Security/OpenVAS: Difference between revisions

From Chorke Wiki
Jump to navigation Jump to search
← Older edit
VisualWikitext
 
(18 intermediate revisions by the same user not shown)
Line 98: Line 98:
docker pull registry.community.greenbone.net/community/ospd-openvas:stable
docker pull registry.community.greenbone.net/community/ospd-openvas:stable
docker pull registry.community.greenbone.net/community/pg-gvm:stable
docker pull registry.community.greenbone.net/community/pg-gvm:stable
docker pull registry.community.greenbone.net/community/redis-server:1.1.2
docker pull registry.community.greenbone.net/community/redis-server:latest
docker pull registry.community.greenbone.net/community/redis-server:latest
docker pull registry.community.greenbone.net/community/report-formats:latest
docker pull registry.community.greenbone.net/community/report-formats:latest
Line 107: Line 106:


|valign='top' style='width:50%'|
|valign='top' style='width:50%'|
<syntaxhighlight style='margin:3px 0 3px 0' lang='bash'>
<syntaxhighlight style='margin:3px 0 3px 0' lang='bash' line>
cat <<'EXE' | bash
cat <<'EXE' | bash
echo
echo
Line 121: Line 120:
docker rmi  registry.community.greenbone.net/community/ospd-openvas:stable
docker rmi  registry.community.greenbone.net/community/ospd-openvas:stable
docker rmi  registry.community.greenbone.net/community/pg-gvm:stable
docker rmi  registry.community.greenbone.net/community/pg-gvm:stable
docker rmi  registry.community.greenbone.net/community/redis-server:1.1.2
docker rmi  registry.community.greenbone.net/community/redis-server:latest
docker rmi  registry.community.greenbone.net/community/redis-server:latest
docker rmi  registry.community.greenbone.net/community/report-formats:latest
docker rmi  registry.community.greenbone.net/community/report-formats:latest
Line 144: Line 142:
docker pull registry.community.greenbone.net/community/ospd-openvas:22.9.0
docker pull registry.community.greenbone.net/community/ospd-openvas:22.9.0
docker pull registry.community.greenbone.net/community/pg-gvm:22.6.10
docker pull registry.community.greenbone.net/community/pg-gvm:22.6.10
docker pull registry.community.greenbone.net/community/redis-server:1.1.2
docker pull registry.community.greenbone.net/community/report-formats:202511241748
docker pull registry.community.greenbone.net/community/report-formats:202511241748
docker pull registry.community.greenbone.net/community/scap-data:202511240507
docker pull registry.community.greenbone.net/community/scap-data:202511240507
docker pull registry.community.greenbone.net/community/vulnerability-tests:202511240702
docker pull registry.community.greenbone.net/community/vulnerability-tests:202511240702




Line 154: Line 152:


|valign='top' style='width:50%'|
|valign='top' style='width:50%'|
<syntaxhighlight style='margin:3px 0 3px 0' lang='bash'>
<syntaxhighlight style='margin:3px 0 3px 0' lang='bash' line>
echo
echo
echo
echo
Line 178: Line 176:
|}
|}
{|class='wikitable mw-collapsible mw-collapsed' style='width:100%;margin:6px 0 3px 0'
{|class='wikitable mw-collapsible mw-collapsed' style='width:100%;margin:6px 0 3px 0'
!scope='col' style='text-align:left|
!scope='col' style='text-align:left'|
Containers » Config
|-
|valign='top'|
<syntaxhighlight style='margin:3px 0 3px 0' lang='bash'>
cat << EXE | bash
  mkdir    -p ${PWD}/data/{gvmd,psql,notus,openvas,openvas_log}_data
# chown 0:0 -R ${PWD}/data/{gvmd,psql,notus,openvas,openvas_log}_data
EXE
</syntaxhighlight>
|-
|valign='top'|
<syntaxhighlight style='margin:3px 0 3px 0' lang='bash'>
cat << ENV  | tee ${PWD}/.env >/dev/null
OPENVAS_DATA_DIR=${PWD}/data
FEED_RELEASE=24.10
ENV
# sudo chmod 600 ${PWD}/.env
</syntaxhighlight>
|}
{|class='wikitable mw-collapsible mw-collapsed' style='width:100%;margin:6px 0 3px 0'
!scope='col' style='text-align:left'|
Containers » Deploy
|-
|valign='top'|
<syntaxhighlight style='margin:3px 0 3px 0' lang='yaml'>
cat <<'YML' | tee ${PWD}/docker-compose.yml >/dev/null
---
name: greenbone-ce
 
services:
  vulnerability-tests:
    image: registry.community.greenbone.net/community/vulnerability-tests:202511240702
    environment:
      FEED_RELEASE: "24.10"
    volumes:
      - vt_data_vol:/mnt
 
  notus-data:
    image: registry.community.greenbone.net/community/notus-data:202511240537
    volumes:
      - notus_data_vol:/mnt
 
  scap-data:
    image: registry.community.greenbone.net/community/scap-data:202511240507
    volumes:
      - scap_data_vol:/mnt
 
