Closed mgoeppl closed 4 months ago
Ugh .. .easy fix. The start up script (single.sh) needs to have the value quoted. I've fixed this in the latest beta, which you can find with the beta tag. HOWEVER ... There are some other changes with the current beta you will need to be aware of before trying it out.
You'll need to add these to your docker-compose.yml:
cap_add:
- NET_ADMIN # for capturing packages in promiscuous mode
- NET_RAW # for raw sockets e.g. used for the boreas alive detection
You may also need to add:
security_opt:
- seccomp:unconfined
cap_add & security_opt should be inline with the other options after the named server in the docker compose. Here's a full example:
Also note the syntax for the GVMD_ARGS in the Environment section.
version: "3"
services:
openvas:
security_opt:
- seccomp:openvas.json
ports:
- "8080:9392"
environment:
- "PASSWORD=admin"
- "USERNAME=admin"
- "RELAYHOST=172.17.0.1"
- "SMTPPORT=25"
- "REDISDBS=512" # number of Redis DBs to use
- "QUIET=false" # dump feed sync noise to /dev/null
- "NEWDB=false" # only use this for creating a blank DB
- "SKIPSYNC=true" # Skips the feed sync on startup.
- "RESTORE=false" # This probably not be used from compose... see docs.
- "DEBUG=false" # This will cause the container to stop and not actually start gvmd
- "HTTPS=false" # wether to use HTTPS or not
- GVMD_ARGS="--max-ips-per-target=65534 --schedule-timeout=-1 --auth-timeout=1440"
volumes:
- "openvas:/data"
cap_add:
- NET_ADMIN # for capturing packages in promiscuous mode
- NET_RAW # for raw sockets e.g. used for the boreas alive detection
container_name: openvas
image: immauss/openvas:beta
scannable:
container_name: scannable
image: immauss/scannable
volumes:
openvas:
These changes are to ensure all tests run by openvas can function properly. The seccomp unconfined
bit though is something I'm trying to find a better solution for, but may be needed in the time being. It seems to be implementation specific, and I've not been able to reproduce the problem locally. (see #241 & #242 for more detail)
-Scott
This is resolved in the current latest and 22.4.40
The GVMD_ARGS option does not allow for multiple arguments.
Steps to reproduce the behavior: Container started via docker-compose.yml and stopped on start.
Environment: