secure-compliance-solutions-llc / openvas-docker Goto Github PK

A Docker Image For the Open Vulnerability Assessment Scanner (OpenVAS)

Home Page: https://securecompliance.gitbook.io/projects/openvas_image

License: MIT License

Dockerfile 26.00% Shell 64.73% Makefile 9.27%

openvas scanner vulnerabilities vulnerability-scanners docker-image security security-tools cybersecurity cyber-security docker

openvas-docker's Introduction

End of Life - Repository Deprecated

Important Notice: This repository is no longer actively maintained or supported. No further issues or pull requests will be considered or approved. The content provided here is for historical reference only.

Greenbone Community Containers

The Greenbone community has worked to release Greenbone Community Containers. v22.4 made several major changes including the introduction of the MQTT broker and Notus scanner. That project doesn't necessarily work the same way as this and it doesn't support remote scanners, but we strongly recommend using the most recent version of GVM instead of this project.

Thank You

Thank you contributors and Greenbone community. Your dedication, feedback, and contributions have been invaluable.

- SCS

OpenVAS with OSPd Docker Image

This image is designed for use with our GVM image located here: GVM-Docker

Latest Version: 21.4.0

Tag	Description
latest	Latest stable version
{version}	Specific stable version
master	Latest development build

openvas-docker's People

Contributors

Stargazers

Watchers

Forkers

wh330 digitallabsindra synth3sis hardzen markdesilva thecomet28 dexus-forks austinsonger brinhosa karnamonkster venditokft

openvas-docker's Issues

[Enhancement] Squid proxy for restricted environments

Certain restricted environments have no internet connectivity and updating the image is problematic in those environments with rsync.

The OpenVAS image could use the existing SSH tunnel (forward a local port next to the unix socket) to access a Squid proxy running on the main GVM instance. Starting the proxy would be optional and in case it is not started, it wouldn't be possible to access it from the OpenVAS.

Standalone proxy could be also utilized with extra work, but this way only a single SSH connection is required for those restricted environments.

Interrupted at 98 % or 99%

1 When I use this image, the scans is interruped at 98%.
2 The container doesn't start the ./connect.sh, I have to open the container console and type nohup ./connect.sh &

Scanners disconnect and loose service at random intervals

I have a few remote scanners that we have deployed to different environments but they all operate on Ubuntu 20.04. Recently, we have been seeing many remote scanners that we have deployed disconnecting from the GVM11 control system. We can usually get it reconnected by restarting the docker image but it fails after a random time again. Can anyone help cause we are constantly having to restart it and scans are not running.

[Bug] Outdated libraries with latest scanner?

**** Before you open a bug issue, please read the documentation. If you do not find an answer to your problem there, please look in the issues that have already been closed. Only if you still have not found an answer to your problem should you open a new issue. ****
** https://securecompliance.gitbook.io/projects/openvas-greenbone-deployment-full-guide **

Describe the bug
Keep getting this in the scans even though I have pulled latest v21.4.2-v1 (latest):

Installed GVM Libraries (gvm-libs) version: 21.4.2
Latest available GVM Libraries (gvm-libs) version: 21.4.3
Reference URL(s) for the latest available version: https://community.greenbone.net/t/gvm-21-04-stable-initial-release-2021-04-16/8942

To Reproduce
Steps to reproduce the behavior:

Start scan and wait for it to finish
Check reports

Expected behavior
No outdated scan warning

Screenshots
If applicable, add screenshots to help explain your problem.

Host Device:

OS: ubuntu
Version: 20.04.3

Image in use:

Self build? No
Output from docker image inspect <image> :

# docker image inspect <image> 
[
    {
        "Id": "7fc5f0eec418ba1c92e7ac0e85055a4decc5f52d099f3943a56ce1528fed7426",
        "Created": "2021-11-14T15:50:11.91352155Z",
        "Path": "/entrypoint.sh",
        "Args": [
            "/usr/bin/supervisord",
            "-n",
            "-c",
            "/etc/supervisord.conf"
        ],
        "State": {
            "Status": "running",
            "Running": true,
            "Paused": false,
            "Restarting": false,
            "OOMKilled": false,
            "Dead": false,
            "Pid": 328313,
            "ExitCode": 0,
            "Error": "",
            "StartedAt": "2021-11-14T15:56:02.161698899Z",
            "FinishedAt": "2021-11-14T15:56:01.718600022Z"
        },
        "Image": "sha256:abca2f3c23f33aef395e122d350c96572ad85919ee013d0d9c4096b8b10e8504",
        "ResolvConfPath": "/var/lib/docker/containers/7fc5f0eec418ba1c92e7ac0e85055a4decc5f52d099f3943a56ce1528fed7426/resolv.conf",
        "HostnamePath": "/var/lib/docker/containers/7fc5f0eec418ba1c92e7ac0e85055a4decc5f52d099f3943a56ce1528fed7426/hostname",
        "HostsPath": "/var/lib/docker/containers/7fc5f0eec418ba1c92e7ac0e85055a4decc5f52d099f3943a56ce1528fed7426/hosts",
        "LogPath": "/var/lib/docker/containers/7fc5f0eec418ba1c92e7ac0e85055a4decc5f52d099f3943a56ce1528fed7426/7fc5f0eec418ba1c92e7ac0e85055a4decc5f52d099f3943a56ce1528fed7426-json.log",
        "Name": "/scanner",
        "RestartCount": 0,
        "Driver": "overlay2",
        "Platform": "linux",
        "MountLabel": "",
        "ProcessLabel": "",
        "AppArmorProfile": "docker-default",
        "ExecIDs": null,
        "HostConfig": {
            "Binds": [
                "/root/storage/openvas-plugins:/var/lib/openvas/plugins"
            ],
            "ContainerIDFile": "",
            "LogConfig": {
                "Type": "json-file",
                "Config": {}
            },
            "NetworkMode": "default",
            "PortBindings": {},
            "RestartPolicy": {
                "Name": "always",
                "MaximumRetryCount": 0
            },
            "AutoRemove": false,
            "VolumeDriver": "",
            "VolumesFrom": null,
            "CapAdd": null,
            "CapDrop": null,
            "CgroupnsMode": "host",
            "Dns": [],
            "DnsOptions": [],
            "DnsSearch": [],
            "ExtraHosts": null,
            "GroupAdd": null,
            "IpcMode": "private",
            "Cgroup": "",
            "Links": null,
            "OomScoreAdj": 0,
            "PidMode": "",
            "Privileged": false,
            "PublishAllPorts": false,
            "ReadonlyRootfs": false,
            "SecurityOpt": null,
            "UTSMode": "",
            "UsernsMode": "",
            "ShmSize": 67108864,
            "Runtime": "runc",
            "ConsoleSize": [
                0,
                0
            ],
            "Isolation": "",
            "CpuShares": 0,
            "Memory": 0,
            "NanoCpus": 0,
            "CgroupParent": "",
            "BlkioWeight": 0,
            "BlkioWeightDevice": [],
            "BlkioDeviceReadBps": null,
            "BlkioDeviceWriteBps": null,
            "BlkioDeviceReadIOps": null,
            "BlkioDeviceWriteIOps": null,
            "CpuPeriod": 0,
            "CpuQuota": 0,
            "CpuRealtimePeriod": 0,
            "CpuRealtimeRuntime": 0,
            "CpusetCpus": "",
            "CpusetMems": "",
            "Devices": [],
            "DeviceCgroupRules": null,
            "DeviceRequests": null,
            "KernelMemory": 0,
            "KernelMemoryTCP": 0,
            "MemoryReservation": 0,
            "MemorySwap": 0,
            "MemorySwappiness": null,
            "OomKillDisable": false,
            "PidsLimit": null,
            "Ulimits": null,
            "CpuCount": 0,
            "CpuPercent": 0,
            "IOMaximumIOps": 0,
            "IOMaximumBandwidth": 0,
            "MaskedPaths": [
                "/proc/asound",
                "/proc/acpi",
                "/proc/kcore",
                "/proc/keys",
                "/proc/latency_stats",
                "/proc/timer_list",
                "/proc/timer_stats",
                "/proc/sched_debug",
                "/proc/scsi",
                "/sys/firmware"
            ],
            "ReadonlyPaths": [
                "/proc/bus",
                "/proc/fs",
                "/proc/irq",
                "/proc/sys",
                "/proc/sysrq-trigger"
            ]
        },
        "GraphDriver": {
            "Data": {
                "LowerDir": "/var/lib/docker/overlay2/43ea511028d3b6252ea22ad84186ddefa35618598b82f16a09e6ca2ae2dba6f3-init/diff:/var/lib/docker/overlay2/7f51246a194901f5af1916c26b28f2eda79cc2689ee73e0df54f55194829aefb/diff:/var/lib/docker/overlay2/f180d6f7a914b32f68f44a9a3e75e63718dd7bd1861e5161d13ba23a991d4499/diff:/var/lib/docker/overlay2/a16562ba033f53be93c3937c0d8d2af4d50babeb3350db66b80973edba77349f/diff:/var/lib/docker/overlay2/91d32276bd981b1143887e1b11ac920f99ec27b0c02b0741e42dd7fafb105f5e/diff:/var/lib/docker/overlay2/f7ff5901db096c8cb8a0884f937f3e37c964ca5f28d231e1334788ba68529f5b/diff:/var/lib/docker/overlay2/652a6769ed353f18c35d62acbee3bb7f9caadeaa88ffc0981c5bb5c36da96252/diff:/var/lib/docker/overlay2/f09fd3d8f5620235d17ecc58b76851fd8e131c579418a4a6161f6c7f1ffa1cbc/diff:/var/lib/docker/overlay2/ac92e81eb1f5ab148725c5a9cb2d6746e6572143a36d21630da13fa85d766330/diff:/var/lib/docker/overlay2/5ad14d3fafcfeabaf529dd4fcbd9d68b4da6241ccf29b5561791fc8f304f92a0/diff:/var/lib/docker/overlay2/01aea369860a1100f88dd7cd1db980ee5915e5a62199f059b7b89761b5cfa741/diff",
                "MergedDir": "/var/lib/docker/overlay2/43ea511028d3b6252ea22ad84186ddefa35618598b82f16a09e6ca2ae2dba6f3/merged",
                "UpperDir": "/var/lib/docker/overlay2/43ea511028d3b6252ea22ad84186ddefa35618598b82f16a09e6ca2ae2dba6f3/diff",
                "WorkDir": "/var/lib/docker/overlay2/43ea511028d3b6252ea22ad84186ddefa35618598b82f16a09e6ca2ae2dba6f3/work"
            },
            "Name": "overlay2"
        },
        "Mounts": [
            {
                "Type": "bind",
                "Source": "/root/storage/openvas-plugins",
                "Destination": "/var/lib/openvas/plugins",
                "Mode": "",
                "RW": true,
                "Propagation": "rprivate"
            },
            {
                "Type": "volume",
                "Name": "bcc8423701c58b4fd43c3bdedfacabb11c7e16d1b60c774b6003520ddfcfabf6",
                "Source": "/var/lib/docker/volumes/bcc8423701c58b4fd43c3bdedfacabb11c7e16d1b60c774b6003520ddfcfabf6/_data",
                "Destination": "/var/lib/gvm",
                "Driver": "local",
                "Mode": "",
                "RW": true,
                "Propagation": ""
            }
        ],
        "Config": {
            "Hostname": "7fc5f0eec418",
            "Domainname": "",
            "User": "",
            "AttachStdin": false,
            "AttachStdout": false,
            "AttachStderr": false,
            "Tty": false,
            "OpenStdin": false,
            "StdinOnce": false,
            "Env": [
                "MASTER_ADDRESS=xxx.xxx.xxx.xxx",
                "MASTER_PORT=2222",
                "PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin",
                "SUPVISD=supervisorctl",
                "DEBUG=N",
                "AUTOSSH_DEBUG=0",
                "TZ=UTC",
                "SETUP=0"
            ],
            "Cmd": [
                "/usr/bin/supervisord",
                "-n",
                "-c",
                "/etc/supervisord.conf"
            ],
            "Image": "securecompliance/openvas:latest",
            "Volumes": {
                "/var/lib/gvm": {},
                "/var/lib/openvas/plugins": {}
            },
            "WorkingDir": "",
            "Entrypoint": [
                "/entrypoint.sh"
            ],
            "OnBuild": null,
            "Labels": {
                "org.opencontainers.image.created": "2021-08-09T20:27:03.241Z",
                "org.opencontainers.image.description": "A Docker Image For the Open Vulnerability Assessment Scanner (OpenVAS)",
                "org.opencontainers.image.licenses": "MIT",
                "org.opencontainers.image.revision": "3e43555d89ce0cc19f2a3d2cb97ef0be94fbd546",
                "org.opencontainers.image.source": "https://github.com/Secure-Compliance-Solutions-LLC/OpenVAS-Docker",
                "org.opencontainers.image.title": "OpenVAS-Docker",
                "org.opencontainers.image.url": "https://github.com/Secure-Compliance-Solutions-LLC/OpenVAS-Docker",
                "org.opencontainers.image.version": "21.4.2-v1"
            }
        },
        "NetworkSettings": {
            "Bridge": "",
            "SandboxID": "b7a1212ce262095374dc3a7f294af6871f4df357a13113e972001f2d766b3499",
            "HairpinMode": false,
            "LinkLocalIPv6Address": "",
            "LinkLocalIPv6PrefixLen": 0,
            "Ports": {},
            "SandboxKey": "/var/run/docker/netns/b7a1212ce262",
            "SecondaryIPAddresses": null,
            "SecondaryIPv6Addresses": null,
            "EndpointID": "26cee78c103576dae79a733aa98e95c6a14b09411637fb3e503fc1ccdac1f42b",
            "Gateway": "172.17.0.1",
            "GlobalIPv6Address": "",
            "GlobalIPv6PrefixLen": 0,
            "IPAddress": "172.17.0.2",
            "IPPrefixLen": 16,
            "IPv6Gateway": "",
            "MacAddress": "02:42:ac:11:00:02",
            "Networks": {
                "bridge": {
                    "IPAMConfig": null,
                    "Links": null,
                    "Aliases": null,
                    "NetworkID": "3a9060a916b4b14429a7fd69790312af47a7eedc8a3d41afd1e89c5c5fc078d1",
                    "EndpointID": "26cee78c103576dae79a733aa98e95c6a14b09411637fb3e503fc1ccdac1f42b",
                    "Gateway": "172.17.0.1",
                    "IPAddress": "172.17.0.2",
                    "IPPrefixLen": 16,
                    "IPv6Gateway": "",
                    "GlobalIPv6Address": "",
                    "GlobalIPv6PrefixLen": 0,
                    "MacAddress": "02:42:ac:11:00:02",
                    "DriverOpts": null
                }
            }
        }
    }
]


**Additional context**
Add any other context about the problem here.

Scanner image gvm libs outdated at 20.8.0.

Is the openvas scanner libs going to be updated to 20.8.1?

Getting this error on my scans from the remote scanner:

Summary
This script checks and reports an outdated or end-of-life scan   engine for the following environments:

  - Greenbone Source Edition (GSE)

  - Greenbone Security Manager TRIAL (formerly Greenbone Community Edition (GCE))

  used for this scan.

  NOTE: While this is not, in and of itself, a security vulnerability, a severity is reported to
  make you aware of a possible decreased scan coverage or missing detection of vulnerabilities on
  the target due to e.g.:

  - missing functionalities

  - missing bugfixes

  - incompatibilities within the feed
Detection Result

Installed GVM Libraries (gvm-libs) version:        20.8.0
Latest available GVM Libraries (gvm-libs) version: 20.8.1

Main scanner is fine.

[Enhancement] ARM docker image

Is your feature request related to a problem? Please describe.
Unable to install the remote scanner functionality onto a raspberry pi.

Describe the solution you'd like
An ARM based docker image will allow it to run on a Raspberry Pi for the remote scanner functionality, enabling lightweight, cheap remote nodes for scanning purposes.

Describe alternatives you've considered
x86 based SBCs - harder to come by, there are NUCs and sticks but often have higher costs.

Additional context
Add any other context or screenshots about the feature request here.

Scanner - Could not get a bpf

Hi,

I am using the OpenVAS scanner - 21.4.0-v5 (latest image)in a remote deployment
The scanner registration is completed.
Scanner gets the tasks and starts the scan on the Target.
However there are logs which state the tests are failing and hence the final report does not include expected findings as well.
Sample loglines within /var/log/gvm/openvas.log

lib  misc:MESSAGE:2022-03-10 20h24.32 utc:3858: [gb_log4j_CVE-2021-44228_tcp_active.nasl] pcap_compile: Filter "tcp and dst port 15497 and src host **targetIP** and (dst host 172.17.0.2 or dst host 8bc750eb7f2b)" : ethernet address used in non-ether expression
lib  nasl:MESSAGE:2022-03-10 20h24.32 utc:3858: [3858](/var/lib/openvas/plugins/2021/apache/gb_log4j_CVE-2021-44228_tcp_active.nasl:141) pcap_next: Could not get a bpf

Appreciate if there is anything we could do to fix this.

[Bug] release build broken

@austinsonger missing secrets that are should be the same as on gvm-docker repo.

Error with GVM with OPENVAS

When I create a task and try to start some error appear.

==> /usr/local/var/log/gvm/ospd-openvas.log <==

OSPD[49] 2020-11-16 12:30:33,184: INFO: (ospd.command.command) Scan 79216e53-1840-4a4d-8524-dfa7bb861890 added to the queue in position 1.

Traceback (most recent call last):

File "/usr/local/bin/ospd-openvas", line 11, in

load_entry_point('ospd-openvas==20.8.0', 'console_scripts', 'ospd-openvas')()

File "/usr/local/lib/python3.8/dist-packages/ospd_openvas-20.8.0-py3.8.egg/ospd_openvas/daemon.py", line 1383, in main

File "/usr/local/lib/python3.8/dist-packages/ospd-20.8.1-py3.8.egg/ospd/main.py", line 160, in main

File "/usr/local/lib/python3.8/dist-packages/ospd-20.8.1-py3.8.egg/ospd/ospd.py", line 1255, in run

File "/usr/local/lib/python3.8/dist-packages/ospd-20.8.1-py3.8.egg/ospd/ospd.py", line 1398, in clean_forgotten_scans

File "/usr/local/lib/python3.8/dist-packages/ospd-20.8.1-py3.8.egg/ospd/ospd.py", line 1487, in get_scan_end_time

File "/usr/local/lib/python3.8/dist-packages/ospd-20.8.1-py3.8.egg/ospd/scan.py", line 424, in get_end_time

File "", line 2, in getitem

File "/usr/lib/python3.8/multiprocessing/managers.py", line 850, in _callmethod

raise convert_to_error(kind, result)

KeyError: 'end_time'

Error in atexit._run_exitfuncs:

Traceback (most recent call last):

File "/usr/lib/python3.8/multiprocessing/managers.py", line 827, in _callmethod

conn = self._tls.connection

AttributeError: 'ForkAwareLocal' object has no attribute 'connection'

During handling of the above exception, another exception occurred:

Traceback (most recent call last):

File "/usr/local/lib/python3.8/dist-packages/ospd-20.8.1-py3.8.egg/ospd/main.py", line 81, in exit_cleanup

File "/usr/local/lib/python3.8/dist-packages/ospd-20.8.1-py3.8.egg/ospd/ospd.py", line 438, in daemon_exit_cleanup

File "/usr/local/lib/python3.8/dist-packages/ospd-20.8.1-py3.8.egg/ospd/scan.py", line 242, in clean_up_pickled_scan_info

File "/usr/local/lib/python3.8/dist-packages/ospd-20.8.1-py3.8.egg/ospd/scan.py", line 340, in get_status

File "", line 2, in get

File "/usr/lib/python3.8/multiprocessing/managers.py", line 831, in _callmethod

self._connect()

File "/usr/lib/python3.8/multiprocessing/managers.py", line 818, in _connect

conn = self._Client(self._token.address, authkey=self._authkey)

File "/usr/lib/python3.8/multiprocessing/connection.py", line 502, in Client

c = SocketClient(address)

File "/usr/lib/python3.8/multiprocessing/connection.py", line 629, in SocketClient

s.connect(address)

FileNotFoundError: [Errno 2] No such file or directory

Recommend Projects

React

A declarative, efficient, and flexible JavaScript library for building user interfaces.
Vue.js

🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
Typescript

TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
TensorFlow

An Open Source Machine Learning Framework for Everyone
Django

The Web framework for perfectionists with deadlines.
Laravel

A PHP framework for web artisans
D3

Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

javascript

JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
web

Some thing interesting about web. New door for the world.
server

A server is a program made to process requests and deliver data to clients.
Machine learning

Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Visualization

Some thing interesting about visualization, use data art
Game

Some thing interesting about game, make everyone happy.

Recommend Org

Facebook

We are working to build community through open source technology. NB: members must have two-factor auth.
Microsoft

Open source projects and samples from Microsoft.
Google

Google ❤️ Open Source for everyone.
Alibaba

Alibaba Open Source for everyone
D3

Data-Driven Documents codes.
Tencent

China tencent open source team.

secure-compliance-solutions-llc / openvas-docker Goto Github PK

openvas-docker's Introduction

End of Life - Repository Deprecated

Greenbone Community Containers

Thank You

OpenVAS with OSPd Docker Image

Latest Version: 21.4.0

Tags

openvas-docker's People

Contributors

Stargazers

Watchers

Forkers

openvas-docker's Issues

Recommend Projects

Recommend Topics

Recommend Org