search

Secure-Compliance-Solutions-LLC / OpenVAS-Docker

A Docker Image For the Open Vulnerability Assessment Scanner (OpenVAS)
https://securecompliance.gitbook.io/projects/openvas_image
MIT License
20 stars 13 forks source link

Scanner - Could not get a bpf #15

Open karnamonkster opened 2 years ago

karnamonkster commented 2 years ago

Hi,

I am using the OpenVAS scanner - 21.4.0-v5 (latest image)in a remote deployment The scanner registration is completed. Scanner gets the tasks and starts the scan on the Target. However there are logs which state the tests are failing and hence the final report does not include expected findings as well. Sample loglines within /var/log/gvm/openvas.log

lib  misc:MESSAGE:2022-03-10 20h24.32 utc:3858: [gb_log4j_CVE-2021-44228_tcp_active.nasl] pcap_compile: Filter "tcp and dst port 15497 and src host **targetIP** and (dst host 172.17.0.2 or dst host 8bc750eb7f2b)" : ethernet address used in non-ether expression
lib  nasl:MESSAGE:2022-03-10 20h24.32 utc:3858: [3858](/var/lib/openvas/plugins/2021/apache/gb_log4j_CVE-2021-44228_tcp_active.nasl:141) pcap_next: Could not get a bpf

Appreciate if there is anything we could do to fix this.

karnamonkster commented 2 years ago

I tried to build it again with the tag > 21.4.0-v5 Along with the above some more lines in the log file


 There was a problem trying to load gb_clamav_smb_login_detect.nasl, a dependency of ClamAV < 0.95.1 Multiple DoS Vulnerabilities - Windows. This may be due to a parse error, or it failed to find the dependency. Please check the path to the file.
sd   main:WARNING:2022-03-11 10h17.09 utc:167: There was a problem trying to load gb_clamav_detect_lin.nasl, a dependency of ClamAV Multiple Vulnerabilities (Linux). This may be due to a parse error, or it failed to find the dependency. Please check the path to the file.
sd   main:WARNING:2022-03-11 10h17.09 utc:167: There was a problem trying to load gb_clamav_detect_lin.nasl, a dependency of ClamAV Remote Denial of Service Vulnerability. This may be due to a parse error, or it failed to find the dependency. Please check the path to the file.
sd   main:WARNING:2022-03-11 10h17.09 utc:167: There was a problem trying to load gb_clamav_detect_lin.nasl, a dependency of ClamAV get_unicode_name() Off-By-One Heap based BOF Vulnerability. This may be due to a parse error, or it failed to find the dependency. Please check the path to the file.
sd   main:WARNING:2022-03-11 10h17.09 utc:167: There was a problem trying to load gb_clamav_detect_lin.nasl, a dependency of ClamAV LZH File Unpacking Denial of Service Vulnerability (Linux). This may be due to a parse error, or it failed to find the dependency. Please check the path to the file.
sd   main:WARNING:2022-03-11 10h17.09 utc:167: There was a problem trying to load gb_clamav_detect_lin.nasl, a dependency of ClamAV Invalid Memory Access Denial Of Service Vulnerability. This may be due to a parse error, or it failed to find the dependency. Please check the path to the file.
sd   main:WARNING:2022-03-11 10h17.09 utc:167: There was a problem trying to load zabbix_web_detect.nasl, a dependency of Zabbix Default Guest Account. This may be due to a parse error, or it failed to find the dependency. Please check the path to the file.
sd   main:WARNING:2022-03-11 10h17.09 utc:167: There was a problem trying to load gb_zoom_client_ssh_login_macosx_detect.nasl, a dependency of Zoom Client Heap Based Buffer Overflow (ZSB-22003). This may be due to a parse error, or it failed to find the dependency. Please check the path to the file.
sd   main:WARNING:2022-03-11 10h17.09 utc:167: There was a problem trying to load gb_zoom_client_smb_login_detect.nasl, a dependency of Zoom Client Heap Based Buffer Overflow (ZSB-22003). This may be due to a parse error, or it failed to find the dependency. Please check the path to the file.
Dexus commented 2 years ago

This looks like you have to run the docker image in privileged mode. or even more rights.

karnamonkster commented 2 years ago

Hi @Dexus I have tried to run with

  1. privileged : true
  2. cap_add : net_admin

There has been no change, still getting the same behavior. Do we change permission on the somewhere else as well ?

Dexus commented 2 years ago

@karnamonkster please contact greenbone via community. I think the problem is that openvas is not up2date and I will create a new version.

Other thing: which network mode you use for the container?

karnamonkster commented 2 years ago

Hi @Dexus , Would be great to have the openvas up2date. Awaiting a new version. I have tried with network mode 'host' as well as 'bridged'.

Dexus commented 2 years ago

@karnamonkster will give you a notice when its done, need some more tasks first to be done.

Dexus commented 2 years ago

For further support, use https://github.com/DeineAgenturUG/greenbone-gvm-openvas-for-docker

Dexus commented 2 years ago

@karnamonkster I think I found the problem and will check this over the weekend. When I'm right with what I think, it will be available via https://github.com/DeineAgenturUG/greenbone-gvm-openvas-for-docker in the next week

Dexus commented 2 years ago

@karnamonkster please try to set a hostname and domainname

example: docker run -h gvm --domainname fritz.box ....

maybe also add --cap-add NET_ADMIN

I used it together with a custom ipvlan to match my LAN network.