- Upgrade to 2.2.0

5 files changed, 148 insertions, 7 deletions

diff --git a/security/nessus/Makefile b/security/nessus/Makefile
index f21dc2a86873..0e1d54ef3037 100644
--- a/security/nessus/Makefile
+++ b/security/nessus/Makefile
@@ -11,8 +11,7 @@
 #  WITHOUT_NESSUS_GTK
 
 PORTNAME=	nessus
-PORTVERSION=	2.0.12
-PORTREVISION=	1
+PORTVERSION=	2.2.0
 CATEGORIES=	security
 MASTER_SITES=	ftp://ftp.nessus.org/pub/nessus/nessus-${PORTVERSION}/src/ \
 		ftp://ftp.gwdg.de/pub/linux/misc/nessus/nessus-${PORTVERSION}/src/ \
@@ -27,7 +26,7 @@ COMMENT=	A security scanner: looks for vulnerabilities in a given network
 
 CONFLICTS=	nessus-devel-[0-9]* nessus-devel-gtk-[0-9]* \
 		nessus-devel-gtk2-[0-9]*
-LIB_DEPENDS=	nasl.2:${PORTSDIR}/security/nessus-libnasl
+LIB_DEPENDS=	nasl.4:${PORTSDIR}/security/nessus-libnasl
 
 DIST_SUBDIR=	nessus
 WRKSRC=		${WRKDIR}/nessus-core
@@ -60,8 +59,14 @@ RC_SCRIPTS_SUB=	PREFIX=${PREFIX} \
 
