search

immauss / openvas

Containers for running the Greenbone Vulnerability Manager. Run as a single container with all services or separate single applications containers via docker-compose.
GNU Affero General Public License v3.0
355 stars 102 forks source link

getting redis-server command not found #214

Closed talessinWork closed 1 year ago

talessinWork commented 1 year ago

running the openvas Dockerfile in a single container, getting redis-server command not found for some reason, it appears to install everything great.

talessinWork commented 1 year ago

Sending build context to Docker daemon 32.54MB Step 1/44 : FROM debian:bullseye ---> 35073ea3b0b7 Step 2/44 : ENV DEBIAN_FRONTEND=noninteractive ---> Using cache ---> 64832e73f5c8 Step 3/44 : ENV LANG=C.UTF-8 ---> Using cache ---> 2ec551342917 Step 4/44 : COPY scripts /scripts ---> Using cache ---> 3e8ace78d954 Step 5/44 : RUN bash /scripts/install-deps.sh ---> Using cache ---> a7a75f55dda1 Step 6/44 : ENV VER="22.4.17-beta" ---> Using cache ---> de81f37f33fb Step 7/44 : RUN mkdir /build.d ---> Using cache ---> 6b5d628094c4 Step 8/44 : COPY build.rc / ---> Using cache ---> 969e57f32200 Step 9/44 : COPY package-list-build / ---> Using cache ---> e826296298e1 Step 10/44 : COPY build.d/build-prereqs.sh /build.d/ ---> Using cache ---> 20a907e6ca93 Step 11/44 : RUN bash /build.d/build-prereqs.sh ---> Using cache ---> 418e652a45c5 Step 12/44 : COPY build.d/update-certs.sh /build.d/ ---> Using cache ---> 364ac07b270d Step 13/44 : RUN bash /build.d/update-certs.sh ---> Using cache ---> cc3881c2aab6 Step 14/44 : COPY build.d/gvm-libs.sh /build.d/ ---> Using cache ---> 634a64fa8c42 Step 15/44 : RUN bash /build.d/gvm-libs.sh ---> Using cache ---> 9aa778d2c117 Step 16/44 : COPY build.d/openvas-smb.sh /build.d/ ---> Using cache ---> 381917ed72a0 Step 17/44 : RUN bash /build.d/openvas-smb.sh ---> Using cache ---> 78a1759c5133 Step 18/44 : COPY build.d/gvmd.sh /build.d/ ---> Using cache ---> c069b03082fd Step 19/44 : RUN bash /build.d/gvmd.sh ---> Using cache ---> 0dd91b6f16b1 Step 20/44 : COPY build.d/openvas-scanner.sh /build.d/ ---> Using cache ---> d0bd79a910ca Step 21/44 : RUN bash /build.d/openvas-scanner.sh ---> Using cache ---> 58d89cc75fb3 Step 22/44 : COPY build.d/gsa.sh /build.d/ ---> Using cache ---> 4fc54ce7a0dd Step 23/44 : RUN bash /build.d/gsa.sh ---> Using cache ---> c3a0b151cb4f Step 24/44 : COPY build.d/ospd-openvas.sh /build.d/ ---> Using cache ---> eb4eca8a5cf3 Step 25/44 : RUN bash /build.d/ospd-openvas.sh ---> Using cache ---> 237394a7235e Step 26/44 : COPY build.d/gvm-tool.sh /build.d/ ---> Using cache ---> 997b4e391ef6 Step 27/44 : RUN bash /build.d/gvm-tool.sh ---> Using cache ---> 71e117db001c Step 28/44 : COPY build.d/notus-scanner.sh /build.d/ ---> Using cache ---> 180284ae57f7 Step 29/44 : RUN bash /build.d/notus-scanner.sh ---> Using cache ---> 0aeb4a6cbdc7 Step 30/44 : COPY build.d/pg-gvm.sh /build.d/ ---> Using cache ---> 9313f0bf9063 Step 31/44 : RUN bash /build.d/pg-gvm.sh ---> Using cache ---> afd6b58fa48c Step 32/44 : COPY build.d/gb-feed-sync.sh /build.d/ ---> Using cache ---> 6003e647be2c Step 33/44 : RUN bash /build.d/gb-feed-sync.sh ---> Using cache ---> f73588e945d4 Step 34/44 : COPY build.d/links.sh /build.d/ ---> Using cache ---> 9f5f0b763242 Step 35/44 : RUN bash /build.d/links.sh ---> Using cache ---> 2ec4782df24c Step 36/44 : COPY build.d/gpg-keys.sh /build.d ---> Using cache ---> 103a4dca978e Step 37/44 : RUN bash /build.d/gpg-keys.sh ---> Using cache ---> 2cc81b7068eb Step 38/44 : COPY build.rc /gvm-versions ---> Using cache ---> 576f52298111 Step 39/44 : RUN apt install -yq ssh ---> Using cache ---> e7b8e1217f11 Step 40/44 : RUN service ssh restart ---> Using cache ---> 0f5a1d2655d7 Step 41/44 : RUN mkdir -p /var/run/sshd && sed 's@session\srequired\spam_loginuid.so@session optional pam_loginuid.so@g' -i /etc/pam.d/sshd && echo PermitRootLogin yes >> /etc/ssh/sshd_config && service ssh restart ---> Using cache ---> 42d3d38c1528 Step 42/44 : COPY scripts/ /scripts/ ---> Using cache ---> 1aaf340c1344 Step 43/44 : RUN chmod -R 777 /scripts/ ---> Using cache ---> 1276c47fe4fd Step 44/44 : RUN /scripts/start.sh ---> Running in 7a64ed9a1e13 starting container at: Wed Aug 16 06:34:21 UTC 2023 Setting up container filesystem mv: cannot stat '/var/lib/postgresql/13/main/': No such file or directory ln: failed to create symbolic link '/var/lib/postgresql/13/main': No such file or directory cp: cannot stat '/usr/local/var/lib/': No such file or directory cp: cannot stat '/var/lib/notus/': No such file or directory Using default gvm logging config cp: cannot stat '/usr/local/etc/gvm/gvmd_log.conf': No such file or directory Using default gvm logging config cp: cannot stat '/usr/local/etc/gvm/pwpolicy.conf': No such file or directory Using default openvas logging config cp: cannot stat '/usr/local/etc/openvas/openvas_log.conf': No such file or directory chown: invalid user: ‘postfix:postfix’ Choosing container start method from:

