Error in the script does not change the password

netbix commented 5 months ago

https://github.com/immauss/openvas/blob/f4f9cdb9390b42e3a5aa5138604f7d7ce50a2e0a/scripts/single.sh#L335

the correct code is:

https://github.com/netbix/openvas/blob/01925529f5db1d8037cade4e9a643eba660615e1/scripts/single.sh#L335

immauss commented 5 months ago

@netbix

Thanks for the input, but I'm trying to understand this . . . . .

Can you give me some context here? That has worked for quite some time now. Are you certain using double quotes works with special characters? Did the single quotes not work with something?

Please elaborate.

Thanks, -Scott

netbix commented 5 months ago

and this is correct ?

https://github.com/netbix/openvas/blob/01925529f5db1d8037cade4e9a643eba660615e1/scripts/single.sh#L342

netbix commented 5 months ago

or this ?

https://github.com/netbix/openvas/blob/01925529f5db1d8037cade4e9a643eba660615e1/scripts/single.sh#L352

immauss commented 5 months ago

Ah ... consitency ....

Testing shows that both methods actually work, even with special characters.

Did you actually have a failure with it? Can you give me more detail on the failure?

For consitency, I'm going to switch to the double quote, mainly because it's easier to read for me.

Thanks, -Scott

immauss commented 5 months ago

Could you please share the full command you are using to start the container?

Thank you, -Scott

netbix commented 5 months ago

Thank you

netbix commented 5 months ago

this is my compose:

version: "3" services: openvas: ports:

"8080:9392" environment:
"PASSWORD=Temp25!"
"USERNAME=admin"
"RELAYHOST=172.17.0.1"
"SMTPPORT=25"
"REDISDBS=512" # number of Redis DBs to use
"QUIET=false" # dump feed sync noise to /dev/null
"NEWDB=false" # only use this for creating a blank DB
"SKIPSYNC=true" # Skips the feed sync on startup.
"RESTORE=false" # This probably not be used from compose... see docs.
"DEBUG=false" # This will cause the container to stop and not actually start gvmd
"HTTPS=true" # wether to use HTTPS or not
"GMP=9390" # to enable see docs volumes:
./openvas:/data container_name: openvas image: immauss/openvas:latest volumes: openvas:

docker compose up

✔ Container openvas Created 0.6s Attaching to openvas openvas | starting container at: Fri Jun 28 09:19:02 UTC 2024 openvas | Setting up container filesystem openvas | cp: cannot stat '/usr/local/var/lib/': No such file or directory openvas | chown: invalid user: ‘gvm:gvm’ openvas | cp: cannot stat '/var/lib/gvm/': No such file or directory openvas | cp: cannot stat '/var/lib/notus/': No such file or directory openvas | cp: cannot stat '/var/lib/openvas/': No such file or directory openvas | cp: cannot stat '/etc/gvm/': No such file or directory openvas | cp: cannot stat '/usr/local/etc/openvas/': No such file or directory openvas | Choosing container start method from: openvas | openvas | Starting gvmd & openvas in a single container !! openvas | Wait for redis socket to be created... openvas | Testing redis status... openvas | Redis ready. openvas | Creating postgresql.conf and pg_hba.conf openvas | Starting PostgreSQL... openvas | waiting for server to start....2024-06-28 09:19:04.058 UTC [107] LOG: redirecting log output to logging collector process openvas | 2024-06-28 09:19:04.058 UTC [107] HINT: Future log output will appear in directory "/data/var-log/postgresql". openvas | done openvas | server started openvas | pg exit with 0 . openvas | Checking for existing DB openvas | Loading Default Database openvas | Running first start configuration... openvas | Generating certs... openvas | Using /tmp/tmp.aS8AU5sPht to temporarily store files. openvas | Creating new certificate infrastructure in automatic mode. openvas | Generating private key. openvas | Generated private key in /tmp/tmp.aS8AU5sPht/cakey.pem. openvas | Generating certificate. openvas | Generating self signed certificate. openvas | Generated self signed certificate in /tmp/tmp.aS8AU5sPht/cacert.pem. openvas | CA certificate generated. openvas | Installing certificate and key. openvas | Install destinations do not exist as directories, attempting to create them. openvas | Setting up directories openvas | Installed private key to /var/lib/gvm/private/CA/cakey.pem. openvas | Installed certificate to /var/lib/gvm/CA/cacert.pem. openvas | CA certificate and key installed. openvas | Generating private key. openvas | Generated private key in /tmp/tmp.aS8AU5sPht/serverkey.pem. openvas | Generating certificate. openvas | Generating certificate request. openvas | Generated certificate request in /tmp/tmp.aS8AU5sPht/serverrequest.pem. openvas | Signing certificate request. openvas | Signed certificate request in /tmp/tmp.aS8AU5sPht/serverrequest.pem with CA certificate in /var/lib/gvm/CA/cacert.pem to generate certificate in /tmp/tmp.aS8AU5sPht/servercert.pem openvas | Server certificate generated. openvas | Installing certificate and key. openvas | Installed private key to /var/lib/gvm/private/CA/serverkey.pem. openvas | Installed certificate to /var/lib/gvm/CA/servercert.pem. openvas | Server certificate and key installed. openvas | Generating private key. openvas | Generated private key in /tmp/tmp.aS8AU5sPht/clientkey.pem. openvas | Generating certificate. openvas | Generating certificate request. openvas | Generated certificate request in /tmp/tmp.aS8AU5sPht/clientrequest.pem. openvas | Signing certificate request. openvas | Signed certificate request in /tmp/tmp.aS8AU5sPht/clientrequest.pem with CA certificate in /var/lib/gvm/CA/cacert.pem to generate certificate in /tmp/tmp.aS8AU5sPht/clientcert.pem openvas | Client certificate generated. openvas | Installing certificate and key. openvas | Installed private key to /var/lib/gvm/private/CA/clientkey.pem. openvas | Installed certificate to /var/lib/gvm/CA/clientcert.pem. openvas | Client certificate and key installed. openvas | Removing temporary directory /tmp/tmp.aS8AU5sPht. openvas | NEWDB=false openvas | LOADDEFAULT=true openvas | ######################################## openvas | Creating a base DB from /usr/lib/base-db.xz openvas | ######################################## openvas | ERROR: relation "config_preferences_by_config" already exists openvas | ERROR: relation "host_details_by_host" already exists openvas | ERROR: relation "host_identifiers_by_host" already exists openvas | ERROR: relation "host_identifiers_by_value" already exists openvas | ERROR: relation "host_max_severities_by_host" already exists openvas | ERROR: relation "host_oss_by_host" already exists openvas | ERROR: relation "nvt_selectors_by_family_or_nvt" already exists openvas | ERROR: relation "nvt_selectors_by_name" already exists openvas | ERROR: relation "nvts_by_creation_time" already exists openvas | ERROR: relation "nvts_by_cvss_base" already exists openvas | ERROR: relation "nvts_by_family" already exists openvas | ERROR: relation "nvts_by_modification_time" already exists openvas | ERROR: relation "nvts_by_name" already exists openvas | ERROR: relation "nvts_by_solution_type" already exists openvas | ERROR: relation "permissions_by_name" already exists openvas | ERROR: relation "permissions_by_resource" already exists openvas | ERROR: relation "report_counts_by_report_and_override" already exists openvas | ERROR: relation "report_host_details_by_report_host_and_name" already exists openvas | ERROR: relation "report_hosts_by_report_and_host" already exists openvas | ERROR: relation "reports_by_task" already exists openvas | ERROR: relation "result_nvt_reports_by_report" already exists openvas | ERROR: relation "results_by_date" already exists openvas | ERROR: relation "results_by_host_and_qod" already exists openvas | ERROR: relation "results_by_nvt" already exists openvas | ERROR: relation "results_by_report" already exists openvas | ERROR: relation "results_by_task" already exists openvas | ERROR: relation "tag_resources_by_resource" already exists openvas | ERROR: relation "tag_resources_by_resource_uuid" already exists openvas | ERROR: relation "tag_resources_by_tag" already exists openvas | ERROR: relation "tag_resources_trash_by_tag" already exists openvas | ERROR: relation "tls_certificate_locations_by_host_ip" already exists openvas | ERROR: relation "tls_certificate_origins_by_origin_id_and_type" already exists openvas | ERROR: relation "vt_refs_by_vt_oid" already exists openvas | ERROR: relation "vt_severities_by_vt_oid" already exists openvas | NOTICE: relation "vt_severities" already exists, skipping openvas | Unpacking base feeds data from /usr/lib/var-lib.tar.xz openvas | Base DB and feeds collected on: openvas | Wed Jun 26 07:34:15 UTC 2024 openvas | Checking DB Version openvas | Current GVMd database version is 255 openvas | Migrate the database if needed. openvas | Starting Greenbone Vulnerability Manager... openvas | Waiting for gvmd openvas | Waiting for gvmd openvas | Waiting for gvmd openvas | Waiting for gvmd openvas | Waiting for gvmd openvas | Waiting for gvmd openvas | Waiting for gvmd openvas | Waiting for gvmd openvas | Waiting for gvmd openvas | Waiting for gvmd openvas | Waiting for gvmd openvas | Waiting for gvmd openvas | Waiting for gvmd openvas | Waiting for gvmd openvas | Waiting for gvmd openvas | Waiting for gvmd openvas | Waiting for gvmd openvas | Waiting for gvmd openvas | Waiting for gvmd openvas | admin openvas | Time to fixup the gvm accounts. openvas | Setting admin password openvas | reset openvas | set Report Lines to 1000 openvas | Starting Postfix for report delivery by email openvas | . openvas | Sleeping for mosquitto openvas | Get the Greenbone public Key openvas | Setup environment openvas | Import the key openvas | gpg: keybox '/etc/openvas-gnupg/pubring.kbx' created openvas | gpg: /etc/openvas-gnupg/trustdb.gpg: trustdb created openvas | gpg: key 9823FAA60ED1E580: public key "Greenbone Community Feed integrity key" imported openvas | gpg: Total number processed: 1 openvas | gpg: imported: 1 openvas | gpg: inserting ownertrust of 6 openvas | Setup key for openvas .. openvas | '/etc/openvas-gnupg/S.gpg-agent' -> '/etc/openvas/gnupg/S.gpg-agent' openvas | '/etc/openvas-gnupg/S.gpg-agent.browser' -> '/etc/openvas/gnupg/S.gpg-agent.browser' openvas | '/etc/openvas-gnupg/S.gpg-agent.extra' -> '/etc/openvas/gnupg/S.gpg-agent.extra' openvas | '/etc/openvas-gnupg/S.gpg-agent.ssh' -> '/etc/openvas/gnupg/S.gpg-agent.ssh' openvas | '/etc/openvas-gnupg/pubring.kbx' -> '/etc/openvas/gnupg/pubring.kbx' openvas | '/etc/openvas-gnupg/pubring.kbx~' -> '/etc/openvas/gnupg/pubring.kbx~' openvas | '/etc/openvas-gnupg/trustdb.gpg' -> '/etc/openvas/gnupg/trustdb.gpg' openvas | Starting Open Scanner Protocol daemon for OpenVAS... openvas | Starting Greenbone Security Assistant... openvas | ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ openvas | + Your GVM/openvas/postgresql container is now ready to use! + openvas | ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ openvas | openvas | gvmd --version openvas | Greenbone Vulnerability Manager 23.6.2 openvas | Manager DB revision 255 openvas | Copyright (C) 2009-2021 Greenbone AG openvas | License: AGPL-3.0-or-later openvas | This is free software: you are free to change and redistribute it. openvas | There is NO WARRANTY, to the extent permitted by law. openvas | openvas | Initial Image DB creation date: openvas | Wed Jun 26 07:34:15 UTC 2024 openvas | Versions: openvas | gvmd=v23.6.2 openvas | gvm_libs=v22.9.1 openvas | openvas=v23.4.0 openvas | openvas_smb=v22.5.6 openvas | notus_scanner=v22.6.3 openvas | gsa=v23.0.0 openvas | gsad=v22.9.1 openvas | ospd=v21.4.4 openvas | ospd_openvas=v22.7.1 openvas | pg_gvm=v22.6.5 openvas | python_gvm=v24.3.0 openvas | gvm_tools=v24.3.0 openvas | greenbone_feed_sync=v24.3.0 openvas | ++++++++++++++++ openvas | + Tailing logs + openvas | ++++++++++++++++ openvas | ==> /usr/local/var/log/gvm/gsad.log <== openvas | gsad main:MESSAGE:2024-06-28 09h23.04 utc:1205: Starting GSAD version 22.9.1 openvas | openvas | ==> /usr/local/var/log/gvm/gvmd.log <== openvas | md manage:WARNING:2024-06-28 09h22.42 UTC:790: osp_scanner_feed_version: failed to connect to /var/run/ospd/ospd-openvas.sock openvas | md main:MESSAGE:2024-06-28 09h22.43 utc:796: Greenbone Vulnerability Manager version 23.6.2 (DB revision 255) openvas | md manage: INFO:2024-06-28 09h22.43 utc:796: Modifying setting. openvas | md manage:WARNING:2024-06-28 09h22.43 utc:785: Could not connect to Scanner at /run/ospd/ospd-openvas.sock openvas | md main:MESSAGE:2024-06-28 09h22.49 utc:847: Greenbone Vulnerability Manager version 23.6.2 (DB revision 255) openvas | md manage: INFO:2024-06-28 09h22.49 utc:847: Getting scanners. openvas | md manage:WARNING:2024-06-28 09h22.52 UTC:849: osp_scanner_feed_version: failed to connect to /var/run/ospd/ospd-openvas.sock openvas | md manage:WARNING:2024-06-28 09h23.02 UTC:1168: osp_scanner_feed_version: failed to connect to /var/run/ospd/ospd-openvas.sock openvas | md main:MESSAGE:2024-06-28 09h23.02 utc:1174: Greenbone Vulnerability Manager version 23.6.2 (DB revision 255) openvas | md manage: INFO:2024-06-28 09h23.02 utc:1174: Verifying scanner. openvas | openvas | ==> /usr/local/var/log/gvm/healthchecks.log <== openvas | These services failed: openvas | openvas openvas | gvmd openvas | gsad openvas | openvas | HEALTHECHECK FAILED ! openvas | These services failed: openvas | openvas openvas | gsad openvas | openvas | openvas | ==> /usr/local/var/log/gvm/mosquitto.log <== openvas | openvas | ==> /usr/local/var/log/gvm/notus-scanner.log <== openvas | 2024-06-28 09:23:04,622 notus-scanner: INFO: (notus.scanner.daemon) Starting notus-scanner version 22.6.3. openvas | 2024-06-28 09:23:04,622 notus-scanner: INFO: (notus.scanner.daemon) hashsum verification is disabled openvas | openvas | ==> /usr/local/var/log/gvm/openvas.log <== openvas | openvas | ==> /usr/local/var/log/gvm/ospd-openvas.log <== openvas | OSPD[1184] 2024-06-28 09:23:04,442: INFO: (ospd.main) Starting OSPd OpenVAS version 22.7.1. openvas | OSPD[1184] 2024-06-28 09:23:04,522: INFO: (ospd_openvas.messaging.mqtt) Successfully connected to MQTT broker openvas | openvas | ==> /usr/local/var/log/gvm/redis-server.log <== openvas | 95:C 28 Jun 2024 09:19:02.988 # oO0OoO0OoO0Oo Redis is starting oO0OoO0OoO0Oo openvas | 95:C 28 Jun 2024 09:19:02.989 # Redis version=7.0.15, bits=64, commit=00000000, modified=0, pid=95, just started openvas | 95:C 28 Jun 2024 09:19:02.989 # Configuration loaded openvas | 95:M 28 Jun 2024 09:19:02.990 # Server initialized openvas | 95:M 28 Jun 2024 09:19:02.990 # WARNING Memory overcommit must be enabled! Without it, a background save or replication may fail under low memory condition. Being disabled, it can can also cause failures without low memory condition, see https://github.com/jemalloc/jemalloc/issues/1328. To fix this issue add 'vm.overcommit_memory = 1' to /etc/sysctl.conf and then reboot or run the command 'sysctl vm.overcommit_memory=1' for this to take effect. openvas | openvas | ==> /usr/local/var/log/gvm/gvmd.log <== openvas | md manage: INFO:2024-06-28 09h23.12 UTC:1214: osp_scanner_feed_version: No feed version available yet. OSPd OpenVAS is still starting openvas | openvas | ==> /usr/local/var/log/gvm/ospd-openvas.log <== openvas | OSPD[1184] 2024-06-28 09:23:14,521: INFO: (ospd_openvas.daemon) Loading VTs. Scans will be [requested|queued] until VTs are loaded. This may take a few minutes, please wait... openvas | OSPD[1184] 2024-06-28 09:23:14,719: INFO: (ospd_openvas.notus) hashsum verification is disabled openvas | openvas | ==> /usr/local/var/log/gvm/healthchecks.log <== openvas | Healthchecks completed with no issues. openvas | openvas | ==> /usr/local/var/log/gvm/gvmd.log <== openvas | md manage: INFO:2024-06-28 09h23.22 UTC:1243: osp_scanner_feed_version: No feed version available yet. OSPd OpenVAS is still starting openvas | md manage: INFO:2024-06-28 09h23.32 UTC:1246: osp_scanner_feed_version: No feed version available yet. OSPd OpenVAS is still starting openvas | md manage: INFO:2024-06-28 09h23.42 UTC:1250: osp_scanner_feed_version: No feed version available yet. OSPd OpenVAS is still starting openvas | md manage: INFO:2024-06-28 09h23.52 UTC:1253: osp_scanner_feed_version: No feed version available yet. OSPd OpenVAS is still starting openvas | libgvm util-Message: 09:23:54.967: Updated NVT cache from version 0 to 202406250605 openvas | openvas | ==> /usr/local/var/log/gvm/ospd-openvas.log <== openvas | OSPD[1184] 2024-06-28 09:23:55,023: INFO: (ospd_openvas.daemon) Finished loading VTs. The VT cache has been updated from version 0 to 202406250605. openvas | openvas | ==> /usr/local/var/log/gvm/gvmd.log <== openvas | md manage: INFO:2024-06-28 09h24.02 UTC:1257: osp_scanner_feed_version: No feed version available yet. OSPd OpenVAS is still starting openvas | md manage: INFO:2024-06-28 09h24.12 UTC:1260: osp_scanner_feed_version: No feed version available yet. OSPd OpenVAS is still starting openvas | md manage: INFO:2024-06-28 09h24.22 UTC:1265: osp_scanner_feed_version: No feed version available yet. OSPd OpenVAS is still starting openvas | md main:MESSAGE:2024-06-28 09h28.16 utc:1377: Greenbone Vulnerability Manager version 23.6.2 (DB revision 255) openvas | md manage: INFO:2024-06-28 09h28.16 utc:1377: Getting scanners. openvas | md main:MESSAGE:2024-06-28 09h28.29 utc:1386: Greenbone Vulnerability Manager version 23.6.2 (DB revision 255) openvas | md manage: INFO:2024-06-28 09h28.29 utc:1386: Verifying scanner. openvas | openvas | ==> /usr/local/var/log/gvm/healthchecks.log <== openvas | Healthchecks completed with no issues.

Now everything seems to be working fine. Have you noticed problems on VMs with only 2 processors? It doesn't start.

netbix commented 5 months ago

at this point it remains in a loop..

this with two HP microserver PCs with dualcore processors

immauss commented 5 months ago

Unfortunately, I’m traveling now and not able to do much testing. I suspect the issues is with the ! In the password. It either needs to be escaped, or quote the whole password in single quotes in the compose file. However, it is generally bad to have the password set via compose file or via command line as this exposes the password. The recommendation is to use admin:admin and then set the password via the web GUI. On Jun 28, 2024 at 12:21 +0200, Antonio @.***>, wrote:

at this point it remains in a loop.. openvas | Checking DB Version openvas | Current GVMd database version is 255 openvas | Migrate the database if needed. openvas | Starting Greenbone Vulnerability Manager... openvas | Waiting for gvmd openvas | Waiting for gvmd openvas | Waiting for gvmd openvas | Waiting for gvmd openvas | Waiting for gvmd openvas | Waiting for gvmd openvas | Waiting for gvmd openvas | Waiting for gvmd openvas | Waiting for gvmd openvas | Waiting for gvmd openvas | Waiting for gvmd openvas | Waiting for gvmd openvas | Waiting for gvmd this with two HP microserver PCs with dualcore processors — Reply to this email directly, view it on GitHub, or unsubscribe. You are receiving this because you commented.Message ID: @.***>

immauss commented 4 months ago

I think you may have also been hitting the feed sync bug from #283, which I hope is resolved now.

-Scott

immauss commented 4 months ago

AH! And you're using a local directory instead of docker volume. Try using a docker volume. The permissions that get set on some of the files will fail on a local directory.

-Scott

immauss / openvas

Error in the script does not change the password #284