Vous êtes ici : Formations en Ligne Gratuites » Catalogue » workbooks » CentOS » CentOS 5, 6 et 7 » LDF400 - Administration de la Sécurité » LRF408 - Sécurité Applicative

Différences

Ci-dessous, les différences entre deux révisions de la page.

Lien vers cette vue comparative

Prochaine révision		Révision précédente
elearning:workbooks:centos:6:sec:l108 [2020/02/21 06:10] – créée adminelearning:workbooks:centos:6:sec:l108 [2024/04/26 09:28] (Version actuelle) admin
Ligne 1: Ligne 1:
 ~~PDF:LANDSCAPE~~ ~~PDF:LANDSCAPE~~
  
-Version : **2020.01**+Version : **2024.01**
  
 Dernière mise-à-jour : ~~LASTMOD~~ Dernière mise-à-jour : ~~LASTMOD~~
Ligne 7: Ligne 7:
 ======LRF408 - Sécurité Applicative====== ======LRF408 - Sécurité Applicative======
  
-Dans cette unité, vous allez apprendre :+=====Contenu du Module=====
  
-  * Comment installer et utiliser l'utilitaire **netwox**, +  * **LRF408 - Sécurité Applicative** 
-  Comment installer et utiliser l'outil **OpenVAS**,, +    Contenu du Module 
-  Comment mettre en place un **chroot** pour un utilisateur, +    Le Problématique 
-  Comment sécuriser le serveur **Apache**.+    Préparation 
 +    * Les Outils 
 +      * LAB #1 - Netwox 
 +        * Installation 
 +        * Utilisation 
 +        * Avertissement important 
 +      * LAB #2 - OpenVAS 
 +        Présentation 
 +        Préparation 
 +        Installation 
 +        Configuration 
 +        Utilisation 
 +        * Analyse des Résultats 
 +    * Les Contres-Mesures 
 +      * LAB #3 - La commande chroot 
 +      LAB #4 - Sécuriser Apache 
 +        Installation 
 +        Testez le serveur apache 
 +          Avec un navigateur 
 +          Avec Telnet 
 +        Préparation 
 +        Gestion de serveurs virtuels 
 +          * Hôte virtuel par nom 
 +          * Hôte virtuel par adresse IP 
 +        * mod_auth_basic 
 +          * Configuration de la sécurité avec .htaccess 
 +          * Mise en place d'un fichier de mots de passe 
 +        * mod_auth_mysql 
 +          * Installation 
 +          * Configuration de MariaDB 
 +          * Configuration d'Apache 
 +        * mod_authnz_ldap 
 +        * mod_ssl 
 +          * Présentation de SSL 
 +          * Fonctionnement de SSL 
 +          * Installation de ssl 
 +          * Configuration de SSL 
 +          * Mise en place des paramètres de sécurité SSL 
 +          * Tester Votre Configuration
  
 =====Le Problématique===== =====Le Problématique=====
Ligne 19: Ligne 57:
  
 =====Préparation===== =====Préparation=====
- 
-<WRAP center round todo 50%> 
-**A Faire** - Arrêtez votre VM et configurez la RAM à 2 Go. Redémarrez votre VM. 
-</WRAP> 
  
 =====Les Outils===== =====Les Outils=====
Ligne 35: Ligne 69:
  
 <code> <code>
-[root@centos7 ~]# wget http://ftp.tu-chemnitz.de/pub/linux/dag/redhat/el6/en/x86_64/rpmforge/RPMS/netwox-5.35.0-1.el6.rf.x86_64.rpm+[root@centos7 ~]# wget https://www.dropbox.com/scl/fi/e55p8pmn5sbo4uflddpue/netwox-5.35.0-1.el5.rf.i386.rpm?rlkey=1l475ob83ktbja21s18fhtbrb&st=7umpk4yj
 </code> </code>
  
Ligne 206: Ligne 240:
  
 <code> <code>
-[root@centos6 ~]# yum install openvas-scanner openvas-manager openvas-gsa openvas-cli+[root@centos6 ~]# yum install openvas-scanner openvas-manager openvas-gsa openvas-cli coreutils openssl
 </code> </code>
  
Ligne 427: Ligne 461:
 </WRAP> </WRAP>
  
-Mettez à jour les modules d'extensions de OpenVAS :+Téléchargez le script **greenbone-nvt-sync** :
  
