Attempting to update to 7.1.0

[mauvehed]

This was supposed to be a PR to update the version to 7.1.0 but instead has turned into a request for help.

• update-version.sh no longer works due to a 404 on https://www.tenable.com/plugins/os.json
• building the docker image from the Dockerfile results in a few different errors
• /opt/nessus is empty once you start a container from the newly built image

Oddly, I tried to debug the missing /opt/nessus but just wound up more confused. I remove Nessus (rpm -e) and then ran the contents of the Dockerfile inside a bash shell attached to the container, and everything worked fine. Nessus installed properly and populated /opt/nessus. But the image itself is broken when built from the Dockerfile

$ docker image build -t docker-nessus:7.1.0 .

Sending build context to Docker daemon  79.36kB

[WARNING]: Empty continuation line found in:
    RUN set -x   && yum update -y   && DOWNLOAD_ID=$(curl -ssl -o - "https://www.tenable.com/downloads/nessus" | sed -n -e 's/.*data-download-id="\([0-9]*\)".*data-file-name="\([a-zA-Z0-9_\.-]\+\-es7\.x86_64\.rpm\).*".*/\1/p')   && rpm --import https://static.tenable.com/marketing/RPM-GPG-KEY-Tenable   && curl -ssL -o /tmp/Nessus-${NESSUS_VERSION}-es7.x86_64.rpm     "https://tenable-downloads-production.s3.amazonaws.com/uploads/download/file/${DOWNLOAD_ID}/Nessus-${NESSUS_VERSION}-es7.x86_64.rpm"   && rpm -ivh /tmp/Nessus-${NESSUS_VERSION}-es7.x86_64.rpm   && for lf in backend.log nessusd.messages www_server.log; do      ln -s /dev/stdout /opt/nessus/var/nessus/logs/${lf}; done   && rm /tmp/Nessus-${NESSUS_VERSION}-es7.x86_64.rpm   && yum clean all   && rm -rf /var/cache/yum   && rm -rf /opt/nessus/var/nessus/{uuid,*.db*,master.key}
[WARNING]: Empty continuation lines will become errors in a future release.
Step 1/7 : FROM centos:7
 ---> e934aafc2206
Step 2/7 : MAINTAINER Mike Nowak
 ---> Running in 92959da65506
Removing intermediate container 92959da65506
 ---> 76a475c74a83
Step 3/7 : ENV NESSUS_VERSION=7.1.0
 ---> Running in b2970e2526f7
Removing intermediate container b2970e2526f7
 ---> 1ff1015d5ffc
Step 4/7 : VOLUME ["/opt/nessus"]
 ---> Running in 2ae5139e906b
Removing intermediate container 2ae5139e906b
 ---> e4539b311a6d
Step 5/7 : RUN set -x   && yum update -y   && DOWNLOAD_ID=$(curl -ssl -o - "https://www.tenable.com/downloads/nessus" | sed -n -e 's/.*data-download-id="\([0-9]*\)".*data-file-name="\([a-zA-Z0-9_\.-]\+\-es7\.x86_64\.rpm\).*".*/\1/p')   && rpm --import https://static.tenable.com/marketing/RPM-GPG-KEY-Tenable   && curl -ssL -o /tmp/Nessus-${NESSUS_VERSION}-es7.x86_64.rpm     "https://tenable-downloads-production.s3.amazonaws.com/uploads/download/file/${DOWNLOAD_ID}/Nessus-${NESSUS_VERSION}-es7.x86_64.rpm"   && rpm -ivh /tmp/Nessus-${NESSUS_VERSION}-es7.x86_64.rpm   && for lf in backend.log nessusd.messages www_server.log; do      ln -s /dev/stdout /opt/nessus/var/nessus/logs/${lf}; done   && rm /tmp/Nessus-${NESSUS_VERSION}-es7.x86_64.rpm   && yum clean all   && rm -rf /var/cache/yum   && rm -rf /opt/nessus/var/nessus/{uuid,*.db*,master.key}
 ---> Running in 66c9650e7334
+ yum update -y
Loaded plugins: fastestmirror, ovl
Determining fastest mirrors
 * base: centos.mirror.lstn.net
 * extras: mirror.compevo.com
 * updates: mirror.us.oneandone.net
Resolving Dependencies
--> Running transaction check
---> Package acl.x86_64 0:2.2.51-12.el7 will be updated
---> Package acl.x86_64 0:2.2.51-14.el7 will be an update
----PACKAGE LIST CUT FOR COPY/PASTE LENGTH----
--> Finished Dependency Resolution

