search

immauss / openvas

Containers for running the Greenbone Vulnerability Manager. Run as a single container with all services or separate single applications containers via docker-compose.
GNU Affero General Public License v3.0
366 stars 102 forks source link

[BUG] Password cannot be changed in a fresh installation with defaults #250

Closed AndrewBedscastle closed 9 months ago

AndrewBedscastle commented 9 months ago

Describe the bug Password cannot be changed in a fresh installation with defaults

To Reproduce Steps to reproduce the behavior:

  1. Include how you started the container. Docker Compose start
openvas:
      environment:
        - "RELAYHOST=172.17.0.1"
        - "SMTPPORT=25"
        - "REDISDBS=512" # number of Redis DBs to use
        - "QUIET=false"  # dump feed sync noise to /dev/null
        - "NEWDB=false"  # only use this for creating a blank DB 
        - "SKIPSYNC=true" # Skips the feed sync on startup.
        - "RESTORE=false"  # This probably not be used from compose... see docs.
        - "DEBUG=false"  # This will cause the container to stop and not actually start gvmd
        - "HTTPS=false"  # wether to use HTTPS or not
        - "GMP=9390"    # to enable see docs
      volumes:
        - ./data/openvas:/data
      container_name: openvas
      image: immauss/openvas:latest
      network_mode: service:another_container
      labels:
      - "com.centurylinklabs.watchtower.enable=true"

docker compose up

After Logging in with admin / admin went to Administration -> User -> Admin and tried to change password.

Error occurs in docker compose logs -f log

error opening '/etc/gvm/pwpolicy.conf': No such file or directory

Password is not changed; admin / admin combination remains This is unsafe, as the UI shows no errors

  1. When did the issue occur?

Fresh start with docker compose file above

Expected behavior Password should have been changed

Environment (please complete the following information):

Additional context Workaround

docker exec -it openvas /bin/bash cd /etc/gvm touch pwpolicy.conf exit

immauss commented 9 months ago

Thanks. I'll have this straight in the next release which should be out in a day or so.

immauss commented 9 months ago

This is resolved in the current latest and 22.4.40.

Thank you !

AndrewBedscastle commented 9 months ago

Wow that was fast. Thank you very much and thank you for the work you put in this project!