 <code> <code>
-[root@centos7 ~]# openvas-nvt-sync+[root@centos7 ~]# wget https://www.dropbox.com/scl/fi/10hf8fpdq2yhd821qb5pk/greenbone-nvt-sync?rlkey=7f4taliexlpg54pa1c1yz8czx&st=tkvnjg55 
 + 
 +[root@centos7 ~]# mv greenbone-nvt-sync?rlkey=7f4taliexlpg54pa1c1yz8czx greenbone-nvt-sync 
 +</code> 
 + 
 +Si vous ne pouvez pas téléchargez le script **greenbone-nvt-sync**, copiez son contenu ci-dessous et créez-le : 
 + 
 +<code> 
 +[root@centos7 ~]# vi greenbone-nvt-sync 
 +[root@centos7 ~]# cat greenbone-nvt-sync 
 +#!/bin/sh 
 +# Copyright (C) 2009-2021 Greenbone Networks GmbH 
 +
 +# SPDX-License-Identifier: GPL-2.0-or-later 
 +
 +# This program is free software; you can redistribute it and/or 
 +# modify it under the terms of the GNU General Public License 
 +# as published by the Free Software Foundation; either version 2 
 +# of the License, or (at your option) any later version. 
 +
 +# This program is distributed in the hope that it will be useful, 
 +# but WITHOUT ANY WARRANTY; without even the implied warranty of 
 +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the 
 +# GNU General Public License for more details. 
 +
 +# You should have received a copy of the GNU General Public License 
 +# along with this program; if not, write to the Free Software 
 +# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. 
 + 
 +# This script updates the local Network Vulnerability Tests (NVTs) from the 
 +# Greenbone Security Feed (GSF) or the Greenbone Community Feed (GCF).  
 + 
 +VERSION=@OPENVAS_VERSION@ 
 + 
 +# SETTINGS 
 +# ======== 
 + 
 +# PRIVATE_SUBDIR defines a subdirectory of the NVT directory that is excluded 
 +# from the feed sync. This is where to place your own NVTs. 
 +if [ -z "$PRIVATE_SUBDIR"
 +then 
 +  PRIVATE_SUBDIR="private" 
 +fi 
 + 
 +# RSYNC_DELETE controls whether files which are not part of the repository will 
 +# be removed from the local directory after synchronization. The default value 
 +# for this setting is 
 +# "--delete --exclude \"$PRIVATE_SUBDIR/\"", 
 +# which means that files which are not part of the feed or private directory 
 +# will be deleted. 
 +RSYNC_DELETE="--delete --exclude $PRIVATE_SUBDIR/" 
 + 
 +# RSYNC_SSH_OPTS contains options which should be passed to ssh for the rsync 
 +# connection to the repository. 
 +RSYNC_SSH_OPTS="-o \"UserKnownHostsFile=/dev/null\" -o \"StrictHostKeyChecking=no\"" 
 + 
 +# RSYNC_COMPRESS specifies the compression level to use for the rsync connection. 
 +RSYNC_COMPRESS="--compress-level=9" 
 + 
 +# RSYNC_CHMOD specifies the permissions to chmod the files to. 
 +RSYNC_CHMOD="--perms --chmod=Fugo+r,Fug+w,Dugo-s,Dugo+rx,Dug+w" 
 + 
 +# Verbosity flag for rsync. "-q" means a quiet rsync, "-v" a verbose rsync. 
 +RSYNC_VERBOSE="-q" 
 + 
 +# RSYNC_OPTIONS controls the general parameters for the rsync connection. 
 +RSYNC_OPTIONS="--links --times --omit-dir-times $RSYNC_VERBOSE --recursive --partial --progress" 
 + 
 +# Script and feed information which will be made available to user through 
 +# command line options and automated tools. 
 +# Script name which will be used for logging 
 +SCRIPT_NAME="greenbone-nvt-sync" 
 + 
 +# Result of selftest () is stored here. If it is not 0, the selftest has failed 
 +# and the sync script is unlikely to work. 
 +SELFTEST_FAIL=0 
 + 
 +# Port to use for synchronization. Default value is 24. 
 +PORT=24 
 + 
 +# Directory where the OpenVAS configuration is located 
 +OPENVAS_SYSCONF_DIR="@OPENVAS_SYSCONF_DIR@" 
 + 
 +# Directory where the feed update lock file will be placed. 
 +OPENVAS_FEED_LOCK_PATH="@OPENVAS_FEED_LOCK_PATH@" 
 + 
 +# Location of the GSF Access Key 
 +ACCESS_KEY="@GVM_ACCESS_KEY_DIR@/gsf-access-key" 
 + 
 +# If ENABLED is set to 0, the sync script will not perform a synchronization. 
 +ENABLED=1 
 + 
 +# LOG_CMD defines the command to use for logging. To have logger log to stderr 
 +# as well as syslog, add "-s" here. The logging facility is checked. In case of error 
 +# all will be logged in the standard error and the socket error check will be 
 +# disabled. 
 +LOG_CMD="logger -t $SCRIPT_NAME" 
 + 
 +check_logger () { 
 +  logger -p daemon.info -t $SCRIPT_NAME "Checking logger" --no-act 1>/dev/null 2>&
 +  if [ $? -gt 0 ] 
 +  then 
 +    LOG_CMD="logger -s -t $SCRIPT_NAME" 
 +    $LOG_CMD -p daemon.warning "The log facility is not working as expected. All messages will be written to the standard error stream." 
 +  fi 
 +
 +check_logger 
 + 
 + 
 +# Source configuration file if it is readable 
 +[ -r $OPENVAS_SYSCONF_DIR/greenbone-nvt-sync.conf ] && . $OPENVAS_SYSCONF_DIR/greenbone-nvt-sync.conf 
 + 
 +# NVT_DIR is the place where the NVTs are located. 
 +if [ -z "$NVT_DIR"
 +then 
 +  NVT_DIR="@OPENVAS_NVT_DIR@" 
 +fi 
 + 
 +log_write () { 
 +  $LOG_CMD -p daemon.notice $1 
 +
 + 
 +log_debug () { 
 +  $LOG_CMD -p daemon.debug "$1" 
 +
 + 
 +log_info () { 
 +  $LOG_CMD -p daemon.info "$1" 
 +
 + 
 +log_notice () { 
 +  $LOG_CMD -p daemon.notice "$1" 
 +
 + 
 +log_warning () { 
 +  $LOG_CMD -p daemon.warning "$1" 
 +
 + 
 +log_err () { 
 +  $LOG_CMD -p daemon.err "$1" 
 +
 + 
 +stderr_write () 
 +
 +  echo "$1" > /dev/stderr 
 +
 + 
 +# Read the general information about the feed origin from 
 +# the file "plugin_feed_info.inc" inside the feed directory. 
 +get_feed_info () 
 +
 +  INFOFILE="$NVT_DIR/plugin_feed_info.inc" 
 +  if [ -r $INFOFILE ] ; then 
 +    FEED_VERSION=`grep PLUGIN_SET $INFOFILE | sed -e 's/[^0-9]//g'
 +    FEED_NAME=`awk -F\" '/PLUGIN_FEED/ { print $2 }' $INFOFILE` 
 +    FEED_VENDOR=`awk -F\" '/FEED_VENDOR/ { print $2 }' $INFOFILE` 
 +    FEED_HOME=`awk -F\" '/FEED_HOME/ { print $2 }' $INFOFILE` 
 +    FEED_PRESENT=1 
 +  else 
 +    FEED_PRESENT=0 
 +  fi 
 + 
 +  if [ -z "$FEED_NAME" ] ; then 
 +    FEED_NAME="Unidentified Feed" 
 +  fi 
 + 
 +  if [ -z "$FEED_VENDOR" ] ; then 
 +    FEED_VENDOR="Unidentified Vendor" 
 +  fi 
 + 
 +  if [ -z "$FEED_HOME" ] ; then 
 +    FEED_HOME="Unidentified Feed Homepage" 
 +  fi 
 +
 + 
 +# Prevent that root executes this script 
 +if [ "`id -u`" -eq "0"
 +then 
 +  stderr_write "$0 must not be executed as privileged user root" 
 +  stderr_write 
 +  stderr_write "Unlike the actual scanner the sync routine does not need privileges." 
 +  stderr_write "Accidental execution as root would prevent later overwriting of" 
 +  stderr_write "files with a non-privileged user." 
 + 
 +  log_err "Denied to run as root" 
 +  exit 1 
 +fi 
 + 
 +# Always try to get the information when started. 
 +# This also ensures variables like FEED_PRESENT are set. 
 +get_feed_info 
 + 
 +# Determine whether a GSF access key is present. If yes, 
 +# then use the Greenbone Security Feed. Else use the 
 +# Greenbone Community Feed. 
 +if [ -e $ACCESS_KEY ] 
 +then 
 +  RESTRICTED=1 
 +else 
 +  RESTRICTED=0 
 + 
 +  if [ -z "$COMMUNITY_NVT_RSYNC_FEED" ]; then 
 +    COMMUNITY_NVT_RSYNC_FEED=rsync://feed.community.greenbone.net:/nvt-feed 
 +    # An alternative syntax which might work if the above doesn't: 
 +    # COMMUNITY_NVT_RSYNC_FEED=rsync@feed.community.greenbone.net::/nvt-feed 
 +  fi 
 +fi 
 + 
 +RSYNC=`command -v rsync` 
 + 
 +if [ -z "$TMPDIR" ]; then 
 +  SYNC_TMP_DIR=/tmp 
 +  # If we have mktemp, create a temporary dir (safer) 
 +  if [ -n "`which mktemp`" ]; then 
 +    SYNC_TMP_DIR=`mktemp -t -d greenbone-nvt-sync.XXXXXXXXXX` || { echo "ERROR: Cannot create temporary directory for file download" >&2; exit 1 ; } 
 +    trap "rm -rf $SYNC_TMP_DIR" EXIT HUP INT TRAP TERM 
 +  fi 
 +else 
 +  SYNC_TMP_DIR="$TMPDIR" 
 +fi 
 + 
 +# Initialize this indicator variable with default assuming the 
 +# feed is not up-to-date. 
 +FEED_CURRENT=0 
 + 
 +# This function uses gos-state-manager to get information about the settings. 
 +# If gos-state-manager is not installed the values of the settings can not be 
 +# retrieved. 
 +
 +# Input: option 
 +# Output: value as string or empty String if gos-state-manager is not installed 
 +#         or option not set 
 +get_value () 
 +
 +  value="" 
 +  key=$1 
 +  if which gos-state-manager 1>/dev/null 2>&
 +  then 
 +    if gos-state-manager get "$key.value" 1>/dev/null 2>&
 +    then 
 +      value="$(gos-state-manager get "$key.value")" 
 +    fi 
 +  fi 
 +  echo "$value" 
 +
 + 
 +# Creates a restricted access copy of the access key if necessary. 
 +setup_temp_access_key () { 
 +  if [ -e "$ACCESS_KEY"
 +  then 
 +    FILE_ACCESS=`stat -c%a "$ACCESS_KEY" | cut -c2-` 
 +  fi 
 +  if [ -n "$FILE_ACCESS" ] && [ "00" != "$FILE_ACCESS"
 +  then 
 +    TEMP_ACCESS_KEY_DIR=`mktemp -d` 
 +    TEMP_ACCESS_KEY="$TEMP_ACCESS_KEY_DIR/gsf-access-key" 
 +    cp "$ACCESS_KEY" "$TEMP_ACCESS_KEY" 
 +    chmod 400 "$TEMP_ACCESS_KEY" 
 +  else 
 +    TEMP_ACCESS_KEY_DIR="" 
 +    TEMP_ACCESS_KEY="$ACCESS_KEY" 
 +  fi 
 +
 + 
 +# Deletes the read-only copy of the access key. 
 +cleanup_temp_access_key () { 
 +  if [ -n "$TEMP_ACCESS_KEY_DIR"
 +  then 
 +    rm -rf "$TEMP_ACCESS_KEY_DIR" 
 +  fi 
 +  TEMP_ACCESS_KEY_DIR="" 
 +  TEMP_ACCESS_KEY="" 
 +
 + 
 +is_feed_current () { 
 +  if [ -z "$FEED_VERSION"
 +  then 
 +    log_write "Could not determine feed version." 
 +    FEED_CURRENT=0 
 +    return $FEED_CURRENT 
 +  fi 
 + 
 +  if [ -z "$RSYNC"
 +  then 
 +    log_notice "rsync not available, skipping feed version test" 
 +    FEED_CURRENT=0 
 +    rm -rf $FEED_INFO_TEMP_DIR 
 +    cleanup_temp_access_key 
 +    return 0 
 +  fi 
 + 
 +  FEED_INFO_TEMP_DIR=`mktemp -d` 
 + 
 +  if [ -e $ACCESS_KEY ] 
 +  then 
 +    gsmproxy=$(get_value proxy_feed | sed -r -e 's/^.*\/\///' -e 's/:([0-9]+)$/ \1/'
 +    syncport=$(get_value syncport) 
 +    if [ "$syncport"
 +    then 
 +      PORT="$syncport" 
 +    fi 
 + 
 +    read feeduser < $ACCESS_KEY 
 +    custid=`awk -F@ 'NR > 1 { exit }; { print $1 }' $ACCESS_KEY` 
 +    if [ -z "$feeduser" ] || [ -z "$custid"
 +    then 
 +      log_err "Could not determine credentials, aborting synchronization." 
 +      exit 1 
 +    fi 
 + 
 +    setup_temp_access_key 
 + 
 +    if [ "$gsmproxy" = "proxy_feed" ] || [ -z "$gsmproxy"
 +    then 
 +      RSYNC_SSH_PROXY_CMD="" 
 +    else 
 +      if [ -e $OPENVAS_SYSCONF_DIR/proxyauth ] && [ -r $OPENVAS_SYSCONF_DIR/proxyauth ] 
 +      then 
 +        RSYNC_SSH_PROXY_CMD="-o \"ProxyCommand corkscrew $gsmproxy %h %p $OPENVAS_SYSCONF_DIR/proxyauth\"" 
 +      else 
 +        RSYNC_SSH_PROXY_CMD="-o \"ProxyCommand corkscrew $gsmproxy %h %p\"" 
 +      fi 
 +    fi 
 + 
 +    rsync -e "ssh $RSYNC_SSH_OPTS $RSYNC_SSH_PROXY_CMD -p $PORT -i $TEMP_ACCESS_KEY" $RSYNC_OPTIONS $RSYNC_DELETE $RSYNC_COMPRESS $RSYNC_CHMOD "$feeduser"plugin_feed_info.inc $FEED_INFO_TEMP_DIR 
 + 
 +    if [ $? -ne 0 ] 
 +    then 
 +      log_err "Error: rsync failed." 
 +      rm -rf "$FEED_INFO_TEMP_DIR" 
 +      exit 1 
 +    fi 
 +  else 
 +    # Sleep for five seconds (a previous feed might have been synced a few seconds before) to prevent 
 +    # IP blocking due to network equipment in between keeping the previous connection too long open. 
 +    sleep 5 
 +    log_notice "No Greenbone Security Feed access key found, falling back to Greenbone Community Feed" 
 +    eval "$RSYNC -ltvrP \"$COMMUNITY_NVT_RSYNC_FEED/plugin_feed_info.inc\" \"$FEED_INFO_TEMP_DIR\"" 
 +    if [ $? -ne 0 ] 
 +    then 
 +      log_err "rsync failed, aborting synchronization." 
 +      rm -rf "$FEED_INFO_TEMP_DIR" 
 +      exit 1 
 +    fi 
 +  fi 
 + 
 +  FEED_VERSION_SERVER=`grep PLUGIN_SET $FEED_INFO_TEMP_DIR/plugin_feed_info.inc | sed -e 's/[^0-9]//g'
 + 
 +  if [ -z "$FEED_VERSION_SERVER"
 +  then 
 +    log_err "Could not determine server feed version." 
 +    rm -rf $FEED_INFO_TEMP_DIR 
 +    cleanup_temp_access_key 
 +    exit 1 
 +  fi 
 +  # Check against FEED_VERSION 
 +  if [ $FEED_VERSION -lt $FEED_VERSION_SERVER ] ; then 
 +    FEED_CURRENT=0 
 +  else 
 +    FEED_CURRENT=1 
 +  fi 
 +  # Cleanup 
 +  rm -rf "$FEED_INFO_TEMP_DIR" 
 +  cleanup_temp_access_key 
 + 
 +  return $FEED_CURRENT 
 +
 + 
 +do_rsync_community_feed () { 
 +  # Sleep for five seconds (a previous feed might have been synced a few seconds before) to prevent 
 +  # IP blocking due to network equipment in between keeping the previous connection too long open. 
 +  sleep 5 
 +  log_notice "Configured NVT rsync feed: $COMMUNITY_NVT_RSYNC_FEED" 
 +  mkdir -p "$NVT_DIR" 
 +  eval "$RSYNC -ltvrP $RSYNC_DELETE \"$COMMUNITY_NVT_RSYNC_FEED\" \"$NVT_DIR\" --exclude=plugin_feed_info.inc" 
 +  if [ $? -ne 0 ] ; then 
 +    log_err "rsync failed." 
 +    exit 1 
 +  fi 
 +  # Sleep for five seconds (after the above rsync call) to prevent IP blocking due 
 +  # to network equipment in between keeping the previous connection too long open. 
 +  sleep 5 
 +  eval "$RSYNC -ltvrP $RSYNC_DELETE \"$COMMUNITY_NVT_RSYNC_FEED/plugin_feed_info.inc\" \"$NVT_DIR\"" 
 +  if [ $? -ne 0 ] ; then 
 +    log_err "rsync failed." 
 +    exit 1 
 +  fi 
 +
 + 
 +sync_nvts(){ 
 +  if [ $ENABLED -ne 1 ] 
 +  then 
 +    log_write "NVT synchronization is disabled, exiting." 
 +    exit 0 
 +  fi 
 + 
 +  if [ -e $ACCESS_KEY ] 
 +  then 
 +    log_write "Synchronizing NVTs from the Greenbone Security Feed into $NVT_DIR..." 
 +    if [ $FEED_PRESENT -eq 1 ] ; then 
 +      FEEDCOUNT=`grep -E "nasl$|inc$" $NVT_DIR/md5sums | wc -l` 
 +      log_write "Current status: Using $FEED_NAME at version $FEED_VERSION ($FEEDCOUNT NVTs)" 
 +    else 
 +      log_write "Current status: No feed installed." 
 +    fi 
 +    notsynced=1 
 +    retried=0 
 + 
 +    mkdir -p "$NVT_DIR" 
 +    read feeduser < $ACCESS_KEY 
 +    custid=`awk -F@ 'NR > 1 { exit }; { print $1 }' $ACCESS_KEY` 
 +    if [ -z "$feeduser" ] || [ -z "$custid"
 +    then 
 +      log_err "Could not determine credentials, aborting synchronization." 
 +      exit 1 
 +    fi 
 + 
 +    setup_temp_access_key 
 + 
 +    while [ $notsynced -eq 1 ] 
 +    do 
 + 
 +      gsmproxy=$(get_value proxy_feed | sed -r -e 's/^.*\/\///' -e 's/:([0-9]+)$/ \1/'
 +      syncport=$(get_value syncport) 
 +      if [ "$syncport"
 +      then 
 +        PORT="$syncport" 
 +      fi 
 + 
 +      if [ "$gsmproxy" = "proxy_feed" ] || [ -z "$gsmproxy"
 +      then 
 +        RSYNC_SSH_PROXY_CMD="" 
 +      else 
 +        if [ -e $OPENVAS_SYSCONF_DIR/proxyauth ] && [ -r $OPENVAS_SYSCONF_DIR/proxyauth ]; then 
 +          RSYNC_SSH_PROXY_CMD="-o \"ProxyCommand corkscrew $gsmproxy %h %p $OPENVAS_SYSCONF_DIR/proxyauth\"" 
 +        else 
 +          RSYNC_SSH_PROXY_CMD="-o \"ProxyCommand corkscrew $gsmproxy %h %p\"" 
 +        fi 
 +      fi 
 +      rsync -e "ssh $RSYNC_SSH_OPTS $RSYNC_SSH_PROXY_CMD -p $PORT -i $TEMP_ACCESS_KEY" --exclude=plugin_feed_info.inc $RSYNC_OPTIONS $RSYNC_DELETE $RSYNC_COMPRESS $RSYNC_CHMOD $feeduser $NVT_DIR 
 +      if [ $? -ne 0 ]  ; then 
 +        log_err "rsync failed, aborting synchronization." 
 +        exit 1 
 +      fi 
 +      rsync -e "ssh $RSYNC_SSH_OPTS $RSYNC_SSH_PROXY_CMD -p $PORT -i $TEMP_ACCESS_KEY" $RSYNC_OPTIONS $RSYNC_DELETE $RSYNC_COMPRESS $RSYNC_CHMOD "$feeduser"plugin_feed_info.inc $NVT_DIR 
 +      if [ $? -ne 0 ]  ; then 
 +        log_err "rsync failed, aborting synchronization." 
 +        exit 1 
 +      fi 
 +      eval "cd \"$NVT_DIR\" ; md5sum -c --status \"$NVT_DIR/md5sums\"" 
 +      if [ $? -ne 0 ]  ; then 
 +        if [ -n "$retried"
 +        then 
 +          log_err "Feed integrity check failed twice, aborting synchronization." 
 +          cleanup_temp_access_key 
 +          exit 1 
 +        else 
 +          log_write "The feed integrity check failed. This may be due to a concurrent feed update or other temporary issues." 
 +          log_write "Sleeping 15 seconds before retrying ..." 
 +          sleep 15 
 +          retried=1 
 +        fi 
 +      else 
 +        notsynced=0 
 +      fi 
 +    done 
 +    cleanup_temp_access_key 
 +    log_write "Synchronization with the Greenbone Security Feed successful." 
 +    get_feed_info 
 +    if [ $FEED_PRESENT -eq 1 ] ; then 
 +      FEEDCOUNT=`grep -E "nasl$|inc$" $NVT_DIR/md5sums | wc -l` 
 +      log_write "Current status: Using $FEED_NAME at version $FEED_VERSION ($FEEDCOUNT NVTs)" 
 +    else 
 +      log_write "Current status: No feed installed." 
 +    fi 
 +  else 
 +    log_notice "No Greenbone Security Feed access key found, falling back to Greenbone Community Feed" 
 +    do_rsync_community_feed 
 +  fi 
 +
 + 
 +do_self_test () 
 +
 +  MD5SUM_AVAIL=`command -v md5sum` 
 +  if [ $? -ne 0 ] ; then 
 +    SELFTEST_FAIL=1 
 +    stderr_write "The md5sum binary could not be found." 
 +  fi 
 + 
 +  RSYNC_AVAIL=`command -v rsync` 
 +  if [ $? -ne 0 ] ; then 
 +    SELFTEST_FAIL=1 
 +    stderr_write "The rsync binary could not be found." 
 +  fi 
 +
 + 
 +do_describe () 
 +
 +  echo "This script synchronizes an NVT collection with the '$FEED_NAME'." 
 +  echo "The '$FEED_NAME' is provided by '$FEED_VENDOR'." 
 +  echo "Online information about this feed: '$FEED_HOME'." 
 +
 + 
 +do_feedversion () { 
 +  if [ $FEED_PRESENT -eq 1 ] ; then 
 +    echo $FEED_VERSION 
 +  else 
 +    stderr_write "The file containing the feed version could not be found." 
 +    exit 1 
 +  fi 
 +
 + 
 +do_sync () 
 +
 +  do_self_test 
 +  if [ $SELFTEST_FAIL -ne 0 ] ; then 
 +    exit $SELFTEST_FAIL 
 +  fi 
 + 
 +  if [ $FEED_CURRENT -eq 1 ] 
 +  then 
 +    log_write "Feed is already current, skipping synchronization." 
 +  else 
 +    ( 
 +      chmod +660 $OPENVAS_FEED_LOCK_PATH 
 +      flock -n 9 
 +      if [ $? -eq 1 ] ; then 
 +          log_warning "Another process related to the feed update is already running" 
 +          exit 1 
 +      fi 
 +      date > $OPENVAS_FEED_LOCK_PATH 
 +      sync_nvts 
 +      echo -n $OPENVAS_FEED_LOCK_PATH 
 +    )9>>$OPENVAS_FEED_LOCK_PATH 
 +  fi 
 +
 + 
 +do_help () { 
 +  echo "$0: Sync NVT data" 
 +  echo " --describe     display current feed info" 
 +  echo " --feedcurrent  just check if feed is up-to-date" 
 +  echo " --feedversion  display version of this feed" 
 +  echo " --help         display this help" 
 +  echo " --identify     display information" 
 +  echo " --nvtdir dir   set dir as NVT directory" 
 +  echo " --selftest     perform self-test and set exit code" 
 +  echo " --verbose      makes the sync process print details" 
 +  echo " --version      display version" 
 +  echo "" 
 +  echo "" 
 +  echo "Environment variables:" 
 +  echo "NVT_DIR         where to extract plugins (absolute path)" 
 +  echo "PRIVATE_SUBDIR  subdirectory of \$NVT_DIR to exclude from synchronization" 
 +  echo "TMPDIR          temporary directory used to download the files" 
 +  echo "Note that you can use standard ones as well (e.g. RSYNC_PROXY) for rsync" 
 +  echo "" 
 +  exit 0 
 +
 + 
 +while test $# -gt 0; do 
 +  case "$1" in 
 +    --version) 
 +      echo $VERSION 
 +      exit 0 
 +      ;; 
 +    --identify) 
 +      echo "NVTSYNC|$SCRIPT_NAME|$VERSION|$FEED_NAME|$RESTRICTED|NVTSYNC" 
 +      exit 0 
 +      ;; 
 +    --selftest) 
 +      do_self_test 
 +      exit $SELFTEST_FAIL 
 +      ;; 
 +    --describe) 
 +      do_describe 
 +      exit 0 
 +      ;; 
 +    --feedversion) 
 +      do_feedversion 
 +      exit 0 
 +      ;; 
 +    --help) 
 +      do_help 
 +      exit 0 
 +      ;; 
 +    --nvt-dir) 
 +      NVT_DIR="$2" 
 +      shift 
 +      ;; 
 +    --feedcurrent) 
 +      is_feed_current 
 +      exit $? 
 +      ;; 
 +    --verbose) 
 +      RSYNC_VERBOSE="-v" 
 +      ;; 
 +  esac 
 +  shift 
 +done 
 + 
 +do_sync 
 + 
 +exit 0 
 +</code> 
 + 
 +Rendez le script exécutable : 
 + 
 +<code> 
 +[root@centos7 ~]# chmod +x greenbone-nvt-sync 
 +</code> 
 + 
 +Déplacez le script vers **/usr/sbin/** : 
 + 
 +<code> 
 +[root@centos7 ~]# mv greenbone-nvt-sync /usr/sbin 
 +mv: overwrite ‘/usr/sbin/greenbone-nvt-sync’?
 +</code> 
 + 
 +Devenez l'utilisateur trainee et mettez à jour les modules d'extensions de OpenVAS : 
 + 
 +<code> 
 + 
 +[root@centos7 ~]# su - trainee 
 +Last login: Thu Mar  4 10:28:01 UTC 2021 from ns3072874.ip-79-137-68.eu on pts/0 
 +[trainee@centos7 ~]$ greenbone-nvt-sync 
 +... 
 +[trainee@centos7 ~]$ exit 
 +[root@centos7 ~]#
 </code> </code>
  
-Dans le cas où cette commande retourne une erreur, procédez de la façon suivante pour mettre à jour les modules d'extensions :+Déplacez les plugins vers le répertoire **/var/lib/openvas/plugins** :
  
 <code> <code>
-[root@centos7 ~]# wget http://dl.greenbone.net/community-nvt-feed-current.tar.bz2  +[root@centos7 ~]# mv /home/trainee/@OPENVAS_NVT_DIR@//var/lib/openvas/plugins
-[root@centos7 ~]# tar xvf community-nvt-feed-current.tar.bz2 -C /var/lib/openvas/plugins+
 </code> </code>
  
-Les modules d'extensions se trouvent dans le répertoire **/var/lib/openvas/plugins** :+Vérifiez ensuite la réussite de la commande précédente :
  
 <code> <code>
-[root@centos7 ~]# ls /var/lib/openvas/plugins | more +[root@centos7 ~]# ls -l /var/lib/openvas/plugins| more 
-2008 +total 36288 
-2009 +drwxr-xr-x   2 trainee trainee   32768 Mar  3 11:33 2008 
-2010 +drwxr-xr-x   2 trainee trainee   77824 Mar  3 11:33 2009 
-2011 +drwxr-xr-x   2 trainee trainee   77824 Mar  4 10:59 2010 
-2012 +drwxr-xr-x   2 trainee trainee  253952 Mar  3 11:33 2011 
-2013 +drwxr-xr-x   2 trainee trainee  307200 Mar  3 11:33 2012 
-2014 +drwxr-xr-x   3 trainee trainee  266240 Mar  3 11:33 2013 
-2015 +drwxr-xr-x   3 trainee trainee  249856 Mar  3 11:33 2014 
-2016 +drwxr-xr-x   3 trainee trainee  401408 Mar  3 11:33 2015 
-2017 +drwxr-xr-x   3 trainee trainee  389120 Mar  4 10:59 2016 
-2018 +drwxr-xr-x  64 trainee trainee  282624 Mar  3 11:33 2017 
-404.inc +drwxr-xr-x 289 trainee trainee   12288 Feb 16 12:02 2018 
-404.inc.asc +drwxr-xr-x 214 trainee trainee   12288 Nov 25 11:24 2019 
-aas_detect.nasl +drwxr-xr-x 180 trainee trainee    4096 Jan 25 11:10 2020 
-aas_detect.nasl.asc +drwxr-xr-x  72 trainee trainee    4096 Mar  4 10:59 2021 
-adaptbb_detect.nasl +-rw-r--r--   1 trainee trainee    3470 Jul 20  2020 404.inc 
-adaptbb_detect.nasl.asc +-rw-r--r--   1 trainee trainee    3012 Dec  9 10:01 aas_detect.nasl 
-AfterLogic_WebMail_Pro_detect.nasl +-rw-r--r--   1 trainee trainee    3166 Aug 27  2020 adaptbb_detect.nasl 
-AfterLogic_WebMail_Pro_detect.nasl.asc +-rw-r--r--   1 trainee trainee    4016 Aug 27  2020 AfterLogic_WebMail_Pro_detect.nasl 
-alcatel_backdoor_switch.nasl +-rw-r--r--   1 trainee trainee    3176 Nov 12 11:33 amanda_detect.nasl 
-alcatel_backdoor_switch.nasl.asc +-rw-r--r--   1 trainee trainee    3173 Nov 12 11:33 amanda_version.nasl 
-amanda_detect.nasl +-rw-r--r--   1 trainee trainee    3549 Mar  1 11:32 apache_server_info.nasl 
-amanda_detect.nasl.asc+-rw-r--r--   1 trainee trainee    7491 Mar  4 10:59 apache_SSL_complain.nasl 
 +-rw-r--r--   1 trainee trainee    4679 Nov 12 11:33 apcnisd_detect.nasl 
 +-rw-r--r--   1 trainee trainee    3303 Aug 27  2020 AproxEngine_detect.nasl 
 +-rw-r--r--   1 trainee trainee    2706 Feb 14  2020 arcserve_backup_detect.nasl 
 +-rw-r--r--   1 trainee trainee    2700 Mar  3 11:33 arkoon.nasl 
 +-rw-r--r--   1 trainee trainee    7477 Nov 12 11:33 asip-status.nasl 
 +-rw-r--r--   1 trainee trainee    4522 Aug 27  2020 atmail_detect.nasl 
 +drwxr-xr-x   4 trainee trainee   20480 Mar  2 12:14 attic 
 +-rw-r--r--   1 trainee trainee    2703 Nov 12 11:33 auth_enabled.nasl 
 +-rw-r--r--   1 trainee trainee    2573 May  7  2020 aventail_asap.nasl 
 +-rw-r--r--   1 trainee trainee    4620 Dec 21 15:00 awstats_detect.nasl 
 +-rw-r--r--   1 trainee trainee    3711 Aug 27  2020 axigen_web_detect.nasl 
 +-rw-r--r--   1 trainee trainee 1639798 Feb 14  2020 bad_dsa_ssh_host_keys.txt
 --More-- --More--
 </code> </code>
Ligne 598: Ligne 1270:
 </code> </code>
  
-Contruisez maintenant la base de données :+Construisez maintenant la base de données :
  
 <code> <code>
Ligne 665: Ligne 1337:
 </WRAP> </WRAP>
  
-La prochaine étape donc consiste à récupérer la base SCAP (Security Content Automation Protocol) :+La prochaine étape donc consiste à récupérer la base SCAP (Security Content Automation Protocol)
 + 
 +Téléchargez le script **greenbone-feed-sync** :
  