Dependencies Resolved

================================================================================
 Package                       Arch     Version                 Repository
                                                                           Size
================================================================================
Updating:
 acl                           x86_64   2.2.51-14.el7           base       81 k
 audit-libs                    x86_64   2.8.1-3.el7             base       99 k
 bash                          x86_64   4.2.46-30.el7           base      1.0 M
----PACKAGE LIST CUT FOR COPY/PASTE LENGTH----

Transaction Summary
================================================================================
Install              ( 1 Dependent package)
Upgrade  75 Packages

Total download size: 59 M
Downloading packages:
Delta RPMs disabled because /usr/bin/applydeltarpm not installed.
warning: /var/cache/yum/x86_64/7/base/packages/bind-license-9.9.4-61.el7.noarch.rpm: Header V3 RSA/SHA256 Signature, key ID f4a80eb5: NOKEY
Public key for bind-license-9.9.4-61.el7.noarch.rpm is not installed
Public key for centos-release-7-5.1804.el7.centos.2.x86_64.rpm is not installed
--------------------------------------------------------------------------------
Total                                              5.8 MB/s |  59 MB  00:10     
Retrieving key from file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-7
Importing GPG key 0xF4A80EB5:
 Userid     : "CentOS-7 Key (CentOS 7 Official Signing Key) <security@centos.org>"
 Fingerprint: 6341 ab27 53d7 8a78 a7c2 7bb1 24c6 a8a7 f4a8 0eb5
 Package    : centos-release-7-4.1708.el7.centos.x86_64 (@CentOS)
 From       : /etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-7
Running transaction check
Running transaction test
Transaction test succeeded
Running transaction
  Updating   : libgcc-4.8.5-28.el7_5.1.x86_64                             1/151 
  Updating   : tzdata-2018e-3.el7.noarch                                  2/151 
  Updating   : glibc-common-2.17-222.el7.x86_64                           3/151 
----PACKAGE LIST CUT FOR COPY/PASTE LENGTH----

Dependency Installed:
  lz4.x86_64 0:1.7.5-2.el7                                                      

Updated:
  acl.x86_64 0:2.2.51-14.el7                                                    
  audit-libs.x86_64 0:2.8.1-3.el7                                               
  bash.x86_64 0:4.2.46-30.el7                                                   
  bind-license.noarch 32:9.9.4-61.el7                                           
----PACKAGE LIST CUT FOR COPY/PASTE LENGTH----

Complete!
++ curl -ssl -o - https://www.tenable.com/downloads/nessus
++ sed -n -e 's/.*data-download-id="\([0-9]*\)".*data-file-name="\([a-zA-Z0-9_\.-]\+\-es7\.x86_64\.rpm\).*".*/\1/p'
+ DOWNLOAD_ID=7801
+ rpm --import https://static.tenable.com/marketing/RPM-GPG-KEY-Tenable
+ curl -ssL -o /tmp/Nessus-7.1.0-es7.x86_64.rpm https://tenable-downloads-production.s3.amazonaws.com/uploads/download/file/7801/Nessus-7.1.0-es7.x86_64.rpm
+ rpm -ivh /tmp/Nessus-7.1.0-es7.x86_64.rpm
Preparing...                          ########################################
Updating / installing...
Nessus-7.1.0-es7                      ########################################
Unpacking Nessus Core Components...
 - You can start Nessus by typing /bin/systemctl start nessusd.service
 - Then go to https://66c9650e7334:8834/ to configure your scanner

+ for lf in backend.log nessusd.messages www_server.log
+ ln -s /dev/stdout /opt/nessus/var/nessus/logs/backend.log
+ for lf in backend.log nessusd.messages www_server.log
+ ln -s /dev/stdout /opt/nessus/var/nessus/logs/nessusd.messages
+ for lf in backend.log nessusd.messages www_server.log
+ ln -s /dev/stdout /opt/nessus/var/nessus/logs/www_server.log
+ rm /tmp/Nessus-7.1.0-es7.x86_64.rpm
+ yum clean all
Loaded plugins: fastestmirror, ovl
Cleaning repos: base extras updates
Cleaning up everything
Maybe you want: rm -rf /var/cache/yum, to also free up space taken by orphaned data from disabled or removed repos
Cleaning up list of fastest mirrors
+ rm -rf /var/cache/yum
+ rm -rf /opt/nessus/var/nessus/uuid '/opt/nessus/var/nessus/*.db*' /opt/nessus/var/nessus/master.key
Removing intermediate container 66c9650e7334
 ---> 409fa8f2b703
Step 6/7 : EXPOSE 8834
 ---> Running in 7e180c6a4014
Removing intermediate container 7e180c6a4014
 ---> 51f3d30f9d4b
Step 7/7 : CMD ["/opt/nessus/sbin/nessus-service"]
 ---> Running in e230979b92a1
Removing intermediate container e230979b92a1
 ---> d727de2a267f
Successfully built d727de2a267f
Successfully tagged docker-nessus:7.1.0

$ docker container run --name=nessus -it docker-nessus:7.1.0 /bin/bash

[root@182ae447bede /]# ls -la /opt/nessus
total 8
drwxr-xr-x 2 root root 4096 May 28 16:10 .
drwxr-xr-x 1 root root 4096 Apr 11 04:59 ..

[root@182ae447bede /]# rpm -qa Nessus
Nessus-7.1.0-es7.x86_64

[mikenowak]

Hi @mauvehed, I did not get the notification for this - sorry about that.

1) I confirm - the download website layout had changed so the update-version.sh no longer works. I will get that updated.

As for 2 and 3 are these still being a problem?

[mauvehed]

I'll have to try and play with this again. It's been a while since I messed with it. The latest Nessus now looks to be 7.2.0.

[mauvehed]

Tried this with 7.2.0 (the current latest on tenable.com) and the following occurred:

$ docker image build -t docker-nessus:7.2.0 .
free(): invalid pointer
SIGABRT: abort
PC=0x7f8e2f31ee97 m=0 sigcode=18446744073709551610
signal arrived during cgo execution

goroutine 1 [syscall, locked to thread]:
runtime.cgocall(0x4afd50, 0xc420059cc0, 0xc420059ce8)
        /usr/lib/go-1.8/src/runtime/cgocall.go:131 +0xe2 fp=0xc420059c90 sp=0xc420059c50
github.com/docker/docker-credential-helpers/secretservice._Cfunc_free(0xee7270)
        github.com/docker/docker-credential-helpers/secretservice/_obj/_cgo_gotypes.go:111 +0x41 fp=0xc420059cc0 sp=0xc420059c90
github.com/docker/docker-credential-helpers/secretservice.Secretservice.List.func5(0xee7270)
        /build/golang-github-docker-docker-credential-helpers-cMhSy1/golang-github-docker-docker-credential-helpers-0.5.0/obj-x86_64-linux-gnu/src/github.com/docker/docker-credential-helpers/secretservice/secretservice_linux.go:96 +0x60 fp=0xc420059cf8 sp=0xc420059cc0
github.com/docker/docker-credential-helpers/secretservice.Secretservice.List(0x0, 0x756060, 0xc420018370)
        /build/golang-github-docker-docker-credential-helpers-cMhSy1/golang-github-docker-docker-credential-helpers-0.5.0/obj-x86_64-linux-gnu/src/github.com/docker/docker-credential-helpers/secretservice/secretservice_linux.go:97 +0x217 fp=0xc420059da0 sp=0xc420059cf8
github.com/docker/docker-credential-helpers/secretservice.(*Secretservice).List(0x77e548, 0xc420059e88, 0x410022, 0xc4200182d0)
        <autogenerated>:4 +0x46 fp=0xc420059de0 sp=0xc420059da0
github.com/docker/docker-credential-helpers/credentials.List(0x756ba0, 0x77e548, 0x7560e0, 0xc42000e018, 0x0, 0x10)
        /build/golang-github-docker-docker-credential-helpers-cMhSy1/golang-github-docker-docker-credential-helpers-0.5.0/obj-x86_64-linux-gnu/src/github.com/docker/docker-credential-helpers/credentials/credentials.go:145 +0x3e fp=0xc420059e68 sp=0xc420059de0
github.com/docker/docker-credential-helpers/credentials.HandleCommand(0x756ba0, 0x77e548, 0x7ffe5911a8b7, 0x4, 0x7560a0, 0xc42000e010, 0x7560e0, 0xc42000e018, 0x40e398, 0x4d35c0)
        /build/golang-github-docker-docker-credential-helpers-cMhSy1/golang-github-docker-docker-credential-helpers-0.5.0/obj-x86_64-linux-gnu/src/github.com/docker/docker-credential-helpers/credentials/credentials.go:60 +0x16d fp=0xc420059ed8 sp=0xc420059e68
github.com/docker/docker-credential-helpers/credentials.Serve(0x756ba0, 0x77e548)
        /build/golang-github-docker-docker-credential-helpers-cMhSy1/golang-github-docker-docker-credential-helpers-0.5.0/obj-x86_64-linux-gnu/src/github.com/docker/docker-credential-helpers/credentials/credentials.go:41 +0x1cb fp=0xc420059f58 sp=0xc420059ed8
main.main()
        /build/golang-github-docker-docker-credential-helpers-cMhSy1/golang-github-docker-docker-credential-helpers-0.5.0/secretservice/cmd/main_linux.go:9 +0x4f fp=0xc420059f88 sp=0xc420059f58
runtime.main()
        /usr/lib/go-1.8/src/runtime/proc.go:185 +0x20a fp=0xc420059fe0 sp=0xc420059f88
runtime.goexit()
        /usr/lib/go-1.8/src/runtime/asm_amd64.s:2197 +0x1 fp=0xc420059fe8 sp=0xc420059fe0

