immauss
commented
2 years ago Where are you seeing that? That image, which has some other problems, should have 21.4.3 gvm-libs ...
Closed markdesilva closed 2 years ago
immauss
commented
2 years ago Where are you seeing that? That image, which has some other problems, should have 21.4.3 gvm-libs ...
markdesilva
commented
2 years ago On the scan report. I ran a scan and after it completed I viewed the report and it had that listed as a high vulnerability for every machine it scanned.
Thank you.
markdesilva
commented
2 years ago It is a clean install of the container, using the command from the github:
docker run --detach --publish 8080:9392 -e PASSWORD="XXXXXXXXX" --name openvas immauss/openvas:21.4.4-05
Here is a screen capture of the report:
Here is the docker inspect output:
[
{
"Id": "a13b7f89933a8acfe2fa214b44e78f7919bc8b7f1c3d9fd3bd300388348ee44a",
"Created": "2021-11-16T10:12:19.056564207Z",
"Path": "/bin/bash",
"Args": [
"/start.sh"
],
"State": {
"Status": "running",
"Running": true,
"Paused": false,
"Restarting": false,
"OOMKilled": false,
"Dead": false,
"Pid": 2439,
"ExitCode": 0,
"Error": "",
"StartedAt": "2021-11-16T10:12:20.565615404Z",
"FinishedAt": "0001-01-01T00:00:00Z",
"Health": {
"Status": "healthy",
"FailingStreak": 0,
"Log": [
{
"Start": "2021-11-16T18:22:20.565915371+08:00",
"End": "2021-11-16T18:22:21.908776758+08:00",
"ExitCode": 0,
"Output": " % Total % Received % Xferd Average Speed Time Time Time Current\n Dload Upload Total Spent Left Speed\n\r 0 0 0 0 0 0 0
0 --:--:-- --:--:-- --:--:-- 0\r100 579 100 579 0 0 57900 0 --:--:-- --:--:-- --:--:-- 57900\n<!doctype html><html><head><link rel=\"icon\" href=\"/img/favicon.gif\" type=\"image/gif\"/><title>Greenbone Security
Assistant</title><meta charset=\"UTF-8\"><meta name=\"viewport\" content=\"width=device-width,initial-scale=1\"><script type=\"text/javascript\" src=\"/config.js\"></script><link href=\"/static/css/2.ad2f0872.chunk.css\" rel=\"styleshee
t\"></head><body><div id=\"app\"></div><div id=\"portals\"></div><script src=\"/static/js/runtime-main.7103e5d7.js\"></script><script src=\"/static/js/2.ea51a949.chunk.js\"></script><script src=\"/static/js/main.23fd1a48.chunk.js\"></scr
ipt></body></html>"
},
{
"Start": "2021-11-16T18:32:22.013116817+08:00",
"End": "2021-11-16T18:32:22.209324251+08:00",
"ExitCode": 0,
"Output": " % Total % Received % Xferd Average Speed Time Time Time Current\n Dload Upload Total Spent Left Speed\n\r 0 0 0 0 0 0 0
0 --:--:-- --:--:-- --:--:-- 0\r100 579 100 579 0 0 565k 0 --:--:-- --:--:-- --:--:-- 565k\n<!doctype html><html><head><link rel=\"icon\" href=\"/img/favicon.gif\" type=\"image/gif\"/><title>Greenbone Security
Assistant</title><meta charset=\"UTF-8\"><meta name=\"viewport\" content=\"width=device-width,initial-scale=1\"><script type=\"text/javascript\" src=\"/config.js\"></script><link href=\"/static/css/2.ad2f0872.chunk.css\" rel=\"styleshee
t\"></head><body><div id=\"app\"></div><div id=\"portals\"></div><script src=\"/static/js/runtime-main.7103e5d7.js\"></script><script src=\"/static/js/2.ea51a949.chunk.js\"></script><script src=\"/static/js/main.23fd1a48.chunk.js\"></scr
ipt></body></html>"
},
{
"Start": "2021-11-16T18:42:22.277327124+08:00",
"End": "2021-11-16T18:42:23.181873843+08:00",
"ExitCode": 0,