 <code> <code>
-[root@centos7 ~]# openvas-scapdata-sync+[root@centos7 ~]# wget https://www.dropbox.com/scl/fi/10hf8fpdq2yhd821qb5pk/greenbone-nvt-sync?rlkey=7f4taliexlpg54pa1c1yz8czx&st=tkvnjg55 
 + 
 +[root@centos7 ~]# mv greenbone-nvt-sync?rlkey=7f4taliexlpg54pa1c1yz8czx greenbone-nvt-sync 
 +</code> 
 + 
 +Si vous ne pouvez pas téléchargez le script **greenbone-feed-sync**, copiez son contenu ci-dessous et créez-le : 
 + 
 +<code> 
 +[root@centos7 ~]# vi greenbone-feed-sync 
 +[root@centos7 ~]# cat greenbone-feed-sync 
 +#!/bin/sh 
 +# Copyright (C) 2011-2020 Greenbone Networks GmbH 
 +
 +# SPDX-License-Identifier: AGPL-3.0-or-later 
 +
 +# This program is free software: you can redistribute it and/or modify 
 +# it under the terms of the GNU Affero General Public License as 
 +# published by the Free Software Foundation, either version 3 of the 
 +# License, or (at your option) any later version. 
 +
 +# This program is distributed in the hope that it will be useful, 
 +# but WITHOUT ANY WARRANTY; without even the implied warranty of 
 +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the 
 +# GNU Affero General Public License for more details. 
 +
 +# You should have received a copy of the GNU Affero General Public License 
 +# along with this program.  If not, see <http://www.gnu.org/licenses/>
 + 
 +# This script synchronizes a GVM installation with the 
 +# feed data from either the Greenbone Security Feed (in 
 +# case a GSF access key is present) or else from the Greenbone 
 +# Community Feed. 
 + 
 +log_notice () { 
 +  $LOG_CMD -p daemon.notice "$1" 
 +
 + 
 + 
 +########## SETTINGS 
 +########## ======== 
 + 
 +# PRIVATE_SUBDIR defines a subdirectory of the feed data directory 
 +# where files not part of the feed or database will not be deleted by rsync. 
 +if [ -z "$PRIVATE_SUBDIR"
 +then 
 +  PRIVATE_SUBDIR="private" 
 +fi 
 + 
 +# RSYNC_DELETE controls whether files which are not part of the repository will 
 +# be removed from the local directory after synchronization. The default value 
 +# for this setting is 
 +# "--delete --exclude feed.xml --exclude $PRIVATE_SUBDIR/", 
 +# which means that files which are not part of the feed, feed info or private 
 +# directory will be deleted. 
 +RSYNC_DELETE="--delete --exclude feed.xml --exclude \"$PRIVATE_SUBDIR/\"" 
 + 
 +# RSYNC_SSH_OPTS contains options which should be passed to ssh for the rsync 
 +# connection to the repository. 
 +RSYNC_SSH_OPTS="-o \"UserKnownHostsFile=/dev/null\" -o \"StrictHostKeyChecking=no\"" 
 + 
 +# RSYNC_COMPRESS specifies the compression level to use for the rsync connection. 
 +RSYNC_COMPRESS="--compress-level=9" 
 + 
 +# PORT controls the outgoing TCP port for updates. If PAT/Port-Translation is 
 +# not used, this should be "24". For some application layer firewalls or gates 
 +# the value 22 (Standard SSH) is useful. Only change if you know what you are 
 +# doing. 
 +PORT=24 
 + 
 +# SCRIPT_NAME is the name the scripts will use to identify itself and to mark 
 +# log messages. 
 +SCRIPT_NAME="greenbone-feed-sync" 
 + 
 +# LOG_CMD defines the command to use for logging. To have logger log to stderr 
 +# as well as syslog, add "-s" here. 
 +LOG_CMD="logger -t $SCRIPT_NAME" 
 + 
 +# LOCK_FILE is the name of the file used to lock the feed during sync or update. 
 +if [ -z "$LOCK_FILE"
 +then 
 +  LOCK_FILE="@GVM_FEED_LOCK_PATH@" 
 +fi 
 + 
 + 
 +########## GLOBAL VARIABLES 
 +########## ================ 
 + 
 +VERSION=@GVMD_VERSION@ 
 + 
 +[ -r "@GVM_SYSCONF_DIR@/greenbone-feed-sync.conf" ] && . "@GVM_SYSCONF_DIR@/greenbone-feed-sync.conf" 
 + 
 +if [ -z "$DROP_USER" ]; then 
 +  DROP_USER="@GVM_DEFAULT_DROP_USER@" 
 +fi 
 + 
 +ACCESSKEY="@GVM_ACCESS_KEY_DIR@/gsf-access-key" 
 + 
 +# Note when running as root or restart as $DROP_USER if defined 
 +if [ $(id -u) -eq 0 ] 
 +then 
 +  if [ -z "$DROP_USER"
 +  then 
 +    log_notice "Running as root" 
 +  else 
 +    log_notice "Started as root, restarting as $DROP_USER" 
 +    su --shell /bin/sh --command "$0 $*" "$DROP_USER" 
 +    exit $? 
 +  fi 
 +fi 
 + 
 +# Determine whether a GSF access key is present. If yes, 
 +# then use the Greenbone Security Feed. Else use the 
 +# Greenbone Community Feed. 
 +if [ -e $ACCESSKEY ] 
 +then 
 +  RESTRICTED=1 
 + 
 +  if [ -z "$FEED_VENDOR" ]; then 
 +    FEED_VENDOR="Greenbone Networks GmbH" 
 +  fi 
 + 
 +  if [ -z "$FEED_HOME" ]; then 
 +    FEED_HOME="https://www.greenbone.net/en/security-feed/" 
 +  fi 
 + 
 +else 
 +  RESTRICTED=0 
 + 
 +  if [ -z "$FEED_VENDOR" ]; then 
 +    FEED_VENDOR="Greenbone Networks GmbH" 
 +  fi 
 + 
 +  if [ -z "$FEED_HOME" ]; then 
 +    FEED_HOME="https://community.greenbone.net/t/about-greenbone-community-feed-gcf/1224" 
 +  fi 
 + 
 +fi 
 + 
 +RSYNC=`command -v rsync` 
 + 
 +# Current supported feed types (for --type parameter) 
 +FEED_TYPES_SUPPORTED="CERT, SCAP or GVMD_DATA" 
 + 
 +########## FUNCTIONS 
 +########## ========= 
 + 
 +log_debug () { 
 +  $LOG_CMD -p daemon.debug "$1" 
 +
 + 
 +log_info () { 
 +  $LOG_CMD -p daemon.info "$1" 
 +
 + 
 +log_warning () { 
 +  $LOG_CMD -p daemon.warning "$1" 
 +
 + 
 +log_err () { 
 +  $LOG_CMD -p daemon.err "$1" 
 +
 + 
 +init_feed_type () { 
 +  if [ -z "$FEED_TYPE"
 +  then 
 +    echo "No feed type given to --type parameter" 
 +    log_err "No feed type given to --type parameter" 
 +    exit 1 
 +  elif [ "CERT" = "$FEED_TYPE"
 +  then 
 +    [ -r "@GVM_SYSCONF_DIR@/greenbone-certdata-sync.conf" ] && . "@GVM_SYSCONF_DIR@/greenbone-certdata-sync.conf" 
 + 
 +    FEED_TYPE_LONG="CERT data" 
 +    FEED_DIR="@GVM_CERT_DATA_DIR@" 
 +    TIMESTAMP="$FEED_DIR/timestamp" 
 +    SCRIPT_ID="CERTSYNC" 
 + 
 +    if [ -z "$COMMUNITY_CERT_RSYNC_FEED" ]; then 
 +      COMMUNITY_RSYNC_FEED="rsync://feed.community.greenbone.net:/cert-data" 
 +      # An alternative syntax which might work if the above doesn't: 
 +      # COMMUNITY_RSYNC_FEED="rsync@feed.community.greenbone.net::cert-data" 
 +    else 
 +      COMMUNITY_RSYNC_FEED="$COMMUNITY_CERT_RSYNC_FEED" 
 +    fi 
 + 
 +    GSF_RSYNC_PATH="/cert-data" 
 + 
 +    if [ -e $ACCESSKEY ]; then 
 +      if [ -z "$FEED_NAME" ]; then 
 +        FEED_NAME="Greenbone CERT Feed" 
 +      fi 
 +    else 
 +      if [ -z "$FEED_NAME" ]; then 
 +        FEED_NAME="Greenbone Community CERT Feed" 
 +      fi 
 +    fi 
 +  elif [ "SCAP" = "$FEED_TYPE"
 +  then 
 +    [ -r "@GVM_SYSCONF_DIR@/greenbone-scapdata-sync.conf" ] && . "@GVM_SYSCONF_DIR@/greenbone-scapdata-sync.conf" 
 + 
 +    FEED_TYPE_LONG="SCAP data" 
 +    FEED_DIR="@GVM_SCAP_DATA_DIR@" 
 +    TIMESTAMP="$FEED_DIR/timestamp" 
 +    SCRIPT_ID="SCAPSYNC" 
 + 
 +    if [ -z "$COMMUNITY_SCAP_RSYNC_FEED" ]; then 
 +      COMMUNITY_RSYNC_FEED="rsync://feed.community.greenbone.net:/scap-data" 
