search

Secure-Compliance-Solutions-LLC / GVM-Docker

Greenbone Vulnerability Management Docker Image with OpenVAS
https://securecompliance.gitbook.io/projects/
MIT License
246 stars 91 forks source link

Cant login after new container #246

Closed mcmufffin closed 3 years ago

mcmufffin commented 3 years ago

Hi,

i just upgraded a new version of a container, it worked like charm the last year or so, but after the volume change (/data to multiple split volumes) i cant login (wrong password) even after reseting all volumes and starting from zero.

The container was started with: docker run --detach --restart=always --publish 8080:9392 --publish 5432:5432 --publish 2222:22 --env DB_PASSWORD="test" --env PASSWORD="test" --volume gvm-postgres-db:/opt/database --volume gvm-openvas-plugins:/var/lib/openvas/plugin --volume gvm-data:/var/lib/gvm --volume gvm-ssh:/etc/ssh --name gvm securecompliance/gvm Any ideas?

Thanks!

austinsonger commented 3 years ago

Please read https://github.com/Secure-Compliance-Solutions-LLC/GVM-Docker/issues/244

austinsonger commented 3 years ago

https://github.com/Secure-Compliance-Solutions-LLC/GVM-Docker/issues/245

Dexus commented 3 years ago

Hi, when you really start the container with the command your wrote, you should use clean volumes the first time your password should work, at last it would fire me, after the first time your PASSWORD environment is ignored.

All other infos are written in #245 already and also in #244.

Thank you.

mcmufffin commented 3 years ago

Hi,

thanks for the input! And sorry for the double qeustions. Mybe keep the issues open for now of link them in the docs?

The docs under https://securecompliance.gitbook.io/projects/openvas-greenbone-deployment-full-guide/environment-variables still say that admin is the default password.

Yes the Container was indeed spawn with no volumes before:


CONTAINER ID   IMAGE                  COMMAND                  CREATED       STATUS         PORTS                                                                                                                                   NAMES
407a480dc3cc   securecompliance/gvm   "/entrypoint.sh /usr…"   2 hours ago   Up 3 minutes   0.0.0.0:5432->5432/tcp, :::5432->5432/tcp, 8081/tcp, 0.0.0.0:2222->22/tcp, :::2222->22/tcp, 0.0.0.0:8080->9392/tcp, :::8080->9392/tcp   gvm
[root@gsm ~]# docker container stop gvm
gvm
[root@gsm ~]# docker container rm gvm
gvm
[root@gsm ~]# docker volume prune
WARNING! This will remove all local volumes not used by at least one container.
Are you sure you want to continue? [y/N] y
Deleted Volumes:
939019d6aec21005cb03dbb01b781720fbc740b7bc2c7dbdbcc4cc412a83c8fc
ad5ec0ccaabab9df93aacd87a0f1e42620e71156b449c9fe0688370f2d262bb1
gvm-data
gvm-openvas-plugins
gvm-postgres-db
gvm-ssh

Total reclaimed space: 2.973GB
[root@gsm ~]# docker volume list
DRIVER    VOLUME NAME
[root@gsm ~]# docker run --detach --restart=always --publish 8080:9392 --publish 5432:5432 --publish 2222:22 --env DB_PASSWORD="test" --env PASSWORD="test" --volume gvm-postgres-db:/opt/database --volume gvm-openvas-plugins:/var/lib/openvas/plugin --volume gvm-data:/var/lib/gvm --volume gvm-ssh:/etc/ssh --name gvm securecompliance/gvm

However, the "test" password is still not working despite its the first/ fresh spin up. Using no/latest tag (downloaded a few hours ago)

I think the password reset (which is probabbly also used for setup the pw?) script is broken:

[root@gsm ~]# docker exec -ti gvm /reset-gvmd-admin-password.sh
OCI runtime exec failed: exec failed: container_linux.go:380: starting container process caused: exec: "/reset-gvmd-admin-password.sh": permission denied: unknown

After giving it a chmod +x:

[root@gsm ~]# docker exec -ti gvm /reset-gvmd-admin-password.sh
/reset-gvmd-admin-password.sh: line 6: read: Reset to new password:': not a valid identifier

Hope this helps!

Dexus commented 3 years ago

Oh, sorry for the wrong default value. It is adminpassword.

And the other things I will check again. Thanks for let us know.

netbix commented 3 years ago

I have the same problem. I investigated and found these problems: 1) wrong directory --volume gvm-openvas-plugins:/var/lib/openvas/plugin must be --volume gvm-openvas-plugins:/var/lib/openvas/plugins 2) with --volume gvm-ssh:/etc/ssh gvm does not start, error on mkdir /etc/ssh

if I remove the volume "etc/ssh" gvm starts

Dexus commented 3 years ago

Is it wrong in the documentation? Or also in the dockerfile?

Will review it the next days. Or if you find the wrong places your welcome to create a pull request.

netbix commented 3 years ago

With new docker container this is error:

gvm | Creating Database folder... gvm | The files belonging to this database system will be owned by user "postgres". gvm | This user must also own the server process. gvm | gvm | The database cluster will be initialized with locale "en_US.UTF-8". gvm | The default database encoding has accordingly been set to "UTF8". gvm | The default text search configuration will be set to "english". gvm | gvm | Data page checksums are disabled. gvm | gvm | fixing permissions on existing directory /opt/database ... ok gvm | creating subdirectories ... ok gvm | selecting dynamic shared memory implementation ... posix gvm | selecting default max_connections ... 100 gvm | selecting default shared_buffers ... 128MB gvm | selecting default time zone ... Europe/Rome gvm | creating configuration files ... ok gvm | running bootstrap script ... ok gvm | performing post-bootstrap initialization ... ok gvm | syncing data to disk ... initdb: warning: enabling "trust" authentication for local connections gvm | You can change this by editing pg_hba.conf or using the option -A, or gvm | --auth-local and --auth-host, the next time you run initdb. gvm | ok gvm | gvm | gvm | Success. gvm | gvm | Starting PostgreSQL... gvm | 2021-08-06 12:31:34,268 INFO spawned: 'postgresql' with pid 120 gvm | 2021-08-06 12:31:44,316 INFO success: postgresql entered RUNNING state, process has stayed up for > than 10 seconds (startsecs) gvm | postgresql: started gvm | mkdir: cannot create directory ‘/etc/ssh’: File exists gvm | 2021-08-06 12:31:44,355 INFO exited: init (exit status 1; not expected)

netbix commented 3 years ago

when will the updated docker be available?

Dexus commented 3 years ago

As soon, I have time to do this. RL has a bit mir priority for me currently.

Am 06.08.2021 um 12:41 schrieb Antonio @.***>:

 when will the updated docker be available?

— You are receiving this because you were assigned. Reply to this email directly, view it on GitHub, or unsubscribe.

Dexus commented 3 years ago

@netbix Can you check this: docker pull ghcr.io/secure-compliance-solutions-llc/gvm-docker@sha256:f49eaa18a8a5f84ce890f981c37ae033fd92ea555adc1921e6ffb666e25baa68 same as current docker pull ghcr.io/secure-compliance-solutions-llc/gvm-docker:pr-247

Dexus commented 3 years ago

@netbix I hope @austinsonger @pixelsquared will review the changes and give there okay, then the new v21.4.3-v1 release will be out soon.