"Output": "<!doctype html><html><head><link rel=\"icon\" href=\"/img/favicon.gif\" type=\"image/gif\"/><title>Greenbone Security Assistant</title><meta charset=\"UTF-8\"><meta name=\"viewport\" content=\"width=dev
ice-width,initial-scale=1\"><script type=\"text/javascript\" src=\"/config.js\"></script><link href=\"/static/css/2.ad2f0872.chunk.css\" rel=\"stylesheet\"></head><body><div id=\"app\"></div><div id=\"portals\"></div><script src=\"/stati
c/js/runtime-main.7103e5d7.js\"></script><script src=\"/static/js/2.ea51a949.chunk.js\"></script><script src=\"/static/js/main.23fd1a48.chunk.js\"></script></body></html> % Total % Received % Xferd Average Speed Time Time T
ime Current\n Dload Upload Total Spent Left Speed\n\r 0 0 0 0 0 0 0 0 --:--:-- --:--:-- --:--:-- 0\r100 579 100 579 0 0 565k 0 --:--:-- --:--:-
- --:--:-- 565k\n"
}
]
}
},
"Image": "sha256:793db014b415d22464de49ea39b418fe04d6d91c7eba290413c68783b6376b89",
"ResolvConfPath": "/var/lib/docker/containers/a13b7f89933a8acfe2fa214b44e78f7919bc8b7f1c3d9fd3bd300388348ee44a/resolv.conf",
"HostnamePath": "/var/lib/docker/containers/a13b7f89933a8acfe2fa214b44e78f7919bc8b7f1c3d9fd3bd300388348ee44a/hostname",
"HostsPath": "/var/lib/docker/containers/a13b7f89933a8acfe2fa214b44e78f7919bc8b7f1c3d9fd3bd300388348ee44a/hosts",
"LogPath": "/var/lib/docker/containers/a13b7f89933a8acfe2fa214b44e78f7919bc8b7f1c3d9fd3bd300388348ee44a/a13b7f89933a8acfe2fa214b44e78f7919bc8b7f1c3d9fd3bd300388348ee44a-json.log",
"Name": "/openvas",
"RestartCount": 0,
"Driver": "overlay2",
"Platform": "linux",
"MountLabel": "",
"ProcessLabel": "",
"AppArmorProfile": "docker-default",
"ExecIDs": null,
"HostConfig": {
"Binds": null,
"ContainerIDFile": "",
"LogConfig": {
"Type": "json-file",
"Config": {}
},
"NetworkMode": "default",
"PortBindings": {
"9392/tcp": [
{
"HostIp": "",
"HostPort": "8080"
}
]
},
"RestartPolicy": {
"Name": "no",
"MaximumRetryCount": 0
},
"AutoRemove": false,
"VolumeDriver": "",
"VolumesFrom": null,
"CapAdd": null,
"CapDrop": null,
"CgroupnsMode": "host",
"Dns": [],
"DnsOptions": [],
"DnsSearch": [],
"ExtraHosts": null,
"GroupAdd": null,
"IpcMode": "private",
"Cgroup": "",
"Links": null,
"OomScoreAdj": 0,
"PidMode": "",
"Privileged": false,
"PublishAllPorts": false,
"ReadonlyRootfs": false,
"SecurityOpt": null,
"UTSMode": "",
"UsernsMode": "",
"ShmSize": 67108864,
"Runtime": "runc",
"ConsoleSize": [
0,
0
],
"Isolation": "",
"CpuShares": 0,
"Memory": 0,
"NanoCpus": 0,
"CgroupParent": "",
"BlkioWeight": 0,
"BlkioWeightDevice": [],
"BlkioDeviceReadBps": null,
"BlkioDeviceWriteBps": null,
"BlkioDeviceReadIOps": null,
"BlkioDeviceWriteIOps": null,
"CpuPeriod": 0,
"CpuQuota": 0,
"CpuRealtimePeriod": 0,
"CpuRealtimeRuntime": 0,
"CpusetCpus": "",
"CpusetMems": "",
"Devices": [],
"DeviceCgroupRules": null,
"DeviceRequests": null,
"KernelMemory": 0,
"KernelMemoryTCP": 0,
"MemoryReservation": 0,
"MemorySwap": 0,
"MemorySwappiness": null,
"OomKillDisable": false,
"PidsLimit": null,
"Ulimits": null,
"CpuCount": 0,
"CpuPercent": 0,
"IOMaximumIOps": 0,
"IOMaximumBandwidth": 0,
"MaskedPaths": [
"/proc/asound",
"/proc/acpi",
"/proc/kcore",
"/proc/keys",
"/proc/latency_stats",
"/proc/timer_list",
"/proc/timer_stats",
"/proc/sched_debug",
"/proc/scsi",
"/sys/firmware"
],
"ReadonlyPaths": [
"/proc/bus",
"/proc/fs",
"/proc/irq",
"/proc/sys",
"/proc/sysrq-trigger"
]
},
"GraphDriver": {
"Data": {
