deineagenturug / greenbone-gvm-openvas-for-docker Goto Github PK

View Code? Open in Web Editor NEW

24.0 7.0 7.0 68.33 MB

The Greenbone Vulnerability Management (GVM) and OpenVAS Scanner for Docker!

License: MIT License

Dockerfile 16.56% Makefile 1.32% Shell 26.90% XSLT 54.92% JavaScript 0.30%

greenbone-gvm-openvas-for-docker's Introduction

Greenbone GVM & OpenVAS for Docker

We provide the best solution for the Greenbone Vulnerability Management.

In our Repo we (I) collect all GVM Stuff under one roof, so we can handel all the needs in a single repository.

You can find our Docker builds on docker: https://hub.docker.com/u/deineagenturug

Currently we provide this Images:

GVMD, OpenVAS Scanner, WebUI GSA/D

docker pull deineagenturug/gvm:latest           # no pre initialisation, no PDF Report support - normal used with volumes
docker pull deineagenturug/gvm:latest-full      # no pre initialisation, with PDF Report support - normal used with volumes
docker pull deineagenturug/gvm:latest-data      # pre initialisation, no PDF Report support - normal NOT used with volumes
docker pull deineagenturug/gvm:latest-data-full # pre initialisation, with PDF Report support - normal NOT used with volumes

OpenVAS Scanner only as sensor for i.e. DMZ usage

docker pull deineagenturug/openvas-scanner:latest

I know we have right now, not documented all the things that have changed, and will change in the next month, but I think we can already start with a solid base.

If you like to support our work you can do it via https://github.josef-froehle.de. Thank You!

greenbone-gvm-openvas-for-docker's People

Contributors

Stargazers

Watchers

Forkers

meetgyn twobombs tranphuquy19 z3dm4n eerov p3t3rp4rk3r hardzen

greenbone-gvm-openvas-for-docker's Issues

[Bug] AUTO_SYNC parameter is inconsistent with other parameters

Describe the bug
The "AUTO_SYNC" Parameter requires the variable to exactly be YES, otherwise, it will not be enabled.

To Reproduce
Steps to reproduce the behavior:

Start a container with "AUTO_SYNC" set to "true"
Observe that no connection to feed.community.greenbone.net happens, and running the sync script manually exits instantly
Kill the container
Restart a new container with "AUTO_SYNC" set to "YES", or unset
Observe that the container syncs normally now

Expected behavior
This is inconsistent with other variables, such as HTTPS or SSHD, which use 'true' instead
The default docker-compose.yml also contains AUTO_SYNC set to "true" instead of "YES".

Image in use:

[
    {
        "Id": "sha256:93b98fade5062160f2599319664584fed70c326d0b3adb249741d6d31b80183d",
        "RepoTags": [
            "deineagenturug/gvm:latest-full"
        ],
        "RepoDigests": [
            "deineagenturug/gvm@sha256:c2c60e5dd8df68d30e28843a007e6bb8b154a76b4a470e1d7b43809804823ddd"
        ],
        "Parent": "",
        "Comment": "buildkit.dockerfile.v0",
        "Created": "2022-04-04T21:16:42.23403662Z",
        "Container": "",
        "ContainerConfig": {
            "Hostname": "",
            "Domainname": "",
            "User": "",
            "AttachStdin": false,
            "AttachStdout": false,
            "AttachStderr": false,
            "Tty": false,
            "OpenStdin": false,
            "StdinOnce": false,
            "Env": null,
            "Cmd": null,
            "Image": "",
            "Volumes": null,
            "WorkingDir": "",
            "Entrypoint": null,
            "OnBuild": null,
            "Labels": null
        },
        "DockerVersion": "",
        "Author": "",
        "Config": {
            "Hostname": "",
            "Domainname": "",
            "User": "",
            "AttachStdin": false,
            "AttachStdout": false,
            "AttachStderr": false,
            "Tty": false,
            "OpenStdin": false,
            "StdinOnce": false,
            "Env": [
                "PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin",
                "POSTGRESQL_VERSION=13",
                "GSAD_VERSION=21.4.4",
                "GSA_VERSION=21.4.4",
                "GVM_LIBS_VERSION=21.4.4",
                "GVMD_VERSION=21.4.5",
                "OPENVAS_SCANNER_VERSION=21.4.4",
                "OPENVAS_SMB_VERSION=21.4.0",
                "PYTHON_GVM_VERSION=21.11.0",
                "OSPD_OPENVAS_VERSION=21.4.4",
                "GVM_TOOLS_VERSION=21.10.0",
                "SYSTEM_DIST=debian",
                "SUPVISD=supervisorctl",
                "USERNAME=admin",
                "PASSWORD=adminpassword",
                "PASSWORD_FILE=none",
                "TIMEOUT=15",
                "DEBUG=N",
                "RELAYHOST=smtp",
                "SMTPPORT=25",
                "AUTO_SYNC=YES",
                "AUTO_SYNC_ON_START=YES",
                "HTTPS=true",
                "CERTIFICATE=none",
                "CERTIFICATE_KEY=none",
                "TZ=Etc/UTC",
                "SSHD=false",
                "DB_PASSWORD=none",
                "DB_PASSWORD_FILE=none",
                "DEBIAN_FRONTEND=noninteractive",
                "LANG=en_US.UTF-8",
                "SETUP=0",
                "OPT_PDF=1",
                "LANGUAGE=en_US.UTF-8",
                "LC_ALL=en_US.UTF-8"
            ],
            "Cmd": [
                "/usr/bin/supervisord",
                "-n",
                "-c",
                "/etc/supervisord.conf"
            ],
            "ArgsEscaped": true,
            "Image": "",
            "Volumes": null,
            "WorkingDir": "",
            "Entrypoint": [
                "/opt/setup/scripts/entrypoint.sh"
            ],
            "OnBuild": null,
            "Labels": null
        },
        "Architecture": "amd64",
        "Os": "linux",
        "Size": 965144981,
        "VirtualSize": 965144981,
        "GraphDriver": {
            "Data": {
                "LowerDir": "/var/lib/docker/overlay2/0b143a79bbb8baba8626f54cc92280e5085fea548c7f08cd1dc51c8a797f09b5/diff:/var/lib/docker/overlay2/b2a1bacbfa3cec884004db0c50677d7d191cf35fad799407686eaea8d23a502a/diff:/var/lib/docker/overlay2/3b853913a901b8e81e5069a5f65803159a51906d6c004570ccb5a0a1c6b61207/diff:/var/lib/docker/overlay2/94ba03c7ed20639f10b0c6f7d50e5b7dba4dabac9b1799c095b4bdf187344092/diff:/var/lib/docker/overlay2/8c7252c6a544396529d2e81c69104534abcd73455bbd621fd97bef3a28b4f9f9/diff:/var/lib/docker/overlay2/63261b1bcc9e00a75b1d7c47ab8966680e3b905b344bc5646c013b0178dbb9d4/diff:/var/lib/docker/overlay2/ae01a0fa879f6864960c24c0b384edff135b4ee93749f4a21853876e0da5d8fe/diff:/var/lib/docker/overlay2/4aff15d288d69f6b8c135c6e13cfb768aec0f9596e1395e0fc77bce4d4ecdb0f/diff:/var/lib/docker/overlay2/4897efff72c3ed3ac7be27aeb8ab5ecb1f0c548524123b46ddf6725165cb687e/diff",
                "MergedDir": "/var/lib/docker/overlay2/e2f025b6a7b74354b0e17e893fdc93c197c5f8cb1f9be4aabd654d9783fa864d/merged",
                "UpperDir": "/var/lib/docker/overlay2/e2f025b6a7b74354b0e17e893fdc93c197c5f8cb1f9be4aabd654d9783fa864d/diff",
                "WorkDir": "/var/lib/docker/overlay2/e2f025b6a7b74354b0e17e893fdc93c197c5f8cb1f9be4aabd654d9783fa864d/work"
            },
            "Name": "overlay2"
        },
        "RootFS": {
            "Type": "layers",
            "Layers": [
                "sha256:608f3a074261105f129d707e4d9ad3d41b5baa94887f092b7c2857f7274a2fce",
                "sha256:dba9a9d326ff41d40374d80b4744f7ff1b92eabc38fb98624687ce5fc3d77f95",
                "sha256:c9751b15e693833f5f9bae8095f7da479f61f69eb46ffb63616268988dd06d9d",
                "sha256:8fd799d5fdf62138333617e9aaa47a794bdeab920b39ad2b01ad95a8f44e3807",
                "sha256:0169458c97dccd26028b459f993dc7d0c52d0e56e15ad6273ade503f0b53575b",
                "sha256:5803f7c8296e77576eca0ff1debc3e2646ac656ef3b7debd0ce91bb977df07ab",
                "sha256:fbbe20f7b55acd80eb478bcb6f971b89a0b92123d538b90176cba6100ed378b0",
                "sha256:2d3f877edc2f2d55e0018f97d6a3152664a13bbd085a45e4bc18dbc89d80f4dc",
                "sha256:3a8e777b35857f3631aa9e825a15724c6ceb0085475a6292464d9e3da7577cbd",
                "sha256:958715c7e3385b3206a2365b69038c95f4337f9f18923b1296bc6cdd63da9c36"
            ]
        },
        "Metadata": {
            "LastTagTime": "0001-01-01T00:00:00Z"
        }
    }
]

[Bug] E-Mail Alerting does not work.

Describe the bug

When I configure an e-mail alert under Configuration/Alerts and attach the alert to a task, no e-Mail is sent, when the task is completed.

postfix seems to be configured and is running - but without loggin capabilities.

[Bug] Postfix mail not working

Describe the bug
Mail cannot be sent from the container. The file /etc/postfix/main.cf is misconfigured

To Reproduce
Steps to reproduce the behavior:

Enter the container shell (docker exec -it gvm bash)
Install mailutils (apt update && apt install mailutils)
Send a test mail out (echo "Test"| mailx -s "test mail from container" your@email)
Mail never arrives
Check /var/log/mail.log and /var/log/mail.info there are errors

......warning: relayhost configuration problem
.......status=deferred (Host or domain name not found. Name service error for name=smtp type=MX: Host not found, try again)

Expected behavior
Mail should be sent to the email address specified in the mailx command

In /etc/postfix/main.cf relayhost is defined as:

relayhost = smtp:25
It should be defined as:

relayhost =

Also mynetworks is defined as:

mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128

Should add the docker network 172.17.0.0/24 to this:

mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128 172.17.0.0/24

Restart postfix (/etc/init.d/postfix restart)

And send the test mail again and it should work and no warning error about relayhost configuration and will see the test mail status is "sent"

[Bug] Volumes not working

Describe the bug
When using volume bindings, the initialization and updates are not working.

To Reproduce
Start GVM with this docker-compose.yml. All image variants have the same problem.

version: "3"
services:
    gvm:
        image: deineagenturug/gvm:latest-full
        #image: deineagenturug/gvm:latest-data-full
        #image: deineagenturug/gvm:latest
        volumes:
          - ./data-postgres:/opt/database
          - ./data-gvm:/var/lib/gvm
          - ./data-plugins:/var/lib/openvas/plugins
          - ./data-ssh:/etc/ssh
        environment:
          - USERNAME="admin"
          - PASSWORD="admin"
          - RELAYHOST="smtp"
          - SMTPPORT=25
          - AUTO_SYNC=true
          - HTTPS=true
          - TZ="UTC"
          - SSHD=false
          - DB_PASSWORD="none"
        ports:
          - "8080:9392"  # Web interface
          #- "2222:22"   # SSH for remote sensors
        restart: unless-stopped

Expected behavior
Container starts and initializes the database, like running

docker run --rm -p 8080:9392 deineagenturug/gvm:latest-data-full

Screenshots

# tail /var/log/gvm/gvmd.log
md   main:WARNING:2022-04-25 11h05.15 utc:732: The gvmd data feed directory /var/lib/gvm/data-objects/gvmd or one of its subdirectories does not exist.
md manage:WARNING:2022-04-25 11h05.15 utc:761: update_scap: No SCAP db present, rebuilding SCAP db from scratch
md manage:   INFO:2022-04-25 11h05.15 utc:762: OSP service has different VT status (version 0) from database (version (null), 0 VTs). Starting update ...
md manage:   INFO:2022-04-25 11h05.15 utc:763: Initializing CERT database
md manage:   INFO:2022-04-25 11h05.16 utc:762: Updating VTs in database ... 0 new VTs, 0 changed VTs
md manage:   INFO:2022-04-25 11h05.16 utc:762: Updating VTs in database ... done (0 VTs).
md manage:   INFO:2022-04-25 11h05.16 utc:761: update_scap: Updating data from feed
md manage:WARNING:2022-04-25 11h05.16 utc:761: update_scap_cpes: No CPE dictionary found at /var/lib/gvm/scap-data/official-cpe-dictionary_v2.2.xml
md   main:MESSAGE:2022-04-25 11h05.25 utc:773:    Greenbone Vulnerability Manager version 21.4.5 (DB revision 242)
md manage:   INFO:2022-04-25 11h05.25 utc:773:    Getting users.
md manage:MESSAGE:2022-04-25 11h05.25 utc:773: No SCAP database found
md   main:MESSAGE:2022-04-25 11h05.25 utc:777:    Greenbone Vulnerability Manager version 21.4.5 (DB revision 242)
md manage:   INFO:2022-04-25 11h05.25 utc:777:    Creating user.
md manage:MESSAGE:2022-04-25 11h05.25 utc:777: No SCAP database found
md   main:MESSAGE:2022-04-25 11h05.25 utc:781:    Greenbone Vulnerability Manager version 21.4.5 (DB revision 242)
md manage:   INFO:2022-04-25 11h05.25 utc:781:    Getting users.
md manage:MESSAGE:2022-04-25 11h05.25 utc:781: No SCAP database found
md   main:MESSAGE:2022-04-25 11h05.25 utc:785:    Greenbone Vulnerability Manager version 21.4.5 (DB revision 242)
md manage:   INFO:2022-04-25 11h05.25 utc:785:    Modifying setting.
md manage:MESSAGE:2022-04-25 11h05.25 utc:785: No SCAP database found
md   main:MESSAGE:2022-04-25 11h05.25 utc:789:    Greenbone Vulnerability Manager version 21.4.5 (DB revision 242)
md manage:   INFO:2022-04-25 11h05.25 utc:789:    Modifying scanner.
md manage:MESSAGE:2022-04-25 11h05.25 utc:789: No SCAP database found
md   main:MESSAGE:2022-04-25 11h05.25 utc:805:    Greenbone Vulnerability Manager version 21.4.5 (DB revision 242)
md manage:   INFO:2022-04-25 11h05.25 utc:805:    Modifying scanner.
md manage:MESSAGE:2022-04-25 11h05.25 utc:805: No SCAP database found
md manage:WARNING:2022-04-25 11h05.26 utc:827: update_scap: No SCAP db present, rebuilding SCAP db from scratch
md manage:   INFO:2022-04-25 11h05.26 utc:827: update_scap: Updating data from feed
md manage:WARNING:2022-04-25 11h05.26 utc:827: update_scap_cpes: No CPE dictionary found at /var/lib/gvm/scap-data/official-cpe-dictionary_v2.2.xml
md manage:WARNING:2022-04-25 11h05.36 utc:839: update_scap: No SCAP db present, rebuilding SCAP db from scratch
md manage:   INFO:2022-04-25 11h05.36 utc:839: update_scap: Updating data from feed
md manage:WARNING:2022-04-25 11h05.36 utc:839: update_scap_cpes: No CPE dictionary found at /var/lib/gvm/scap-data/official-cpe-dictionary_v2.2.xml
md manage:WARNING:2022-04-25 11h05.46 utc:852: update_scap: No SCAP db present, rebuilding SCAP db from scratch
md manage:   INFO:2022-04-25 11h05.46 utc:852: update_scap: Updating data from feed
md manage:WARNING:2022-04-25 11h05.46 utc:852: update_scap_cpes: No CPE dictionary found at /var/lib/gvm/scap-data/official-cpe-dictionary_v2.2.xml

Host Device:

OS: Debian 11
Version: Docker version 20.10.14, build a224086

Image in use:

Self build? - No

Output from docker image ls deineagenturug/gvm :

docker image ls deineagenturug/gvm
REPOSITORY           TAG                IMAGE ID       CREATED       SIZE
deineagenturug/gvm   latest-data-full   c4d21b815e60   2 weeks ago   5.68GB
deineagenturug/gvm   latest-full        93b98fade506   2 weeks ago   965MB
deineagenturug/gvm   latest               701b1aaeb107   2 weeks ago    676MB

Additional context
Add any other context about the problem here.

[Enhancement] Support more arch

Build postgres from source if arch is not available see
https://github.com/docker-library/postgres/tree/master/13/bullseye

New Releases available

Hi,

there are new releases of the following projects:

GVMD_VERSION=v22.4.0
GSA_VERSION=v22.4.0
GSAD_VERSION=v22.4.0
GVM_LIBS_VERSION=v22.4.0
GVM_TOOLS_VERSION=v22.9.0
OSPD_OPENVAS_VERSION=v22.4.2
OPENVAS_SCANNER_VERSION=v22.4.0
OPENVAS_SMB_VERSION=v22.4.0
PYTHON_GVM_VERSION=v22.9.1

[Bug] Manual Update greenbone-nvt-sync permission Problems...:

A manual Update as user 'gvm' gives permission problems:

greenbone-nvt-sync


         10,603 100%   24.89kB/s    0:00:00 (xfr#82977, ir-chk=4674/88717)
rsync: [receiver] mkstemp "/var/lib/openvas/plugins/2021/suse/.gb_sles_2018_2333_1.nasl.k9pcXK" failed: Permission denied (13)
         17,659 100%   41.45kB/s    0:00:00 (xfr#82978, ir-chk=4673/88717)
rsync: [receiver] mkstemp "/var/lib/openvas/plugins/2021/suse/.gb_sles_2018_2335_1.nasl.I5D9KL" failed: Permission denied (13)
          5,702 100%   13.39kB/s    0:00:00 (xfr#82979, ir-chk=4672/88717)
rsync: [receiver] mkstemp "/var/lib/openvas/plugins/2021/suse/.gb_sles_2018_2336_1.nasl.0nVqIK" failed: Permission denied (13)
          4,917 100%   11.54kB/s    0:00:00 (xfr#82980, ir-chk=4671/88717)
rsync: [receiver] mkstemp "/var/lib/openvas/plugins/2021/suse/.gb_sles_2018_2337_1.nasl.b4SdIH" failed: Permission denied (13)
         16,725 100%   39.26kB/s    0:00:00 (xfr#82981, ir-chk=4670/88717)
rsync: [receiver] mkstemp "/var/lib/openvas/plugins/2021/suse/.gb_sles_2018_2338_1.nasl.4z9ZiJ" failed: Permission denied (13)
          5,321 100%   12.49kB/s    0:00:00 (xfr#82982, ir-chk=4669/88717)
rsync: [receiver] mkstemp "/var/lib/openvas/plugins/2021/suse/.gb_sles_2018_2339_1.nasl.cDgJvH" failed: Permission denied (13)
         18,435 100%   43.28kB/s    0:00:00 (xfr#82983, ir-chk=4668/88717)
rsync: [receiver] mkstemp "/var/lib/openvas/plugins/2021/suse/.gb_sles_2018_2339_2.nasl.30fMTK" failed: Permission denied (13)
          3,663 100%    8.58kB/s    0:00:00 (xfr#82984, ir-chk=4667/88717)
rsync: [receiver] mkstemp "/var/lib/openvas/plugins/2021/suse/.gb_sles_2018_2340_1.nasl.iAFubK" failed: Permission denied (13)
          7,708 100%   18.05kB/s    0:00:00 (xfr#82985, ir-chk=4666/88717)
rsync: [receiver] mkstemp "/var/lib/openvas/plugins/2021/suse/.gb_sles_2018_2341_1.nasl.uXYHlK" failed: Permission denied (13)
          4,195 100%    9.82kB/s    0:00:00 (xfr#82986, ir-chk=4665/88717)
rsync: [receiver] mkstemp "/var/lib/openvas/plugins/2021/suse/.gb_sles_2018_2342_1.nasl.INjEII" failed: Permission denied (13)
          4,195 100%    9.82kB/s    0:00:00 (xfr#82987, ir-chk=4664/88717)
rsync: [receiver] mkstemp "/var/lib/openvas/plugins/2021/suse/.gb_sles_2018_2344_1.nasl.cu9qHI" failed: Permission denied (13)
          8,788 100%   20.58kB/s    0:00:00 (xfr#82988, ir-chk=4663/88717)
rsync: [receiver] mkstemp "/var/lib/openvas/plugins/2021/suse/.gb_sles_2018_2344_2.nasl.kF5IkI" failed: Permission denied (13)
          8,501 100%   19.91kB/s    0:00:00 (xfr#82989, ir-chk=4662/88717)
rsync: [receiver] mkstemp "/var/lib/openvas/plugins/2021/suse/.gb_sles_2018_2345_1.nasl.oEupRK" failed: Permission denied (13)
          4,195 100%    9.82kB/s    0:00:00 (xfr#82990, ir-chk=4661/88717)

I think a greenbone-scapdata-sync and greenbone-certdata-sync results in the same problem.
It seems the script has been somewhere run as root, not as the approprioate user instead.

[Bug] Release postponed: image with postfix cannot be built - /etc/hosts read-only

Currently it is not possible to build the container image, because we can't change the /etc/hosts with docker buildx build.

I am in the process of finding an alternative that will provide us with the actual functionality with a relayhost.

I will probably go for nullmailer if it meets the requirements and I don't encounter any problems with it in my tests.

Sorry for the delays, but I am already in the process of changing the build system to buildah, as it provides more features and possibilities.

Documentation Enhancement Request - docker run - add logging options

Would like to propose including in the "docker run" sample on the documentation page:

--log-opt max-size=100m --log-opt max-file=5

and maybe a "tune the logging values to suit your requirements"?

Thank you

WIKI: FAQ - SSL Certificate Instruction Typo

FAQ\Question 8 - How can I use my own SSL Certificate?

Solution #2 It States:

CERTIFICATE=/secrets/ssl/MY_SSL_CERT.key

Should READ:
CERTIFICATE_KEY=/secrets/ssl/MY_SSL_CERT.key

[Enhancement] Support rsync mirroring

Is your feature request related to a problem? Please describe.
Synchronizing feeds can often be a problem when in severely restricted networks, some network administrators may also be uncomfortable permanently having a server outbound connection open to a third party.

The greenbone feeds also have strict restrictions, such as only allowing a single sync at a time, restricting sync speed, temp-banning IPs that sync too often.

Describe the solution you'd like
Gated behind an environment variable, such as "RSYNC" or "PROXY_FEED", the master scanner could publish the data it previously synced via rsync, either

through the regular port 873
through the existing SSH socket, which would allow a single port to be used for "everything" openvas needs.

Additional context
Rsync sends things through cleartext by default, and I don't think it pins servers either.

To test this, you can use the "--add-host" or "extra_hosts" parameters to redirect feed.community.greenbone.net to a custom server.

Legacy/existing openvas scanners can already do the above to point to a custom server for feed updates.