  cert-bund-data:
    image: registry.community.greenbone.net/community/cert-bund-data:202511240831
    volumes:
      - cert_data_vol:/mnt
 
  dfn-cert-data:
    image: registry.community.greenbone.net/community/dfn-cert-data:202511200401
    volumes:
      - cert_data_vol:/mnt
    depends_on:
      - cert-bund-data
 
  data-objects:
    image: registry.community.greenbone.net/community/data-objects:202511240507
    environment:
      FEED_RELEASE: "24.10"
    volumes:
      - data_objects_vol:/mnt
 
  report-formats:
    image: registry.community.greenbone.net/community/report-formats:202511241748
    environment:
      FEED_RELEASE: "24.10"
    volumes:
      - data_objects_vol:/mnt
    depends_on:
      - data-objects
 
  gpg-data:
    image: registry.community.greenbone.net/community/gpg-data:v1.1.2
    volumes:
      - gpg_data_vol:/mnt
 
  redis-server:
    image: registry.community.greenbone.net/community/redis-server:1.1.2
    restart: on-failure
    volumes:
      - redis_socket_vol:/run/redis/
 
  pg-gvm:
    image: registry.community.greenbone.net/community/pg-gvm:22.6.10
    restart: on-failure
    volumes:
      - psql_data_vol:/var/lib/postgresql
      - psql_socket_vol:/var/run/postgresql
 
  gvmd:
    image: registry.community.greenbone.net/community/gvmd:26.10.0
    restart: on-failure
    volumes:
      - gvmd_data_vol:/var/lib/gvm
      - scap_data_vol:/var/lib/gvm/scap-data/
      - cert_data_vol:/var/lib/gvm/cert-data
      - data_objects_vol:/var/lib/gvm/data-objects/gvmd
      - vt_data_vol:/var/lib/openvas/plugins
      - psql_data_vol:/var/lib/postgresql
      - gvmd_socket_vol:/run/gvmd
      - ospd_openvas_socket_vol:/run/ospd
      - psql_socket_vol:/var/run/postgresql
    depends_on:
      pg-gvm:
        condition: service_started
      scap-data:
        condition: service_completed_successfully
      cert-bund-data:
        condition: service_completed_successfully
      dfn-cert-data:
        condition: service_completed_successfully
      data-objects:
        condition: service_completed_successfully
      report-formats:
        condition: service_completed_successfully
 
  gsa:
    image: registry.community.greenbone.net/community/gsa:26.6.0
    restart: on-failure
    ports:
      - 127.0.0.1:9392:80
    volumes:
      - gvmd_socket_vol:/run/gvmd
    depends_on:
      - gvmd
 
  configure-openvas:
    image: registry.community.greenbone.net/community/openvas-scanner:v23.31.5
    volumes:
      - openvas_data_vol:/mnt
      - openvas_log_data_vol:/var/log/openvas
    command:
      - /bin/sh
      - -c
      - |
        printf "table_driven_lsc = yes\nopenvasd_server = http://openvasd:80\n" > /mnt/openvas.conf
        sed "s/127/128/" /etc/openvas/openvas_log.conf | sed 's/gvm/openvas/' > /mnt/openvas_log.conf
        chmod 644 /mnt/openvas.conf
        chmod 644 /mnt/openvas_log.conf
        touch /var/log/openvas/openvas.log
        chmod 666 /var/log/openvas/openvas.log
 
  openvas:
    image: registry.community.greenbone.net/community/openvas-scanner:v23.31.5
    restart: on-failure
    volumes:
      - openvas_data_vol:/etc/openvas
      - openvas_log_data_vol:/var/log/openvas
    command:
      - /bin/sh
      - -c
      - |
        cat /etc/openvas/openvas.conf
        tail -f /var/log/openvas/openvas.log
    depends_on:
      configure-openvas:
        condition: service_completed_successfully
 
  openvasd:
    image: registry.community.greenbone.net/community/openvas-scanner:v23.31.5
    restart: on-failure
    environment:
      OPENVASD_MODE: service_notus
      GNUPGHOME: /etc/openvas/gnupg
      LISTENING: 0.0.0.0:80
    volumes:
      - openvas_data_vol:/etc/openvas
      - openvas_log_data_vol:/var/log/openvas
      - gpg_data_vol:/etc/openvas/gnupg
      - notus_data_vol:/var/lib/notus
    depends_on:
      vulnerability-tests:
        condition: service_completed_successfully
      configure-openvas:
        condition: service_completed_successfully
      gpg-data:
        condition: service_completed_successfully
    networks:
      default:
        aliases:
          - openvasd
 