 post-install:
 	@${SED} ${RC_SCRIPTS_SUB:S/$/!g/:S/^/ -e s!%%/:S/=/%%!/} \
-		${FILESDIR}/nessusd.sh > ${LOCALBASE}/etc/rc.d/nessusd.sh
-	@${CHMOD} +x ${LOCALBASE}/etc/rc.d/nessusd.sh
+		${FILESDIR}/nessusd.sh > ${PREFIX}/etc/rc.d/nessusd.sh
+	@${CHMOD} +x ${PREFIX}/etc/rc.d/nessusd.sh
+	@${SED} -e 's;\$${PREFIX};${PREFIX};' ${FILESDIR}/nessusd.conf \
+		> ${PREFIX}/etc/nessus/nessusd.conf.dist
+	@${SED} -e 's;\$${PREFIX};${PREFIX};' ${FILESDIR}/nessusd.rules \
+		> ${PREFIX}/etc/nessus/nessusd.rules.dist
+	@${CHMOD} 644 ${PREFIX}/etc/nessus/nessusd.conf.dist \
+		${PREFIX}/etc/nessus/nessusd.rules.dist
 	@${SETENV} ${SCRIPTS_ENV} ${SH} ${SCRIPTDIR}/move_nessus
 .if ! exists(${PREFIX}/var/CA/serverkey.pem)
 .if ! defined(BATCH)
diff --git a/security/nessus/distinfo b/security/nessus/distinfo
index bc4e5a14df1d..1e06042c18b5 100644
--- a/security/nessus/distinfo
+++ b/security/nessus/distinfo
@@ -1,2 +1,2 @@
-MD5 (nessus/nessus-core-2.0.12.tar.gz) = 23017718a25848d3629e57ea2b72a421
-SIZE (nessus/nessus-core-2.0.12.tar.gz) = 649412
+MD5 (nessus/nessus-core-2.2.0.tar.gz) = 16c1b51d81896415af9dfc91a7faf8d9
+SIZE (nessus/nessus-core-2.2.0.tar.gz) = 688545
diff --git a/security/nessus/files/nessusd.conf b/security/nessus/files/nessusd.conf
new file mode 100644
index 000000000000..b286cd54301e
--- /dev/null
+++ b/security/nessus/files/nessusd.conf
@@ -0,0 +1,120 @@
+# Configuration file of the Nessus Security Scanner
+
+
+
+# Every line starting with a '#' is a comment
+
+# Path to the security checks folder : 
+plugins_folder = ${PREFIX}/lib/nessus/plugins
+
+# Maximum number of simultaneous hosts tested : 
+max_hosts = 30
+
+# Maximum number of simultaneous checks against each host tested : 
+max_checks = 10
+
+# Niceness. If set to 'yes', nessusd will renice itself to 10.
+be_nice = no
+
+# Log file (or 'syslog') : 
+logfile = ${PREFIX}/var/nessus/logs/nessusd.messages
+
+# Shall we log every details of the attack ?
+log_whole_attack = yes
+
+# Log the name of the plugins that are loaded by the server ?
+log_plugins_name_at_load = no
+
+# Dump file for debugging output, use `-' for stdout
+dumpfile = ${PREFIX}/var/nessus/logs/nessusd.dump
+
+# Rules file : 
+rules = ${PREFIX}/etc/nessus/nessusd.rules
+
+# Users database : 
+users = ${PREFIX}/etc/nessus/nessusd.users
+
+# CGI paths to check for (cgi-bin:/cgi-aws:/ can do)
+cgi_path = /cgi-bin:/scripts
+
+# Range of the ports the port scanners will scan : 
+# 'default' means that Nessus will scan ports found in its
+# services file.
+port_range = default
+
+# Optimize the test (recommanded) : 
+optimize_test = yes
+
+# Language of the plugins :
+language = english
+
+
+
+# Optimization : 
+# Read timeout for the sockets of the tests : 
+checks_read_timeout = 5
+# Ports against which two plugins should not be run simultaneously :
+# non_simult_ports = Services/www, 139, Services/finger
+non_simult_ports = 139, 445
+# Maximum lifetime of a plugin (in seconds) : 
+plugins_timeout = 320
+
+
+# Safe checks rely on banner grabbing :
+safe_checks = yes
+
+
+# Automatically activate the plugins that are depended on
+auto_enable_dependencies = yes
+
+
+# Designate hosts by MAC address, not IP address (useful for DHCP networks)
+use_mac_addr = no
+
+
+#--- Knowledge base saving (can be configured by the client) :
+# Save the knowledge base on disk : 
+save_knowledge_base = no
+# Restore the KB for each test :
+kb_restore = no
+# Only test hosts whose KB we do not have :
+only_test_hosts_whose_kb_we_dont_have = no
+# Only test hosts whose KB we already have :
+only_test_hosts_whose_kb_we_have = no
+# KB test replay :
+kb_dont_replay_scanners = no
+kb_dont_replay_info_gathering = no
+kb_dont_replay_attacks = no
+kb_dont_replay_denials = no
+kb_max_age = 864000
+#--- end of the KB section
+
+# Can users upload their plugins ?
+plugin_upload = no
+# Suffixes of the plugins the user can upload :
+plugin_upload_suffixes = .nasl, .inc
+# Name of the user who can remotely update the plugins
+admin_user = root
+
+
+# If this option is set, Nessus will not scan a network incrementally
+# (10.0.0.1, then 10.0.0.2, 10.0.0.3 and so on..) but will attempt to
+# slice the workload throughout the whole network (ie: it will scan
+# 10.0.0.1, then 10.0.0.127, then 10.0.0.2, then 10.0.0.128 and so on...
+slice_network_addresses = no
+
+# Should consider all the NASL scripts as being signed ? (unsafe if set to 'yes')
+nasl_no_signature_check = no
+
+#end.
+#
+# Added by nessus-mkcert
+#
+cert_file=${PREFIX}/com/CA/servercert.pem
+key_file=${PREFIX}/var/CA/serverkey.pem
+ca_file=${PREFIX}/com/CA/cacert.pem
+# If you decide to protect your private key with a password, 
+# uncomment and change next line
+# pem_password=password
+# If you want to force the use of a client certificate, uncomment next line
+# force_pubkey_auth = yes
diff --git a/security/nessus/files/nessusd.rules b/security/nessus/files/nessusd.rules
new file mode 100644
index 000000000000..9190158be8c2
--- /dev/null
+++ b/security/nessus/files/nessusd.rules
@@ -0,0 +1,8 @@
+#
+# Nessus rules
+#
+
+# Syntax : accept|reject address/netmask
+
+# Accept to test anything : 
+default accept
diff --git a/security/nessus/pkg-plist b/security/nessus/pkg-plist
index 6c7c66e33bc1..1919a502ea15 100644
--- a/security/nessus/pkg-plist
+++ b/security/nessus/pkg-plist
@@ -2,6 +2,12 @@ etc/rc.d/nessusd.sh
 bin/nessus
 bin/nessus-mkcert-client
 bin/nessus-mkrand
+@unexec if cmp -s %D/etc/nessus/nessusd.conf.dist %D/etc/nessus/nessusd.conf; then rm -f %D/etc/nessus/nessusd.conf; fi
+@unexec if cmp -s %D/etc/nessus/nessusd.rules.dist %D/etc/nessus/nessusd.rules; then rm -f %D/etc/nessus/nessusd.rules; fi
+etc/nessus/nessusd.conf.dist
+etc/nessus/nessusd.rules.dist
+@exec if [ ! -f %D/etc/nessus/nessusd.conf ]; then cp %D/etc/nessus/nessusd.conf %D/etc/nessus/nessusd.conf; fi
+@exec if [ ! -f %D/etc/nessus/nessusd.rules ]; then cp %D/etc/nessus/nessusd.onf %D/etc/nessus/nessusd.onf; fi
 include/nessus/config.h
 include/nessus/includes.h
 include/nessus/nessus-devel.h
@@ -12,6 +18,7 @@ include/nessus/nessustcp.h
 include/nessus/nessusudp.h
 include/nessus/ntcompat.h
 sbin/nessus-adduser
+sbin/nessus-check-signature
 sbin/nessus-mkcert
 sbin/nessus-rmuser
 sbin/nessusd
@@ -26,3 +33,4 @@ sbin/nessusd
 @exec mkdir -p %D/lib/nessus/plugins
 @unexec rmdir %D/lib/nessus/plugins 2>/dev/null || true
 @unexec rmdir %D/lib/nessus 2>/dev/null || true
+@exec if [ ! -f %D/var/CA/serverkey.pem ]; then %D/sbin/nessus-mkcert; fi