OpenVAS Scanner  7.0.0~git
openvas.c
Go to the documentation of this file.
1 /* Portions Copyright (C) 2009-2019 Greenbone Networks GmbH
2  * Portions Copyright (C) 2006 Software in the Public Interest, Inc.
3  * Based on work Copyright (C) 1998 - 2006 Tenable Network Security, Inc.
4  *
5  * SPDX-License-Identifier: GPL-2.0-only
6  *
7  * This program is free software; you can redistribute it and/or
8  * modify it under the terms of the GNU General Public License
9  * version 2 as published by the Free Software Foundation.
10  *
11  * This program is distributed in the hope that it will be useful,
12  * but WITHOUT ANY WARRANTY; without even the implied warranty of
13  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
14  * GNU General Public License for more details.
15  *
16  * You should have received a copy of the GNU General Public License
17  * along with this program; if not, write to the Free Software
18  * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
19  */
20 
36 #include "../misc/plugutils.h" /* nvticache_free */
37 #include "../misc/vendorversion.h" /* for vendor_version_set */
38 #include "attack.h" /* for attack_network */
39 #include "pluginlaunch.h" /* for init_loading_shm */
40 #include "processes.h" /* for create_process */
41 #include "sighand.h" /* for openvas_signal */
42 #include "utils.h" /* for store_file */
43 
44 #include <errno.h> /* for errno() */
45 #include <fcntl.h> /* for open() */
46 #include <gcrypt.h> /* for gcry_control */
47 #include <glib.h>
48 #include <grp.h>
49 #include <gvm/base/logging.h> /* for setup_log_handler, load_log_configuration, free_log_configuration*/
50 #include <gvm/base/nvti.h> /* for prefs_get() */
51 #include <gvm/base/prefs.h> /* for prefs_get() */
52 #include <gvm/base/proctitle.h> /* for proctitle_set */
53 #include <gvm/util/kb.h> /* for KB_PATH_DEFAULT */
54 #include <gvm/util/nvticache.h> /* nvticache_free */
55 #include <gvm/util/uuidutils.h> /* gvm_uuid_make */
56 #include <netdb.h> /* for addrinfo */
57 #include <pwd.h>
58 #include <signal.h> /* for SIGTERM */
59 #include <stdio.h> /* for fflush() */
60 #include <stdlib.h> /* for atoi() */
61 #include <sys/stat.h>
62 #include <sys/un.h>
63 #include <sys/wait.h> /* for waitpid */
64 #include <unistd.h> /* for close() */
65 
66 #ifdef GIT_REV_AVAILABLE
67 #include "gitrevision.h"
68 #endif
69 
70 #if GNUTLS_VERSION_NUMBER < 0x030300
71 #include "../misc/network.h" /* openvas_SSL_init */
72 #endif
73 
74 #undef G_LOG_DOMAIN
75 
78 #define G_LOG_DOMAIN "sd main"
79 
80 #define PROCTITLE_WAITING "openvas: Waiting for incoming connections"
81 #define PROCTITLE_LOADING "openvas: Loading Handler"
82 #define PROCTITLE_RELOADING "openvas: Reloading"
83 #define PROCTITLE_SERVING "openvas: Serving %s"
84 
90 
94 GSList *log_config = NULL;
95 
96 static volatile int loading_stop_signal = 0;
97 static volatile int termination_signal = 0;
98 static char *global_scan_id = NULL;
99 
100 typedef struct
101 {
102  char *option;
103  char *value;
105 
110  {"plugins_folder", OPENVAS_NVT_DIR},
111  {"include_folders", OPENVAS_NVT_DIR},
112  {"max_hosts", "30"},
113  {"max_checks", "10"},
114  {"log_whole_attack", "no"},
115  {"log_plugins_name_at_load", "no"},
116  {"optimize_test", "yes"},
117  {"network_scan", "no"},
118  {"non_simult_ports", "139, 445, 3389, Services/irc"},
119  {"plugins_timeout", G_STRINGIFY (NVT_TIMEOUT)},
120  {"scanner_plugins_timeout", G_STRINGIFY (SCANNER_NVT_TIMEOUT)},
121  {"safe_checks", "yes"},
122  {"auto_enable_dependencies", "yes"},
123  {"drop_privileges", "no"},
124  // Empty options must be "\0", not NULL, to match the behavior of
125  // prefs_init.
