net-analyzer/ospd-openvas: add new package

Bug: https://bugs.gentoo.org/713804
Package-Manager: Portage-2.3.89, Repoman-2.3.20
Signed-off-by: Jonas Licht <jonas.licht@fem.tu-ilmenau.de>
Closes: https://github.com/gentoo/gentoo/pull/14922
Signed-off-by: Joonas Niilola <juippis@gentoo.org>

8 files changed, 173 insertions, 0 deletions

diff --git a/net-analyzer/ospd-openvas/Manifest b/net-analyzer/ospd-openvas/Manifest
new file mode 100644
index 000000000000..00e7b1d401c7
--- /dev/null
+++ b/net-analyzer/ospd-openvas/Manifest
@@ -0,0 +1 @@
+DIST ospd-openvas-1.0.0.tar.gz 49725 BLAKE2B 230df2f572f345b9ed398e2af120a2fecee87f9f8d8d3c072ca314960f34f7329fe22b002ba0971ba6dc14cd3ca4543120653f89b3085a0f8a932fbeb6ef2682 SHA512 2b2e4f38843265a018a58b7fbd2fde0449d4f6cf3c5c1b7bec02d8390ab257020304f5be1bf2a77f7d28a04f4d1da611fc9b3066bef370dd686dfb8684fce534
diff --git a/net-analyzer/ospd-openvas/files/ospd-openvas.confd b/net-analyzer/ospd-openvas/files/ospd-openvas.confd
new file mode 100644
index 000000000000..fc776ac49e32
--- /dev/null
+++ b/net-analyzer/ospd-openvas/files/ospd-openvas.confd
@@ -0,0 +1,10 @@
+# OpenVAS Scanner command args
+
+# e.g --foreground
+OSPD_OPENVAS_OPTIONS=""
+
+# Scanner listen socket
+OSPD_OPENVAS_UNIX_SOCKET="--unix-socket=/tmp/ospd.sock"
+
+# Scanner listen mode
+OSPD_OPENVAS_SOCKET_MODE="--socket-mode=0o777"
diff --git a/net-analyzer/ospd-openvas/files/ospd-openvas.initd b/net-analyzer/ospd-openvas/files/ospd-openvas.initd
new file mode 100644
index 000000000000..ced28d892dcd
--- /dev/null
+++ b/net-analyzer/ospd-openvas/files/ospd-openvas.initd
@@ -0,0 +1,17 @@
+#!/sbin/openrc-run
+# Copyright 2020 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+name="remotely control an OpenVAS Scanner"
+command=/usr/bin/ospd-openvas
+pidfile="/run/${RC_SVCNAME}.pid"
+command_args="${OSPD_OPENVAS_OPTIONS} \
+	${OSPD_OPENVAS_UNIX_SOCKET} \
+	${OSPD_OPENVAS_SOCKET_MODE} \
+	--pid-file ${pidfile} \
+	--config /etc/openvas/ospd.conf"
+
+depend() {
+	after bootmisc
+	need localmount redis
+}
diff --git a/net-analyzer/ospd-openvas/files/ospd-openvas.service b/net-analyzer/ospd-openvas/files/ospd-openvas.service
new file mode 100644
index 000000000000..f496797d54ff
--- /dev/null
+++ b/net-analyzer/ospd-openvas/files/ospd-openvas.service
@@ -0,0 +1,18 @@
+[Unit]
+Description=OSPD OpenVAS
+After=network.target networking.service dnsmasq.service redis-server@openvas.service systemd-tmpfiles.service
+ConditionKernelCommandLine=!recovery
+
+[Service]
+Type=forking
+User=gvm
+Group=gvm
+ExecStart=/usr/bin/ospd-openvas --config /etc/openvas/ospd.conf --foreground
+SuccessExitStatus=SIGKILL
+# This works asynchronously, but does not take the daemon down during the reload so it's ok.
+Restart=always
+RestartSec=60
+
+[Install]
+WantedBy=multi-user.target
+Alias=ospd-openvas.service
diff --git a/net-analyzer/ospd-openvas/files/ospd.conf b/net-analyzer/ospd-openvas/files/ospd.conf
new file mode 100644
index 000000000000..bac46565001c
--- /dev/null
+++ b/net-analyzer/ospd-openvas/files/ospd.conf
@@ -0,0 +1,10 @@
+[OSPD - openvas]
+
+#required by gvmd
+unix_socket = /tmp/ospd.sock
+
+#socket_mode = 0o770
+#unix_socket = /run/ospd/ospd-openvas.pid
+
+log_level = DEBUG
+log_file = /var/log/gvm/ospd-openvas.log
diff --git a/net-analyzer/ospd-openvas/files/redis.conf.example b/net-analyzer/ospd-openvas/files/redis.conf.example
new file mode 100644
index 000000000000..6a41211aaae8
--- /dev/null
+++ b/net-analyzer/ospd-openvas/files/redis.conf.example
@@ -0,0 +1,57 @@
+bind 127.0.0.1
+protected-mode yes
+port 0
+tcp-backlog 511
