immauss / openvas

Containers for running the Greenbone Vulnerability Manager. Run as a single container with all services or separate single applications containers via docker-compose.
GNU Affero General Public License v3.0
360 stars 102 forks source link

22.4.40 image healthcheck script #246

Closed kjake closed 9 months ago

kjake commented 9 months ago

Trying to switch to 22.4.40 from .38 and the container just restarts. When debugging, it looks like there's an error with the healthcheck.sh script:

/healthcheck.sh
./healthcheck.sh: line 67: syntax error near unexpected token `)'
./healthcheck.sh: line 67: `    single)'

The fix for this appears to be part of the most recent commit: https://github.com/immauss/openvas/commit/4a6cb6cff3404d28cf0eabd352f91f6f09d58ab5

But, it seems that the 22.4.40 image was built before this commit (2 days ago versus 1 day ago).

During debug, running curl https://raw.githubusercontent.com/immauss/openvas/master/scripts/healthcheck.sh > /scripts/healthcheck.sh allows the script to execute, but then I'm met with new errors.

Failed to verify scanner.
./healthcheck.sh: line 75: /usr/bin/nmap: Operation not permitted
curl: (7) Failed to connect to localhost port 9392 after 0 ms: Couldn't connect to server
curl: (7) Failed to connect to localhost port 9392 after 0 ms: Couldn't connect to server
PONG
./healthcheck.sh: line 84: /usr/bin/nmap: Operation not permitted

I was able to resolve this by adding the following to my compose file, which I haven't needed before, nor see documented here:

    cap_add:
      - NET_ADMIN
      - NET_RAW
      - NET_BIND_SERVICE

This got the container running as the healthcheck could now complete.

immauss commented 9 months ago

@kjake My bad..... I forgot that was in the Dockerfile. I was trying to work out issue #241. It didnt' help .... I'll have to remove those bits for now and republish. For the moment, I've removed 22.4.40 from Docker Hub. The "latest" image is still up to date and should work.

Thanks!