falkowich / comments-sadsloth

1 stars 0 forks source link

post/gmv10dockermasterslave/ #7

Open utterances-bot opened 5 years ago

utterances-bot commented 5 years ago

Greenbone Vulnerability Management 10 Docker Master/Slave setup · sadsloth.net

undefined

https://sadsloth.net/post/gmv10dockermasterslave/

SergioBinfo commented 5 years ago

Hello, I have the Master on a remote server and the slave running in my host. I followed the steps as described in this tutorial. But still the Master can't connect to the slave. The relevant ports are opened. Do we need to pass the Master's cert to the slave? Best regards

falkowich commented 5 years ago

Hi @SergioBinfo,

Do you get any error? Only the slave certificate should be copied to the master before adding the scanner (slave). And then after it is copied, just modify the scanner with --modify-scanner

SergioBinfo commented 5 years ago

Hi @falkowich , thank you for your reply.

Yes, the certifcate check failed at the Master but it is solved now. I added the scanner first and just then I modified the scanner. Now there's a connection.

I got some new errors when I try to start a scan. Basically, the scan is stuck at 1%. Logs at Master """ gvm10_1 | lib serv:WARNING:2019-10-23 09h29.05 UTC:1165: gvm_server_verify: the certificate is not trusted gvm10_1 | lib serv:WARNING:2019-10-23 09h29.05 UTC:1165: gvm_server_verify: the certificate hasn't got a known issuer gvm10_1 | md manage:WARNING:2019-10-23 09h29.05 UTC:1165: slave_connect: failed to open connection to 10.101.20.50 on 9391 """ Logs at Slave """ gvm10_1 | md main:WARNING:2019-10-23 09h30.20 utc:1314: read_from_client_tls: failed to read from client: The TLS connection was non-properly terminated. """

SergioBinfo commented 5 years ago

Additional Logs: At Master: """ gvm10_1 | ==> /usr/local/var/log/gvm/gvmd.log <== gvm10_1 | event task:MESSAGE:2019-10-23 11h08.39 UTC:713: Task T1 (4331add8-3949-4ab9-a4d8-d306068ed473) has been requested to start by admin gvm10_1 | event task:MESSAGE:2019-10-23 11h09.07 UTC:719: Status of task T1 (4331add8-3949-4ab9-a4d8-d306068ed473) has changed to Running gvm10_1 | md manage:WARNING:2019-10-23 11h09.07 UTC:719: sql_exec_internal: PQexec failed: ERROR: syntax error at or near "report" gvm10_1 | LINE 1: ...e, description, uuid, qod, qod_type, result_nvt report) VA... gvm10_1 | ^ gvm10_1 | (7) gvm10_1 | md manage:WARNING:2019-10-23 11h09.07 UTC:719: sql_exec_internal: SQL: INSERT into results (owner, date, task, host, hostname, port, nvt, nvt_version, severity, type, description, uuid, qod, qod_type, result_nvt report) VALUES (1, m_now (), 2, '192.168.214.129', '', '111/tcp', '1.3.6.1.4.1.25623.1.0.108090', 'SELECT iso_time (modification_time) FROM nvts WHERE uuid = '1.3.6.1.4.1.25623.1.0.108090';', '0.0', 'Log Message', 'RPC portmapper is running on this port.', make_uuid (), 80, 'remote_banner', (SELECT id FROM result_nvts WHERE nvt = '1.3.6.1.4.1.25623.1.0.108090'), 68), (1, m_now (), 2, '192.168.214.129', '', '111/tcp', '1.3.6.1.4.1.25623.1.0.11111', 'SELECT iso_time (modification_time) FROM nvts WHERE uuid = '1.3.6.1.4.1.25623.1.0.11111';', '0.0', 'Log Message', 'These are the registered RPC programs: gvm10_1 | RPC program #100000 version 2 ''portmapper'' (portmap sunrpc rpcbind) on port 111/TCP gvm10_1 | RPC program #100003 version 2 ''nfs'' (nfsprog) on port 2049/TCP gvm10_1 | RPC program #100003 version 3 ''nfs'' (nfsprog) on port 2049/TCP gvm10_1 | RPC program #100003 version 4 ''nfs'' (nfsprog) on port 2049/TCP gvm10_1 | RPC program #100005 version 1 ''mountd'' (mount showmount) on port 41594/TCP gvm10_1 | RPC program #100005 version 2 ''mountd'' (mount showmount) on port 41594/TCP gvm10_1 | RPC program #100005 version 3 ''mountd'' (mount showmount) on port 41594/TCP gvm10_1 | RPC program #100024 version 1 ''status'' on port 52541/TCP gvm10_1 | RPC program #100021 version 1 ''nlockmgr'' on port 55093/TCP gvm10_1 | RPC program #100021 version 3 ''nlockmgr'' on port 55093/TCP gvm10_1 | RPC program #100021 version 4 ''nlockmgr'' on port 55093/TCP gvm10_1 | RPC program #100000 version 2 ''portmapper'' (portmap sunrpc rpcbind) on port 111/UDP gvm10_1 | RPC program #100003 version 2 ''nfs'' (nfsprog) on port 2049/UDP gvm10_1 | RPC program #100003 version 3 ''nfs'' (nfsprog) on port 2049/UDP gvm10_1 | RPC program #100003 version 4 ''nfs'' (nfsprog) on port 2049/UDP gvm10_1 | RPC program #100021 version 1 ''nlockmgr'' on port 53642/UDP gvm10_1 | RPC program #100021 version 3 ''nlockmgr'' on port 53642/UDP gvm10_1 | RPC program #100021 version 4 ''nlockmgr'' on port 53642/UDP gvm10_1 | RPC program #100024 version 1 ''status'' on port 55546/UDP gvm10_1 | RPC program #100005 version 1 ''mountd'' (mount showmount) on port 55765/UDP gvm10_1 | RPC program #100005 version 2 ''mountd'' (mount showmount) on port 55765/UDP gvm10_1 | RPC program #100005 version 3 ''mountd'' (mount showmount) on port 55765/UDP', make_uuid (), 80, 'remote_banner', (SELECT id FROM result_nvts WHERE nvt = '1.3.6.1.4.1.25623.1.0.11111'), 68) RETURNING id; gvm10_1 | md manage:WARNING:2019-10-23 11h09.07 UTC:719: next: sql_exec_internal failed gvm10_1 | md manage:WARNING:2019-10-23 11h09.07 UTC:719: manage_cleanup_process_error: Error exit, setting running task to Interrupted gvm10_1 | md manage:WARNING:2019-10-23 11h09.07 UTC:719: sql_exec_internal: PQexec failed: ERROR: current transaction is aborted, commands ignored until end of transaction block gvm10_1 | (7) gvm10_1 | md manage:WARNING:2019-10-23 11h09.07 UTC:719: sql_exec_internal: SQL: UPDATE reports SET scan_run_status = 13 WHERE id = 68; gvm10_1 | md manage:WARNING:2019-10-23 11h09.07 UTC:719: sqlv: sql_exec_internal failed """

At Slave (Target is a VM) """gvm10_1 | ==> /usr/local/var/log/gvm/openvassd.log <== gvm10_1 | sd main:MESSAGE:2019-10-23 11h08.52 utc:93: Starts a new scan. Target(s) : 192.168.214.129, with max_hosts = 20 and max_checks = 4 gvm10_1 | sd main:MESSAGE:2019-10-23 11h08.52 utc:100: Testing 192.168.214.129 [100] gvm10_1 | gvm10_1 | ==> /usr/local/var/log/gvm/gvmd.log <== gvm10_1 | md main:WARNING:2019-10-23 11h09.07 UTC:91: read_from_client_tls: failed to read from client: The TLS connection was non-properly terminated. """

SergioBinfo commented 5 years ago

I figured out how to fix my issue. These errors occurred because the TLS session terminates before that the scan ends. According to https://github.com/greenbone/gvmd/issues/701#issuecomment-534577476 The solution might be to use Greenbone Vulnerability Manager 8.0.2 instead of 8.0.1 as referred in https://github.com/greenbone/gvmd/issues/701#issuecomment-536510025

I changed in both, master and slave's docker-compose.yml the following line: image: falkowich/gvm10:psql image: falkowich/gvm10:slave To: image: falkowich/gvm10:psql-latest image: falkowich/gvm10:slave-latest

Adding the tag "latest" solved my issue

harshalgithub commented 3 years ago

Hi @falkowich ,

I am new to docker environment, I was going through above blog post and found it great knowlwdge source.

Is there any single docker-compose or docker file which will launch One Master and Slave ( multiple as per requirement scalable ) and should get automatically added in Master as new scanners ( copy certs to Master ) and will share same PSQL database so that once scans are finished on the slave it will automatically get deleted and scans data will be present in Master PSQL Database?

Example Scenario: Consider I have 100 host IPs to scan, and we need 5 Slave scanner should automatically launch and it get assigned to 20 host ips each to scan and delete slaves once scans are finished and final scan reports should be present in single PSQL master db.

Thanks in advance