+unixsocket /tmp/redis.sock
+unixsocketperm 700
+timeout 0
+tcp-keepalive 300
+daemonize no
+supervised no
+pidfile /run/redis/redis.pid
+loglevel notice
+logfile /var/log/redis/redis.log
+databases 16
+always-show-logo yes
+stop-writes-on-bgsave-error yes
+rdbcompression yes
+rdbchecksum yes
+dbfilename dump.rdb
+dir /var/lib/redis/
+slave-serve-stale-data yes
+slave-read-only yes
+repl-diskless-sync no
+repl-diskless-sync-delay 5
+repl-disable-tcp-nodelay no
+slave-priority 100
+lazyfree-lazy-eviction no
+lazyfree-lazy-expire no
+lazyfree-lazy-server-del no
+slave-lazy-flush no
+appendonly no
+appendfilename "appendonly.aof"
+appendfsync everysec
+no-appendfsync-on-rewrite no
+auto-aof-rewrite-percentage 100
+auto-aof-rewrite-min-size 64mb
+aof-load-truncated yes
+aof-use-rdb-preamble no
+lua-time-limit 5000
+slowlog-log-slower-than 10000
+slowlog-max-len 128
+latency-monitor-threshold 0
+notify-keyspace-events ""
+hash-max-ziplist-entries 512
+hash-max-ziplist-value 64
+list-max-ziplist-size -2
+list-compress-depth 0
+set-max-intset-entries 512
+zset-max-ziplist-entries 128
+zset-max-ziplist-value 64
+hll-sparse-max-bytes 3000
+activerehashing yes
+client-output-buffer-limit normal 0 0 0
+client-output-buffer-limit slave 256mb 64mb 60
+client-output-buffer-limit pubsub 32mb 8mb 60
+hz 10
+aof-rewrite-incremental-fsync yes
diff --git a/net-analyzer/ospd-openvas/metadata.xml b/net-analyzer/ospd-openvas/metadata.xml
new file mode 100644
index 000000000000..d46922d749f9
--- /dev/null
+++ b/net-analyzer/ospd-openvas/metadata.xml
@@ -0,0 +1,16 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE pkgmetadata SYSTEM "http://www.gentoo.org/dtd/metadata.dtd">
+<pkgmetadata>
+	<maintainer type="person">
+		<email>jonas.licht@gmail.com</email>
+		<name>Jonas Licht</name>
+	</maintainer>
+	<maintainer type="project">
+		<email>proxy-maint@gentoo.org</email>
+		<name>Proxy Maintainers</name>
+	</maintainer>
+	<longdescription lang="en">
+			This is an OSP server implementation to allow GVM to remotely control OpenVAS.
+			Once running, you need to configure OpenVAS for the Greenbone Vulnerability Manager, for example via the web interface Greenbone Security Assistant. Then you can create scan tasks to use OpenVAS.
+	</longdescription>
+</pkgmetadata>
diff --git a/net-analyzer/ospd-openvas/ospd-openvas-1.0.0.ebuild b/net-analyzer/ospd-openvas/ospd-openvas-1.0.0.ebuild
new file mode 100644
index 000000000000..8c2dfcfee26f
--- /dev/null
+++ b/net-analyzer/ospd-openvas/ospd-openvas-1.0.0.ebuild
@@ -0,0 +1,44 @@
+# Copyright 2020 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=7
+
+PYTHON_COMPAT=( python3_6 )
+inherit distutils-r1 systemd
+
+DESCRIPTION="This is an OSP server implementation to allow GVM to remotely control OpenVAS"
+HOMEPAGE="https://github.com/greenbone/ospd-openvas"
+SRC_URI="https://github.com/greenbone/ospd-openvas/archive/v${PV}.tar.gz -> ${P}.tar.gz"
+
+LICENSE="GPL-2"
+SLOT="0"
+KEYWORDS="~amd64 ~x86"
+IUSE=""
+
+DEPEND="
+	acct-user/gvm
+	dev-python/psutil[${PYTHON_USEDEP}]
+	dev-python/redis-py[${PYTHON_USEDEP}]
+	net-analyzer/ospd[${PYTHON_USEDEP}]
+"
+RDEPEND="
+	${DEPEND}
+	>=net-analyzer/openvas-scanner-7.0.0"
+BDEPEND=""
+
+distutils_enable_tests unittest
+
+python_install() {
+	distutils-r1_python_install
+
+	insinto /etc/openvas
+	doins "${FILESDIR}"/redis.conf.example
+	doins "${FILESDIR}"/ospd.conf
+
+	fowners -R gvm:gvm /etc/openvas
+
+	newinitd "${FILESDIR}/${PN}.initd" "${PN}"
+	newconfd "${FILESDIR}/${PN}.confd" "${PN}"
+
+	systemd_dounit "${FILESDIR}/${PN}.service"
+}