goroutine 17 [syscall, locked to thread]:
runtime.goexit()
        /usr/lib/go-1.8/src/runtime/asm_amd64.s:2197 +0x1

rax    0x0
rbx    0x7ffe5911a250
rcx    0x7f8e2f31ee97
rdx    0x0
rdi    0x2
rsi    0x7ffe59119fe0
rbp    0x7ffe5911a350
rsp    0x7ffe59119fe0
r8     0x0
r9     0x7ffe59119fe0
r10    0x8
r11    0x246
r12    0x7ffe5911a250
r13    0x1000
r14    0x0
r15    0x30
rip    0x7f8e2f31ee97
rflags 0x246
cs     0x33
fs     0x0
gs     0x0
Sending build context to Docker daemon  142.3kB
Step 1/7 : FROM centos:7
 ---> e934aafc2206
Step 2/7 : MAINTAINER Mike Nowak
 ---> Using cache
 ---> 76a475c74a83
Step 3/7 : ENV NESSUS_VERSION=7.2.0
 ---> Running in 3a896cce25b2
Removing intermediate container 3a896cce25b2
 ---> 55fc45de3268
Step 4/7 : VOLUME ["/opt/nessus"]
 ---> Running in eb1cd7504c2c
Removing intermediate container eb1cd7504c2c
 ---> 238d849bdd52
Step 5/7 : RUN set -x   && yum update -y     && DOWNLOAD_ID=$(curl -ssl -o - "https://www.tenable.com/downloads/nessus" | sed -n -e 's/.*data-download-id="\([0-9]*\)".*data-file-name="\([a-zA-Z0-9_\.-]\+\-es7\.x86_64\.rpm\).*".*/\1/p')     && rpm --import https://static.tenable.com/marketing/RPM-GPG-KEY-Tenable     && curl -ssL -o /tmp/Nessus-${NESSUS_VERSION}-es7.x86_64.rpm     "https://tenable-downloads-production.s3.amazonaws.com/uploads/download/file/${DOWNLOAD_ID}/Nessus-${NESSUS_VERSION}-es7.x86_64.rpm"     && rpm -ivh /tmp/Nessus-${NESSUS_VERSION}-es7.x86_64.rpm     && for lf in backend.log nessusd.messages www_server.log; do      ln -s /dev/stdout /opt/nessus/var/nessus/logs/${lf}; done     && rm /tmp/Nessus-${NESSUS_VERSION}-es7.x86_64.rpm   && yum clean all   && rm -rf /var/cache/yum   && rm -rf /opt/nessus/var/nessus/{uuid,*.db*,master.key}
 ---> Running in 4431cd500030
+ yum update -y
Loaded plugins: fastestmirror, ovl
Determining fastest mirrors
 * base: mirror.dal10.us.leaseweb.net
 * extras: mirror.dal10.us.leaseweb.net
 * updates: repo1.dal.innoscale.net
Resolving Dependencies
--> Running transaction check
---> Package acl.x86_64 0:2.2.51-12.el7 will be updated
---> Package acl.x86_64 0:2.2.51-14.el7 will be an update
---> Package audit-libs.x86_64 0:2.7.6-3.el7 will be updated
---> Package audit-libs.x86_64 0:2.8.1-3.el7_5.1 will be an update
*** SNIP ***
--> Finished Dependency Resolution