It looks like it's possible to only allow rsync through ssh, however this is saved in the authorized_keys file, so toggling the environment variable won't necessarily disable rsync: https://serverfault.com/a/965929

[Bug] rsyslogd needs wrapper

rsyslogd needs a wrapper to remove old pid files

also it should cleared on build - which prevents currently the start of rsyslogd

Build with buildah: we need Capabilities and more settings!

To prevent the problems on execution of the openvas scanner, we need to build the container with caps support.
This is only possible with buildah. Currently I was not able to find any other build tool, that support caps on build. Which prevents with correct caps settings inside the container the successful build of the release images.

openvas binary need to use NET_RAW and NET_ADMIN caps to record network activities. So we need to set them in the container, which will also need to setup the container later on user side correct.

Points:

Container need to run in Network mode: host, ipvlan or macvlan (maybe other are supported to) - we need out own IP where we listen to all PORTS by default and no bridge
Container need to run with caps: NET_RAW, NET_ADMIN
SecOpts: unconfined for seccomp, apparmor (thats what I have tested)
Hostname + Domainname needed for the Container

Error on Report pages

I found this error "An internal error occurred while getting resources list. The current list of resources is not available. Diagnostics: Failure to receive response from manager daemon."

Please help to suggest me.

Todo: check all dependencies

https://community.greenbone.net/t/hint-verify-the-availability-of-scanner-helper-tools-of-your-gse-source-package-installation/1358

Check if we have all packages installed that we need, to use all checks.

[Bug]Little bug on Variables documentation

Hi, on the documentation about variables there'is a little error: default value for AUTO_SYNC is set to "TRUE"; nevertheless, rsync script uses, as 'if' statement check, "YES"; if users install docker with standard configuration file, feeds aren't automatically synchronized on startup

Need help on Distributed setup GVM, OpenVas, GSA, Postgresql, GVM API

Hi @Dexus ,

I was going through different repos present here, I am looking for Distributed setup of Openvas, GVM, GSA, Postgres, GVM API with remote Scanner Supported approach.

I need common postgres database which would be used by remote scanners, so after finishing the scan, remotescanner can be shutdown/disposed but reports,logs should be stored on common postgres database, so with master GVM we can access logs,reports for future reference.

like I am looking for everything distributed with common database and with API support so we can access any component via API as well.

Could you please let me know which Exact docker images Commands I need to follow with latest images. I gone through documentation but not seems very clear . If you give small step by step guide document example will be very helpful.

Thanks in advance.

[Bug] Not able to Open UI

Describe the bug
I got the latest version of deineagenturug/gvm:latest-data and then run it like this:

docker run --detach --publish 8080:9392 --publish 5432:5432 --publish 2222:22 --env DB_PASSWORD="" --env PASSWORD="" --name gvm deineagenturug/gvm:latest-data

I am not able to open the UI localhost:8080 (127.0.0.1). The site can't be reached

To Reproduce
Steps to reproduce the behavior:

Go to '...'
Click on '....'
Scroll down to '....'
See error

Expected behavior
Able to open the UI

Screenshots
If applicable, add screenshots to help explain your problem.

Host Device:

OS: Mac OS
Version: Monterey 12.2.1

Image in use:

Self build? Nope
Output from docker image inspect <image> :

