mikesplain
commented
6 years ago @npitsec Thanks for the report. Can you provide a full log? Also how much memory and cpu is available?
Closed npitsec closed 6 years ago
mikesplain
commented
6 years ago @npitsec Thanks for the report. Can you provide a full log? Also how much memory and cpu is available?
mrnerdhair
commented
6 years ago This seems to be caused because the service command strips most environment vars, including PUBLIC_HOSTNAME, so the /etc/init.d/openvas-gsa script doesn't use it as part of the gsad command line. I cooked up a workaround consisting of a two-line Dockerfile:
FROM mikesplain/openvas
RUN sed -ir 's%^service %/etc/init.d/%' /startThat works, so I've made PR #175.
mrnerdhair
commented
6 years ago There is an associated issue I discovered with the /etc/init.d/openvas-gsa script; I'm not sure where to report that. Specifically, the /etc/default/openvas-gsa file doesn't get sourced until after the PUBLIC_HOSTNAME variable is already referenced. Patch:
--- openvas-gsa 2018-04-24 18:01:53.330566541 -0400
+++ openvas-gsa.new 2018-04-24 18:03:34.266777974 -0400
@@ -21,7 +21,6 @@
NAME=gsad
DAEMON=/usr/sbin/gsad
DAEMON_ARGS="--mlisten 127.0.0.1 -m 9390 --gnutls-priorities=SECURE128:-AES-128-CBC:-CAMELLIA-128-CBC:-VERS-SSL3.0:-VERS-TLS1.0"
-DAEMON_ARGS="$DAEMON_ARGS --allow-header-host=$PUBLIC_HOSTNAME"
PIDFILE=/var/run/$NAME.pid
SCRIPTNAME=/etc/init.d/$NAME
@@ -51,6 +50,7 @@
[ -n "$HTTP_CSP" ] && DAEMON_ARGS="$DAEMON_ARGS --http-csp=$HTTP_CSP"
[ "$HTTP_STS" = "1" ] && DAEMON_ARGS="$DAEMON_ARGS --http-sts"
[ -n "$HTTP_STS_MAX_AGE" ] && DAEMON_ARGS="$DAEMON_ARGS --http-sts-max-age=$HTTP_STS_MAX_AGE"
+[ -n "$PUBLIC_HOSTNAME" ] && DAEMON_ARGS="$DAEMON_ARGS --allow-header-host=$PUBLIC_HOSTNAME"
# Load the VERBOSE setting and other rcS variables
. /lib/init/vars.shUpon further investigation it seems that this issue is actually the same thing as #168, and that the fix for that one committed in #169 didn't actually work without my fix in #175.
Also, I didn't realize that the line I had an issue with in the patch above wasn't actually from the upstream deb, but was added via sed in a RUN command in the Dockerfile added by #169. I've submitted #176 which supercedes the patch above.
After launching the new docker container using the bare minimum arguments, I can never open the web-app as I see the following error:
The request contained an unknown or invalid Host header. If you are trying to access GSA via its hostname or a proxy, make sure GSA is set up to allow it.
The docker container seems to initialize ok. I see the installation successful message. The last set of messages displayed are:
==> /var/log/openvas/openvassd.messages <== [Tue Apr 10 16:28:50 2018][897] openvassd 5.1.2 started [Tue Apr 10 16:30:40 2018][1491] Client not present [Tue Apr 10 16:30:42 2018][897] Received the Terminated signal [Thu Apr 12 17:47:42 2018][26] openvassd 5.1.2 started [Thu Apr 12 17:53:11 2018][86] Client not present
... and at this point, the log is stalled (no more updates).