immauss / openvas

Containers for running the Greenbone Vulnerability Manager. Run as a single container with all services or separate single applications containers via docker-compose.
GNU Affero General Public License v3.0
366 stars 102 forks source link

Setting the environment "https: true" and can't find localhost:8080 now #230

Closed arshiamohammdii closed 1 year ago

arshiamohammdii commented 1 year ago

using the 22.4.16 version image- docker-compose -f single-docker-compose.yml up -d also tried docker-compose down and start from the beginning but didn't work

version: "3"
services:
  openvas:
    ports:
      - "8080:9392"
    environment:
      - "PASSWORD=admin"
      - "USERNAME=admin"
      - "RELAYHOST=172.17.0.1"
      - "SMTPPORT=25"
      - "REDISDBS=512" # number of Redis DBs to use
      - "QUIET=false"  # dump feed sync noise to /dev/null
      - "NEWDB=false"  # only use this for creating a blank DB 
      - "SKIPSYNC=true" # Skips the feed sync on startup.
      - "RESTORE=false"  # This probably not be used from compose... see docs.
      - "DEBUG=false"  # This will cause the container to stop and not actually start gvmd
      - "HTTPS=true"  # wether to use HTTPS or not
      - "GMP=9390"    # to enable see docs
    volumes:
      - "openvas:/data"
    container_name: openvas
    image: immauss/openvas
volumes:
  openvas:
arshiamohammdii commented 1 year ago

here is the log:

openvas | starting container at: Wed Nov 1 09:14:40 UTC 2023 openvas | Setting up container filesystem openvas | /data/database/base already exists ... openvas | NOT moving data from image to /data openvas | cp: cannot stat '/usr/local/var/lib/': No such file or directory openvas | cp: cannot stat '/var/lib/gvm/': No such file or directory openvas | cp: cannot stat '/var/lib/notus/': No such file or directory openvas | cp: cannot stat '/var/lib/openvas/': No such file or directory openvas | Using existing gvm logging config openvas | Using existing password policy config openvas | Using existing openvas logging config openvas | Choosing container start method from: openvas | openvas | openvas | Starting gvmd & openvas in a single container !! openvas | Wait for redis socket to be created... openvas | Testing redis status... openvas | Redis ready. openvas | Creating postgresql.conf and pg_hba.conf openvas | Starting PostgreSQL... openvas | waiting for server to start....2023-11-01 09:14:42.092 UTC [95] LOG: redirecting log output to logging collector process openvas | 2023-11-01 09:14:42.092 UTC [95] HINT: Future log output will appear in directory "/data/var-log/postgresql". openvas | done openvas | server started openvas | pg exit with 0 . openvas | Checking for existing DB openvas | Running first start configuration... openvas | NEWDB=false openvas | LOADDEFAULT=false openvas | Checking DB Version openvas | Current GVMd database version is 255 openvas | NOTICE: relation "vt_severities" already exists, skipping openvas | NOTICE: relation "vt_severities" already exists, skipping openvas | NOTICE: relation "vt_severities" already exists, skipping openvas | Migrate the database if needed. openvas | Starting Greenbone Vulnerability Manager... openvas | Waiting for gvmd openvas | admin openvas | Time to fixup the gvm accounts. openvas | reset openvas | set Report Lines to 1000 openvas | Starting Postfix for report delivery by email openvas | Starting Postfix Mail Transport Agent: postfix. openvas | Starting Open Scanner Protocol daemon for OpenVAS... openvas | Get the Greenbone public Key openvas | Setup environment openvas | Import the key openvas | gpg: keybox '/etc/openvas-gnupg/pubring.kbx' created openvas | gpg: /etc/openvas-gnupg/trustdb.gpg: trustdb created openvas | gpg: key 9823FAA60ED1E580: public key "Greenbone Community Feed integrity key" imported openvas | gpg: Total number processed: 1 openvas | gpg: imported: 1 openvas | gpg: inserting ownertrust of 6 openvas | Setup key for openvas .. openvas | Starting Greenbone Security Assistant... openvas | gsad main-Message: 09:14:47.748: Starting GSAD version 22.06.0 openvas | openvas | openvas | ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ openvas | + Your GVM/openvas/postgresql container is now ready to use! + openvas | ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ openvas | openvas | openvas | gvmd --version openvas | Greenbone Vulnerability Manager 22.9.0 openvas | Manager DB revision 255 openvas | Copyright (C) 2009-2021 Greenbone AG openvas | License: AGPL-3.0-or-later openvas | This is free software: you are free to change and redistribute it. openvas | There is NO WARRANTY, to the extent permitted by law. openvas | openvas | openvas | Initial Image DB creation date: openvas | Sun Oct 29 02:32:58 UTC 2023 openvas | Versions: openvas | gvmd=v22.9.0 openvas | gvm_libs=v22.7.1 openvas | openvas=v22.7.5 openvas | openvas_scanner=v22.7.5 openvas | openvas_smb=v22.5.3 openvas | notus_scanner=v22.6.0 openvas | gsa=v22.7.0 openvas | gsad=v22.6.0 openvas | ospd=v21.4.4 openvas | ospd_openvas=v22.6.0 openvas | pg_gvm=v22.6.1 openvas | python_gvm=v23.5.1 openvas | gvm_tools=v23.9.0 openvas | greenbone_feed_sync=v23.8.0 openvas | ++++++++++++++++ openvas | + Tailing logs + openvas | ++++++++++++++++ openvas | ==> /usr/local/var/log/gvm/gvmd.log <== openvas | md main: INFO:2023-11-01 09h14.42 utc:127: Migrating database. openvas | md main: INFO:2023-11-01 09h14.42 utc:127: gvmd: databases are already at the supported version openvas | md main:MESSAGE:2023-11-01 09h14.42 utc:132: Greenbone Vulnerability Manager version 22.9.0 (DB revision 255) openvas | md main:MESSAGE:2023-11-01 09h14.42 utc:137: Greenbone Vulnerability Manager version 22.9.0 (DB revision 255) openvas | md main:WARNING:2023-11-01 09h14.42 utc:137: gvmd: Another process is busy starting up openvas | md manage:WARNING:2023-11-01 09h14.43 UTC:156: osp_scanner_feed_version: failed to connect to /var/run/ospd/ospd-openvas.sock openvas | md main:MESSAGE:2023-11-01 09h14.43 utc:160: Greenbone Vulnerability Manager version 22.9.0 (DB revision 255) openvas | md manage: INFO:2023-11-01 09h14.43 utc:160: Getting users. openvas | md main:MESSAGE:2023-11-01 09h14.44 utc:167: Greenbone Vulnerability Manager version 22.9.0 (DB revision 255) openvas | md manage: INFO:2023-11-01 09h14.44 utc:167: Modifying setting. openvas | openvas | openvas | ==> /usr/local/var/log/gvm/healthchecks.log <== openvas | gsad openvas | openvas | openvas | Healthchecks completed with no issues. openvas | Healthchecks completed with no issues. openvas | Healthchecks completed with no issues. openvas | Healthchecks completed with no issues. openvas | Healthchecks completed with no issues. openvas | Healthchecks completed with no issues. openvas | Healthchecks completed with no issues. openvas | Healthchecks completed with no issues. openvas | openvas | openvas | ==> /usr/local/var/log/gvm/notus-scanner.log <== openvas | 2023-11-01 09:05:38,785 notus-scanner: INFO: (notus.scanner.daemon) Starting notus-scanner version 22.6.0. openvas | 2023-11-01 09:14:47,725 notus-scanner: INFO: (notus.scanner.daemon) Starting notus-scanner version 22.6.0. openvas | openvas | openvas | ==> /usr/local/var/log/gvm/openvas.log <== openvas | libgvm util:MESSAGE:2023-11-01 09h06.19 utc:817: Updated NVT cache from version 0 to 202310271718 openvas | openvas | openvas | ==> /usr/local/var/log/gvm/ospd-openvas.log <== openvas | OSPD[775] 2023-11-01 09:05:38,714: INFO: (ospd.main) Starting OSPd OpenVAS version 22.6.0. openvas | OSPD[775] 2023-11-01 09:05:38,716: INFO: (ospd_openvas.messaging.mqtt) Successfully connected to MQTT broker openvas | OSPD[775] 2023-11-01 09:05:48,763: INFO: (ospd_openvas.daemon) Loading VTs. Scans will be [requested|queued] until VTs are loaded. This may take a few minutes, please wait... openvas | OSPD[775] 2023-11-01 09:06:19,147: INFO: (ospd_openvas.daemon) Finished loading VTs. The VT cache has been updated from version 0 to 202310271718. openvas | OSPD[563] 2023-11-01 09:14:47,657: INFO: (ospd.main) Starting OSPd OpenVAS version 22.6.0. openvas | OSPD[563] 2023-11-01 09:14:47,660: INFO: (ospd_openvas.messaging.mqtt) Successfully connected to MQTT broker openvas | openvas | openvas | ==> /usr/local/var/log/gvm/redis-server.log <== openvas | 88:C 01 Nov 2023 09:04:27.502 # oO0OoO0OoO0Oo Redis is starting oO0OoO0OoO0Oo openvas | 88:C 01 Nov 2023 09:04:27.502 # Redis version=6.0.16, bits=64, commit=00000000, modified=0, pid=88, just started openvas | 88:C 01 Nov 2023 09:04:27.502 # Configuration loaded openvas | 88:M 01 Nov 2023 09:04:27.503 # Server initialized openvas | 82:C 01 Nov 2023 09:14:40.975 # oO0OoO0OoO0Oo Redis is starting oO0OoO0OoO0Oo openvas | 82:C 01 Nov 2023 09:14:40.975 # Redis version=6.0.16, bits=64, commit=00000000, modified=0, pid=82, just started openvas | 82:C 01 Nov 2023 09:14:40.975 # Configuration loaded openvas | 82:M 01 Nov 2023 09:14:40.977 # Server initialized openvas | openvas | openvas | ==> /usr/local/var/log/gvm/gvmd.log <== openvas | md manage: INFO:2023-11-01 09h14.53 UTC:596: osp_scanner_feed_version: No feed version available yet. OSPd OpenVAS is still starting openvas | openvas | openvas | ==> /usr/local/var/log/gvm/ospd-openvas.log <== openvas | OSPD[563] 2023-11-01 09:14:57,710: INFO: (ospd_openvas.daemon) Loading VTs. Scans will be [requested|queued] until VTs are loaded. This may take a few minutes, please wait... openvas | openvas | openvas | ==> /usr/local/var/log/gvm/gvmd.log <== openvas | md manage: INFO:2023-11-01 09h15.03 UTC:616: osp_scanner_feed_version: No feed version available yet. OSPd OpenVAS is still starting openvas | md manage: INFO:2023-11-01 09h15.13 UTC:628: osp_scanner_feed_version: No feed version available yet. OSPd OpenVAS is still starting openvas | md manage: INFO:2023-11-01 09h15.23 UTC:635: osp_scanner_feed_version: No feed version available yet. OSPd OpenVAS is still starting openvas | openvas | openvas | ==> /usr/local/var/log/gvm/openvas.log <== openvas | libgvm util:MESSAGE:2023-11-01 09h15.25 utc:612: Updated NVT cache from version 0 to 202310271718 openvas | openvas | openvas | ==> /usr/local/var/log/gvm/ospd-openvas.log <== openvas | OSPD[563] 2023-11-01 09:15:25,330: INFO: (ospd_openvas.daemon) Finished loading VTs. The VT cache has been updated from version 0 to 202310271718. openvas | openvas | openvas | ==> /usr/local/var/log/gvm/gvmd.log <== openvas | md manage: INFO:2023-11-01 09h15.33 UTC:638: osp_scanner_feed_version: No feed version available yet. OSPd OpenVAS is still starting openvas | md main:MESSAGE:2023-11-01 09h15.40 utc:669: Greenbone Vulnerability Manager version 22.9.0 (DB revision 255) openvas | md manage: INFO:2023-11-01 09h15.40 utc:669: Getting scanners. openvas | md main:MESSAGE:2023-11-01 09h15.41 utc:675: Greenbone Vulnerability Manager version 22.9.0 (DB revision 255) openvas | md manage: INFO:2023-11-01 09h15.41 utc:675: Verifying scanner. openvas | openvas | openvas | ==> /usr/local/var/log/gvm/healthchecks.log <== openvas | Healthchecks completed with no issues. openvas | openvas | openvas | ==> /usr/local/var/log/gvm/gvmd.log <== openvas | md manage: INFO:2023-11-01 09h15.43 UTC:703: osp_scanner_feed_version: No feed version available yet. OSPd OpenVAS is still starting

immauss commented 1 year ago

First, you should always try the latest image. The current latest is 22.4.32 (pushed yesterday).

Depending on your browser, you may have to force the https in the URL: https://localhost:8080

This "should" work.

I used your exact docker-compose.yml on Docker Desktop and it worked fine.

-Scott

arshiamohammdii commented 1 year ago

Then how can I establish access using PyGVM via a TLS connection? I've attempted to set up the connection using the following parameters for the TLSConnection class: connection = TLSConnection(hostname='localhost', port=8080, password='admin') However, with this configuration, it runs indefinitely without providing any response. What specific parameters should be adjusted or added within the TLSConnection class to establish a successful connection?

I'm using the latest gvm-tools package

immauss commented 1 year ago

I've not done much with the command line tools and OpenVAS ... But I know this works:

You can look into gvm-cli. It works with the containers, but I'm not familiar with the XML syntax to do anything with. You can start with:

scott@XXXX ~ $ scott@XXXX ~ $ docker exec -t -u gvm openvas-prod /usr/local/bin/gvm-cli --gmp-username admin --gmp-password XXXXXXXXX tls --xml ""

21.4
arshiamohammdii commented 1 year ago

still getting the connection refused error

arshiamohammdii commented 1 year ago

Do your containers allow for shared volumes? I'm wondering if it's possible to communicate with gvmd using sockets.

immauss commented 1 year ago

Yes. In fact, shared volumes with the sockets on them is how I manged to get the mulit-container option to work.

However ... the docker exec with gvm-cli should work. I just tested it on the latest image with https enable and it worked fine.

Even if you wanted to use sockets, you could use the docker exec to run the command in the container, and you wouldn't need the shared volume to get to the sockets.

Unless you are trying to run something from another container...

arshiamohammdii commented 1 year ago

My project needs to access gvmd from outside the container using pre-written scripts.

immauss commented 1 year ago

Your project sounds interesting. And something I would very much like to see. Would it be possible to share it with me? Or maybe some small portion I could look at? It's possible I could find an easier way to integrate them by working with it a bit.

-Scott