Security/OpenVAS: Difference between revisions

Revision as of 00:31, 25 November 2025

OpenVAS » Debian

Debian » Install

cat <<'EXE' | sudo bash
apt-get update
apt-get install -y openvas
apt-get clean
EXE

cat <<'EXE' | sudo bash
gvm-setup
gvm-check-setup
gvm-start
EXE

cat <<'EXE' | bash
echo
gvmd         --version
openvas      --version
ospd-openvas --version
gsad         --version
EXE

Debian » Verify

cat <<'EXE' | bash
echo
systemctl status session-migration.service
systemctl status ssl-cert.service
systemctl status postgresql.service
systemctl status mosquitto.service
systemctl status redis-server.service
systemctl status notus-scanner.service
systemctl status ospd-openvas.service
systemctl status gvmd.service
systemctl status gsad.service
EXE

Debian » Portal
setsid open https://10.20.0.6:9392/ >/dev/null 2>&1 &

OpenVAS » Containers

Containers » Images

cat <<'EXE' | bash
echo
docker pull registry.community.greenbone.net/community/cert-bund-data:latest
docker pull registry.community.greenbone.net/community/data-objects:latest
docker pull registry.community.greenbone.net/community/dfn-cert-data:latest
docker pull registry.community.greenbone.net/community/gpg-data:latest
docker pull registry.community.greenbone.net/community/gsa:stable
docker pull registry.community.greenbone.net/community/gvm-tools:latest
docker pull registry.community.greenbone.net/community/gvmd:stable
docker pull registry.community.greenbone.net/community/notus-data:latest
docker pull registry.community.greenbone.net/community/openvas-scanner:stable
docker pull registry.community.greenbone.net/community/ospd-openvas:stable
docker pull registry.community.greenbone.net/community/pg-gvm:stable
docker pull registry.community.greenbone.net/community/redis-server:latest
docker pull registry.community.greenbone.net/community/report-formats:latest
docker pull registry.community.greenbone.net/community/scap-data:latest
docker pull registry.community.greenbone.net/community/vulnerability-tests:latest
EXE

cat <<'EXE' | bash
echo
docker rmi  registry.community.greenbone.net/community/cert-bund-data:latest
docker rmi  registry.community.greenbone.net/community/data-objects:latest
docker rmi  registry.community.greenbone.net/community/dfn-cert-data:latest
docker rmi  registry.community.greenbone.net/community/gpg-data:latest
docker rmi  registry.community.greenbone.net/community/gsa:stable
docker rmi  registry.community.greenbone.net/community/gvm-tools:latest
docker rmi  registry.community.greenbone.net/community/gvmd:stable
docker rmi  registry.community.greenbone.net/community/notus-data:latest
docker rmi  registry.community.greenbone.net/community/openvas-scanner:stable
docker rmi  registry.community.greenbone.net/community/ospd-openvas:stable
docker rmi  registry.community.greenbone.net/community/pg-gvm:stable
docker rmi  registry.community.greenbone.net/community/redis-server:latest
docker rmi  registry.community.greenbone.net/community/report-formats:latest
docker rmi  registry.community.greenbone.net/community/scap-data:latest
docker rmi  registry.community.greenbone.net/community/vulnerability-tests:latest
EXE

cat <<'EXE' | bash
echo
docker pull registry.community.greenbone.net/community/cert-bund-data:202511240831
docker pull registry.community.greenbone.net/community/data-objects:202511240507
docker pull registry.community.greenbone.net/community/dfn-cert-data:202511200401
docker pull registry.community.greenbone.net/community/gpg-data:v1.1.2
docker pull registry.community.greenbone.net/community/gsa:26.6.0
docker pull registry.community.greenbone.net/community/gvm-tools:25.4.2
docker pull registry.community.greenbone.net/community/gvmd:26.10.0
docker pull registry.community.greenbone.net/community/notus-data:202511240537
docker pull registry.community.greenbone.net/community/openvas-scanner:v23.31.5
docker pull registry.community.greenbone.net/community/ospd-openvas:22.9.0
docker pull registry.community.greenbone.net/community/pg-gvm:22.6.10
docker pull registry.community.greenbone.net/community/redis-server:1.1.2
docker pull registry.community.greenbone.net/community/report-formats:202511241748
docker pull registry.community.greenbone.net/community/scap-data:202511240507
docker pull registry.community.greenbone.net/community/vulnerability-tests:202511240702


EXE

echo
echo
IMAGE_NAME=cert-bund-data
IMAGE_NAME=data-objects
IMAGE_NAME=dfn-cert-data
IMAGE_NAME=gpg-data
IMAGE_NAME=gsa
IMAGE_NAME=gvm-tools
IMAGE_NAME=gvmd
IMAGE_NAME=notus-data
IMAGE_NAME=openvas-scanner
IMAGE_NAME=ospd-openvas
IMAGE_NAME=pg-gvm
IMAGE_NAME=redis-server
IMAGE_NAME=report-formats
IMAGE_NAME=scap-data
IMAGE_NAME=vulnerability-tests

curl -s https://registry.community.greenbone.net/v2/community/${IMAGE_NAME}/tags/list \
  | yq -r '.tags | map(select(. | test("^202511"))) | sort | reverse[]'

Containers » Deploy

cat <<'YML' | tee /opt/shahed/finology/coverplus/var/playground/openvas/docker-compose.yml >/dev/null
---
name: greenbone-ce

services:
  vulnerability-tests:
    image: registry.community.greenbone.net/community/vulnerability-tests:202511240702
    environment:
      FEED_RELEASE: "24.10"
    volumes:
      - vt_data_vol:/mnt

  notus-data:
    image: registry.community.greenbone.net/community/notus-data:202511240537
    volumes:
      - notus_data_vol:/mnt

  scap-data:
    image: registry.community.greenbone.net/community/scap-data:202511240507
    volumes:
      - scap_data_vol:/mnt

  cert-bund-data:
    image: registry.community.greenbone.net/community/cert-bund-data:202511240831
    volumes:
      - cert_data_vol:/mnt

  dfn-cert-data:
    image: registry.community.greenbone.net/community/dfn-cert-data:202511200401
    volumes:
      - cert_data_vol:/mnt
    depends_on:
      - cert-bund-data

  data-objects:
    image: registry.community.greenbone.net/community/data-objects:202511240507
    environment:
      FEED_RELEASE: "24.10"
    volumes:
      - data_objects_vol:/mnt

  report-formats:
    image: registry.community.greenbone.net/community/report-formats:202511241748
    environment:
      FEED_RELEASE: "24.10"
    volumes:
      - data_objects_vol:/mnt
    depends_on:
      - data-objects

  gpg-data:
    image: registry.community.greenbone.net/community/gpg-data:v1.1.2
    volumes:
      - gpg_data_vol:/mnt

  redis-server:
    image: registry.community.greenbone.net/community/redis-server:1.1.2
    restart: on-failure
    volumes:
      - redis_socket_vol:/run/redis/

  pg-gvm:
    image: registry.community.greenbone.net/community/pg-gvm:22.6.10
    restart: on-failure
    volumes:
      - psql_data_vol:/var/lib/postgresql
      - psql_socket_vol:/var/run/postgresql

  gvmd:
    image: registry.community.greenbone.net/community/gvmd:26.10.0
    restart: on-failure
    volumes:
      - gvmd_data_vol:/var/lib/gvm
      - scap_data_vol:/var/lib/gvm/scap-data/
      - cert_data_vol:/var/lib/gvm/cert-data
      - data_objects_vol:/var/lib/gvm/data-objects/gvmd
      - vt_data_vol:/var/lib/openvas/plugins
      - psql_data_vol:/var/lib/postgresql
      - gvmd_socket_vol:/run/gvmd
      - ospd_openvas_socket_vol:/run/ospd
      - psql_socket_vol:/var/run/postgresql
    depends_on:
      pg-gvm:
        condition: service_started
      scap-data:
        condition: service_completed_successfully
      cert-bund-data:
        condition: service_completed_successfully
      dfn-cert-data:
        condition: service_completed_successfully
      data-objects:
        condition: service_completed_successfully
      report-formats:
        condition: service_completed_successfully

  gsa:
    image: registry.community.greenbone.net/community/gsa:26.6.0
    restart: on-failure
    ports:
      - 127.0.0.1:9392:80
    volumes:
      - gvmd_socket_vol:/run/gvmd
    depends_on:
      - gvmd

  configure-openvas:
    image: registry.community.greenbone.net/community/openvas-scanner:v23.31.5
    volumes:
      - openvas_data_vol:/mnt
      - openvas_log_data_vol:/var/log/openvas
    command:
      - /bin/sh
      - -c
      - |
        printf "table_driven_lsc = yes\nopenvasd_server = http://openvasd:80\n" > /mnt/openvas.conf
        sed "s/127/128/" /etc/openvas/openvas_log.conf | sed 's/gvm/openvas/' > /mnt/openvas_log.conf
        chmod 644 /mnt/openvas.conf
        chmod 644 /mnt/openvas_log.conf
        touch /var/log/openvas/openvas.log
        chmod 666 /var/log/openvas/openvas.log

  openvas:
    image: registry.community.greenbone.net/community/openvas-scanner:v23.31.5
    restart: on-failure
    volumes:
      - openvas_data_vol:/etc/openvas
      - openvas_log_data_vol:/var/log/openvas
    command:
      - /bin/sh
      - -c
      - |
        cat /etc/openvas/openvas.conf
        tail -f /var/log/openvas/openvas.log
    depends_on:
      configure-openvas:
        condition: service_completed_successfully

  openvasd:
    image: registry.community.greenbone.net/community/openvas-scanner:v23.31.5
    restart: on-failure
    environment:
      OPENVASD_MODE: service_notus
      GNUPGHOME: /etc/openvas/gnupg
      LISTENING: 0.0.0.0:80
    volumes:
      - openvas_data_vol:/etc/openvas
      - openvas_log_data_vol:/var/log/openvas
      - gpg_data_vol:/etc/openvas/gnupg
      - notus_data_vol:/var/lib/notus
    ports:
      - 127.0.0.1:3000:80
    depends_on:
      vulnerability-tests:
        condition: service_completed_successfully
      configure-openvas:
        condition: service_completed_successfully
      gpg-data:
        condition: service_completed_successfully
    networks:
      default:
        aliases:
          - openvasd

  ospd-openvas:
    image: registry.community.greenbone.net/community/ospd-openvas:22.9.0
    restart: on-failure
    hostname: ospd-openvas.local
    cap_add:
      - NET_ADMIN # for capturing packages in promiscuous mode
      - NET_RAW # for raw sockets e.g. used for the boreas alive detection
    security_opt:
      - seccomp=unconfined
      - apparmor=unconfined
    command:
      [
        "ospd-openvas",
        "-f",
        "--config",
        "/etc/gvm/ospd-openvas.conf",
        "--notus-feed-dir",
        "/var/lib/notus/advisories",
        "-m",
        "666",
      ]
    volumes:
      - gpg_data_vol:/etc/openvas/gnupg
      - vt_data_vol:/var/lib/openvas/plugins
      - notus_data_vol:/var/lib/notus
      - ospd_openvas_socket_vol:/run/ospd
      - redis_socket_vol:/run/redis/
      - openvas_data_vol:/etc/openvas/
      - openvas_log_data_vol:/var/log/openvas
    depends_on:
      redis-server:
        condition: service_started
      gpg-data:
        condition: service_completed_successfully
      vulnerability-tests:
        condition: service_completed_successfully
      configure-openvas:
        condition: service_completed_successfully

  gvm-tools:
    image: registry.community.greenbone.net/community/gvm-tools:25.4.2
    volumes:
      - gvmd_socket_vol:/run/gvmd
      - ospd_openvas_socket_vol:/run/ospd
    depends_on:
      - gvmd
      - ospd-openvas

volumes:
  gpg_data_vol:
  scap_data_vol:
  cert_data_vol:
  data_objects_vol:
  gvmd_data_vol:
  psql_data_vol:
  vt_data_vol:
  notus_data_vol:
  psql_socket_vol:
  gvmd_socket_vol:
  ospd_openvas_socket_vol:
  redis_socket_vol:
  openvas_data_vol:
  openvas_log_data_vol:
YML

Containers » Verify
cat <<'EXE' \| bash echo docker images docker ps -a EXE

Containers » Portal
setsid open https://10.20.0.6:9392/ >/dev/null 2>&1 &

References

References
Security » HTTP » Basic Authentication Security » OpenLDAP » BackSQL Security » Java » Key Store Security » Java » Mail API Security » Password Security » ZA Proxy Security » Domain Security » Spring Security » HTTP Security » Java	Security » Certificate » TLS » Configuration Generator Security » SSH » Public Key Authentication Security » Container » Snyk Security » Container » Trivy Security » Container » Sign Security » Certificate » TLS Security » Helm » Sign Security » Wireshark Security » Fail2ban Security » ClamAV	Security » OpenVAS » Containers Security » OpenVAS » Kali Linux Security » Jasypt
K8s » Configure Service Accounts for Pods K8s » Restart Pods With Kubectl K8s » Interactive Pod K8s » Restart Pods Docker » Makefile Kubernetes Minikube Kubectl CURL K8s	K8s » `kubectl rollout` K8s » CSI Hostpath Driver Security » Password K8s » Storage K8s » Ingress K8s » Service K8s » Run MinIO CIDR UFW	Bind9 » Authoritative DNS Server Bind9 » Secondary DNS Server Minikube » Ingress DNS Minikube » Systemd Minikube » MetalLB Minikube » Registry Minikube » Tunnel Localtunnel ZA Proxy

Security/OpenVAS: Difference between revisions

Revision as of 00:31, 25 November 2025

OpenVAS » Debian

OpenVAS » Containers

References

Navigation menu

Search