25 #include "../misc/kb_cache.h"
26 #include "../misc/plugutils.h"
27 #include "../misc/scan_id.h"
28 #include "../misc/vendorversion.h"
36 #include <bsd/unistd.h>
41 #include <gnutls/gnutls.h>
43 #include <gvm/base/logging.h>
44 #include <gvm/base/nvti.h>
45 #include <gvm/base/prefs.h>
46 #include <gvm/base/version.h>
47 #include <gvm/util/kb.h>
48 #include <gvm/util/mqtt.h>
49 #include <gvm/util/nvticache.h>
50 #include <gvm/util/uuidutils.h>
61 #ifdef GIT_REV_AVAILABLE
62 #include "gitrevision.h"
65 #if GNUTLS_VERSION_NUMBER < 0x030300
66 #include "../misc/network.h"
73 #define G_LOG_DOMAIN "sd main"
75 #define PROCTITLE_WAITING "openvas: Waiting for incoming connections"
76 #define PROCTITLE_LOADING "openvas: Loading Handler"
77 #define PROCTITLE_RELOADING "openvas: Reloading"
78 #define PROCTITLE_SERVING "openvas: Serving %s"
110 {
"plugins_folder", OPENVAS_NVT_DIR},
111 {
"include_folders", OPENVAS_NVT_DIR},
112 {
"plugins_timeout", G_STRINGIFY (NVT_TIMEOUT)},
113 {
"scanner_plugins_timeout", G_STRINGIFY (SCANNER_NVT_TIMEOUT)},
114 {
"db_address", KB_PATH_DEFAULT},
130 g_message (
"(%d) %s", level, text);
138 if ((str = prefs_get (
"max_hosts")) != NULL)
145 if ((str = prefs_get (
"max_checks")) != NULL)
152 if ((str = prefs_get (
"max_sysload")) != NULL)
159 if ((str = prefs_get (
"min_free_mem")) != NULL)
204 struct kb_item *res = NULL;
206 g_debug (
"Start loading scan preferences.");
210 snprintf (key,
sizeof (key),
"internal/%s/scanprefs", globals->
scan_id);
212 kb = kb_find (prefs_get (
"db_address"), key);
219 res = kb_item_get_all (kb, key);
225 gchar **pref = g_strsplit (res->v_str,
"|||", 2);
228 gchar **pref_name = g_strsplit (pref[0],
":", 3);
229 if (pref_name[1] && pref_name[2] && !strncmp (pref_name[2],
"file", 4)
230 && strcmp (pref[1],
""))
232 char *file_uuid = gvm_uuid_make ();
234 prefs_set (pref[0], file_uuid);
235 ret =
store_file (globals, pref[1], file_uuid);
237 g_debug (
"Load preference: Failed to upload file "
238 "for nvt %s preference.",
244 g_warning (
"%s is a scanner only preference. It can not be written "
245 "by the client and will be ignored.",
248 prefs_set (pref[0], pref[1] ? pref[1] :
"");
249 g_strfreev (pref_name);
255 kb_del_items (kb, key);
256 snprintf (key,
sizeof (key),
"internal/%s", globals->
scan_id);
261 g_debug (
"End loading scan preferences.");
275 static gchar *log_config_file_name = NULL;
278 log_config_file_name =
279 g_build_filename (OPENVAS_SYSCONF_DIR,
"openvas_log.conf", NULL);
280 if (g_file_test (log_config_file_name, G_FILE_TEST_EXISTS))
281 log_config = load_log_configuration (log_config_file_name);
285 g_warning (
"%s: Can not open or create log file or directory. "
286 "Please check permissions of log files listed in %s.",
287 __func__, log_config_file_name);
288 g_free (log_config_file_name);
291 g_free (log_config_file_name);
299 if (gcry_control (GCRYCTL_ANY_INITIALIZATION_P))
301 gcry_check_version (NULL);
302 gcry_control (GCRYCTL_SUSPEND_SECMEM_WARN);
303 gcry_control (GCRYCTL_INIT_SECMEM, 16384, 0);
304 gcry_control (GCRYCTL_RESUME_SECMEM_WARN);
305 gcry_control (GCRYCTL_INITIALIZATION_FINISHED);
314 #if GNUTLS_VERSION_NUMBER < 0x030300
316 g_message (
"Could not initialize openvas SSL!");
319 if (prefs_get (
"debug_tls") != NULL && atoi (prefs_get (
"debug_tls")) > 0)
321 g_warning (
"TLS debug is enabled and should only be used with care, "
322 "since it may reveal sensitive information in the scanner "
323 "logs and might make openvas fill your disk rather quickly.");
325 gnutls_global_set_log_level (atoi (prefs_get (
"debug_tls")));
335 #ifdef OPENVAS_GIT_REVISION
336 g_message (
"openvas %s (GIT revision %s) started", OPENVAS_VERSION,
337 OPENVAS_GIT_REVISION);
339 g_message (
"openvas %s started", OPENVAS_VERSION);
361 snprintf (key,
sizeof (key),
"internal/%s",
get_scan_id ());
362 kb = kb_find (prefs_get (
"db_address"), key);