Dependencies Resolved

================================================================================
 Package                       Arch     Version                 Repository
                                                                           Size
================================================================================
Updating:
 acl                           x86_64   2.2.51-14.el7           base       81 k
 audit-libs                    x86_64   2.8.1-3.el7_5.1         updates    99 k
 bash                          x86_64   4.2.46-30.el7           base      1.0 M
 bind-license                  noarch   32:9.9.4-61.el7_5.1     updates    85 k
 binutils                      x86_64   2.27-28.base.el7_5.1    updates   5.9 M
 ca-certificates               noarch   2018.2.22-70.0.el7_5    updates   392 k
 centos-release                x86_64   7-5.1804.4.el7.centos   updates    25 k
 coreutils                     x86_64   8.22-21.el7             base      3.3 M
*** SNIP ***
 yum-utils                     noarch   1.1.31-46.el7_5         updates   120 k
Installing for dependencies:
 lz4                           x86_64   1.7.5-2.el7             base       98 k

Transaction Summary
================================================================================
Install              ( 1 Dependent package)
Upgrade  76 Packages

Total download size: 61 M
Downloading packages:
Delta RPMs disabled because /usr/bin/applydeltarpm not installed.
warning: /var/cache/yum/x86_64/7/base/packages/acl-2.2.51-14.el7.x86_64.rpm: Header V3 RSA/SHA256 Signature, key ID f4a80eb5: NOKEY
Public key for acl-2.2.51-14.el7.x86_64.rpm is not installed
Public key for audit-libs-2.8.1-3.el7_5.1.x86_64.rpm is not installed
http://mirrors.cmich.edu/centos/7.5.1804/updates/x86_64/Packages/ca-certificates-2018.2.22-70.0.el7_5.noarch.rpm: [Errno 12] Timeout on http://mirrors.cmich.edu/centos/7.5.1804/updates/x86_64/Packages/ca-certificates-2018.2.22-70.0.el7_5.noarch.rpm: (28, 'Operation too slow. Less than 1000 bytes/sec transferred the last 30 seconds')
Trying other mirror.
--------------------------------------------------------------------------------
Total                                              2.0 MB/s |  61 MB  00:30
Retrieving key from file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-7
Importing GPG key 0xF4A80EB5:
 Userid     : "CentOS-7 Key (CentOS 7 Official Signing Key) <security@centos.org>"
 Fingerprint: 6341 ab27 53d7 8a78 a7c2 7bb1 24c6 a8a7 f4a8 0eb5
 Package    : centos-release-7-4.1708.el7.centos.x86_64 (@CentOS)
 From       : /etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-7
Running transaction check
Running transaction test
Transaction test succeeded
Running transaction
  Updating   : libgcc-4.8.5-28.el7_5.1.x86_64                             1/153
  Updating   : tzdata-2018e-3.el7.noarch                                  2/153
  Updating   : glibc-common-2.17-222.el7.x86_64                           3/153
  Updating   : nss-softokn-freebl-3.36.0-5.el7_5.x86_64                   4/153
  Updating   : glibc-2.17-222.el7.x86_64                                  5/153
  Updating   : bash-4.2.46-30.el7.x86_64                                  6/153
  Updating   : nspr-4.19.0-1.el7_5.x86_64                                 7/153
  Updating   : nss-util-3.36.0-1.el7_5.x86_64                             8/153
*** SNIP ***
  Verifying  : filesystem-3.2-21.el7.x86_64                             152/153
  Verifying  : libuuid-2.23.2-43.el7_4.2.x86_64                         153/153

Dependency Installed:
  lz4.x86_64 0:1.7.5-2.el7

Updated:
  acl.x86_64 0:2.2.51-14.el7
  audit-libs.x86_64 0:2.8.1-3.el7_5.1
  bash.x86_64 0:4.2.46-30.el7
  bind-license.noarch 32:9.9.4-61.el7_5.1
  binutils.x86_64 0:2.27-28.base.el7_5.1
  ca-certificates.noarch 0:2018.2.22-70.0.el7_5
  centos-release.x86_64 0:7-5.1804.4.el7.centos
 *** SNIP ***
  yum-plugin-fastestmirror.noarch 0:1.1.31-46.el7_5
  yum-plugin-ovl.noarch 0:1.1.31-46.el7_5
  yum-utils.noarch 0:1.1.31-46.el7_5

Complete!
++ curl -ssl -o - https://www.tenable.com/downloads/nessus
++ sed -n -e 's/.*data-download-id="\([0-9]*\)".*data-file-name="\([a-zA-Z0-9_\.-]\+\-es7\.x86_64\.rpm\).*".*/\1/p'
+ DOWNLOAD_ID=8144
+ rpm --import https://static.tenable.com/marketing/RPM-GPG-KEY-Tenable
+ curl -ssL -o /tmp/Nessus-7.2.0-es7.x86_64.rpm https://tenable-downloads-production.s3.amazonaws.com/uploads/download/file/8144/Nessus-7.2.0-es7.x86_64.rpm
+ rpm -ivh /tmp/Nessus-7.2.0-es7.x86_64.rpm
error: /tmp/Nessus-7.2.0-es7.x86_64.rpm: not an rpm package (or package manifest): 
The command '/bin/sh -c set -x   && yum update -y     && DOWNLOAD_ID=$(curl -ssl -o - "https://www.tenable.com/downloads/nessus" | sed -n -e 's/.*data-download-id="\([0-9]*\)".*data-file-na$e="\([a-zA-Z0-9_\.-]\+\-es7\.x86_64\.rpm\).*".*/\1/p')     && rpm --import https://static.tenable.com/marketing/RPM-GPG-KEY-Tenable     && curl -ssL -o /tmp/Nessus-${NESSUS_VERSION}-es7.x86$64.rpm     "https://tenable-downloads-production.s3.amazonaws.com/uploads/download/file/${DOWNLOAD_ID}/Nessus-${NESSUS_VERSION}-es7.x86_64.rpm"     && rpm -ivh /tmp/Nessus-${NESSUS_VERSION}$es7.x86_64.rpm     && for lf in backend.log nessusd.messages www_server.log; do      ln -s /dev/stdout /opt/nessus/var/nessus/logs/${lf}; done     && rm /tmp/Nessus-${NESSUS_VERSION}-es7.x8$_64.rpm   && yum clean all   && rm -rf /var/cache/yum   && rm -rf /opt/nessus/var/nessus/{uuid,*.db*,master.key}' returned a non-zero code: 1

At the very top it throws a pretty serious error

free(): invalid pointer
SIGABRT: abort
PC=0x7f8e2f31ee97 m=0 sigcode=18446744073709551610
signal arrived during cgo execution

Then later near the very bottom after "Complete!".

error: /tmp/Nessus-7.2.0-es7.x86_64.rpm: not an rpm package (or package manifest):

and

...*snip*... rm -rf /opt/nessus/var/nessus/{uuid,*.db*,master.key}' returned a non-zero code: 1

[mauvehed]

The exact same errors look to occur if I change the version to 7.1.0.

I'll continue investigating to try and determine if it's just some unrelated issue with my docker install or the actual build process.

[mikenowak]

@mauvehed thanks!

I conform this is indeed a problem - basically Tanable had changed their website and I yet have to figure out to make a download request with a cookie in order to fetch a file.

I've started working on this a few days ago but got stuck - see https://github.com/mikenowak/docker-nessus/tree/new-download-method

[mauvehed]

Looks like 7.2.1 (early access) is out and is causing even more problems. I'll see if I can make time this weekend to try and help resolve the proper way to fetch the downloads.