[prev in list] [next in list] [prev in thread] [next in thread]
List: openvas-cvs
Subject: [Openvas-commits] r16520 - trunk/tools
From: scm-commit () wald ! intevation ! org
Date: 2013-05-31 11:42:37
Message-ID: 20130531114237.F26929A1907E () wald ! intevation ! org
[Download RAW message or body]
Author: mwiegand
Date: 2013-05-31 13:42:37 +0200 (Fri, 31 May 2013)
New Revision: 16520
Modified:
trunk/tools/openvas-check-setup
Log:
Added / improved checks:
* Check count of cache files and warn if not all NVTs have yet been cached.
* Adapt client certificate fix for v7.
* Alert user if there is no scanner running before suggesting an "openvasmd \
--rebuild"
* Move scap.db and cert.db checks after all tasks.db checks to avoid splitting of \
tasks.db checks.
* Print header for step 3 according to version.
* Check password policy file and warn if no policy has been set (v6 and v7).
Modified: trunk/tools/openvas-check-setup
===================================================================
--- trunk/tools/openvas-check-setup 2013-05-31 09:57:34 UTC (rev 16519)
+++ trunk/tools/openvas-check-setup 2013-05-31 11:42:37 UTC (rev 16520)
@@ -27,7 +27,7 @@
# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
LOG=/tmp/openvas-check-setup.log
-CHECKVERSION=2.2.2
+CHECKVERSION=2.2.3
if [ "$1" = "--server" -o "$2" = "--server" ]
then
@@ -253,6 +253,16 @@
fi
echo "" >> $LOG
+CACHEFOLDER=`openvassd -s | grep cache_folder | sed -e "s/^cache_folder = //"`
+CACHECOUNT=`find $CACHEFOLDER -name "*nvti" | wc -l`
+if [ $CACHECOUNT -lt $NVTCOUNT ]
+then
+ log_and_print "WARNING: The initial NVT cache has not yet been generated."
+ log_and_print "SUGGEST: Start OpenVAS Scanner for the first time to generate the \
cache." +else
+ log_and_print "OK: The NVT cache in $CACHEFOLDER contains $CACHECOUNT files for \
$NVTCOUNT NVTs." +fi
+echo "" >> $LOG
echo "Step 2: Checking OpenVAS Manager ... "
@@ -284,7 +294,12 @@
if [ ! -e $CLIENTCERTFILE ]
then
log_and_print "ERROR: No client certificate file of OpenVAS Manager found."
- log_and_print "FIX: Run 'openvas-mkcert-client -n om -i'"
+ if [ $VER -ge 7 ]
+ then
+ log_and_print "FIX: Run 'openvas-mkcert-client -n -i'"
+ else
+ log_and_print "FIX: Run 'openvas-mkcert-client -n om -i'"
+ fi
check_failed
fi
echo "" >> $LOG
@@ -299,6 +314,14 @@
then
log_and_print "ERROR: No OpenVAS Manager database found. (Tried: $TASKSDB)"
log_and_print "FIX: Run 'openvasmd --rebuild' while OpenVAS Scanner is running."
+
+ OPENVASSD_RUNNING=`ps -Af | grep "openvassd: waiting for incoming connections" | \
grep -v grep | wc -l` + if [ $OPENVASSD_RUNNING -eq 0 ]
+ then
+ log_and_print "WARNING: OpenVAS Scanner is NOT running!" ;
+ log_and_print "SUGGEST: Start OpenVAS Scanner (openvassd)." ;
+ fi
+
check_failed
fi
echo "" >> $LOG
@@ -317,40 +340,6 @@
log_and_print "OK: Access rights for the OpenVAS Manager database are correct."
-if [ "$VER" -ge 5 ]
-then
- echo "Checking OpenVAS SCAP database ..." >> $LOG
- # Guess openvas state dir from $PLUGINSFOLDER
- STATEDIR=`dirname $PLUGINSFOLDER`
- SCAPDB="$STATEDIR/scap-data/scap.db"
- if [ ! -e $SCAPDB ]
- then
- log_and_print "ERROR: No OpenVAS SCAP database found. (Tried: $SCAPDB)"
- log_and_print "FIX: Run a SCAP synchronization script like openvas-scapdata-sync \
or greenbone-scapdata-sync."
- check_failed
- fi
- echo "" >> $LOG
-fi
-
-log_and_print "OK: OpenVAS SCAP database found in $SCAPDB."
-
-if [ "$VER" -ge 6 ]
-then
- echo "Checking OpenVAS CERT database ..." >> $LOG
- # Guess openvas state dir from $PLUGINSFOLDER
- STATEDIR=`dirname $PLUGINSFOLDER`
- CERTDB="$STATEDIR/cert-data/cert.db"
- if [ ! -e $CERTDB ]
- then
- log_and_print "ERROR: No OpenVAS CERT database found. (Tried: $CERTDB)"
- log_and_print "FIX: Run a CERT synchronization script like openvas-certdata-sync \
or greenbone-certdata-sync."
