Log4j scan and reverse address

In order to make the log4j test work, the machine that is being tested need to communicate back with openvas in the ospd container on its hostname in a random port.

Since this container is not exposing any port this will not work.

To make this work I made some changes. I set the network for container ospd to host and set the hostname for machine IP. I changed the command to change the --mqtt-broker-address for machine IP as well. Besides I exposed the mqtt container port to be reachable from ospd

  ospd-openvas:
    image: greenbone/ospd-openvas:stable
    network_mode: host
    restart: always
    init: true
    hostname: 192.168.100.77
    cap_add:
      - NET_ADMIN # for capturing packages in promiscuous mode
      - NET_RAW # for raw sockets e.g. used for the boreas alive detection
    security_opt:
      - seccomp=unconfined
      - apparmor=unconfined
    command:
      [
        "ospd-openvas",
        "-f",
        "--config",
        "/etc/gvm/ospd-openvas.conf",
        "--mqtt-broker-address",
        "192.168.100.77",
        "--notus-feed-dir",
        "/var/lib/notus/advisories",
        "-m",
        "666"
      ]
    volumes:
      - gpg_data_vol:/etc/openvas/gnupg
      - vt_data_vol:/var/lib/openvas/plugins
      - notus_data_vol:/var/lib/notus
      - ospd_openvas_socket_vol:/run/ospd
      - redis_socket_vol:/run/redis/
    depends_on:
      redis-server:
        condition: service_started
      gpg-data:
        condition: service_completed_successfully
      vulnerability-tests:
        condition: service_completed_successfully

  mqtt-broker:
    restart: always
    image: greenbone/mqtt-broker
    ports:
      - "1883:1883"
    networks:
      default:
        aliases:
          - mqtt-broker
          - broker

Is there anything else that I might missed? Is it possible to have this working out of box? Maybe a range of ports exposed?

greenbone / openvas-scanner

Log4j scan and reverse address #1512