Example #1
0
def install_openvas(args):
    '''
    Install and configure openvas on the local host.

    '''
    app.print_verbose("Install OpenVAS version: %d" % SCRIPT_VERSION)
    version_obj = version.Version("InstallOpenVAS", SCRIPT_VERSION)
    version_obj.check_executed()

    _install_packages()
    _disable_selinux()

    iptables.add_openvas_chain()
    iptables.save()

    #
    app.print_verbose("Get OpenVAS nvt.")
    x("openvas-nvt-sync --wget &> /dev/null ")

    #
    app.print_verbose("Rebuild OpenVAS database.")
    x("openvasmd --rebuild")

    #
    app.print_verbose("Add default OpenVAS admin user.")
    x("openvasad -c 'add_user' -u admin -w admin --role=Admin")

    _modify_configs()
    _setup_default_database()
    _start_all_services()

    version_obj.mark_executed()
Example #2
0
def install_openvas(args):
    '''
    Install and configure openvas on the local host.

    '''
    app.print_verbose("Install OpenVAS version: %d" % SCRIPT_VERSION)
    version_obj = version.Version("InstallOpenVAS", SCRIPT_VERSION)
    version_obj.check_executed()

    _install_packages()
    _disable_selinux()

    iptables.add_openvas_chain()
    iptables.save()

    #
    app.print_verbose("Get OpenVAS nvt.")
    x("openvas-nvt-sync --wget &> /dev/null ")

    #
    app.print_verbose("Rebuild OpenVAS database.")
    x("openvasmd --rebuild")

    #
    app.print_verbose("Add default OpenVAS admin user.")
    x("openvasad -c 'add_user' -u admin -w admin --role=Admin")

    _modify_configs()
    _setup_default_database()
    _start_all_services()

    version_obj.mark_executed()
Example #3
0
def install_openvas(args):
  '''
  Install and configure openvas on the local host.

  '''
  app.print_verbose("Install OpenVAS version: %d" % SCRIPT_VERSION)
  version_obj = version.Version("InstallOpenVAS", SCRIPT_VERSION)
  version_obj.check_executed()

 
  ##app.print_verbose("Adding atomic repo for yum...")
  #x("wget -q -O - http://www.atomicorp.com/installers/atomic | sh")
  
  
  if (not os.access("/etc/yum.repos.d/atomic.repo", os.F_OK)):
    raise Exception("You need to install the atomic repo first (wget -q -O - http://www.atomicorp.com/installers/atomic | sh)")
  # Install the mysql-server packages.
  
  
  subnet = config.general.get_subnet()
  if not subnet:
    raise('Need to put network.subnet in install.cfg')
  x("yum -y install sqlite")
  if (not os.access("/usr/sbin/openvassd", os.W_OK|os.X_OK)):
    x("yum -y install openvas")

    if (not os.access("/usr/sbin/openvassd", os.F_OK)):
      raise Exception("Couldn't install OpenVAS")



  iptables.add_openvas_chain()
  iptables.save()
  
  app.print_verbose("Disabling SELinux")
  x("/usr/sbin/setenforce 0")
  app.print_verbose("Get OpenVAS nvt: %d" % SCRIPT_VERSION)
  x("openvas-nvt-sync --wget &> /dev/null ")
  app.print_verbose("Rebuild OpenVAS database: %d" % SCRIPT_VERSION)
  x("openvasmd --rebuild")
  app.print_verbose("Add default OpenVAS admin user: %d" % SCRIPT_VERSION)
  x("openvasad -c 'add_user' -u admin -w admin  --role=Admin ")
  # Configure iptables
  
  #Need to modify config, and make sure all services are started
  gsadconf = scOpen("/etc/sysconfig/gsad")
  gsadconf.replace("^GSA_ADDRESS=127\.0\.0\.1","GSA_ADDRESS=0\.0\.0\.0")
  gsadconf.replace("^#GSA_SSL_PRIVATE_KEY=","GSA_SSL_PRIVATE_KEY=/var/lib/openvas/private/CA/serverkey.pem")
  gsadconf.replace("^#GSA_SSL_CERTIFICATE=","GSA_SSL_CERTIFICATE=/var/lib/openvas/CA/servercert.pem")

  # Disable SELINUX it just messes with me.
  app.print_verbose("Disabling SELINUX")
  x("echo 0 > /selinux/enforce")
  selinuxconf = scOpen("/etc/selinux/config")
  selinuxconf.replace("^SELINUX=.*","SELINUX=permissive")

  #Setup default database
  shutil.copy(app.SYCO_PATH + "var/openvas/sql_init.sql",  app.SYCO_PATH + "var/openvas/sql_init.sql.tmp")
  
  sqlInit = scOpen(app.SYCO_PATH + "var/openvas/sql_init.sql.tmp")
  sqlInit.replace("${syco_hosts}",subnet)
  sqlInit.replace("${syco_alert_email}",config.general.get_admin_email())
  x("cat %s/var/openvas/sql_init.sql.tmp | sqlite3 /var/lib/openvas/mgr/tasks.db" % app.SYCO_PATH )
  
  #general.shell_exec("/etc/init.d/openvas-manager restart &> /dev/null ")
  #general.shell_exec("/etc/init.d/openvas-administrator restart &> /dev/null")
  #general.shell_exec("/etc/init.d/openvas-scanner restart &> /dev/null")
  #general.shell_exec("/etc/init.d/gsad restart &> /dev/null")
  #general.shell_exec("service gsad start")
  x("/bin/sh "+app.SYCO_PATH + "var/openvas/restart.sh &> /dev/null ")
  
  version_obj.mark_executed()
Example #4
0
def install_openvas(args):
    '''
  Install and configure openvas on the local host.

  '''
    app.print_verbose("Install OpenVAS version: %d" % SCRIPT_VERSION)
    version_obj = version.Version("InstallOpenVAS", SCRIPT_VERSION)
    version_obj.check_executed()

    ##app.print_verbose("Adding atomic repo for yum...")
    #x("wget -q -O - http://www.atomicorp.com/installers/atomic | sh")

    if (not os.access("/etc/yum.repos.d/atomic.repo", os.F_OK)):
        raise Exception(
            "You need to install the atomic repo first (wget -q -O - http://www.atomicorp.com/installers/atomic | sh)"
        )
    # Install the mysql-server packages.

    subnet = config.general.get_subnet()
    if not subnet:
        raise ('Need to put network.subnet in install.cfg')
    x("yum -y install sqlite")
    if (not os.access("/usr/sbin/openvassd", os.W_OK | os.X_OK)):
        x("yum -y install openvas")

        if (not os.access("/usr/sbin/openvassd", os.F_OK)):
            raise Exception("Couldn't install OpenVAS")

    iptables.add_openvas_chain()
    iptables.save()

    app.print_verbose("Disabling SELinux")
    x("/usr/sbin/setenforce 0")
    app.print_verbose("Get OpenVAS nvt: %d" % SCRIPT_VERSION)
    x("openvas-nvt-sync --wget &> /dev/null ")
    app.print_verbose("Rebuild OpenVAS database: %d" % SCRIPT_VERSION)
    x("openvasmd --rebuild")
    app.print_verbose("Add default OpenVAS admin user: %d" % SCRIPT_VERSION)
    x("openvasad -c 'add_user' -u admin -w admin  --role=Admin ")
    # Configure iptables

    #Need to modify config, and make sure all services are started
    gsadconf = scOpen("/etc/sysconfig/gsad")
    gsadconf.replace("^GSA_ADDRESS=127\.0\.0\.1", "GSA_ADDRESS=0\.0\.0\.0")
    gsadconf.replace(
        "^#GSA_SSL_PRIVATE_KEY=",
        "GSA_SSL_PRIVATE_KEY=/var/lib/openvas/private/CA/serverkey.pem")
    gsadconf.replace("^#GSA_SSL_CERTIFICATE=",
                     "GSA_SSL_CERTIFICATE=/var/lib/openvas/CA/servercert.pem")

    # Disable SELINUX it just messes with me.
    app.print_verbose("Disabling SELINUX")
    x("echo 0 > /selinux/enforce")
    selinuxconf = scOpen("/etc/selinux/config")
    selinuxconf.replace("^SELINUX=.*", "SELINUX=permissive")

    #Setup default database
    shutil.copy(app.SYCO_PATH + "var/openvas/sql_init.sql",
                app.SYCO_PATH + "var/openvas/sql_init.sql.tmp")

    sqlInit = scOpen(app.SYCO_PATH + "var/openvas/sql_init.sql.tmp")
    sqlInit.replace("${syco_hosts}", subnet)
    sqlInit.replace("${syco_alert_email}", config.general.get_admin_email())
    x("cat %s/var/openvas/sql_init.sql.tmp | sqlite3 /var/lib/openvas/mgr/tasks.db"
      % app.SYCO_PATH)

    #general.shell_exec("/etc/init.d/openvas-manager restart &> /dev/null ")
    #general.shell_exec("/etc/init.d/openvas-administrator restart &> /dev/null")
    #general.shell_exec("/etc/init.d/openvas-scanner restart &> /dev/null")
    #general.shell_exec("/etc/init.d/gsad restart &> /dev/null")
    #general.shell_exec("service gsad start")
    x("/bin/sh " + app.SYCO_PATH + "var/openvas/restart.sh &> /dev/null ")

    version_obj.mark_executed()