126  {"report_host_details", "yes"},
127  {"db_address", KB_PATH_DEFAULT},
128  {"vendor_version", "\0"},
129  {NULL, NULL}};
130 
131 static void
133 {
134  const char *str;
135 
136  if ((str = prefs_get ("max_hosts")) != NULL)
137  {
138  global_max_hosts = atoi (str);
139  if (global_max_hosts <= 0)
140  global_max_hosts = 15;
141  }
142 
143  if ((str = prefs_get ("max_checks")) != NULL)
144  {
145  global_max_checks = atoi (str);
146  if (global_max_checks <= 0)
147  global_max_checks = 10;
148  }
149 }
150 
151 static void
152 reload_openvas (void);
153 
154 static void
156 {
157  (void) sig;
158  reload_openvas ();
159 }
160 
161 static void
163 {
164  termination_signal = sig;
165 }
166 
170 static void
172 {
177  openvas_signal (SIGCHLD, sighand_chld);
178 }
179 
180 /* Restarts the scanner by reloading the configuration. */
181 static void
183 {
184  static gchar *rc_name = NULL;
185  const char *config_file;
186  int i, ret;
187 
188  /* Ignore SIGHUP while reloading. */
189  openvas_signal (SIGHUP, SIG_IGN);
190 
191  proctitle_set (PROCTITLE_RELOADING);
192  /* Setup logging. */
193  rc_name = g_build_filename (OPENVAS_SYSCONF_DIR, "openvas_log.conf", NULL);
194  if (g_file_test (rc_name, G_FILE_TEST_EXISTS))
195  log_config = load_log_configuration (rc_name);
196  g_free (rc_name);
197  setup_log_handlers (log_config);
198  g_message ("Reloading the scanner.\n");
199 
200  /* Reload config file. */
201  config_file = prefs_get ("config_file");
202  for (i = 0; openvas_defaults[i].option != NULL; i++)
203  prefs_set (openvas_defaults[i].option, openvas_defaults[i].value);
204  prefs_config (config_file);
205 
206  /* Reload the plugins */
207  ret = plugins_init ();
209 
210  g_message ("Finished reloading the scanner.");
212  proctitle_set (PROCTITLE_WAITING);
213  if (ret)
214  exit (1);
215 }
216 
224 static int
226 {
227  char key[1024];
228  kb_t kb;
229  struct kb_item *res = NULL;
230 
231  g_debug ("Start loading scan preferences.");
232  if (!globals->scan_id)
233  return -1;
234 
235  snprintf (key, sizeof (key), "internal/%s/scanprefs", globals->scan_id);
236  kb = kb_find (prefs_get ("db_address"), key);
237  if (!kb)
238  return -1;
239 
240  res = kb_item_get_all (kb, key);
241  if (!res)
242  return -1;
243 
244  while (res)
245  {
246  gchar **pref = g_strsplit (res->v_str, "|||", 2);
247  if (pref[0])
248  {
249  gchar **pref_name = g_strsplit (pref[0], ":", 3);
250  if (pref_name[1] && pref_name[2]
251  && !strncmp (pref_name[2], "file", 4))
252  {
253  char *file_hash = gvm_uuid_make ();
254  int ret;
255  prefs_set (pref[0], file_hash);
256  ret = store_file (globals, pref[1], file_hash);
257  if (ret)
258  g_debug ("Load preference: Failed to upload file "
259  "for nvt %s preference.",
260  pref_name[0]);
261 
262  g_free (file_hash);
263  }
264  else
265  prefs_set (pref[0], pref[1] ?: "");
266  g_strfreev (pref_name);
267  }
268 
269  g_strfreev (pref);
270  res = res->next;
271  }
272  snprintf (key, sizeof (key), "internal/%s", globals->scan_id);
273  kb_item_set_str (kb, key, "ready", 0);
274  kb_item_set_int (kb, "internal/ovas_pid", getpid ());
275 
276  g_debug ("End loading scan preferences.");
277 
278  kb_item_free (res);
279  return 0;
280 }
281 
282 static void
283 handle_client (struct scan_globals *globals)
284 {
