Secure-Compliance-Solutions-LLC / GVM-Docker

Greenbone Vulnerability Management Docker Image with OpenVAS
https://securecompliance.gitbook.io/projects/
MIT License
247 stars 91 forks source link

[Bug] Scanner connection refused #220

Closed smileitjc closed 3 years ago

smileitjc commented 3 years ago

Describe the bug I'm having some trouble connecting a remote scanner endpoint via SSH (same network at this stage) and getting the error on ssh to on port 2222: connection refused.

To Reproduce Steps to reproduce the behavior:

  1. I installed the host with this command: docker run --detach --publish 9392:9392 --publish 5432:5432 --publish 2222:22 --env DB_PASSWORD="" --env PASSWORD="" --volume gvm-data:/data --name gvm securecompliance/gvm

  2. I installed the scanner with this command: docker run --detach --volume scanner:/data --env MASTER_ADDRESS= --env MASTER_PORT=2222 --name scanner securecompliance/openvas

It outputted this:

Scanner id: lphlksy2tn Public key: ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIXE15Tpepj08lpjKlbPBeXlIgQZGPkaRZrulducdqhl lphlksy2tn Master host key (Check that it matches the public key from the master):

ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKqzA+gUPQH013psBp1TB6GPu/8C3sxiO3raRmompjBq 3. I ran this command to add the scanner into the host: docker exec -it gvm /add-scanner.sh 4. I put in the following details: Scanner Name: Remote scanner Scanner ID: lphlksy2tn Scanner Public Key: ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIXE15Tpepj08lpjKlbPBeXlIgQZGPkaRZrulducdqhl lphlksy2tn 5. I restart the docker, and get the above error connection refused. Am I putting in the public key wrong? I can see the last bit of the public key is the scanner ID so I tried with and without this bit, but no dice. **Expected behavior** The scanner should connect, and in the web interface clicking the Shield should not say "service unavailable". **Host Device:** - OS: Ubuntu - Version: 20.04
Dexus commented 3 years ago

Hi @smileitjc please provide the output for each image via docker image inspect <image> here thanks.

smileitjc commented 3 years ago

Hi Dexus,

Scanner output of the command 'docker image inspect securecompliance/openvas': https://ghostbin.com/paste/C8ol7 (pastebin kept deleting it)

Host output of the command 'docker image inspect securecompliance/gvm': https://ghostbin.com/paste/lwi6n

austinsonger commented 3 years ago

@smileitjc Next time just add it here in github as a code block. It doesn't help the development process if you use external snippet site.

scanneroutput

$ sudo docker image inspect securecompliance/openvas
[
    {
        "Id": "sha256:fc8f3556dc563e8114dab859f229fa99a555435a1c67ce8424850228634ae2ac",
        "RepoTags": [
            "securecompliance/openvas:latest"
        ],
        "RepoDigests": [
            "securecompliance/openvas@sha256:1d790fc3a344d766c5b43b2fa2a002ab16f5bebbd1db054cf19e5ed9427ca1e8"
        ],
        "Parent": "",
        "Comment": "",
        "Created": "2021-04-29T21:00:03.509334343Z",
        "Container": "b271d5761dc49e1d795e00a35571c21e861dbf6dc8bb542c009a75f003f2f95e",
        "ContainerConfig": {
            "Hostname": "b271d5761dc4",
            "Domainname": "",
            "User": "",
            "AttachStdin": false,
            "AttachStdout": false,
            "AttachStderr": false,
            "Tty": false,
            "OpenStdin": false,
            "StdinOnce": false,
            "Env": [
                "PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin",
                "DEBIAN_FRONTEND=noninteractive",
                "LANG=C.UTF-8",
                "gvm_libs_version=v21.4.0",
                "openvas_scanner_version=v21.4.0",
                "openvas_smb=v21.4.0",
                "open_scanner_protocol_daemon=v21.4.0",
                "ospd_openvas=v21.4.0"
            ],
            "Cmd": [
                "/bin/sh",
                "-c",
                "#(nop) ",
                "ENTRYPOINT [\"/start.sh\"]"
            ],
            "Image": "sha256:d37649cf689559dce1a695b36d6b68b4fe89a25ab12060da41a4e50e4fb2c528",
            "Volumes": null,
            "WorkingDir": "",
            "Entrypoint": [
                "/start.sh"
            ],
            "OnBuild": null,
            "Labels": {}
        },
        "DockerVersion": "19.03.8",
        "Author": "",
        "Config": {
            "Hostname": "",
            "Domainname": "",
            "User": "",
            "AttachStdin": false,
            "AttachStdout": false,
            "AttachStderr": false,
            "Tty": false,
            "OpenStdin": false,
            "StdinOnce": false,
            "Env": [
                "PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin",
                "DEBIAN_FRONTEND=noninteractive",
                "LANG=C.UTF-8",
                "gvm_libs_version=v21.4.0",
                "openvas_scanner_version=v21.4.0",
                "openvas_smb=v21.4.0",
                "open_scanner_protocol_daemon=v21.4.0",
                "ospd_openvas=v21.4.0"
            ],
            "Cmd": null,
            "Image": "sha256:d37649cf689559dce1a695b36d6b68b4fe89a25ab12060da41a4e50e4fb2c528",
            "Volumes": null,
            "WorkingDir": "",
            "Entrypoint": [
                "/start.sh"
            ],
            "OnBuild": null,
            "Labels": null
        },
        "Architecture": "amd64",
        "Os": "linux",
        "Size": 1279018537,
        "VirtualSize": 1279018537,
        "GraphDriver": {
            "Data": {
                "LowerDir": "/var/lib/docker/overlay2/30a04b2b7473420be9100fa36aa22d2f2dbe795f1b16cefb4f07270a319a1f69/diff:/var/lib/docker/overlay2/20101c7c0017f2b59f9ff6322a6dd4cd7eeb2ccbde4dae8856247f0cf3fd8a6a/diff:/var/lib/docker/overlay2/358dcd3a8633e8937f10a583b44e33e96d83fc17d605c0c08ec02f5860e481d8/diff:/var/lib/docker/overlay2/e1c818e3c610a59dd1047c0b96bf732afa68ff9b6b280793d758a61077da124e/diff:/var/lib/docker/overlay2/69a729a1f967ac34b60d075316792f177201fc5dab665387b9efc7f7e85f5a55/diff:/var/lib/docker/overlay2/8b7ac7c9b14ff3187d007115afc8afdcda31988f719e191f2f2f6d6011b7c740/diff:/var/lib/docker/overlay2/768348de93992aee63312a4258f0fca15099709a618c6463455329f3d0a6aa15/diff:/var/lib/docker/overlay2/d4ce512416d443eed37c2b3bd5764ce5fbb884d6dcefb286cb872f27912013dd/diff:/var/lib/docker/overlay2/a4cc53ba8110249d9e0ac7587f4e2ccfc6c395c0d42e15ddd67e9bf27cbca714/diff:/var/lib/docker/overlay2/f3cf3d1e820992c4868ffbdc60a8441732a6cb361ad47f8e2682fa97493d8411/diff:/var/lib/docker/overlay2/f515d5ad684cb582f2c1992cedc0c500cc0989b87357589ced0f61716dafb0bd/diff:/var/lib/docker/overlay2/11ce0a94913097ef3a22b2aaac2ce8cbc4fafd9820ba9f1102081a1c0e0fd93a/diff",
                "MergedDir": "/var/lib/docker/overlay2/a4f115548d1ca1b90c253a0f0d83679b4be4e80bc969fc094f5a7486ab1c160e/merged",
                "UpperDir": "/var/lib/docker/overlay2/a4f115548d1ca1b90c253a0f0d83679b4be4e80bc969fc094f5a7486ab1c160e/diff",
                "WorkDir": "/var/lib/docker/overlay2/a4f115548d1ca1b90c253a0f0d83679b4be4e80bc969fc094f5a7486ab1c160e/work"
            },
            "Name": "overlay2"
        },
        "RootFS": {
            "Type": "layers",
            "Layers": [
                "sha256:fe4ff16afbd5aec9b10d84187b69d99fdc7bb56056393d710896e706a43b3357",
                "sha256:5b0bb23616f6413dbe198d99f560297916e1dc7460bf1b2839e79456b0d1bf00",
                "sha256:af7c9711556760d562d2a8e2e1fae88aa07fdfc3e9529e0eecd9f1b90c74417f",
                "sha256:6057260293623db9dc5fbd98bdd5eb058577c1b573d5dde63937018802b5d38d",
                "sha256:0fdc6a7d100210f167fa2e2180b8935678d0946e15e09256f9d0013666f13eb8",
                "sha256:a2aaa9d0e5bbd29d5ecf5dbb01e4b44d0bb724394b4a8c779e670310f669b769",
                "sha256:d825009ed55ea98182dc924d9b760af4a3d267f9f7ea66ab206e0edc0729f8d5",
                "sha256:a4ce08c8efd5db6b31760f1d801a0eeb6fc91323f5076a1d4f619698d2e10abc",
                "sha256:83e8be29f6666970d2ef490d1a2c98a750be6dcbfbb2cd3b332b00087805f509",
                "sha256:4dfd64a75a7ce3a438e21764bf3a8b8a1fc242876cf6383e95efe63f3910b9bc",
                "sha256:bfde9b08869e02fb1ef9f0d5780aaf0bceed930f3c6b078336bdce0914f2d5be",
                "sha256:ff68d8bf0e420f7bbcdb80c7f2dd0962b393774e99572b7434459a5c4d2267b1",
                "sha256:7116c334b5c265c3d063ab0040ac60ecd5c994e4dda89cb179af4df325f41b98"
            ]
        },
        "Metadata": {
            "LastTagTime": "0001-01-01T00:00:00Z"
        }
    }
]

gvmoutput

$ sudo docker image inspect securecompliance/gvm
[sudo] password for svt: 
[
    {
        "Id": "sha256:aa7760af93467ac6e90b5ed2bfabd97536578fe30debf8f68054a2d3ccbbf803",
        "RepoTags": [
            "securecompliance/gvm:latest"
        ],
        "RepoDigests": [
            "securecompliance/gvm@sha256:182c924a25545c24986089a5d48f15aa81dcd96767396a94af7df58e9187fddd"
        ],
        "Parent": "",
        "Comment": "",
        "Created": "2021-05-31T14:11:48.047559267Z",
        "Container": "ff27246ad394c770bd981695c18990da3b9ac8ecfc15e85121590a34012b98ce",
        "ContainerConfig": {
            "Hostname": "ff27246ad394",
            "Domainname": "",
            "User": "",
            "AttachStdin": false,
            "AttachStdout": false,
            "AttachStderr": false,
            "Tty": false,
            "OpenStdin": false,
            "StdinOnce": false,
            "Env": [
                "PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin",
                "DEBIAN_FRONTEND=noninteractive",
                "LANG=C.UTF-8",
                "gvm_libs_version=v21.4.0",
                "openvas_scanner_version=v21.4.0",
                "gvmd_version=v21.4.0",
                "gsa_version=v21.4.0",
                "gvm_tools_version=21.1.0",
                "openvas_smb=v21.4.0",
                "open_scanner_protocol_daemon=v21.4.0",
                "ospd_openvas=v21.4.0",
                "python_gvm_version=21.1.3"
            ],
            "Cmd": [
                "/bin/sh",
                "-c",
                "#(nop) ",
                "CMD [\"/bin/sh\" \"-c\" \"'/start.sh'\"]"
            ],
            "Image": "sha256:0ca3978bd82fc0573d1ce9d04dc5595dc5053e72325472052863288e5eb6416b",
            "Volumes": null,
            "WorkingDir": "",
            "Entrypoint": null,
            "OnBuild": null,
            "Labels": {}
        },
        "DockerVersion": "19.03.8",
        "Author": "",
        "Config": {
            "Hostname": "",
            "Domainname": "",
            "User": "",
            "AttachStdin": false,
            "AttachStdout": false,
            "AttachStderr": false,
            "Tty": false,
            "OpenStdin": false,
            "StdinOnce": false,
            "Env": [
                "PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin",
                "DEBIAN_FRONTEND=noninteractive",
                "LANG=C.UTF-8",
                "gvm_libs_version=v21.4.0",
                "openvas_scanner_version=v21.4.0",
                "gvmd_version=v21.4.0",
                "gsa_version=v21.4.0",
                "gvm_tools_version=21.1.0",
                "openvas_smb=v21.4.0",
                "open_scanner_protocol_daemon=v21.4.0",
                "ospd_openvas=v21.4.0",
                "python_gvm_version=21.1.3"
            ],
            "Cmd": [
                "/bin/sh",
                "-c",
                "'/start.sh'"
            ],
            "Image": "sha256:0ca3978bd82fc0573d1ce9d04dc5595dc5053e72325472052863288e5eb6416b",
            "Volumes": null,
            "WorkingDir": "",
            "Entrypoint": null,
            "OnBuild": null,
            "Labels": null
        },
        "Architecture": "amd64",
        "Os": "linux",
        "Size": 2728822373,
        "VirtualSize": 2728822373,
        "GraphDriver": {
            "Data": {
                "LowerDir": "/var/lib/docker/overlay2/741871c9342edafb53032467aa14187a7ef429a1f99c9755026f126cacd30131/diff:/var/lib/docker/overlay2/c11c377a39bc1d61b37d5a2a8931c69ad33d8a6e4538bb3ba0e5e1235bf41d55/diff:/var/lib/docker/overlay2/0b06ad47b9e8e4b24fd1363257881cc36fef7ddfbeab2e4ce583563e7e04a478/diff:/var/lib/docker/overlay2/f2413ae0eba8306a6ffd615b567759e17a1278d56b4b8735ec1259c52d6d8feb/diff:/var/lib/docker/overlay2/1c6f42d3605457e94f4e1b0e16df4c950bc726904237b68e655eca74befc7d77/diff:/var/lib/docker/overlay2/ecc77f1fddd0c2c985185fee0512b0ba361311e6bb2af36c829e0ab23958a121/diff:/var/lib/docker/overlay2/9084c38f56334b39f03fc45b1a7dfdefe753d3480282121263928c1399b3a38c/diff:/var/lib/docker/overlay2/4d3ecbd4aaacd7f1e70f888a4d7792c5f470b127d9468f4fd6ce275b625a1ab2/diff:/var/lib/docker/overlay2/5e84252cb303d12acdb0a43477693c3e40d892e461b7c905e983478e71c7a8a0/diff:/var/lib/docker/overlay2/9ad27b5ed2af3227135b4d93e0bbcf545c5bb09947e4625642a6bae4aebbd8ad/diff:/var/lib/docker/overlay2/c30e36c20fd85b5605a410a709bedfa548a5274eb530023edeb4400587fee0c5/diff:/var/lib/docker/overlay2/9915d6a0c5dec435dd0c23808c0e51f1c2ae79268848ae923b8a637975a9eaff/diff:/var/lib/docker/overlay2/55cb34860effd4655de94d021a6d8bfbc9d6898f2261428563a45101cdbfb1a5/diff:/var/lib/docker/overlay2/6796104f5db816f179d2733d19a84580019e260fb489de52495a40661cda0489/diff:/var/lib/docker/overlay2/07a169b1ca6692aef9583bc36c922eda09c12ab492533bb777c5678fd8dc2c71/diff:/var/lib/docker/overlay2/dbe87318a11a39d2fffa61d50fd36810ce271b2094979dd5d0b1298f23971b90/diff:/var/lib/docker/overlay2/9c803baf077bd0d1f6e4ac4a5bdee2f2e2269f8def063de0ac43351715eb67c0/diff:/var/lib/docker/overlay2/070bb55f7ff93b779839d87d44f1b5a7ef34f7102b1cbebfb3188ac5fb64e465/diff:/var/lib/docker/overlay2/792474166a97d772469bf602c165def11abc3db9518121491f4978c2755529fe/diff",
                "MergedDir": "/var/lib/docker/overlay2/51a4ba7af3df0a4657973534ed6935c435864c23ddc51dc511938e0fe5863008/merged",
                "UpperDir": "/var/lib/docker/overlay2/51a4ba7af3df0a4657973534ed6935c435864c23ddc51dc511938e0fe5863008/diff",
                "WorkDir": "/var/lib/docker/overlay2/51a4ba7af3df0a4657973534ed6935c435864c23ddc51dc511938e0fe5863008/work"
            },
            "Name": "overlay2"
        },
        "RootFS": {
            "Type": "layers",
            "Layers": [
                "sha256:f99824acacbf1ded66f88fcaa9f849f1123aa1c09473bc7db380631710527705",
                "sha256:5a6ab33e4b09dd039d16b5e6e6f704d1a8d0e6f6f095aab76de1031d10e3a45f",
                "sha256:3ddefbdbdfbe8789386c4195c5333248a552608204b2f86981e1e06dbaeb635e",
                "sha256:f66d45a996261ad6b9ad4a673b9c69d49bb15f5534c3bf24ff5536b5a435df4d",
                "sha256:2267a0b5cc77c256c33d8dc38db49747e3285d31d44eb2262be92817efcd22f2",
                "sha256:2486fbc92bde3b8c55ff29e25cdd059e03741c800c6a234bcdbed9c1c2dd53a5",
                "sha256:8fc94a9522382ecbd71e52acf66e632ff69485d36468841d03fa584707996e39",
                "sha256:a4869c95b8d5c2cdc0693613bd9f0034654819c0450e223210e9da0add92809f",
                "sha256:0fb829a57f311334588583026b1977d715378f9896568970a3af82672921ec30",
                "sha256:72275826462bb1176690dde16343ddc9f3d88a6cc9a1a9bfaf354e24c9b30769",
                "sha256:9675bc67ce66707b719157bd4e1cc35de95df8b6127137cd60ac22e399c89e25",
                "sha256:02a947081223c7e47bdf1e938ca0830ec967ac355908b53cae61a9b8c6a03523",
                "sha256:c8101f09d0b1d3329b9e8e21310788cef8dcef02bab942b70bf498486507e789",
                "sha256:1674356c97faf1a63dd2dd52975625cba0c1f6b236cd83dab04d1c5c4b4c0b14",
                "sha256:57ee4315dbed9e4650c59f176064b96d1cfd0fce050c9f827ae4a39298c2b987",
                "sha256:c04f9c641b0800dcba9e53764e25a6cef8105debdfe1a8b819065419392be7eb",
                "sha256:20e399fdfa59c68fce81694853076e66a0465fb1e12762312329427155ef1121",
                "sha256:24178005cfad24a3ed856fe532a830a9d48c326ece076c7f6b0b45056d322d55",
                "sha256:3535bcc7d92982fe4020a8fb946576ef2b5d937397b13f91b3b9d3d7e748656f",
                "sha256:0d4d0659a31eb7b97505dfc33accdb59e0b108c25f951cb4050f1c01e1059bb8"
            ]
        },
        "Metadata": {
            "LastTagTime": "0001-01-01T00:00:00Z"
        }
    }
]
smileitjc commented 3 years ago

Good to know thanks.

Dexus commented 3 years ago

Was the web interface already accessible before you tried to connect the OpenVAS scanner? And was the web interface (GVMD) initialised? -> This can usually be seen in first installations by the missing configurations and an error in the dashboard similar to "scap database missing". This usually resolves itself after 10-30 minutes.

Alternatively, you can check out the "dev" branch and build it yourself. The problem should not exist there.

smileitjc commented 3 years ago

Hi,

The web interface had been initialised when I tried to connect, no errors in the log either - I've just tried again from fresh and it's still getting a connection refused. Other than building from dev there is no other fix to this?

Dexus commented 3 years ago

I think the problem is, that you not set the SSHD environment

SSHD="true" <- need to be a string not a boolean