  ospd-openvas:
    image: registry.community.greenbone.net/community/ospd-openvas:22.9.0
    restart: on-failure
    hostname: ospd-openvas.local
    cap_add:
      - NET_ADMIN
      - NET_RAW
    security_opt:
      - seccomp=unconfined
      - apparmor=unconfined
    command:
      [
        "ospd-openvas",
        "-f",
        "--config",
        "/etc/gvm/ospd-openvas.conf",
        "--notus-feed-dir",
        "/var/lib/notus/advisories",
        "-m",
        "666",
      ]
    volumes:
      - gpg_data_vol:/etc/openvas/gnupg
      - vt_data_vol:/var/lib/openvas/plugins
      - notus_data_vol:/var/lib/notus
      - ospd_openvas_socket_vol:/run/ospd
      - redis_socket_vol:/run/redis/
      - openvas_data_vol:/etc/openvas/
      - openvas_log_data_vol:/var/log/openvas
    depends_on:
      redis-server:
        condition: service_started
      gpg-data:
        condition: service_completed_successfully
      vulnerability-tests:
        condition: service_completed_successfully
      configure-openvas:
        condition: service_completed_successfully
 
  gvm-tools:
    image: registry.community.greenbone.net/community/gvm-tools:25.4.2
    volumes:
      - gvmd_socket_vol:/run/gvmd
      - ospd_openvas_socket_vol:/run/ospd
    depends_on:
      - gvmd
      - ospd-openvas
 
volumes:
  vt_data_vol:
  gpg_data_vol:
  cert_data_vol:
  scap_data_vol:
  data_objects_vol:
  gvmd_socket_vol:
    driver: local
    driver_opts:
      type: tmpfs
      device: tmpfs
  psql_socket_vol:
    driver: local
    driver_opts:
      type: tmpfs
      device: tmpfs
  redis_socket_vol:
    driver: local
    driver_opts:
      type: tmpfs
      device: tmpfs
  ospd_openvas_socket_vol:
    driver: local
    driver_opts:
      type: tmpfs
      device: tmpfs
  psql_data_vol:
    driver: local
    driver_opts:
      type: none
      device: ${OPENVAS_DATA_DIR}/psql_data
      o: bind
  gvmd_data_vol:
    driver: local
    driver_opts:
      type: none
      device: ${OPENVAS_DATA_DIR}/gvmd_data
      o: bind
  notus_data_vol:
    driver: local
    driver_opts:
      type: none
      device: ${OPENVAS_DATA_DIR}/notus_data
      o: bind
  openvas_data_vol:
    driver: local
    driver_opts:
      type: none
      device: ${OPENVAS_DATA_DIR}/openvas_data
      o: bind
  openvas_log_data_vol:
    driver: local
    driver_opts:
      type: none
      device: ${OPENVAS_DATA_DIR}/openvas_log_data
      o: bind
YML
</syntaxhighlight>
|}
{|class='wikitable mw-collapsible mw-collapsed' style='width:100%;margin:6px 0 3px 0'
!scope='col' style='text-align:left'|
Containers » Rsync
|-
|valign='top'|
<syntaxhighlight style='margin:3px 0 3px 0' lang='bash'>
  mkdir    -p ${PWD}/data/{gvmd,psql,notus,openvas,openvas_log}_data
</syntaxhighlight>
|-
|valign='top'|
<syntaxhighlight style='margin:3px 0 3px 0' lang='bash'>
docker run --rm -v greenbone-ce_psql_data_vol:/from        -v ./data/psql_data:/to        alpine ash -c 'apk add rsync;rsync -avz -l /from/. /to/'
docker run --rm -v greenbone-ce_gvmd_data_vol:/from        -v ./data/gvmd_data:/to        alpine ash -c 'apk add rsync;rsync -avz -l /from/. /to/'
docker run --rm -v greenbone-ce_notus_data_vol:/from      -v ./data/notus_data:/to      alpine ash -c 'apk add rsync;rsync -avz -l /from/. /to/'
docker run --rm -v greenbone-ce_openvas_data_vol:/from    -v ./data/openvas_data:/to    alpine ash -c 'apk add rsync;rsync -avz -l /from/. /to/'
docker run --rm -v greenbone-ce_openvas_log_data_vol:/from -v ./data/openvas_log_data:/to alpine ash -c 'apk add rsync;rsync -avz -l /from/. /to/'
</syntaxhighlight>
|}
{|class='wikitable mw-collapsible mw-collapsed' style='width:100%;margin:6px 0 3px 0'
!scope='col' style='text-align:left' colspan='2'|
Containers » Verify
Containers » Verify
|-
|-
|valign='top'|
|valign='top' style='width:50%'|
<syntaxhighlight style='margin:3px 0 3px 0' lang='bash'>
<syntaxhighlight style='margin:3px 0 3px 0' lang='bash'>
cat <<'EXE' | bash
docker image list
echo
docker ps
 
docker compose -f ./docker-compose.yml exec ospd-openvas  bash
docker compose -f ./docker-compose.yml exec redis-server  bash
docker compose -f ./docker-compose.yml exec openvasd      bash
docker compose -f ./docker-compose.yml exec openvas      bash
docker compose -f ./docker-compose.yml exec pg-gvm        bash
docker compose -f ./docker-compose.yml exec gvmd          bash
docker compose -f ./docker-compose.yml exec gsa          bash
</syntaxhighlight>
 
|valign='top' style='width:50%'|
<syntaxhighlight style='margin:3px 0 3px 0' lang='bash' line>
docker images
docker images
docker ps -a
docker ps -a
EXE
 
docker compose -f ./docker-compose.yml logs ospd-openvas -ft
docker compose -f ./docker-compose.yml logs redis-server -ft
docker compose -f ./docker-compose.yml logs openvasd    -ft
docker compose -f ./docker-compose.yml logs openvas      -ft
docker compose -f ./docker-compose.yml logs pg-gvm      -ft
docker compose -f ./docker-compose.yml logs gvmd        -ft
docker compose -f ./docker-compose.yml logs gsa          -ft
</syntaxhighlight>
|-
|valign='top' style='width:50%'|
<syntaxhighlight style='margin:3px 0 3px 0' lang='bash'>
docker compose -f ./docker-compose.yml exec ospd-openvas  id
docker compose -f ./docker-compose.yml exec redis-server  id
docker compose -f ./docker-compose.yml exec openvasd      id
docker compose -f ./docker-compose.yml exec openvas      id
docker compose -f ./docker-compose.yml exec pg-gvm        id
docker compose -f ./docker-compose.yml exec gvmd          id
docker compose -f ./docker-compose.yml exec gsa          id
</syntaxhighlight>
 
|valign='top' style='width:50%'|
<syntaxhighlight style='margin:3px 0 3px 0' lang='text' line>
uid=0  (root ) gid=0  (root ) groups=0  (root )
uid=999(redis) gid=999(redis) groups=999(redis),1001(gvm)
uid=0  (root ) gid=0  (root ) groups=0  (root )
uid=0  (root ) gid=0  (root ) groups=0  (root )
uid=0  (root ) gid=0  (root ) groups=0  (root )
uid=0  (root ) gid=0  (root ) groups=0  (root )
uid=0  (root ) gid=0  (root ) groups=0  (root )
</syntaxhighlight>
|-
|valign='top' style='width:50%'|
<syntaxhighlight style='margin:3px 0 3px 0' lang='bash'>
docker compose -f ./docker-compose.yml ps
docker compose -f ./docker-compose.yml exec pg-gvm su      postgres
docker compose -f ./docker-compose.yml exec pg-gvm psql -U postgres -d gvmd
docker compose -f ./docker-compose.yml exec pg-gvm psql -U gvmd    -d gvmd
</syntaxhighlight>
 
|valign='top' style='width:50%'|
<syntaxhighlight style='margin:3px 0 3px 0' lang='bash'>
docker compose -f ./docker-compose.yml logs -ft gvmd
docker compose -f ./docker-compose.yml logs -ft pg-gvm
docker compose -f ./docker-compose.yml logs -ft openvasd
docker compose -f ./docker-compose.yml logs -ft redis-server
</syntaxhighlight>
</syntaxhighlight>
|}
|}
{|class='wikitable mw-collapsible' style='width:100%;margin:6px 0 3px 0'
{|class='wikitable mw-collapsible' style='width:100%;margin:6px 0 3px 0'
!scope='col' style='text-align:left|
!scope='col' style='text-align:left'|
Containers » Portal
Containers » Portal
|-
|-
|valign='top'|
|valign='top'|
<syntaxhighlight style='margin:3px 0 3px 0' lang='bash'>
<syntaxhighlight style='margin:3px 0 3px 0' lang='bash'>
setsid open https://10.20.0.6:9392/ >/dev/null 2>&1 &
docker compose -f ./docker-compose.yml pull
docker compose -f ./docker-compose.yml up -d
docker compose -f ./docker-compose.yml logs -ft
docker compose -f ./docker-compose.yml exec -u gvmd gvmd gvmd --user=admin --new-password='R1vX$PqbDwn#DKSy'
setsid open http://127.0.0.1:9392 >/dev/null 2>&1 &
docker system df -v
</syntaxhighlight>
|-
|valign='top'|
<syntaxhighlight style='margin:3px 0 3px 0' lang='bash'>
docker compose -f ./docker-compose.yml down
docker compose -f ./docker-compose.yml down --volumes
</syntaxhighlight>
|}
{|class='wikitable mw-collapsible mw-collapsed' style='width:100%;margin:6px 0 3px 0'
!scope='col' style='text-align:left'|
Containers » Vacuum
|-
|valign='top'|
<syntaxhighlight style='margin:3px 0 3px 0' lang='bash'>
docker compose -f ./docker-compose.yml exec pg-gvm psql -U postgres -d gvmd -c "SELECT pg_size_pretty(pg_database_size('gvmd'));"
docker compose -f ./docker-compose.yml exec pg-gvm psql -U postgres -d gvmd -c "VACUUM ANALYZE;"
</syntaxhighlight>
|-
|valign='top'|
<syntaxhighlight style='margin:3px 0 3px 0' lang='bash'>
docker compose -f ./docker-compose.yml exec pg-gvm psql -U gvmd    -d gvmd -c "SELECT pg_size_pretty(pg_database_size('gvmd'));"
docker compose -f ./docker-compose.yml exec pg-gvm psql -U gvmd    -d gvmd -c "VACUUM ANALYZE;"
</syntaxhighlight>
|-
|valign='top'|
<syntaxhighlight style='margin:3px 0 3px 0' lang='bash'>
docker compose -f ./docker-compose.yml exec pg-gvm psql -U postgres -d gvmd -c "VACUUM FULL;"
docker compose -f ./docker-compose.yml exec pg-gvm psql -U postgres -d gvmd -c "REINDEX DATABASE gvmd;"
</syntaxhighlight>
|-
|valign='top'|
<syntaxhighlight style='margin:3px 0 3px 0' lang='bash'>
docker compose -f ./docker-compose.yml exec pg-gvm psql -U gvmd    -d gvmd -c "VACUUM FULL;"
docker compose -f ./docker-compose.yml exec pg-gvm psql -U gvmd    -d gvmd -c "REINDEX DATABASE gvmd;"
</syntaxhighlight>
</syntaxhighlight>
|}
|}
Line 234: Line 641:
* [https://greenbone.github.io/docs/latest/22.4/kali/index.html Security » OpenVAS » Kali Linux]
* [https://greenbone.github.io/docs/latest/22.4/kali/index.html Security » OpenVAS » Kali Linux]
* [[Jasypt|Security » Jasypt]]
* [[Jasypt|Security » Jasypt]]
* [[Security/Lynis|Security » Lynis]]


|-
|-

Latest revision as of 23:36, 1 December 2025

OpenVAS » Debian

OpenVAS » Debian

Debian » Install 

cat <<'EXE' | sudo bash
apt-get update
apt-get install -y openvas
apt-get clean
EXE

cat <<'EXE' | sudo bash
gvm-setup
gvm-check-setup
gvm-start
EXE

cat <<'EXE' | bash
echo
gvmd         --version
openvas      --version
ospd-openvas --version
gsad         --version
EXE

Debian » Verify 

cat <<'EXE' | bash
echo
systemctl status session-migration.service
systemctl status ssl-cert.service
systemctl status postgresql.service
systemctl status mosquitto.service
systemctl status redis-server.service
systemctl status notus-scanner.service
systemctl status ospd-openvas.service
systemctl status gvmd.service
systemctl status gsad.service
EXE

Debian » Portal 

setsid open https://10.20.0.6:9392/ >/dev/null 2>&1 &

OpenVAS » Containers

OpenVAS » Containers

Containers » Images 

cat <<'EXE' | bash
echo
docker pull registry.community.greenbone.net/community/cert-bund-data:latest
docker pull registry.community.greenbone.net/community/data-objects:latest
docker pull registry.community.greenbone.net/community/dfn-cert-data:latest
docker pull registry.community.greenbone.net/community/gpg-data:latest
docker pull registry.community.greenbone.net/community/gsa:stable
docker pull registry.community.greenbone.net/community/gvm-tools:latest
docker pull registry.community.greenbone.net/community/gvmd:stable
docker pull registry.community.greenbone.net/community/notus-data:latest
docker pull registry.community.greenbone.net/community/openvas-scanner:stable
docker pull registry.community.greenbone.net/community/ospd-openvas:stable
docker pull registry.community.greenbone.net/community/pg-gvm:stable
docker pull registry.community.greenbone.net/community/redis-server:latest
docker pull registry.community.greenbone.net/community/report-formats:latest
docker pull registry.community.greenbone.net/community/scap-data:latest
docker pull registry.community.greenbone.net/community/vulnerability-tests:latest
EXE

cat <<'EXE' | bash
echo
docker rmi  registry.community.greenbone.net/community/cert-bund-data:latest
docker rmi  registry.community.greenbone.net/community/data-objects:latest
docker rmi  registry.community.greenbone.net/community/dfn-cert-data:latest
docker rmi  registry.community.greenbone.net/community/gpg-data:latest
docker rmi  registry.community.greenbone.net/community/gsa:stable
docker rmi  registry.community.greenbone.net/community/gvm-tools:latest
docker rmi  registry.community.greenbone.net/community/gvmd:stable
docker rmi  registry.community.greenbone.net/community/notus-data:latest
docker rmi  registry.community.greenbone.net/community/openvas-scanner:stable
docker rmi  registry.community.greenbone.net/community/ospd-openvas:stable
docker rmi  registry.community.greenbone.net/community/pg-gvm:stable
docker rmi  registry.community.greenbone.net/community/redis-server:latest
docker rmi  registry.community.greenbone.net/community/report-formats:latest
docker rmi  registry.community.greenbone.net/community/scap-data:latest
docker rmi  registry.community.greenbone.net/community/vulnerability-tests:latest
EXE

cat <<'EXE' | bash
echo
docker pull registry.community.greenbone.net/community/cert-bund-data:202511240831
docker pull registry.community.greenbone.net/community/data-objects:202511240507
docker pull registry.community.greenbone.net/community/dfn-cert-data:202511200401
docker pull registry.community.greenbone.net/community/gpg-data:v1.1.2
docker pull registry.community.greenbone.net/community/gsa:26.6.0
docker pull registry.community.greenbone.net/community/gvm-tools:25.4.2
docker pull registry.community.greenbone.net/community/gvmd:26.10.0
docker pull registry.community.greenbone.net/community/notus-data:202511240537
docker pull registry.community.greenbone.net/community/openvas-scanner:v23.31.5
docker pull registry.community.greenbone.net/community/ospd-openvas:22.9.0
docker pull registry.community.greenbone.net/community/pg-gvm:22.6.10
docker pull registry.community.greenbone.net/community/redis-server:1.1.2
docker pull registry.community.greenbone.net/community/report-formats:202511241748
docker pull registry.community.greenbone.net/community/scap-data:202511240507
docker pull registry.community.greenbone.net/community/vulnerability-tests:202511240702


EXE

echo
echo
IMAGE_NAME=cert-bund-data
IMAGE_NAME=data-objects
IMAGE_NAME=dfn-cert-data
IMAGE_NAME=gpg-data
IMAGE_NAME=gsa
IMAGE_NAME=gvm-tools
IMAGE_NAME=gvmd
IMAGE_NAME=notus-data
IMAGE_NAME=openvas-scanner
IMAGE_NAME=ospd-openvas
IMAGE_NAME=pg-gvm
IMAGE_NAME=redis-server
IMAGE_NAME=report-formats
IMAGE_NAME=scap-data
IMAGE_NAME=vulnerability-tests

curl -s https://registry.community.greenbone.net/v2/community/${IMAGE_NAME}/tags/list \
  | yq -r '.tags | map(select(. | test("^202511"))) | sort | reverse[]'

Containers » Config 

cat << EXE | bash
  mkdir     -p ${PWD}/data/{gvmd,psql,notus,openvas,openvas_log}_data
# chown 0:0 -R ${PWD}/data/{gvmd,psql,notus,openvas,openvas_log}_data
EXE

cat << ENV  | tee ${PWD}/.env >/dev/null
OPENVAS_DATA_DIR=${PWD}/data
FEED_RELEASE=24.10
ENV
# sudo chmod 600 ${PWD}/.env

Containers » Deploy 

cat <<'YML' | tee ${PWD}/docker-compose.yml >/dev/null
---
name: greenbone-ce

services:
  vulnerability-tests:
    image: registry.community.greenbone.net/community/vulnerability-tests:202511240702
    environment:
      FEED_RELEASE: "24.10"
    volumes:
      - vt_data_vol:/mnt

  notus-data:
    image: registry.community.greenbone.net/community/notus-data:202511240537
    volumes:
      - notus_data_vol:/mnt

  scap-data:
    image: registry.community.greenbone.net/community/scap-data:202511240507
    volumes:
      - scap_data_vol:/mnt

  cert-bund-data:
    image: registry.community.greenbone.net/community/cert-bund-data:202511240831
    volumes:
      - cert_data_vol:/mnt

  dfn-cert-data:
    image: registry.community.greenbone.net/community/dfn-cert-data:202511200401
    volumes:
      - cert_data_vol:/mnt
    depends_on:
      - cert-bund-data

  data-objects:
    image: registry.community.greenbone.net/community/data-objects:202511240507
    environment:
      FEED_RELEASE: "24.10"
    volumes:
      - data_objects_vol:/mnt

  report-formats:
    image: registry.community.greenbone.net/community/report-formats:202511241748
    environment:
      FEED_RELEASE: "24.10"
    volumes:
      - data_objects_vol:/mnt
    depends_on:
      - data-objects

  gpg-data:
    image: registry.community.greenbone.net/community/gpg-data:v1.1.2
    volumes:
      - gpg_data_vol:/mnt

  redis-server:
    image: registry.community.greenbone.net/community/redis-server:1.1.2
    restart: on-failure
    volumes:
      - redis_socket_vol:/run/redis/

  pg-gvm:
    image: registry.community.greenbone.net/community/pg-gvm:22.6.10
    restart: on-failure
    volumes:
      - psql_data_vol:/var/lib/postgresql
      - psql_socket_vol:/var/run/postgresql

  gvmd:
    image: registry.community.greenbone.net/community/gvmd:26.10.0
    restart: on-failure
    volumes:
      - gvmd_data_vol:/var/lib/gvm
      - scap_data_vol:/var/lib/gvm/scap-data/
      - cert_data_vol:/var/lib/gvm/cert-data
      - data_objects_vol:/var/lib/gvm/data-objects/gvmd
      - vt_data_vol:/var/lib/openvas/plugins
      - psql_data_vol:/var/lib/postgresql
      - gvmd_socket_vol:/run/gvmd
      - ospd_openvas_socket_vol:/run/ospd
      - psql_socket_vol:/var/run/postgresql
    depends_on:
      pg-gvm:
        condition: service_started
      scap-data:
        condition: service_completed_successfully
      cert-bund-data:
        condition: service_completed_successfully
      dfn-cert-data:
        condition: service_completed_successfully
      data-objects:
        condition: service_completed_successfully
      report-formats:
        condition: service_completed_successfully

  gsa:
    image: registry.community.greenbone.net/community/gsa:26.6.0
    restart: on-failure
    ports:
      - 127.0.0.1:9392:80
    volumes:
      - gvmd_socket_vol:/run/gvmd
    depends_on:
      - gvmd