285  kb_t net_kb = NULL;
286 
287  /* Load preferences from Redis. Scan started with a scan_id. */
288  if (load_scan_preferences (globals))
289  {
290  g_warning ("No preferences found for the scan %s", globals->scan_id);
291  exit (0);
292  }
293 
294  attack_network (globals, &net_kb);
295  if (net_kb != NULL)
296  {
297  kb_delete (net_kb);
298  net_kb = NULL;
299  }
300 }
301 
302 static void
303 scanner_thread (struct scan_globals *globals)
304 {
305  nvticache_reset ();
306 
307  globals->scan_id = g_strdup (global_scan_id);
308 
309  handle_client (globals);
310 
311  exit (0);
312 }
313 
319 static int
320 init_openvas (const char *config_file)
321 {
322  static gchar *rc_name = NULL;
323  int i;
324 
325  for (i = 0; openvas_defaults[i].option != NULL; i++)
326  prefs_set (openvas_defaults[i].option, openvas_defaults[i].value);
327  prefs_config (config_file);
328 
329  /* Setup logging. */
330  rc_name = g_build_filename (OPENVAS_SYSCONF_DIR, "openvas_log.conf", NULL);
331  if (g_file_test (rc_name, G_FILE_TEST_EXISTS))
332  log_config = load_log_configuration (rc_name);
333  g_free (rc_name);
334  setup_log_handlers (log_config);
336 
337  return 0;
338 }
339 
340 static int
342 {
343  kb_t kb;
344  int rc;
345 
346  rc = kb_new (&kb, prefs_get ("db_address"));
347  if (rc)
348  return rc;
349 
350  rc = kb_flush (kb, NVTICACHE_STR);
351  return rc;
352 }
353 
354 static void
356 {
357  if (gcry_control (GCRYCTL_ANY_INITIALIZATION_P))
358  return;
359  gcry_check_version (NULL);
360  gcry_control (GCRYCTL_SUSPEND_SECMEM_WARN);
361  gcry_control (GCRYCTL_INIT_SECMEM, 16384, 0);
362  gcry_control (GCRYCTL_RESUME_SECMEM_WARN);
363  gcry_control (GCRYCTL_INITIALIZATION_FINISHED);
364 }
365 
366 void
368 {
369  struct scan_globals *globals;
370  int ret = 0;
371 
372 #if GNUTLS_VERSION_NUMBER < 0x030300
373  if (openvas_SSL_init () < 0)
374  g_message ("Could not initialize openvas SSL!");
375 #endif
376 
377 #ifdef OPENVAS_GIT_REVISION
378  g_message ("openvas %s (GIT revision %s) started", OPENVAS_VERSION,
379  OPENVAS_GIT_REVISION);
380 #else
381  g_message ("openvas %s started", OPENVAS_VERSION);
382 #endif
383 
384  openvas_signal (SIGHUP, SIG_IGN);
385  ret = plugins_init ();
386  if (ret)
387  exit (0);
389 
390  globals = g_malloc0 (sizeof (struct scan_globals));
391 
392  scanner_thread (globals);
393  exit (0);
394 }
401 static void
403 {
404  char key[1024];
405  kb_t kb;
406  int pid;
407 
408  if (!global_scan_id)
409  exit (1);
410 
411  snprintf (key, sizeof (key), "internal/%s", global_scan_id);
412  kb = kb_find (prefs_get ("db_address"), key);
413  if (!kb)
414  exit (1);
415 
416  pid = kb_item_get_int (kb, "internal/ovas_pid");
417  kill (pid, SIGUSR2);
418 
419  exit (0);
420 }
421 
427 int
428 openvas (int argc, char *argv[])
429 {
430  int ret;
431 
432  proctitle_init (argc, argv);
433  gcrypt_init ();
434 
435  static gboolean display_version = FALSE;
436  static gchar *config_file = NULL;
437  static gchar *scan_id = NULL;
438  static gchar *stop_scan_id = NULL;
439  static gboolean print_specs = FALSE;
440  static gboolean print_sysconfdir = FALSE;
441  static gboolean update_vt_info = FALSE;
442  GError *error = NULL;
443  GOptionContext *option_context;
444  static GOptionEntry entries[] = {
445  {"version", 'V', 0, G_OPTION_ARG_NONE, &display_version,
446  "Display version information", NULL},
447  {"config-file", 'c', 0, G_OPTION_ARG_FILENAME, &config_file,
448  "Configuration file", "<filename>"},
449  {"cfg-specs", 's', 0, G_OPTION_ARG_NONE, &print_specs,
450  "Print configuration settings", NULL},
451  {"sysconfdir", 'y', 0, G_OPTION_ARG_NONE, &print_sysconfdir,
452  "Print system configuration directory (set at compile time)", NULL},
453  {"update-vt-info", 'u', 0, G_OPTION_ARG_NONE, &update_vt_info,
454  "Updates VT info into redis store from VT files", NULL},
455  {"scan-start", '\0', 0, G_OPTION_ARG_STRING, &scan_id,
456  "ID of scan to start. ID and related data must be stored into redis "
457  "before.",
458  "<string>"},
459  {"scan-stop", '\0', 0, G_OPTION_ARG_STRING, &stop_scan_id,
460  "ID of scan to stop", "<string>"},
461 
462  {NULL, 0, 0, 0, NULL, NULL, NULL}};
463 
464  option_context =
465  g_option_context_new ("- Open Vulnerability Assessment Scanner");
466  g_option_context_add_main_entries (option_context, entries, NULL);
467  if (!g_option_context_parse (option_context, &argc, &argv, &error))
468  {
469  g_print ("%s\n\n", error->message);
470  exit (0);
471  }
472  g_option_context_free (option_context);
473 
474  /* --sysconfdir */
475  if (print_sysconfdir)
476  {
477  g_print ("%s\n", SYSCONFDIR);
478  exit (0);
479  }
480 
481  /* --version */
482  if (display_version)
483  {
484  printf ("OpenVAS %s\n", OPENVAS_VERSION);
485 #ifdef OPENVAS_GIT_REVISION
486  printf ("GIT revision %s\n", OPENVAS_GIT_REVISION);
487 #endif
488  printf ("Most new code since 2005: (C) 2019 Greenbone Networks GmbH\n");
489  printf (
490  "Nessus origin: (C) 2004 Renaud Deraison <deraison@nessus.org>\n");
491  printf ("License GPLv2: GNU GPL version 2\n");
492  printf (
493  "This is free software: you are free to change and redistribute it.\n"
494  "There is NO WARRANTY, to the extent permitted by law.\n\n");
495  exit (0);
496  }
497 
498  /* Switch to UTC so that OTP times are always in UTC. */
499  if (setenv ("TZ", "utc 0", 1) == -1)
500  {
501  g_print ("%s\n\n", strerror (errno));
502  exit (0);
503  }
504  tzset ();
505 
506  if (!config_file)
507  config_file = OPENVAS_CONF;
508  if (update_vt_info)
509  {
510  if (init_openvas (config_file))
511  return 1;
512  if (plugins_init ())
513  return 1;
514  return 0;
515  }
516 
517  if (init_openvas (config_file))
518  return 1;
519 
520  if (prefs_get ("vendor_version") != NULL)
521  vendor_version_set (prefs_get ("vendor_version"));
522 
523  if (stop_scan_id)
524  {
525  global_scan_id = g_strdup (stop_scan_id);
527  exit (0);
528  }
529 
530  if (scan_id)
531  {
532  global_scan_id = g_strdup (scan_id);
534  exit (0);
535  }
536 
537  /* special treatment */
538  if (print_specs)
539  {
540  prefs_dump ();
541  exit (0);
542  }
543  if (flush_all_kbs ())
544  exit (1);
545 
546 #if GNUTLS_VERSION_NUMBER < 0x030300
547  if (openvas_SSL_init () < 0)
548  g_message ("Could not initialize openvas SSL!");
549 #endif
550 
551  /* Ignore SIGHUP while reloading. */
552  openvas_signal (SIGHUP, SIG_IGN);
553 
554  ret = plugins_init ();
555  if (ret)
556  return 1;
557 
558  exit (0);
559 }
processes.h
processes.c header.
attack_network
void attack_network(struct scan_globals *globals, kb_t *network_kb)
Attack a whole network.
