immauss / openvas

Containers for running the Greenbone Vulnerability Manager. Run as a single container with all services or separate single applications containers via docker-compose.
GNU Affero General Public License v3.0
360 stars 102 forks source link

issues with 20.08.05 #25

Closed cybermcm closed 3 years ago

cybermcm commented 3 years ago

Tried your new docker container 20.08.05, having issues:

1) log file: endless repeating of

today at 8:26 AM  md manage:   INFO:2021-02-08 07h26.25 utc:31631: update_scap: Updating data from feed
today at 8:26 AM  md manage:WARNING:2021-02-08 07h26.25 utc:31631: update_scap_cpes: No CPE dictionary found at /usr/local/var/lib/gvm/scap-data/official-cpe-dictionary_v2.2.xml
today at 8:26 AM  md manage:WARNING:2021-02-08 07h26.35 utc:31640: update_scap: No SCAP db present, rebuilding SCAP db from scratch
today at 8:26 AM  md manage:   INFO:2021-02-08 07h26.35 utc:31640: update_scap: Updating data from feed

I tried from scratch and with https://github.com/immauss/gvm-var-lib, didn't help

2) another thing and more important: Scan config and port list are empty, it is not possible to add a scan config in the GUI, error:

Failed to find config 'daba56c8-73ec-11df-a475-002264764cea'

Is there something on my side that I'm doing wrong? My compose file:

openvas:
  container_name: openvas
  environment:
   - PASSWORD=xyz
   - HTTPS=false
   - RELAYHOST=mail.zzz
   - SKIPSYNC=true
  hostname: openvas.zzz
  image: immauss/openvas:20.08.05
  labels:
   - com.centurylinklabs.watchtower.enable=true
  ports:
   - 8083:9392
  restart: always
  volumes:
   - /opt/docker/openvas:/data

BTW: Thanks for your work!

immauss commented 3 years ago

If you're running this on a Raspberry Pi, then that could be an issue. I've not yet built 20.08.05 for Arm. So I'm surprised it gets that far.

Also, 20.08.05 is not really ready yet. Go with 20.08.04 or latest for non-arm and there are specific tags for Arm listed in the README.

I expect 20.08.05 this week. It will really be a weekly automated build of 20.08.04 with only updating the feed data and database. 20.08.05 should work on x86_64/amd64. But I've been focused on the automation piece and haven't actually tested the image yet. Which is why it's not yet tagged as the latest.

Your config looks good otherwise, though I'm not yet using an HTTPS environment variable.

And thank you!

cybermcm commented 3 years ago

@immauss: Sorry my info was wrong, I tested the x86 image, not ARM (my bad, I just configured my Pi and then wrote this issue)... The HTTPS env var is from another test, missed removing it. So 20.08.05 is not quite ready in my point of view ;)

If I should provide any log/info please get back to me...

cybermcm commented 3 years ago

Tried your current latest image (clean, x86), container not starting, repeating log entries:

Setup / Fix the /usr/local/var/run
11:C 09 Feb 07:50:25.244 # oO0OoO0OoO0Oo Redis is starting oO0OoO0OoO0Oo
11:C 09 Feb 07:50:25.244 # Redis version=4.0.9, bits=64, commit=00000000, modified=0, pid=11, just started
11:C 09 Feb 07:50:25.244 # Configuration loaded
Wait for redis socket to be created...
Testing redis status...
Redis ready.
Starting PostgreSQL...
Removed stale pid file.
Fixing sync script options ...
Updating NVTs...
<28>Feb  9 07:50:28 greenbone-nvt-sync: The log facility is not working as expected. All messages will be written to the standard error stream.
<28>Feb  9 07:50:28 greenbone-nvt-sync: Another process related to the feed update is already running.
Setup / Fix the /usr/local/var/run

Should I create another issue or is this somehow related?

immauss commented 3 years ago

Are you starting with an empty volume?

Also, there is an issue with the current NVT feed.

https://community.greenbone.net/t/skipping-nvt-1-3-6-1-4-1-25623-1-0-150081/8280

cybermcm commented 3 years ago

Yes, tried with a fresh and empty volume. The error you mentioned is currently showing on my second OpenVAS instance but there the container itself is working (not started from scratch, was running)

immauss commented 3 years ago

You're useing: immauss/openvas:latest ?

The last log snippet you sent I don't see the error.

cybermcm commented 3 years ago

You are right (again). It seems that I didn't use the latest image. Just tried a clean start from scratch and pulled the latest image again, now it is working. I'll close this issue because of much misleading info from my side. Sorry for the time you invested to check this out...