Bug 182941 - Review Request: nessus-core Network vulnerability scanner
Review Request: nessus-core Network vulnerability scanner
Status: CLOSED NEXTRELEASE
Product: Fedora
Classification: Fedora
Component: Package Review (Show other bugs)
rawhide
All Linux
medium Severity medium
: ---
: ---
Assigned To: John Mahowald
Fedora Package Reviews List
:
Depends On: 182743 182744
Blocks: FE-ACCEPT
  Show dependency treegraph
 
Reported: 2006-02-24 12:09 EST by Andreas Bierfert
Modified: 2007-11-30 17:11 EST (History)
2 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2006-04-08 04:05:38 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description Andreas Bierfert 2006-02-24 12:09:43 EST
Spec Name or Url: http://fedora.lowlatency.de/review/nessus-core.spec
SRPM Name or Url: http://fedora.lowlatency.de/review/nessus-core-2.2.6-1.src.rpm
Description:
Nessus is the world's most popular vulnerability scanner used in over 75,000
organizations world-wide. Many of the world's largest organizations are
realizing significant cost savings by using Nessus to audit business-critical
enterprise devices and applications.

The "Nessus" Project was started by Renaud Deraison in 1998 to provide to the
internet community a free, powerful, up-to-date and easy to use remote
security scanner. Nessus is currently rated among the top products of its type
throughout the security industry and is endorsed by professional information
security organizations such as the SANS Institute. It is estimated that the
Nessus scanner is used by 75,000 organizations world-wide.
Comment 1 Mike McGrath 2006-02-25 11:46:17 EST
-Please provide a full URL to any sources/patches that have an upstream (Source0
is a must)
-Inconsistant use of buildroot ($RPM_BUILD_ROOT, %buildroot %{buildroot}) pick one
-Consolidate sbindir entries in nessus-server (non-blocker)
Comment 2 Mike McGrath 2006-02-25 23:58:26 EST
Are you planning on packaging libICE? nessus-core requires it and its not in FC
nor FE at this time.
Comment 3 Andreas Bierfert 2006-02-26 03:37:52 EST
libICE is part of xorg and part of Fedora Core (this spec is for rawhide and
thus BR libICE-devel only because of modular X)

For the rest:
http://fedora.lowlatency.de/review/nessus-core.spec
http://fedora.lowlatency.de/review/nessus-core-2.2.6-2.src.rpm
Comment 4 Mike McGrath 2006-02-26 09:09:06 EST
-changelog version number is wrapped on next line, put it on the same line as
the date
Comment 5 Michael Schwendt 2006-02-26 09:40:37 EST
Mike, that is not a MUST. Andreas' full name and e-mail is so long,
he prefers wrapping the line to reduce its width.
Comment 6 Mike McGrath 2006-02-26 10:21:31 EST
Even with the version and name its still less than 80 characters long, I'll move
that to should.
Comment 7 Andreas Bierfert 2006-03-01 01:32:51 EST
If thats the only thinks holing this (besides the blocking bugs) I may change it :)

Thanks for the explanation Michael
Comment 8 Mike McGrath 2006-03-01 23:19:07 EST
I'm interested in getting this in extras but access to my rawhide box is limited
as of late.  One thing you could do if you wanted to get this in both FC4 and
FC5 is to change your buildrequires: libice-devel to whatever header file(s)
is/are required like: buildRequires: /usr/include/X11/ICE/ICElib.h

If it was just your intention to have this available for FC-5 only then don't
worry about it.  I'll probably be reviewing this more closely soon.
Comment 9 Andreas Bierfert 2006-03-02 03:45:03 EST
Well on FC4 you can just change all the xorg requires to xorg-x11-devel and this
is what I would do once nessus as been imported to cvs ... :) Do you need me to
spin an extras srpm for your reviewing or can you just change these?
Comment 10 John Mahowald 2006-04-02 15:44:16 EDT
In the %description of nessus-core the 75,000 user number is duplicated. Delete one.

Upon login the server says
Cannot create a new dumpfile /var/log/nessus/nessusd.dump (No such file or
directory)-- aborting

This directory needs to exist and be owned by the server.

Becuase the tarball includes the license, nessus/COPYING, include that in %doc

For some reason every scan I've tried so far comes up empty.
Comment 11 Andreas Bierfert 2006-04-03 08:14:33 EDT
Hm did you setup up the plugin directory correctly? Did you install the plugins?

Here is a version with the stuff you mentioned fixed.

http://fedora.lowlatency.de/review/nessus-core-2.2.6-3.src.rpm
http://fedora.lowlatency.de/review/nessus-core.spec
Comment 12 John Mahowald 2006-04-06 18:20:48 EDT
(In reply to comment #11)
> Hm did you setup up the plugin directory correctly? Did you install the plugins?
> 
> Here is a version with the stuff you mentioned fixed.
> 
> http://fedora.lowlatency.de/review/nessus-core-2.2.6-3.src.rpm
> http://fedora.lowlatency.de/review/nessus-core.spec


Exactly, upon adding plugin package (bug 185799) the scan works.

Lots of rpmlint. We can ignore every changelog version due to line wrapping, and
no docs because the docs are in other packages.

rpmlint of nessus-gui-2.2.6-2.x86_64.rpm:W: nessus-gui no-version-in-last-changelog
W: nessus-gui no-documentation

rpmlint of nessus-server-2.2.6-2.x86_64.rpm:W: nessus-server
summary-not-capitalized nessusd is the server part of the nessus client-server model
W: nessus-server no-version-in-last-changelog
E: nessus-server non-readable /etc/pki/nessus/private/CA/serverkey.pem 0600
E: nessus-server non-readable /etc/pki/nessus/private/CA/cakey.pem 0600
E: nessus-server incoherent-logrotate-file /etc/logrotate.d/nessusd
E: nessus-server non-readable /etc/nessus/nessusd.conf 0600
W: nessus-server incoherent-init-script-name nessusd

Permissions to be expected on keys. init script works, can ignore that.

rpmlint of nessus-client-2.2.6-2.x86_64.rpm:W: nessus-client
no-version-in-last-changelog
W: nessus-client no-documentation

rpmlint of nessus-core-2.2.6-2.x86_64.rpm:W: nessus-core
no-version-in-last-changelog

rpmlint of nessus-core-devel-2.2.6-2.x86_64.rpm:W: nessus-core-devel
no-version-in-last-changelog

rpmlint of nessus-gui-2.2.6-2.x86_64.rpm:W: nessus-gui no-version-in-last-changelog
W: nessus-gui no-documentation

rpmlint of nessus-server-2.2.6-2.x86_64.rpm:W: nessus-server
summary-not-capitalized nessusd is the server part of the nessus client-server model
W: nessus-server no-version-in-last-changelog
E: nessus-server non-readable /etc/pki/nessus/private/CA/serverkey.pem 0600
E: nessus-server non-readable /etc/pki/nessus/private/CA/cakey.pem 0600
E: nessus-server incoherent-logrotate-file /etc/logrotate.d/nessusd
E: nessus-server non-readable /etc/nessus/nessusd.conf 0600
W: nessus-server incoherent-init-script-name nessusd

logrotate conf looks fine to me.

rpmlint of nessus-client-2.2.6-2.x86_64.rpm:W: nessus-client
no-version-in-last-changelog
W: nessus-client no-documentation

rpmlint of nessus-core-2.2.6-2.x86_64.rpm:W: nessus-core
no-version-in-last-changelog

rpmlint of nessus-core-devel-2.2.6-2.x86_64.rpm:W: nessus-core-devel
no-version-in-last-changelog

rpmlint of nessus-gui-2.2.6-3.x86_64.rpm:W: nessus-gui no-version-in-last-changelog
W: nessus-gui no-documentation

rpmlint of nessus-server-2.2.6-3.x86_64.rpm:W: nessus-server
summary-not-capitalized nessusd is the server part of the nessus client-server model
W: nessus-server no-version-in-last-changelog
E: nessus-server non-readable /etc/pki/nessus/private/CA/cakey.pem 0600
E: nessus-server non-readable /etc/nessus/nessusd.conf 0600
E: nessus-server incoherent-logrotate-file /etc/logrotate.d/nessusd
E: nessus-server non-readable /etc/pki/nessus/private/CA/serverkey.pem 0600
W: nessus-server incoherent-init-script-name nessusd

rpmlint of nessus-client-2.2.6-3.x86_64.rpm:W: nessus-client
no-version-in-last-changelog
W: nessus-client no-documentation

rpmlint of nessus-core-2.2.6-3.x86_64.rpm:W: nessus-core
no-version-in-last-changelog

rpmlint of nessus-core-devel-2.2.6-3.x86_64.rpm:W: nessus-core-devel
no-version-in-last-changelog


- package meets naming guidelines
- package meets packaging guidelines
- license (GPL) OK, text in %doc, matches source
- spec file legible, in am. english
- source matches upstream
- package compiles on devel (x86_64)
- no missing BR
- no unnecessary BR
- no locales
- not relocatable
- owns all directories that it creates
- no duplicate files
- permissions ok
- %clean ok
- macro use consistent
- code, not content
- no need for -docs
- nothing in %doc affects runtime
- .desktop file for gui
- devel package ok (with just includes no need to depend on main package libraries)

APPROVED
Comment 13 Andreas Bierfert 2006-04-08 04:05:38 EDT
Thanks for the review. Build and pushed :)

Note You need to log in before you can comment on or make changes to this bug.