"LowerDir": "/var/lib/docker/overlay2/c1cd22fc5baa7d0ca09aa0da04ef15e305bc7ab569075ec1b60a237dd70294fe-init/diff:/var/lib/docker/overlay2/df286b4cb93b652d385bf4661653546b183d86f70dae9bea79233b89deeec0fb/diff:/var/lib/dock
er/overlay2/b246593d40b637c94faa9439c3c872c2facb868a9ba4f35a643c2459c9234981/diff:/var/lib/docker/overlay2/0b0f85a29e9168a0b0bfcdd7fd1bceaa1feb7502fdc44899538601ce17887259/diff:/var/lib/docker/overlay2/281ab1a3b2d2199ff25a86a431529411d21
080df6085b28a297e1667201e6f0d/diff:/var/lib/docker/overlay2/a33eba9eb58cec116a03207248254eec8391bc56801fbd7378777666e97be454/diff:/var/lib/docker/overlay2/913d2766e2cc77dfa9007df896441ab898a90f742b9ed39c2fe0103e91c2aeee/diff:/var/lib/doc
ker/overlay2/6dde8d946d5f0cf3fef2577eda8daf4dee81437d63c011eeed71fe020dc982fc/diff:/var/lib/docker/overlay2/3c95031b773351555b2baf8b1d0d30673c0e123d2b121ae7189c0301c6763d21/diff:/var/lib/docker/overlay2/3b08c406d6cad24f41fb3e789081195b23
bc1d8d13431fab6bd54655ace20377/diff:/var/lib/docker/overlay2/d2034065d1a8859a4f14a73a7c31422080aff7a7b9afc7697cf83ea11014cb4f/diff:/var/lib/docker/overlay2/11d79ac7c7911f4e7479fbab9a7c2161103e48e3b0495d683cc60b9443fdce57/diff",
"MergedDir": "/var/lib/docker/overlay2/c1cd22fc5baa7d0ca09aa0da04ef15e305bc7ab569075ec1b60a237dd70294fe/merged",
"UpperDir": "/var/lib/docker/overlay2/c1cd22fc5baa7d0ca09aa0da04ef15e305bc7ab569075ec1b60a237dd70294fe/diff",
"WorkDir": "/var/lib/docker/overlay2/c1cd22fc5baa7d0ca09aa0da04ef15e305bc7ab569075ec1b60a237dd70294fe/work"
},
"Name": "overlay2"
},
"Mounts": [],
"Config": {
"Hostname": "a13b7f89933a",
"Domainname": "",
"User": "",
"AttachStdin": false,
"AttachStdout": false,
"AttachStderr": false,
"ExposedPorts": {
"9392/tcp": {}
},
"Tty": false,
"OpenStdin": false,
"StdinOnce": false,
"Env": [
"PASSWORD=XXXXXXXXX",
"PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin",
"DEBIAN_FRONTEND=noninteractive",
"LANG=C.UTF-8"
],
"Cmd": [
"/start.sh"
],
"Healthcheck": {
"Test": [
"CMD-SHELL",
"curl -f http://localhost:9392/ || curl -kf https://localhost:9392/ || exit 1"
],
"Interval": 600000000000,
"Timeout": 3000000000,
"StartPeriod": 1200000000000
},
"Image": "immauss/openvas:21.4.4-05",
"Volumes": null,
"WorkingDir": "",
"Entrypoint": [
"/bin/bash"
],
"OnBuild": null,
"Labels": {
"maintainer": "scott@immauss.com",
"source": "https://github.com/immauss/openvas",
"url": "https://hub.docker.com/immauss/openvas",
"version": "21.4.4-05"
}
},
"NetworkSettings": {
"Bridge": "",
"SandboxID": "6cfdb30c2ffb46ee38261ab9f071cd5caa1d590a3fda6187687b829ccc0c4a73",
"HairpinMode": false,
"LinkLocalIPv6Address": "",
"LinkLocalIPv6PrefixLen": 0,
"Ports": {
"9392/tcp": [
{
"HostIp": "0.0.0.0",
"HostPort": "8080"
},
{
"HostIp": "::",
"HostPort": "8080"
}
]
},
"SandboxKey": "/var/run/docker/netns/6cfdb30c2ffb",
"SecondaryIPAddresses": null,
"SecondaryIPv6Addresses": null,
"EndpointID": "a2d8ecd8af98839233fde2d561d3da8c333d845f5fd9a3ec326d33dd8851561d",
"Gateway": "172.17.0.1",
"GlobalIPv6Address": "",
"GlobalIPv6PrefixLen": 0,
"IPAddress": "172.17.0.2",
"IPPrefixLen": 16,
"IPv6Gateway": "",
"MacAddress": "02:42:ac:11:00:02",
"Networks": {
"bridge": {
"IPAMConfig": null,
"Links": null,
"Aliases": null,
"NetworkID": "1b0a8c878ba2bfc11305699c0bda38fa5b678007b818b10b1139cc6dc9af730b",
"EndpointID": "a2d8ecd8af98839233fde2d561d3da8c333d845f5fd9a3ec326d33dd8851561d",
"Gateway": "172.17.0.1",
"IPAddress": "172.17.0.2",
"IPPrefixLen": 16,
"IPv6Gateway": "",
"GlobalIPv6Address": "",
"GlobalIPv6PrefixLen": 0,
"MacAddress": "02:42:ac:11:00:02",
"DriverOpts": null
}
}
}
}
]Yeah ... I'm seeing this on the last test build too. But I'm definitely building 21.4.3 for the GVM_LIBS ...
From the running container. /usr/local/lib/libgvm-pg-server.so.21.4.4 /usr/local/lib/libgvm_gmp.so.21.4.3 /usr/local/lib/libgvm_base.so.21.4.3 /usr/local/lib/libgvm_boreas.so.21.4.3 /usr/local/lib/libgvm_util.so.21.4.3 /usr/local/lib/libgvm_osp.so.21.4.3
markdesilva
commented
2 years ago Yes, I'm seeing the same issue on other maintainers gvm images too.
Likely a greenbone issue.
cfi-gb
commented
2 years ago Just got pointed to this issue and wanted to add some notes:
The message is shown because this docker container is using version 21.4.2 for the openvas-scanner component of GVM which is lacking one version behind the recent 21.4.3 one:
https://github.com/immauss/openvas/blob/master/build.rc#L2
I have added some more additional (background) info here:
https://community.greenbone.net/t/21-4-3-gvmlibs-and-nvt-for-end-of-life-scan-engine/10731/2
An update to the VT in question to clarify in the message that the version of the openvas-scanner component is checked by this VT for recent (and still supported) GVM version will arrive in the feed tomorrow or the day after.
immauss
commented
2 years ago @cfi-gb Thanks again!
immauss
commented
2 years ago So ... I'm going to need to work with Greenbone on this. I'm still not able to run 21.4.3 openvas in the container without it segfaulting. Until I can resolve this, we will see this type of error. I'm going to leave this open, and I'll link to the issue with Greenbone once I get it started.
markdesilva
commented
2 years ago Secure Compliance managed to get it running I think. They have deployed 21.4.4 and fixed the outdated scanner issue.
immauss
commented
2 years ago :/ Looked at their bits earlier to day and didn't see that. They are building their container based on alpine though, so that may have a bit to do with it. I'm rather set on sticking with Debian:buster though since that's the build the Greenbone devs are using. It was 'suppose' to make things easier and more stable. . . . . . . .
markdesilva
commented
2 years ago :/ Looked at their bits earlier to day and didn't see that. They are building their container based on alpine though, so that may have a bit to do with it. I'm rather set on sticking with Debian:buster though since that's the build the Greenbone devs are using. It was 'suppose' to make things easier and more stable. . . . . . . .
Hmm, Austin Songer mentioned it was pushed already
https://github.com/Secure-Compliance-Solutions-LLC/GVM-Docker/issues/312
I think they went back to debian?
It's already pushed to Docker Hub.
docker pull securecompliance/gvm:debian-master-data-full
docker pull securecompliance/gvm:debian-master-data
docker pull securecompliance/gvm:debian-master-full
docker pull securecompliance/gvm:debian-master
Thanks. I've opened an issue just for this problem. I'll close this one and track the problem here. https://github.com/immauss/openvas/issues/90
immauss
commented
2 years ago Resolved in 21.4.4-06
Hi, I am using the 21.4.4-05 image, but keep getting this error:
Will the next version be updated for the new gvm libs?
Thank you.