Starting gvmd & openvas in a single container !! /scripts/single.sh: line 57: redis-server: command not found The command '/bin/sh -c /scripts/start.sh' returned a non-zero code: 127

Important to note the the sshd line is something i've added for our product requirements

immauss commented 1 year ago

I'm not sure exactly what you are trying to do, but it seems you have either made some more significant changes to the Dockerfile, or you are doing something totally unexpected ....

Let's back up a step.

What are you trying to add to the container? ( I assume sshd ) What is the use case? I'd be willing to add it to the main image, It wouldn't be that difficult, but I don't see a need for it.

Did you make other changes?

If instead, you want me to help you build your image, please send the full Dockerfile you are using and command you are running that gave you the above error.

-Scott

talessinWork commented 1 year ago

Hey Scott, thank you for your message! I did make some changes to the dockerfile, mainly because of 2 reasons:

  1. im trying to install the container without the need to pull from ovasbase
  2. im trying to enable ssh so I can access it

Im sending the Dockerfile here, thank you for your help!

FROM debian:bullseye ENV DEBIAN_FRONTEND=noninteractive ENV LANG=C.UTF-8 ENV VER="22.4.17-beta" COPY scripts /scripts RUN chmod -R 777 /scripts/ RUN bash /scripts/install-deps.sh && \ date > /ovasbase-build-date

Build/install gvm (by default, everything installs in /usr/local)

RUN mkdir /build.d COPY build.rc / COPY package-list-build / COPY build.d/build-prereqs.sh /build.d/ RUN bash /build.d/build-prereqs.sh COPY build.d/update-certs.sh /build.d/ RUN bash /build.d/update-certs.sh COPY build.d/gvm-libs.sh /build.d/ RUN bash /build.d/gvm-libs.sh COPY build.d/openvas-smb.sh /build.d/ RUN bash /build.d/openvas-smb.sh COPY build.d/gvmd.sh /build.d/ RUN bash /build.d/gvmd.sh COPY build.d/openvas-scanner.sh /build.d/ RUN bash /build.d/openvas-scanner.sh COPY build.d/gsa.sh /build.d/ RUN bash /build.d/gsa.sh COPY build.d/ospd-openvas.sh /build.d/ RUN bash /build.d/ospd-openvas.sh COPY build.d/gvm-tool.sh /build.d/ RUN bash /build.d/gvm-tool.sh COPY build.d/notus-scanner.sh /build.d/ RUN bash /build.d/notus-scanner.sh COPY build.d/pg-gvm.sh /build.d/ RUN bash /build.d/pg-gvm.sh COPY build.d/gb-feed-sync.sh /build.d/ RUN bash /build.d/gb-feed-sync.sh

COPY build.rc /gvm-versions

RUN apt install -yq ssh RUN service ssh restart RUN mkdir -p /var/run/sshd && \

SSH login fix. Otherwise user is kicked off after login

sed 's@session\s*required\s*pam_loginuid.so@session optional pam_loginuid.so@g' -i /etc/pam.d/sshd && \
echo PermitRootLogin yes >> /etc/ssh/sshd_config && \
service ssh restart

COPY build.d/links.sh / RUN bash /links.sh COPY build.d/gpg-keys.sh / RUN bash /gpg-keys.sh

COPY build.rc /gvm-versions

glib-1.0-common

RUN /scripts/start.sh

I basically added some of my lines and deleted the healthchecks just so the container can run faster while i'm in a dev environment

immauss commented 1 year ago

Not sure why you wouldn't want to pull from ovasbase. ovasbase is the first step in building the image. I created it primarily to make the build process faster. It's simple a debian image with all of the prerequisites to run the image. The build process starts with it, adds the dev packages in order to compile everything, then copies the the freshly built binaries to the clean ovasbase. This makes the image MUCH smaller (And more secure) because it does not have all of the development packages.

Ovasbase is rebuilt frequently, so it is rarely more than a week or two old, and you could build it yourself too. Of course, you wouldn't be able to push it to my docker hub, but if you built it locally with the same name, it would still work.

Also ... you don't want to run the start script at the end of the build, it's meant to be run when the completed container is started.

In short ... you've made far too many changes to the original and many of them are not consistent with the existing design. I think it would be better if you instead let me know your requirements, (Whyt you expect to get out of changing the build.) and I'll see if I can integrate them, or offer another solution.

Thanks, Scott