  configure-openvas:
    image: registry.community.greenbone.net/community/openvas-scanner:v23.31.5
    volumes:
      - openvas_data_vol:/mnt
      - openvas_log_data_vol:/var/log/openvas
    command:
      - /bin/sh
      - -c
      - |
        printf "table_driven_lsc = yes\nopenvasd_server = http://openvasd:80\n" > /mnt/openvas.conf
        sed "s/127/128/" /etc/openvas/openvas_log.conf | sed 's/gvm/openvas/' > /mnt/openvas_log.conf
        chmod 644 /mnt/openvas.conf
        chmod 644 /mnt/openvas_log.conf
        touch /var/log/openvas/openvas.log
        chmod 666 /var/log/openvas/openvas.log

  openvas:
    image: registry.community.greenbone.net/community/openvas-scanner:v23.31.5
    restart: on-failure
    volumes:
      - openvas_data_vol:/etc/openvas
      - openvas_log_data_vol:/var/log/openvas
    command:
      - /bin/sh
      - -c
      - |
        cat /etc/openvas/openvas.conf
        tail -f /var/log/openvas/openvas.log
    depends_on:
      configure-openvas:
        condition: service_completed_successfully

  openvasd:
    image: registry.community.greenbone.net/community/openvas-scanner:v23.31.5
    restart: on-failure
    environment:
      OPENVASD_MODE: service_notus
      GNUPGHOME: /etc/openvas/gnupg
      LISTENING: 0.0.0.0:80
    volumes:
      - openvas_data_vol:/etc/openvas
      - openvas_log_data_vol:/var/log/openvas
      - gpg_data_vol:/etc/openvas/gnupg
      - notus_data_vol:/var/lib/notus
    depends_on:
      vulnerability-tests:
        condition: service_completed_successfully
      configure-openvas:
        condition: service_completed_successfully
      gpg-data:
        condition: service_completed_successfully
    networks:
      default:
        aliases:
          - openvasd

  ospd-openvas:
    image: registry.community.greenbone.net/community/ospd-openvas:22.9.0
    restart: on-failure
    hostname: ospd-openvas.local
    cap_add:
      - NET_ADMIN
      - NET_RAW
    security_opt:
      - seccomp=unconfined
      - apparmor=unconfined
    command:
      [
        "ospd-openvas",
        "-f",
        "--config",
        "/etc/gvm/ospd-openvas.conf",
        "--notus-feed-dir",
        "/var/lib/notus/advisories",
        "-m",
        "666",
      ]
    volumes:
      - gpg_data_vol:/etc/openvas/gnupg
      - vt_data_vol:/var/lib/openvas/plugins
      - notus_data_vol:/var/lib/notus
      - ospd_openvas_socket_vol:/run/ospd
      - redis_socket_vol:/run/redis/
      - openvas_data_vol:/etc/openvas/
      - openvas_log_data_vol:/var/log/openvas
    depends_on:
      redis-server:
        condition: service_started
      gpg-data:
        condition: service_completed_successfully
      vulnerability-tests:
        condition: service_completed_successfully
      configure-openvas:
        condition: service_completed_successfully

  gvm-tools:
    image: registry.community.greenbone.net/community/gvm-tools:25.4.2
    volumes:
      - gvmd_socket_vol:/run/gvmd
      - ospd_openvas_socket_vol:/run/ospd
    depends_on:
      - gvmd
      - ospd-openvas

volumes:
  vt_data_vol:
  gpg_data_vol:
  cert_data_vol:
  scap_data_vol:
  data_objects_vol:
  gvmd_socket_vol:
    driver: local
    driver_opts:
      type: tmpfs
      device: tmpfs
  psql_socket_vol:
    driver: local
    driver_opts:
      type: tmpfs
      device: tmpfs
  redis_socket_vol:
    driver: local
    driver_opts:
      type: tmpfs
      device: tmpfs
  ospd_openvas_socket_vol:
    driver: local
    driver_opts:
      type: tmpfs
      device: tmpfs
  psql_data_vol:
    driver: local
    driver_opts:
      type: none
      device: ${OPENVAS_DATA_DIR}/psql_data
      o: bind
  gvmd_data_vol:
    driver: local
    driver_opts:
      type: none
      device: ${OPENVAS_DATA_DIR}/gvmd_data
      o: bind
  notus_data_vol:
    driver: local
    driver_opts:
      type: none
      device: ${OPENVAS_DATA_DIR}/notus_data
      o: bind
  openvas_data_vol:
    driver: local
    driver_opts:
      type: none
      device: ${OPENVAS_DATA_DIR}/openvas_data
      o: bind
  openvas_log_data_vol:
    driver: local
    driver_opts:
      type: none
      device: ${OPENVAS_DATA_DIR}/openvas_log_data
      o: bind
YML