Definition: attack.c:977
script_infos::key
kb_t key
Definition: scanneraux.h:46
init_signal_handlers
static void init_signal_handlers()
Initializes main scanner process' signal handlers.
Definition: openvas.c:171
log_config
GSList * log_config
Logging parameters, as passed to setup_log_handlers.
Definition: openvas.c:94
global_max_checks
int global_max_checks
Definition: openvas.c:89
start_single_task_scan
void start_single_task_scan()
Definition: openvas.c:367
sighand.h
headerfile for sighand.c.
loading_stop_signal
static volatile int loading_stop_signal
Definition: openvas.c:96
handle_termination_signal
static void handle_termination_signal(int sig)
Definition: openvas.c:162
handle_reload_signal
static void handle_reload_signal(int sig)
Definition: openvas.c:155
store_file
int store_file(struct scan_globals *globals, const char *file, const char *file_hash)
Stores a file type preference in a hash table.
Definition: utils.c:110
openvas_option::value
char * value
Definition: openvas.c:103
gcrypt_init
static void gcrypt_init()
Definition: openvas.c:355
pid
static pid_t pid
Definition: nasl_builtin_nmap.c:499
global_scan_id
static char * global_scan_id
Definition: openvas.c:98
stop_single_task_scan
static void stop_single_task_scan()
Search in redis the process ID of a running scan and sends it the kill signal SIGUSR2,...
Definition: openvas.c:402
scanner_thread
static void scanner_thread(struct scan_globals *globals)
Definition: openvas.c:303
openvas_signal
void(*)(int) openvas_signal(int signum, void(*handler)(int))
Definition: sighand.c:87
attack.h
attack.c header.
openvas_SSL_init
int openvas_SSL_init()
Initializes SSL support.
Definition: network.c:351
PROCTITLE_RELOADING
#define PROCTITLE_RELOADING
Definition: openvas.c:82
utils.h
utils.c headerfile.
plugins_init
int plugins_init(void)
Definition: pluginload.c:359
script_infos::globals
struct scan_globals * globals
Definition: scanneraux.h:45
PROCTITLE_WAITING
#define PROCTITLE_WAITING
Definition: openvas.c:80
option
#define option
scan_globals
Definition: scanneraux.h:32
openvas_defaults
static openvas_option openvas_defaults[]
Default values for scanner options. Must be NULL terminated.
Definition: openvas.c:109
openvas_option
Definition: openvas.c:100
termination_signal
static volatile int termination_signal
Definition: openvas.c:97
sighand_chld
void sighand_chld(pid_t pid)
Definition: sighand.c:103
handle_client
static void handle_client(struct scan_globals *globals)
Definition: openvas.c:283
flush_all_kbs
static int flush_all_kbs()
Definition: openvas.c:341
set_globals_from_preferences
static void set_globals_from_preferences(void)
Definition: openvas.c:132
openvas
int openvas(int argc, char *argv[])
openvas.
Definition: openvas.c:428
pluginlaunch.h
pluginlaunch.c header.
init_openvas
static int init_openvas(const char *config_file)
Initialize everything.
Definition: openvas.c:320
vendor_version_set
void vendor_version_set(const gchar *version)
Set vendor version.
Definition: vendorversion.c:40
global_max_hosts
int global_max_hosts
Definition: openvas.c:88
scan_globals::scan_id
char * scan_id
Definition: scanneraux.h:38
openvas_option::option
char * option
Definition: openvas.c:102
reload_openvas
static void reload_openvas(void)
Definition: openvas.c:182
load_scan_preferences
static int load_scan_preferences(struct scan_globals *globals)
Read the scan preferences from redis @input scan_id Scan ID used as key to find the corresponding KB ...
Definition: openvas.c:225