OpenVAS Change Request #24: OpenVAS-Server: Reorganize NVTs in Subdirectories
Status: Voted +6. Developed and releases since OpenVAS 3.
To make maintaining the collection of NVTs easier.
To be compliant with LSB/FHS.
- Initial Patch
suggested by Stjepan Gros on openvas-devel
- More discussion of the feature on openvas-devel
- Updated Patch on openvas-devel
- Fully working patch on openvas-devel
Right now, the OpenVAS-Server expects all NVTs to be in one single directory on the server machine and will only look in this directory when looking for NVTs when starting up. Also, plugins are placed inside lib subdirectory but they are platform independent, read-only data which is better placed in share subdirectory. Likewise, the server creates one single subdirectory for cached NVT data inside plugins subdirectory which has two drawbacks. First, it requires write access in what should be read-only directory and, second, it will only use this cache directory.
The current approach poses two problems. First, as the NVT collection gets larger and larger, especially if the user subscribes to one or more high volume NVT feeds. This could lead to unexpected and undesirable results, for example when different feeds contain files with the same file name. If different feeds could be isolated into different directories, this would improve the situation for feed subscribers as well as feed managers. The second problem is that this directory organisation doesn't align well with FHS (and indirectrly with LSB) and how distributions distribute files on file system.
Furthermore, it may not always be necessary to load all NVTs available to the server on startup; with different directories, the server would be able to make only a subset of his NVTs available to connecting client for security or speed reasons.
The code changes will not break existing installations upgrading to a new version of OpenVAS, or new installations that do not explicitly specify alternative path to plugins and include directories.
The critical change will be when/if plugins themselves are reorganized and feeds change structure. This could break old/existing installations. This has to be further discussed.
Three new configuration directives will be introduced that control OpenVAS behavior with respect to where plugins are placed: include_folder, plugins_folder and cache_folder.
Design and Implementation
Cache directory will be subdivided into a set of one letter directories. Each plugin will be placed into appropriate subdirectory based on the first letter of the name. The other possibility (maybe better) is to use OID as a name for the plugin in a cache and possibly for the organization of the directory structure.
Modify openvas-server/openvasd/nasl_plugins.c to propagate additional info about plugin and include directories to openvas-libnasl component.
Modify openvas-server/openvasd/openvasd.c to include old style behavior in case none of include_folder, plugins_folder and cache_folder were given in the configuration file.
Modify openvas-server/openvasd/pluginload.c to recurse through given plugin directories and load all the plugins.
Modify openvas-libnasl/nasl subsystem to search include directories. And grammar to include new directives.
- 2012-12-12 Jan-Oliver Wagner <firstname.lastname@example.org>:
Set to Developed and released. Rules for organization are revised with OpenVAS CR #60.
- 2009-01-02 Michael Wiegand <email@example.com>:
- 2008-12-29 Jan-Oliver Wagner <firstname.lastname@example.org>:
Updated References and Purpose.
- 2008-12-04 Stjepan Gros <email@example.com>:
Link on FHS/LSB
Additional details in design and implementation section
- 2008-12-02 Stjepan Gros <firstname.lastname@example.org>:
- 2008-11-26 Michael Wiegand <email@example.com>: