULL;
 
   tmpfile =
-    g_file_open_tmp ("openvassd-file-upload.XXXXXX", &tmpfilename, &error);
+    g_file_open_tmp ("openvas-file-upload.XXXXXX", &tmpfilename, &error);
   if (tmpfile == -1)
     {
       g_message ("get_plugin_preference_fname: Could not open temporary"

misc/scanneraux.h

@@ -35,7 +35,6 @@ struct scan_globals
   char *network_scan_status;
   GHashTable *files_translation;
   GHashTable *files_size_translation;
-  int global_socket;
   char *scan_id;
 };
 

nasl/CMakeLists.txt

@@ -179,9 +179,9 @@ if (KSBA)
   add_definitions (-DHAVE_LIBKSBA)
 endif (KSBA)
 
-if (OPENVASSD_CONF)
-  add_definitions (-DOPENVASSD_CONF="${OPENVASSD_CONF}")
-endif (OPENVASSD_CONF)
+if (OPENVAS_CONF)
+  add_definitions (-DOPENVAS_CONF="${OPENVAS_CONF}")
+endif (OPENVAS_CONF)
 
 set_source_files_properties (nasl_grammar.tab.c GENERATED)
 

nasl/nasl.c

@@ -333,7 +333,7 @@ main (int argc, char **argv)
       add_nasl_inc_dir (include_dir);
     }
 
-  prefs_config (config_file ?: OPENVASSD_CONF);
+  prefs_config (config_file ?: OPENVAS_CONF);
   while ((host = gvm_hosts_next (hosts)))
     {
       struct in6_addr ip6;