- check_failed
- fi
- echo "" >> $LOG
-
- log_and_print "OK: OpenVAS CERT database found in $CERTDB."
-fi
-
echo "Checking sqlite3 presence ..." >> $LOG
SQLITE3=`type sqlite3 2> /dev/null`
if [ $? -ne 0 ]
@@ -400,12 +389,54 @@
then
log_and_print "ERROR: The number of NVTs in the OpenVAS Manager database is too \
low."
log_and_print "FIX: Make sure OpenVAS Scanner is running with an up-to-date NVT \
collection and run 'openvasmd --rebuild'." +
+ OPENVASSD_RUNNING=`ps -Af | grep "openvassd: waiting for incoming connections" | \
grep -v grep | wc -l` + if [ $OPENVASSD_RUNNING -eq 0 ]
+ then
+ log_and_print "WARNING: OpenVAS Scanner is NOT running!" ;
+ log_and_print "SUGGEST: Start OpenVAS Scanner (openvassd)." ;
+ fi
+
check_failed
else
log_and_print "OK: OpenVAS Manager database contains information about \
$DBNVTCOUNT NVTs." fi
fi
+if [ "$VER" -ge 5 ]
+then
+ echo "Checking OpenVAS SCAP database ..." >> $LOG
+ # Guess openvas state dir from $PLUGINSFOLDER
+ STATEDIR=`dirname $PLUGINSFOLDER`
+ SCAPDB="$STATEDIR/scap-data/scap.db"
+ if [ ! -e $SCAPDB ]
+ then
+ log_and_print "ERROR: No OpenVAS SCAP database found. (Tried: $SCAPDB)"
+ log_and_print "FIX: Run a SCAP synchronization script like openvas-scapdata-sync \
or greenbone-scapdata-sync." + check_failed
+ fi
+ echo "" >> $LOG
+fi
+
+log_and_print "OK: OpenVAS SCAP database found in $SCAPDB."
+
+if [ "$VER" -ge 6 ]
+then
+ echo "Checking OpenVAS CERT database ..." >> $LOG
+ # Guess openvas state dir from $PLUGINSFOLDER
+ STATEDIR=`dirname $PLUGINSFOLDER`
+ CERTDB="$STATEDIR/cert-data/cert.db"
+ if [ ! -e $CERTDB ]
+ then
+ log_and_print "ERROR: No OpenVAS CERT database found. (Tried: $CERTDB)"
+ log_and_print "FIX: Run a CERT synchronization script like openvas-certdata-sync \
or greenbone-certdata-sync." + check_failed
+ fi
+ echo "" >> $LOG
+
+ log_and_print "OK: OpenVAS CERT database found in $CERTDB."
+fi
+
echo "Checking xsltproc presence ..." >> $LOG
XSLTPROC=`type xsltproc 2> /dev/null`
if [ $? -ne 0 ]
@@ -418,10 +449,10 @@
echo "" >> $LOG
-echo "Step 3: Checking OpenVAS Administrator ... "
-
if [ $ADMINISTRATOR_MAJOR != "0" ]
then
+ echo "Step 3: Checking OpenVAS Administrator ... "
+
echo "Checking presence of OpenVAS Administrator ..." >> $LOG
openvasad --version >> $LOG 2>&1
if [ $? -ne 0 ]
@@ -469,12 +500,28 @@
fi
echo "" >> $LOG
else
- log_and_print "OpenVAS Administrator is not required for this OpenVAS release."
+ echo "Step 3: Checking user configuration ... "
# TODO: Here we need new tests for presense of user and admin. Possibly based
# on sqlite3 calls (which in turn means to check for sqlite3 which isn't a runtime
# requirement for OpenVAS).
fi
+if [ $VER -ge 6 ]
+then
+ echo "Checking status of password policy ..." >> $LOG
+ CONFFILE=`openvassd -s | grep config_file | sed -e "s/^config_file = //"`
+ CONFDIR=`dirname $CONFFILE`
+ grep -v "^[#]" $CONFDIR/pwpolicy.conf | grep -v "^$" > /dev/null 2>&1
+ if [ $? -ne 0 ]
+ then
+ log_and_print "WARNING: Your password policy is empty."
+ log_and_print "SUGGEST: Edit the $CONFDIR/pwpolicy.conf file to set a password \
policy." + else
+ log_and_print "OK: The password policy file at $CONFDIR/pwpolicy.conf contains \
entries." + fi
+ echo "" >> $LOG
+fi
+
echo "Step 4: Checking Greenbone Security Assistant (GSA) ... "
echo "Checking presence of Greenbone Security Assistant ..." >> $LOG
_______________________________________________
Openvas-commits mailing list
Openvas-commits@wald.intevation.org
https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-commits
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic