Open franko108 opened 3 years ago
Well, instead of adding another docker container, I added a line in your gvmd/Dockerfile as there is already python 3:
python3 -m pip install gvm-tools; \
Gvm-tools are then installed within container and responding to a command, but I can't connect gvm-cli to gvm. Either I don't see well or anything else is the problem.
The doc states gvm-cli can be connected to gvm socket that shall be probably in /run/gvm/gvmd.sock
or /var/run/gvm/gvmd.sock
within the same container but I couldn't find it at all.
Can you help at that regard, apparently, you are maintainer of the PPA as well, so you are really familiar with this software?
However, my suggestion is that gvm-tools are part of your docker stack, anyone who will use gvm-containers seriously will try to integrate it with own orchestration tool like ansible, terraform, aws cli or anything else (or all from the list) and providing own lists of IP's and update it on the regular basis.
With pretty dynamic changing of the servers, opening and closing the IP list and doing manual import is just not good enough.
Another really good part of your Docker that can perform update of the new vulnerabilities, and makes possible to do check on regular basis including the new security issues.
With cli, this will be really great and useful software. Everything else that I've tried works properly.
It is a good idea to add gvm-tools as another container, but for now if you have gvm-tools
installed anywhere (e.g. by pip
or by apt
from PPA), you can use the tls
connection type to connect to the gvmd
.
First find the IP address of gvmd
. E.g. you can use docker inspect
:
$ docker inspect gvm-containers_gvmd_1 | grep IPAddress
"IPAddress": "172.24.0.4",
So, in this example the IP address is 172.24.0.4
. Then, you can run gvm-cli
:
$ gvm-cli tls --hostname 172.24.0.4 --xml "<GET_VERSION/>"
<get_version_response status="200" status_text="OK"><version>20.08</version></get_version_response>
Thanks, this works!
Even running like:
`$ docker exec -it gvm-containers_gvmd_1 gvm-cli tls --hostname 127.0.0.1 --xml "
I had trouble finding where the certs were to connect via TLS. For anyone else looking this might help you. My container version of GVM did not have SSH and the socket option didn't work in the startup script so TLS was my connection choice.
If you login on the gvm container _#docker exec -it <containername/id> bash and then su to the gvm user. You can then run this command to the certificates you need to connect.
gvm-manage-certs -V
Simply copy down the needed certs to a location on your client machine and setup your gvm-tools.config file and that should work :)
Hello,
this is not an issue but a question.
How to connect gvm-tools (ideally from another Docker instance) to your docker instance(s) ?
It can be on the very same VM (that is host for docker containers).
Otherwise, I like how openvas works on your Docker instances, this is one thing that I need, not to import and update the IP lists manually.
Thanks, best.