 +      # An alternative syntax which might work if the above doesn't: 
 +      # COMMUNITY_RSYNC_FEED="rsync@feed.community.greenbone.net::scap-data" 
 +    else 
 +      COMMUNITY_RSYNC_FEED="$COMMUNITY_SCAP_RSYNC_FEED" 
 +    fi 
 + 
 +    GSF_RSYNC_PATH="/scap-data" 
 + 
 +    if [ -e $ACCESSKEY ]; then 
 +      if [ -z "$FEED_NAME" ]; then 
 +        FEED_NAME="Greenbone SCAP Feed" 
 +      fi 
 +    else 
 +      if [ -z "$FEED_NAME" ]; then 
 +        FEED_NAME="Greenbone Community SCAP Feed" 
 +      fi 
 +    fi 
 +  elif [ "GVMD_DATA" = "$FEED_TYPE"
 +  then 
 +    [ -r "@GVM_SYSCONF_DIR@/greenbone-data-objects-sync.conf" ] && . "@GVM_SYSCONF_DIR@/greenbone-data-objects-sync.conf" 
 + 
 +    FEED_TYPE_LONG="gvmd Data" 
 +    FEED_DIR="@GVMD_FEED_DIR@" 
 +    TIMESTAMP="$FEED_DIR/timestamp" 
 +    SCRIPT_ID="GVMD_DATA_SYNC" 
 + 
 +    if [ -z "$COMMUNITY_GVMD_DATA_RSYNC_FEED" ]; then 
 +      COMMUNITY_RSYNC_FEED="rsync://feed.community.greenbone.net:/data-objects/gvmd/" 
 +      # An alternative syntax which might work if the above doesn't: 
 +      # COMMUNITY_RSYNC_FEED="rsync@feed.community.greenbone.net::data-objects/gvmd/" 
 +    else 
 +      COMMUNITY_RSYNC_FEED="$COMMUNITY_GVMD_DATA_RSYNC_FEED" 
 +    fi 
 + 
 +    GSF_RSYNC_PATH="/data-objects/gvmd/" 
 + 
 +    if [ -e $ACCESSKEY ]; then 
 +      if [ -z "$FEED_NAME" ]; then 
 +        FEED_NAME="Greenbone gvmd Data Feed" 
 +      fi 
 +    else 
 +      if [ -z "$FEED_NAME" ]; then 
 +        FEED_NAME="Greenbone Community gvmd Data Feed" 
 +      fi 
 +    fi 
 +  else 
 +    echo "Invalid feed type $FEED_TYPE given to --type parameter. Currently supported: $FEED_TYPES_SUPPORTED" 
 +    log_err "Invalid feed type $FEED_TYPE given to --type parameter. Currently supported: $FEED_TYPES_SUPPORTED" 
 +    exit 1 
 +  fi 
 +
 + 
 +write_feed_xml () { 
 +  if [ -r $TIMESTAMP ] 
 +  then 
 +    FEED_VERSION=`cat $TIMESTAMP` 
 +  else 
 +    FEED_VERSION=0 
 +  fi 
 + 
 +  mkdir -p $FEED_DIR 
 +  echo '<feed id="6315d194-4b6a-11e7-a570-28d24461215b">' > $FEED_DIR/feed.xml 
 +  echo "<type>$FEED_TYPE</type>" >> $FEED_DIR/feed.xml 
 +  echo "<name>$FEED_NAME</name>" >> $FEED_DIR/feed.xml 
 +  echo "<version>$FEED_VERSION</version>" >> $FEED_DIR/feed.xml 
 +  echo "<vendor>$FEED_VENDOR</vendor>" >> $FEED_DIR/feed.xml 
 +  echo "<home>$FEED_HOME</home>" >> $FEED_DIR/feed.xml 
 +  echo "<description>" >> $FEED_DIR/feed.xml 
 +  echo "This script synchronizes a $FEED_TYPE collection with the '$FEED_NAME'." >> $FEED_DIR/feed.xml 
 +  echo "The '$FEED_NAME' is provided by '$FEED_VENDOR'." >> $FEED_DIR/feed.xml 
 +  echo "Online information about this feed: '$FEED_HOME'." >> $FEED_DIR/feed.xml 
 +  echo "</description>" >> $FEED_DIR/feed.xml 
 +  echo "</feed>" >> $FEED_DIR/feed.xml 
 +
 + 
 +create_tmp_key () { 
 +  KEYTEMPDIR=`mktemp -d` 
 +  cp "$ACCESSKEY" "$KEYTEMPDIR" 
 +  TMPACCESSKEY="$KEYTEMPDIR/gsf-access-key" 
 +  chmod 400 "$TMPACCESSKEY" 
 +
 + 
 +remove_tmp_key () { 
 +  rm -rf "$KEYTEMPDIR" 
 +
 + 
 +set_interrupt_trap () { 
 +  trap "handle_interrupt $1" 2 
 +
 + 
 +handle_interrupt () { 
 +  echo "$1:X" >&
 +
 + 
 +do_describe () { 
 +  echo "This script synchronizes a $FEED_TYPE collection with the '$FEED_NAME'." 
 +  echo "The '$FEED_NAME' is provided by '$FEED_VENDOR'." 
 +  echo "Online information about this feed: '$FEED_HOME'." 
 +
 + 
 +do_feedversion () { 
 +  if [ -r $TIMESTAMP ]; then 
 +      cat $TIMESTAMP 
 +  fi 
 +
 + 
 +# This function uses gos-state-manager to get information about the settings. 
 +# gos-state-manager is only available on a Greenbone OS. 
 +# If gos-state-manager is missing the settings values can not be retrieved. 
 +
 +# Input: option 
 +# Output: value as string or empty String if gos-state-manager is not installed 
 +#         or option not set 
 +get_value () 
 +
 +  value="" 
 +  key=$1 
 +  if which gos-state-manager 1>/dev/null 2>&
 +  then 
 +    if gos-state-manager get "$key.value" 1>/dev/null 2>&
 +    then 
 +      value="$(gos-state-manager get "$key.value")" 
 +    fi 
 +  fi 
 +  echo "$value" 
 +
 + 
 +is_feed_current () { 
 +  if [ -r $TIMESTAMP ] 
 +  then 
 +    FEED_VERSION=`cat $TIMESTAMP` 
 +  fi 
 + 
 +  if [ -z "$FEED_VERSION"
 +  then 
 +    log_warning "Could not determine feed version." 
 +    FEED_CURRENT=0 
 +    return $FEED_CURRENT 
 +  fi 
 + 
 +  FEED_INFO_TEMP_DIR=`mktemp -d` 
 + 
 +  if [ -e $ACCESSKEY ] 
 +  then 
 +    read feeduser < $ACCESSKEY 
 +    custid_at_host=`head -1 $ACCESSKEY | cut -d : -f 1` 
 + 
 +    if [ -z "$feeduser" ] || [ -z "$custid_at_host"
 +    then 
 +      log_err "Could not determine credentials, aborting synchronization." 
 +      rm -rf "$FEED_INFO_TEMP_DIR" 
 +      exit 1 
 +    fi 
 + 
 +    gsmproxy=$(get_value proxy_feed | sed -r -e 's/^.*\/\///' -e 's/:([0-9]+)$/ \1/'
 +    syncport=$(get_value syncport) 
 +    if [ "$syncport"
 +    then 
 +      PORT="$syncport" 
 +    fi 
 + 
 +    if [ -z "$gsmproxy" ] || [ "$gsmproxy" = "proxy_feed"
 +    then 
 +      RSYNC_SSH_PROXY_CMD="" 
 +    else 
 +      if [ -e $GVM_SYSCONF_DIR/proxyauth ] && [ -r $GVM_SYSCONF_DIR/proxyauth ]; then 
 +        RSYNC_SSH_PROXY_CMD="-o \"ProxyCommand corkscrew $gsmproxy %h %p $GVM_SYSCONF_DIR/proxyauth\"" 
 +      else 
 +        RSYNC_SSH_PROXY_CMD="-o \"ProxyCommand corkscrew $gsmproxy %h %p\"" 
 +      fi 
 +    fi 
 +    create_tmp_key 
 +    rsync -e "ssh $RSYNC_SSH_OPTS $RSYNC_SSH_PROXY_CMD -p $PORT -i $TMPACCESSKEY" -ltvrP --chmod=D+x $RSYNC_DELETE $RSYNC_COMPRESS $custid_at_host:$GSF_RSYNC_PATH/timestamp "$FEED_INFO_TEMP_DIR" 
 +    if [ $? -ne 0 ] 
 +    then 
 +      log_err "rsync failed, aborting synchronization." 
 +      rm -rf "$FEED_INFO_TEMP_DIR" 
 +      remove_tmp_key 
 +      exit 1 
 +    fi 
 +    remove_tmp_key 
 +  else 
 +    # Sleep for five seconds (a previous feed might have been synced a few seconds before) to prevent 
 +    # IP blocking due to network equipment in between keeping the previous connection too long open. 
 +    sleep 5 
 +    log_notice "No Greenbone Security Feed access key found, falling back to Greenbone Community Feed" 
 +    eval "$RSYNC -ltvrP \"$COMMUNITY_RSYNC_FEED/timestamp\" \"$FEED_INFO_TEMP_DIR\"" 
 +    if [ $? -ne 0 ] 
 +    then 
 +      log_err "rsync failed, aborting synchronization." 
 +      rm -rf "$FEED_INFO_TEMP_DIR" 
 +      exit 1 
 +    fi 
 +  fi 
 + 
 +  FEED_VERSION_SERVER=`cat "$FEED_INFO_TEMP_DIR/timestamp"
 + 
 +  if [ -z "$FEED_VERSION_SERVER"
 +  then 
 +    log_err "Could not determine server feed version." 
 +    rm -rf "$FEED_INFO_TEMP_DIR" 
 +    exit 1 
 +  fi 
 + 
 +  # Check against FEED_VERSION 
 +  if [ $FEED_VERSION -lt $FEED_VERSION_SERVER ]; then 
 +    FEED_CURRENT=0 
 +  else 