# docker image inspect <image> 

[
    {
        "Id": "sha256:71dd38f24dc5a6f72e95719215f8f10c07f38913e117c199173a38c91d7e94e7",
        "RepoTags": [
            "deineagenturug/gvm:latest-data"
        ],
        "RepoDigests": [
            "deineagenturug/gvm@sha256:1d5957a687283eb55d889b8dbadf83a429f90e7add0b255d9f35f31358b3eecd"
        ],
        "Parent": "",
        "Comment": "buildkit.dockerfile.v0",
        "Created": "2022-04-27T15:46:14.017140645Z",
        "Container": "",
        "ContainerConfig": {
            "Hostname": "",
            "Domainname": "",
            "User": "",
            "AttachStdin": false,
            "AttachStdout": false,
            "AttachStderr": false,
            "Tty": false,
            "OpenStdin": false,
            "StdinOnce": false,
            "Env": null,
            "Cmd": null,
            "Image": "",
            "Volumes": null,
            "WorkingDir": "",
            "Entrypoint": null,
            "OnBuild": null,
            "Labels": null
        },
        "DockerVersion": "",
        "Author": "",
        "Config": {
            "Hostname": "",
            "Domainname": "",
            "User": "",
            "AttachStdin": false,
            "AttachStdout": false,
            "AttachStderr": false,
            "Tty": false,
            "OpenStdin": false,
            "StdinOnce": false,
            "Env": [
                "PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin",
                "POSTGRESQL_VERSION=13",
                "GSAD_VERSION=21.4.4",
                "GSA_VERSION=21.4.4",
                "GVM_LIBS_VERSION=21.4.4",
                "GVMD_VERSION=21.4.5",
                "OPENVAS_SCANNER_VERSION=21.4.4",
                "OPENVAS_SMB_VERSION=21.4.0",
                "PYTHON_GVM_VERSION=21.11.0",
                "OSPD_OPENVAS_VERSION=21.4.4",
                "GVM_TOOLS_VERSION=21.10.0",
                "SYSTEM_DIST=debian",
                "SUPVISD=supervisorctl",
                "USERNAME=admin",
                "PASSWORD=adminpassword",
                "PASSWORD_FILE=none",
                "TIMEOUT=15",
                "DEBUG=N",
                "RELAYHOST=smtp",
                "SMTPPORT=25",
                "AUTO_SYNC=YES",
                "AUTO_SYNC_ON_START=YES",
                "HTTPS=true",
                "CERTIFICATE=none",
                "CERTIFICATE_KEY=none",
                "TZ=Etc/UTC",
                "SSHD=false",
                "DB_PASSWORD=none",
                "DB_PASSWORD_FILE=none",
                "DEBIAN_FRONTEND=noninteractive",
                "LANG=en_US.UTF-8",
                "SETUP=0",
                "OPT_PDF=0",
                "LANGUAGE=en_US.UTF-8",
                "LC_ALL=en_US.UTF-8"
            ],
            "Cmd": [
                "/usr/bin/supervisord",
                "-n",
                "-c",
                "/etc/supervisord.conf"
            ],
            "ArgsEscaped": true,
            "Image": "",
            "Volumes": null,
            "WorkingDir": "",
            "Entrypoint": [
                "/opt/setup/scripts/entrypoint.sh"
            ],
            "OnBuild": null,
            "Labels": null
        },
        "Architecture": "amd64",
        "Os": "linux",
        "Size": 5417967060,
        "VirtualSize": 5417967060,
        "GraphDriver": {
            "Data": {
                "LowerDir": "/var/lib/docker/overlay2/cc122259c786f191ef0f7ca39cb56156c39cc453a9fc182cf1a0201d192a821f/diff:/var/lib/docker/overlay2/49d8decaceaa640d06f2f5a36e2ee8806a84f26054c09bdac944ab675efd4d33/diff:/var/lib/docker/overlay2/ea2d0b3b8d4e2b482ae1bd05fc653d76a9760b6f990caaed24abab22d73152e7/diff:/var/lib/docker/overlay2/b5fec6969aa33ec0f1575de68421118b2a529f44f336cececffc02112a60e397/diff:/var/lib/docker/overlay2/ff4e37d868bcaa3bfd1258d052a8cb7bbda7ebe911d25a39a39e2beb91506431/diff:/var/lib/docker/overlay2/f264b11ba4f846087f040aaeac35c9ddeeaa7869b1b54acbae6999d0f85c9cf0/diff:/var/lib/docker/overlay2/481a20828cca7a1d2cabf9e306611a7d930a78e8307d1834710ab5bde6503663/diff:/var/lib/docker/overlay2/41a65b4d0f96b7a00118c88c6e5a45986adeb9d6bd733fd4594122fce885ca9c/diff:/var/lib/docker/overlay2/cc6b150b9033c1cb28651ba179404f91ba3570efa20bbdedd15a7d3718e83d21/diff",
                "MergedDir": "/var/lib/docker/overlay2/4f1cce93208f6a36ebb9409bc7f79a873d469b24b6595a630dcf57601ff90c99/merged",
                "UpperDir": "/var/lib/docker/overlay2/4f1cce93208f6a36ebb9409bc7f79a873d469b24b6595a630dcf57601ff90c99/diff",
                "WorkDir": "/var/lib/docker/overlay2/4f1cce93208f6a36ebb9409bc7f79a873d469b24b6595a630dcf57601ff90c99/work"
            },
            "Name": "overlay2"
        },
        "RootFS": {
            "Type": "layers",
            "Layers": [
                "sha256:9c1b6dd6c1e6be9fdd2b1987783824670d3b0dd7ae8ad6f57dc3cea5739ac71e",
                "sha256:dba9a9d326ff41d40374d80b4744f7ff1b92eabc38fb98624687ce5fc3d77f95",
                "sha256:c9751b15e693833f5f9bae8095f7da479f61f69eb46ffb63616268988dd06d9d",
                "sha256:8fd799d5fdf62138333617e9aaa47a794bdeab920b39ad2b01ad95a8f44e3807",
                "sha256:0169458c97dccd26028b459f993dc7d0c52d0e56e15ad6273ade503f0b53575b",
                "sha256:3afba846ae287f5342702f24a869fe7f03513b7bfda56de14df59a73e8f21298",
                "sha256:c544470dd794d964bd976427b647d1378ef364ee92a9bcfbd887020dd5a817e8",
                "sha256:0e29b87da527fbdf5c02e1a7590fabeb229709d8e3c2b8fd8408eace93f193d6",
                "sha256:9ac68f23b00c22abf48d113d3d85b1016bfc2c2edf1e7a20c57cb69ebd17f4be",
                "sha256:357f83b244106b1e812c08cf05f9498103c7dfef2d6b59ead964db6edc3cc259"
            ]
        },
        "Metadata": {
            "LastTagTime": "0001-01-01T00:00:00Z"
        }
    }
]

Additional context
Add any other context about the problem here.