Containers » Rsync 

  mkdir     -p ${PWD}/data/{gvmd,psql,notus,openvas,openvas_log}_data

docker run --rm -v greenbone-ce_psql_data_vol:/from        -v ./data/psql_data:/to        alpine ash -c 'apk add rsync;rsync -avz -l /from/. /to/'
docker run --rm -v greenbone-ce_gvmd_data_vol:/from        -v ./data/gvmd_data:/to        alpine ash -c 'apk add rsync;rsync -avz -l /from/. /to/'
docker run --rm -v greenbone-ce_notus_data_vol:/from       -v ./data/notus_data:/to       alpine ash -c 'apk add rsync;rsync -avz -l /from/. /to/'
docker run --rm -v greenbone-ce_openvas_data_vol:/from     -v ./data/openvas_data:/to     alpine ash -c 'apk add rsync;rsync -avz -l /from/. /to/'
docker run --rm -v greenbone-ce_openvas_log_data_vol:/from -v ./data/openvas_log_data:/to alpine ash -c 'apk add rsync;rsync -avz -l /from/. /to/'

Containers » Verify 

docker image list
docker ps

docker compose -f ./docker-compose.yml exec ospd-openvas  bash
docker compose -f ./docker-compose.yml exec redis-server  bash
docker compose -f ./docker-compose.yml exec openvasd      bash
docker compose -f ./docker-compose.yml exec openvas       bash
docker compose -f ./docker-compose.yml exec pg-gvm        bash
docker compose -f ./docker-compose.yml exec gvmd          bash
docker compose -f ./docker-compose.yml exec gsa           bash

docker images
docker ps -a

docker compose -f ./docker-compose.yml logs ospd-openvas -ft
docker compose -f ./docker-compose.yml logs redis-server -ft
docker compose -f ./docker-compose.yml logs openvasd     -ft
docker compose -f ./docker-compose.yml logs openvas      -ft
docker compose -f ./docker-compose.yml logs pg-gvm       -ft
docker compose -f ./docker-compose.yml logs gvmd         -ft
docker compose -f ./docker-compose.yml logs gsa          -ft

docker compose -f ./docker-compose.yml exec ospd-openvas  id
docker compose -f ./docker-compose.yml exec redis-server  id
docker compose -f ./docker-compose.yml exec openvasd      id
docker compose -f ./docker-compose.yml exec openvas       id
docker compose -f ./docker-compose.yml exec pg-gvm        id
docker compose -f ./docker-compose.yml exec gvmd          id
docker compose -f ./docker-compose.yml exec gsa           id

uid=0  (root ) gid=0  (root ) groups=0  (root )
uid=999(redis) gid=999(redis) groups=999(redis),1001(gvm)
uid=0  (root ) gid=0  (root ) groups=0  (root )
uid=0  (root ) gid=0  (root ) groups=0  (root )
uid=0  (root ) gid=0  (root ) groups=0  (root )
uid=0  (root ) gid=0  (root ) groups=0  (root )
uid=0  (root ) gid=0  (root ) groups=0  (root )

docker compose -f ./docker-compose.yml ps
docker compose -f ./docker-compose.yml exec pg-gvm su      postgres
docker compose -f ./docker-compose.yml exec pg-gvm psql -U postgres -d gvmd
docker compose -f ./docker-compose.yml exec pg-gvm psql -U gvmd     -d gvmd

docker compose -f ./docker-compose.yml logs -ft gvmd
docker compose -f ./docker-compose.yml logs -ft pg-gvm
docker compose -f ./docker-compose.yml logs -ft openvasd
docker compose -f ./docker-compose.yml logs -ft redis-server

Containers » Portal 

docker compose -f ./docker-compose.yml pull
docker compose -f ./docker-compose.yml up -d
docker compose -f ./docker-compose.yml logs -ft
docker compose -f ./docker-compose.yml exec -u gvmd gvmd gvmd --user=admin --new-password='R1vX$PqbDwn#DKSy'
setsid open http://127.0.0.1:9392 >/dev/null 2>&1 &
docker system df -v

docker compose -f ./docker-compose.yml down
docker compose -f ./docker-compose.yml down --volumes

Containers » Vacuum 

docker compose -f ./docker-compose.yml exec pg-gvm psql -U postgres -d gvmd -c "SELECT pg_size_pretty(pg_database_size('gvmd'));"
docker compose -f ./docker-compose.yml exec pg-gvm psql -U postgres -d gvmd -c "VACUUM ANALYZE;"

docker compose -f ./docker-compose.yml exec pg-gvm psql -U gvmd     -d gvmd -c "SELECT pg_size_pretty(pg_database_size('gvmd'));"
docker compose -f ./docker-compose.yml exec pg-gvm psql -U gvmd     -d gvmd -c "VACUUM ANALYZE;"

docker compose -f ./docker-compose.yml exec pg-gvm psql -U postgres -d gvmd -c "VACUUM FULL;"
docker compose -f ./docker-compose.yml exec pg-gvm psql -U postgres -d gvmd -c "REINDEX DATABASE gvmd;"

docker compose -f ./docker-compose.yml exec pg-gvm psql -U gvmd     -d gvmd -c "VACUUM FULL;"
docker compose -f ./docker-compose.yml exec pg-gvm psql -U gvmd     -d gvmd -c "REINDEX DATABASE gvmd;"

References

References

Retrieved from "https://wiki.chorke.org/index.php?title=Security/OpenVAS&oldid=15821"