#!/bin/bash
#
# OpenVAS
# $Id$
# Description: Synchronize with with NVT feed.
# This shell script synchronizes the local set of
# OpenVAS Network Vulerability Tests (NVTs) and
# associated includefiles with a given upstream
# feed of updated or new files.
#
# Authors:
# Lukas Grunwald <l.grunwald@dn-systems.de>
# Jan-Oliver Wagner <jan-oliver.wagner@intevation.de>
#
# Copyright DN-Systems Enterprise Internet Solutions GmbH 2007
#
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License version 2,
# as published by the Free Software Foundation
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.

prefix=/usr
exec_prefix=/usr
sysconfdir=/etc
libdir=/usr/lib64
localstatedir=/var

# these locations should be correct if standard ./configure had
# been applied.
NVT_DIR="$libdir/openvas/plugins"

# The URL of the plugin feed
FEED=rsync://rsync.openvas.org:/nvt-feed
# An alternative syntax which might work if the above doesn't:
#FEED=rsync@rsync.openvas.org::nvt-feed

# Script and feed information which will be made available to user through
# command line options and automated tools.
SCRIPT_NAME="openvas-nvt-sync"
VERSION=3.0.0
FEED_NAME="OpenVAS NVT Feed"
FEED_PROVIDER="The OpenVAS Project"
FEED_HOME="http://www.openvas.org/openvas-nvt-feed.html"
RESTRICTED=0

findcmd()
{
  CMD=$1
  SRCH=/usr/bin:/usr/ucb:/usr/sbin
  SAVEIFS=$IFS
  IFS=:
  set $SRCH
  IFS=$SAVEIFS
  for dir
    do
      [ -x $dir/$CMD ] && {
                echo $dir/$CMD
                return
                }
   done
}

chk_system_tools(){
echo "Searching for required system tools ..."

RSYNC=`findcmd rsync`
MD5SUM=`findcmd md5sum`

if [ -z "$RSYNC" ]; then
  echo "Error: RSYNC not found";
  exit -1
fi

if [ -z "$MD5SUM" ]; then
  echo "Error: MD5SUM not found";
  exit -1
fi
}

sync_nvts (){
  echo "Synchonizing NVTs via RSYNC ..."

  mkdir -p "$NVT_DIR"
  eval "rsync -ltvrP \"$FEED\" \"$NVT_DIR\""
  if [ $? -ne 0 ] ; then
    echo "Error: rsync failed. Your NVT collection might be broken now."
    exit 1
  fi
  eval "cd \"$NVT_DIR\" ; md5sum -c --status \"$NVT_DIR/md5sums\""
  if [ $? -ne 0 ] ; then
    echo "Error: md5sums not correct. Your NVT collection might be broken now."
    echo "Please try this for details: cd \"$NVT_DIR\" ; md5sum -c \"$NVT_DIR/md5sums\" | less"
    exit 1
  fi

  echo "Synchronization successful."
}

# TODO: This does only sometimes work (if proper start/stop daemon was used)
# It should be made verbose and robust so that the user will know whether
# openvassd was restarted successfully or whether a failure occured.
restart_openvassd (){
  test -f /var/run/openvassd.pid && {
    pid=`cat /var/run/openvassd.pid`
    kill -1 $pid 2>/dev/null
  }
}

do_self_test ()
{
  RSYNC_AVAIL=`command -v rsync`
  if [[ -z $RSYNC_AVAIL ]] ; then
    SELFTEST_FAIL=1
    echo "The rsync binary could not be found." 1>&2
  fi
  MD5SUM_AVAIL=`command -v md5sum`
  if [[ -z $MD5SUM_AVAIL ]] ; then
    SELFTEST_FAIL=1
    echo "The md5sum binary could not be found." 1>&2
  fi
  eval "rsync -nqltvrP \"$FEED/md5sums\" \"$NVT_DIR\""
  if [ $? -ne 0 ] ; then
    SELFTEST_FAIL=1
    echo "Error: rsync failed." 1>&2
  fi
}

do_describe ()
{
  echo "This script synchronizes an NVT collection with the '$FEED_NAME'."
  echo "The '$FEED_NAME' is provided by '$FEED_PROVIDER'."
  echo "Online information about this feed: '$FEED_HOME'."
}

while test $# -gt 0; do
 case "$1" in
        --version)
                echo $VERSION
                exit 0
                ;;
        --identify)
                echo "NVTSYNC|$SCRIPT_NAME|$VERSION|$FEED_NAME|$RESTRICTED|NVTSYNC"
                exit 0
                ;;
        --selftest)
                SELFTEST_FAIL=0
                do_self_test
                exit $SELFTEST_FAIL
                ;;
        --describe)
                do_describe
                exit 0
                ;;
 esac
 shift
done

do_describe
echo " "
echo "Synchronizing into $NVT_DIR"
echo " "

chk_system_tools
sync_nvts
restart_openvassd

exit 0