[Enhancement] Migration from official securecompliance/gvm image

Describe the solution you'd like
Many folks, including myself, are using the official but outdated image securecompliance/gvm. It would be nice to be able to switch from that image to this more actively developed one.

When using deineagenturug/gvm:latest-data-full as a drop in replacement for securecompliance/gvm:debian-master-data there are problems with PostgreSQL. Likely because of the version differences.

A check on first start and migration would be really excellent. Failing that - a method to migrate existing data would be great.

ALSO - I'm capable and willing to clone and send pull requests if you can give me a basic overview of how the check/migration should work. At this point its not clear and I'd need to get up to speed before attempting to contribute changes.

[Bug] PDF Reports

Describe the bug
A upstream bug, that lets not create PDF if you not use the default report settings.

To Reproduce
Steps to reproduce the behavior:
...

Expected behavior
Create PDF with all kind of settings.

Screenshots

WORKING:

NOT WORKING:

Image in use:
current latest

Additional
GB Ticket: AP-1987

Upgrade local DB (help wanted)

Hi, just noticed this:

local_db_upgrade_image_build.sh

Is this for upgrading the db from 12 to 13? If so, how do I call it to upgrade my old dbs?

Apologies if this has been covered, was looking at the wiki but couldn't find anything on this.

Thank you.

New Releases available

Hi,

there are new releases of the following projects:

GVMD_VERSION=v21.4.5
GSA_VERSION=v21.4.4
GSAD_VERSION=v21.4.4
GVM_LIBS_VERSION=v21.4.4
GVM_TOOLS_VERSION=v21.10.0
OSPD_OPENVAS_VERSION=v21.4.4
OPENVAS_SCANNER_VERSION=v21.4.4
OPENVAS_SMB_VERSION=v21.4.0
PYTHON_GVM_VERSION=v21.11.0

ToDo: Postgresql settings JIT

https://community.greenbone.net/t/everything-works-but-i-cant-see-any-report/5875/21

[Enhancement] Does not work behind a proxy

Is your feature request related to a problem? Please describe.
The image does not function when located behind a proxy. Tried providing RSYNC_PROXY, HTTP_PROXY and HTTPS_PROXY env variables on the docker run line but they were not used and the image fails to start with multiple errors...

Unable to connect to deb.debian.org:http: Err:4 http://apt.postgresql.org/pub/repos/apt bullseye-pgdg InRelease Could not connect to apt.postgresql.org:80 (147.75.85.69)

Describe the solution you'd like
Provide proxy functionality.

[Enhancement] Enable HTTP Strict Transport Security for gsad-https and gsad-https-owncert commands in supervisord.conf

Is your feature request related to a problem? Please describe.
Not a problem, but a security enhancement. When 'gsad-https' and 'gsad-https-owncert' is called from start.sh (referencing commands in /opt/setup/config/supervisord.conf) it is started without enabling HTTP Strict Transport Security "--http-sts" (defaults to 31536000).

Describe the solution you'd like
Add the "--http-sts" to the commands for 'gsad-https' and 'gsad-https-owncert' in /opt/setup/config/supervisord.conf

Describe alternatives you've considered
NA

Additional context
NA

CSV Result limit

Hi,

I have a problem my stacks, I'm missing some results, is this repo fixed this problem https://community.greenbone.net/t/exported-reports-missing-most-of-the-results/2876 ?

[Security] apt packages downloaded over http (tcp:80) are not encrypted.

Describe the bug
apt packages downloaded over http (tcp:80) are not encrypted.

To Reproduce
Steps to reproduce the behavior:

Start the container.
Watch the logs.
Note multiple connections to http only apt servers instead of the https versions.

Expected behavior
Use https instead of http to download components into the running container.

deineagenturug / greenbone-gvm-openvas-for-docker Goto Github PK

greenbone-gvm-openvas-for-docker's Introduction

Greenbone GVM & OpenVAS for Docker

GVMD, OpenVAS Scanner, WebUI GSA/D

OpenVAS Scanner only as sensor for i.e. DMZ usage

greenbone-gvm-openvas-for-docker's People

Contributors

Stargazers

Watchers

Forkers

greenbone-gvm-openvas-for-docker's Issues

Recommend Projects

Recommend Topics

Recommend Org