OpenVAS之openvassd、openvasmd

二、gsad（Greenbone Security Assistant ）

/* Setup logging. */

  rc_name = g_build_filename (GSA_CONFIG_DIR, "gsad_log.conf", NULL);
  if (g_file_test (rc_name, G_FILE_TEST_EXISTS))
    log_config = load_log_configuration (rc_name);
  g_free (rc_name);
  setup_log_handlers (log_config);

gsad_address_init

gsad_address_set_port

start_http_daemon                 /* Start the HTTP to HTTPS redirect server. */

start_https_daemon               

start_unix_http_daemon        /* Start the unix socket server. */

redirect_handler

handle_request

omp_init

三、openvasmd（OpenVAS Manager）

涉及到数据库：

/usr/local/var/lib/openvas/mgr/tasks.db              /* 任务管理数据库 */

/usr/local/var/lib/openvas/cert-data/cert.db

/usr/local/var/lib/openvas/scap-data/scap.db

文件：

openvasmd.c                             /* main function*/

ompd.c                                     /* Serve the OpenVAS Management Protocol (OMP). */

scanner.c
openvas_scanner_connect       //Create a new connection to the scanner and set it as current scanner.


ompd.c       //Serve the OpenVAS Management Protocol (OMP).


main
--> serve_and_schedule           //Serve incoming connections, scheduling periodically.
--> accept_and_maybe_fork        //Accept and fork.
--> serve_omp                    //Serve the OpenVAS Management Protocol (OMP).
--> init_omp_process


main/update_or_rebuild_nvt_cache
--> init_ompd
--> init_omp
--> init_manage
--> init_manage_internal
--> init_ompd_process
--> init_omp_process            //Initialise OMP library data for a process.
--> omp_xml_handle_end_element
-->
case CLIENT_START_TASK:        //开始一个任务
--> start_task
--> run_task

--> run_otp_task

--> openvas_scanner_connect  
--> openvas_scanner_init        -->  openvas_scanner_write --> write_to_server_buffer     向scanner发送数据
--> process_otp_scanner_input   处理scanner返回的数据

manage_backup_db                    /* Backup the database and then exit. */

manage_create_scanner             /* Create the given scanner. */

manager_listen

init_manage_process

serve_and_schedule

accept_and_maybe_fork            /* Accept the client connection. */

manage_schedule                    /* Schedule any actions that are due. */

fork_connection_for_scheduler

openvas_server_new

openvas_server_attach

manager处理scanner的扫描响应报文并入库

process_otp_scanner_input  //process message from scanner input
根据scanner_state的类型写入report
case SCANNER_ERRMSG_DESCRIPTION:
  set_scanner_state (SCANNER_ERRMSG_OID);
    case SCANNER_ERRMSG_OID:
    append_error_message       //Append a error message to a report.
    -->  write_message

case SCANNER_ALARM_DESCRIPTION:
  set_scanner_state (SCANNER_ALARM_OID);
    case SCANNER_ALARM_OID:
      append_alarm_message       //Append a hole message to a report.
      -->  write_message

case SCANNER_LOG_DESCRIPTION:
  set_scanner_state (SCANNER_LOG_OID);
    case SCANNER_LOG_OID:
      append_log_message         //Append a log message to a report.
      -->  write_message  
  

write_message
--> make_result
--> report_add_result  

四、openvassd（OpenVAS Scanner）

init_openvassd

plugins_init

init_unix_network

loading_handler_start           /* Starts a process to handle client requests while the scanner is */

main_loop

---> scanner_thread --> handle_client --> attack_network  /* Attack a whole network.*/

扫描整个网络

attack_network

--> attack_start
--> attack_host
--> pluginlaunch_init
--> launch_plugin

加载插件
plugin_launch
-->  read_running_processes
-->  process_internal_msg
-->  internal_recv
-->  os_recv


plugin_launch
--> nasl_plugin_launch
--> nasl_thread

--> exec_nasl_script

五、OSP (OpenVAS Scanner Protocol)

ospd-1.2.0                    =====> ospd class

ospd-debsecan-1.2b1  =====> ospd server

#修改证书路径、绑定IP及端口配置
ospd-1.2.0/ospd/misc.py
KEY_FILE = "/usr/local/var/lib/openvas/private/CA/serverkey.pem"
CERT_FILE = "/usr/local/var/lib/openvas/CA/servercert.pem"
CA_FILE = "/usr/local/var/lib/openvas/CA/cacert.pem"

PORT = 1234
ADDRESS = "0.0.0.0"

#运行  ospd-debsecan
/usr/local/bin/ospd-debsecan

#register OSP Debsecan in openvasmd
openvasmd --create-scanner="OSP Debsecan" --scanner-host=127.0.0.1 --scanner-port=1234 \
            --scanner-type="OSP" --scanner-ca-pub=/usr/local/var/lib/openvas/CA/cacert.pem \
            --scanner-key-pub=/usr/local/var/lib/openvas/CA/clientcert.pem \
            --scanner-key-priv=/usr/local/var/lib/openvas/private/CA/clientkey.pem 

#register OSP Scanner in openvasmd		
openvasmd --create-scanner="OSP Scanner-Name" --scanner-host=127.0.0.1 --scanner-port=1234 \
           --scanner-type="OSP" --scanner-ca-pub=/usr/local/var/lib/openvas/CA/cacert.pem \
           --scanner-key-pub=/usr/local/var/lib/openvas/CA/clientcert.pem \
           --scanner-key-priv=/usr/local/var/lib/openvas/private/CA/clientkey.pem 

#get
root@reed-virtual-machine:/home/share/openvas_src/ospd-debsecan-1.2b1# openvasmd --get-scanners
08b69003-5fc2-4037-a479-93b440211c73  OpenVAS Default
6acd0832-df90-11e4-b9d5-28d24461215b  CVE
c4803d18-09ff-4727-b10c-2e3c02e159ef  OSP Scanner-Name
f50533e0-87c3-4c73-94f8-1b12665548a3  OSP Debsecan

#verify
root@reed-virtual-machine:/home/share/openvas_src/ospd-debsecan-1.2b1# openvasmd --verify-scanner=c4803d18-09ff-4727-b10c-2e3c02e159ef
[manage_verify_scanner 45468]Verifying scanner, uuid=c4803d18-09ff-4727-b10c-2e3c02e159ef
[manage_verify_scanner 45474]manage_option_setup, ret=0
[osp_get_version_from_iterator 46605]osp_connection_new:127.0.0.1 1234
Scanner version: depends on the local installation at the target host.

#verify
root@reed-virtual-machine:/home/share/openvas_src/ospd-debsecan-1.2b1# openvasmd --verify-scanner=f50533e0-87c3-4c73-94f8-1b12665548a3
[manage_verify_scanner 45468]Verifying scanner, uuid=f50533e0-87c3-4c73-94f8-1b12665548a3
[manage_verify_scanner 45474]manage_option_setup, ret=0
[osp_get_version_from_iterator 46605]osp_connection_new:127.0.0.1 1234
Scanner version: depends on the local installation at the target host.