 +    FEED_CURRENT=1 
 +  fi 
 + 
 +  # Cleanup 
 +  rm -rf "$FEED_INFO_TEMP_DIR" 
 + 
 +  return $FEED_CURRENT 
 +
 + 
 +do_help () { 
 +  echo "$0: Sync feed data" 
 + 
 +  if [ -e $ACCESSKEY ] 
 +  then 
 +    echo "GSF access key found: Using Greenbone Security Feed" 
 +  else 
 +    echo "No GSF access key found: Using Community Feed" 
 +  fi 
 + 
 +  echo " --describe      display current feed info" 
 +  echo " --feedversion   display version of this feed" 
 +  echo " --help          display this help" 
 +  echo " --identify      display information" 
 +  echo " --selftest      perform self-test" 
 +  echo " --type <TYPE>   choose type of data to sync ($FEED_TYPES_SUPPORTED)" 
 +  echo " --version       display version" 
 +  echo "" 
 +  exit 0 
 +
 + 
 +do_rsync_community_feed () { 
 +  if [ -z "$RSYNC" ]; then 
 +    log_err "rsync not found!" 
 +  else 
 +    # Sleep for five seconds (after is_feed_current) to prevent IP blocking due to 
 +    # network equipment in between keeping the previous connection too long open. 
 +    sleep 5 
 +    log_notice "Using rsync: $RSYNC" 
 +    log_notice "Configured $FEED_TYPE_LONG rsync feed: $COMMUNITY_RSYNC_FEED" 
 +    mkdir -p "$FEED_DIR" 
 +    eval "$RSYNC -ltvrP $RSYNC_DELETE \"$COMMUNITY_RSYNC_FEED\" \"$FEED_DIR\"" 
 +    if [ $? -ne 0 ]; then 
 +      log_err "rsync failed. Your $FEED_TYPE_LONG might be broken now." 
 +      exit 1 
 +    fi 
 +  fi 
 +
 + 
 +do_sync_community_feed () { 
 +  if [ -z "$RSYNC" ]; then 
 +    log_err "rsync not found!" 
 +    log_err "No utility available in PATH environment variable to download Feed data" 
 +    exit 1 
 +  else 
 +    log_notice "Will use rsync" 
 +    do_rsync_community_feed 
 +  fi 
 +
 + 
 +sync_feed_data(){ 
 +  if [ -e $ACCESSKEY ] 
 +  then 
 +    log_notice "Found Greenbone Security Feed subscription file, trying to synchronize with Greenbone $FEED_TYPE_LONG Repository ..." 
 +    notsynced=1 
 + 
 +    mkdir -p "$FEED_DIR" 
 +    read feeduser < $ACCESSKEY 
 +    custid_at_host=`head -1 $ACCESSKEY | cut -d : -f 1` 
 + 
 +    if [ -z "$feeduser" ] || [ -z "$custid_at_host"
 +    then 
 +      log_err "Could not determine credentials, aborting synchronization." 
 +      exit 1 
 +    fi 
 + 
 +    while [ 0 -ne "$notsynced"
 +    do 
 + 
 +      gsmproxy=$(get_value proxy_feed | sed -r -e 's/^.*\/\///' -e 's/:([0-9]+)$/ \1/'
 +      syncport=$(get_value syncport) 
 +      if [ "$syncport"
 +      then 
 +        PORT="$syncport" 
 +      fi 
 + 
 +      if [ -z "$gsmproxy" ] || [ "$gsmproxy" = "proxy_feed"
 +      then 
 +        RSYNC_SSH_PROXY_CMD="" 
 +      else 
 +        if [ -e $GVM_SYSCONF_DIR/proxyauth ] && [ -r $GVM_SYSCONF_DIR/proxyauth ]; then 
 +          RSYNC_SSH_PROXY_CMD="-o \"ProxyCommand corkscrew $gsmproxy %h %p $GVM_SYSCONF_DIR/proxyauth\"" 
 +        else 
 +          RSYNC_SSH_PROXY_CMD="-o \"ProxyCommand corkscrew $gsmproxy %h %p\"" 
 +        fi 
 +      fi 
 +      create_tmp_key 
 +      rsync -e "ssh $RSYNC_SSH_OPTS $RSYNC_SSH_PROXY_CMD -p $PORT -i $ACCESSKEY" -ltvrP --chmod=D+x $RSYNC_DELETE $RSYNC_COMPRESS $custid_at_host:$GSF_RSYNC_PATH/ $FEED_DIR 
 +      if [ 0 -ne "$?" ]; then 
 +        log_err "rsync failed, aborting synchronization." 
 +        remove_tmp_key 
 +        exit 1 
 +      fi 
 +      remove_tmp_key 
 +      notsynced=0 
 +    done 
 +    log_notice "Synchronization with the Greenbone $FEED_TYPE_LONG Repository successful." 
 +  else 
 +    log_notice "No Greenbone Security Feed access key found, falling back to Greenbone Community Feed" 
 +    do_sync_community_feed 
 +  fi 
 + 
 +  write_feed_xml 
 +
 + 
 +do_self_test () { 
 +  if [ -z "$SELFTEST_STDERR"
 +  then 
 +    SELFTEST_STDERR=0 
 +  fi 
 + 
 +  if [ -z "$RSYNC"
 +  then 
 +    if [ 0 -ne $SELFTEST_STDERR ] 
 +    then 
 +      echo "rsync not found (required)." 1>&
 +    fi 
 +    log_err "rsync not found (required)." 
 +    SELFTEST_FAIL=1 
 +  fi 
 +
 + 
 + 
 +########## START 
 +########## ===== 
 + 
 +while test $# -gt 0; do 
 +  case "$1" in 
 +    "--version"|"--identify"|"--describe"|"--feedversion"|"--selftest"|"--feedcurrent"
 +      if [ -z "$ACTION" ]; then 
 +        ACTION="$1" 
 +      fi 
 +      ;; 
 +    "--help"
 +      do_help 
 +      exit 0 
 +      ;; 
 +    "--type"
 +      FEED_TYPE=$(echo "$2" | tr '[:lower:]-' '[:upper:]_'
 +      shift 
 +      ;; 
 +  esac 
 +  shift 
 +done 
 + 
 +init_feed_type 
 + 
 +write_feed_xml 
 + 
 +case "$ACTION" in 
 +  --version) 
 +    echo $VERSION 
 +    exit 0 
 +    ;; 
 +  --identify) 
 +    echo "$SCRIPT_ID|$SCRIPT_NAME|$VERSION|$FEED_NAME|$RESTRICTED|$SCRIPT_ID" 
 +    exit 0 
 +    ;; 
 +  --describe) 
 +    do_describe 
 +    exit 0 
 +    ;; 
 +  --feedversion) 
 +    do_feedversion 
 +    exit 0 
 +    ;; 
 +  --selftest) 
 +    SELFTEST_FAIL=0 
 +    SELFTEST_STDERR=1 
 +    do_self_test 
 +    exit $SELFTEST_FAIL 
 +    ;; 
 +  --feedcurrent) 
 +    is_feed_current 
 +    exit $? 
 +    ;; 
 +esac 
 + 
 +SELFTEST_FAIL=0 
 +do_self_test 
 +if [ $SELFTEST_FAIL -ne 0 ] 
 +then 
 +  exit 1 
 +fi 
 + 
 +is_feed_current 
 +if [ $FEED_CURRENT -eq 1 ] 
 +then 
 +  log_notice "Feed is already current, skipping synchronization." 
 +  exit 0 
 +fi 
 +
 +  chmod +660 $LOCK_FILE 
 +  flock -n 9 
 +  if [ $? -eq 1 ]; then 
 +    log_notice "Sync in progress, exiting." 
 +    exit 1 
 +  fi 
 +  date > $LOCK_FILE 
 +  sync_feed_data 
 +  echo -n > $LOCK_FILE 
 +) 9>>$LOCK_FILE 
 + 
 +exit 0 
 +</code> 
 + 
 +Rendez le script exécutable : 
 + 
 +<code> 
 +[root@centos7 ~]# chmod +x greenbone-feed-sync 
 +</code> 
 + 
 +Déplacez le script vers **/usr/sbin/** : 
 + 
 +<code> 
 +[root@centos7 ~]# mv greenbone-feed-sync /usr/sbin/ 
 +</code> 
 + 
 +Devenez l'utilisateur trainee et mettez à jour les modules d'extensions de OpenVAS : 
 + 
 +<code> 
 +[root@centos7 ~]# su - trainee 
 +Last login: Fri Mar  5 07:35:08 UTC 2021 on pts/0 
 +[trainee@centos7 ~]$ greenbone-feed-sync --type SCAP 
 +... 
 +[root@centos7 ~]# exit
 </code> </code>
  
Ligne 1906: Ligne 3229:
  
 Puis saisissez les requêtes et commandes suivantes : Puis saisissez les requêtes et commandes suivantes :
 +
 +<file>
 +CREATE DATABASE auth;
 +</file>
 +
 +<file>
 +USE auth;
 +</file>
 +
  
 <file> <file>
Ligne 1921: Ligne 3253:
     IDENTIFIED BY 'PaSsW0Rd';     IDENTIFIED BY 'PaSsW0Rd';
 </file> </file>
 +
 +Vous obtiendrez : 
  
 <code> <code>
Ligne 3012: Ligne 4346:
  
 ----- -----
-<html> +Copyright © 2024 Hugh Norris. 
-<div align="center"> +
-Copyright © Hugh Norris.<br><br> +
-</div> +
-</html>+

Piste : Configuration réseau avancée LCF903 - Scripting Shell LCF505 - Gestion des Tâches LDF705 - OHAI et Attributs Automatiques, Databags SER406 - Sauvegardes et Replication Tarifs HT

Menu