366 pid = kb_item_get_int (kb,
"internal/ovas_pid");
377 killpg (
pid, SIGUSR1);
393 snprintf (key,
sizeof (key),
"internal/%s/scanprefs",
get_scan_id ());
394 kb = kb_find (prefs_get (
"db_address"), key);
395 kb_item_push_str (kb,
"internal/results", msg);
396 snprintf (key,
sizeof (key),
"internal/%s",
get_scan_id ());
397 kb_item_set_str (kb, key,
"finished", 0);
412 const char *mqtt_server_uri;
415 prefs_config (config_file);
418 if (prefs_get (
"vendor_version") != NULL)
425 g_message (
"Failed to initialize nvti cache.");
427 "ERRMSG||| ||| ||| ||| |||NVTI cache initialization failed");
434 mqtt_server_uri = prefs_get (
"mqtt_server_uri");
437 if ((mqtt_init (mqtt_server_uri)) != 0)
439 g_message (
"%s: INIT MQTT: FAIL", __func__);
441 "ERRMSG||| ||| ||| ||| |||MQTT initialization failed");
445 g_message (
"%s: INIT MQTT: SUCCESS", __func__);
446 prefs_set (
"mqtt_enabled",
"yes");
458 g_warning (
"No preferences found for the scan %s", globals->
scan_id);
475 setproctitle_init (argc, argv, env);
478 static gboolean display_version = FALSE;
479 static gchar *config_file = NULL;
481 static gchar *stop_scan_id = NULL;
482 static gboolean print_specs = FALSE;
483 static gboolean print_sysconfdir = FALSE;
484 static gboolean update_vt_info = FALSE;
485 GError *error = NULL;
486 GOptionContext *option_context;
487 static GOptionEntry entries[] = {
488 {
"version",
'V', 0, G_OPTION_ARG_NONE, &display_version,
489 "Display version information", NULL},
490 {
"config-file",
'c', 0, G_OPTION_ARG_FILENAME, &config_file,
491 "Configuration file",
"<filename>"},
492 {
"cfg-specs",
's', 0, G_OPTION_ARG_NONE, &print_specs,
493 "Print configuration settings", NULL},
494 {
"sysconfdir",
'y', 0, G_OPTION_ARG_NONE, &print_sysconfdir,
495 "Print system configuration directory (set at compile time)", NULL},
496 {
"update-vt-info",
'u', 0, G_OPTION_ARG_NONE, &update_vt_info,
497 "Updates VT info into redis store from VT files", NULL},
498 {
"scan-start",
'\0', 0, G_OPTION_ARG_STRING, &
scan_id,
499 "ID of scan to start. ID and related data must be stored into redis "
502 {
"scan-stop",
'\0', 0, G_OPTION_ARG_STRING, &stop_scan_id,
503 "ID of scan to stop",
"<string>"},
505 {NULL, 0, 0, 0, NULL, NULL, NULL}};
508 g_option_context_new (
"- Open Vulnerability Assessment Scanner");
509 g_option_context_add_main_entries (option_context, entries, NULL);
510 if (!g_option_context_parse (option_context, &argc, &argv, &error))
512 g_print (
"%s\n\n", error->message);
515 g_option_context_free (option_context);
518 if (print_sysconfdir)
520 g_print (
"%s\n", SYSCONFDIR);
527 printf (
"OpenVAS %s\n", OPENVAS_VERSION);
528 #ifdef OPENVAS_GIT_REVISION
529 printf (
"GIT revision %s\n", OPENVAS_GIT_REVISION);
531 printf (
"gvm-libs %s\n", gvm_libs_version ());
532 printf (
"Most new code since 2005: (C) 2022 Greenbone Networks GmbH\n");
534 "Nessus origin: (C) 2004 Renaud Deraison <deraison@nessus.org>\n");
535 printf (
"License GPLv2: GNU GPL version 2\n");
537 "This is free software: you are free to change and redistribute it.\n"
538 "There is NO WARRANTY, to the extent permitted by law.\n\n");
543 if (setenv (
"TZ",
"utc 0", 1) == -1)
545 g_print (
"%s\n\n", strerror (errno));
550 #ifdef LOG_REFERENCES_AVAILABLE
554 set_log_reference (stop_scan_id);
555 #endif // LOG_REFERENCES_AVAILABLE
561 g_message (
"Sentry is enabled. This can log sensitive information.");
566 config_file = OPENVAS_CONF;
571 prefs_config (config_file);
576 return err ? EXIT_FAILURE : EXIT_SUCCESS;
583 prefs_config (config_file);
586 g_message (
"Failed to initialize nvti cache. Not possible to "
597 #ifdef LOG_REFERENCES_AVAILABLE
598 free_log_reference ();
599 #endif // LOG_REFERENCES_AVAILABLE
600 return err ? EXIT_FAILURE : EXIT_SUCCESS;
620 #ifdef LOG_REFERENCES_AVAILABLE
621 free_log_reference ();
622 #endif // LOG_REFERENCES_AVAILABLE
629 prefs_config (config_file);