search

mikesplain / openvas-docker

A Docker container for Openvas
MIT License
762 stars 302 forks source link

Unable to login to the web interface of the container #237

Closed AnrDaemon closed 4 years ago

AnrDaemon commented 5 years ago

Container started, but does not accept default "admin:admin" login.

Host is Ubuntu 18.04 Docker version 18.09.5, build e8ff056 Started with command

docker run -p 443:443 -p 9390:9390 -e PUBLIC_HOSTNAME=daemon-vs2.darkdragon.lan -e LANG=en_US.UTF-8 -v "$(pwd)/data:/var/lib/openvas/mgr" --name openvas --rm mikesplain/openvas

Logs

Testing redis status...
Redis not yet ready...
Redis ready.
Checking for empty volume
Restarting services
 * Restarting openvas-scanner openvassd
   ...done.
 * Restarting openvas-manager openvasmd
   ...done.
 * Restarting openvas-gsa gsad
   ...done.
Reloading NVTs
Rebuilding NVT cache... done.
Checking setup
openvas-check-setup 2.3.3
  Test completeness and readiness of OpenVAS-9

  Please report us any non-detected problems and
  help us to improve this check routine:
  http://lists.wald.intevation.org/mailman/listinfo/openvas-discuss

  Send us the log-file (/tmp/openvas-check-setup.log) to help analyze the problem.

  Use the parameter --server to skip checks for client tools
  like GSD and OpenVAS-CLI.

Step 1: Checking OpenVAS Scanner ...
        OK: OpenVAS Scanner is present in version 5.1.3.
        OK: OpenVAS Scanner CA Certificate is present as .
dirname: missing operand
Try 'dirname --help' for more information.
        ERROR: No server certificate file of OpenVAS Scanner found.
        FIX: Run 'openvas-mkcert -f -q'.

 ERROR: Your OpenVAS-9 installation is not yet complete!

Please follow the instructions marked with FIX above and run this
script again.

If you think this result is wrong, please report your observation
and help us to improve this check routine:
http://lists.wald.intevation.org/mailman/listinfo/openvas-discuss
Please attach the log-file (/tmp/openvas-check-setup.log) to help us analyze the problem.

Configuring postfix
postmap: warning: /etc/postfix/sasl_passwd, line 1: record is in "key: value" format; is this an alias file?                                                  
 * Stopping Postfix Mail Transport Agent postfix                                                                                                              
   ...done.                                                                                                                                                   
 * Starting Postfix Mail Transport Agent postfix                                                                                                              
   ...done.                                                                                                                                                   
Tailing logs                                                                                                                                                  
==> /var/log/openvas/gsad.log <==                                                                                                                             
gsad main:MESSAGE:2019-07-03 11h47.41 utc:41: Starting GSAD version 7.0.3
gsad main:WARNING:2019-07-03 11h47.41 utc:41: main: Failed to set locale according to environment variables, gettext translations are disabled.
gsad xslt:WARNING:2019-07-03 11h47.41 utc:41: init_language_lists: Failed to open locale directory "/usr/share/openvas/gsa/locale": No such file or directory
gsad main:WARNING:2019-07-03 11h57.49 utc:42: MHD: Error: received handshake message out of context
gsad main:WARNING:2019-07-03 11h57.56 utc:42: Authentication failure for 'admin' from 192.168.1.10

==> /var/log/openvas/openvasmd.log <==                                                                                                                        
md   main:MESSAGE:2019-07-03 11h47.40 utc:32:    OpenVAS Manager version 7.0.3 (DB revision 184)
md   main:MESSAGE:2019-07-03 11h47.42 utc:43:    OpenVAS Manager version 7.0.3 (DB revision 184)
md   main:   INFO:2019-07-03 11h47.42 utc:43: rebuild_nvt_cache_retry: Reloading NVT cache
md   main:   INFO:2019-07-03 11h47.42 utc:45: update_or_rebuild_nvt_cache: Rebuilding NVT cache
base gpgme:MESSAGE:2019-07-03 11h47.43 utc:33: Setting GnuPG dir to '/var/lib/openvas/openvasmd/gnupg'
base gpgme:MESSAGE:2019-07-03 11h47.49 utc:33: Using OpenPGP engine version '2.1.11'
base gpgme:MESSAGE:2019-07-03 11h47.50 utc:45: Setting GnuPG dir to '/var/lib/openvas/openvasmd/gnupg'
base gpgme:MESSAGE:2019-07-03 11h47.53 utc:45: Using OpenPGP engine version '2.1.11'
md   main:   INFO:2019-07-03 11h47.54 utc:45:    Updating NVT cache.
md    omp:WARNING:2019-07-03 11h57.56 utc:243: Authentication failure for 'admin' from 127.0.0.1

==> /var/log/openvas/openvassd.dump <==

==> /var/log/openvas/openvassd.messages <==
[Wed Jul  3 11:47:49 2019][22] openvassd 5.1.3 started
[Wed Jul  3 11:50:53 2019][78] Client not present
githubjqh commented 5 years ago

I have the same problem,“FIX: Run 'openvas-mkcert -f -q”,and when I run the command "openvas-mkcert -f -q", then get this "bash: openvas-mkcert: command not found"

AnrDaemon commented 5 years ago

For the record, I've "solved" it with atomicorp/openvas:v9. Yes, just used a different container.

boomshadow commented 5 years ago

The issue seems to be related to the 3rd party script to check OpenVAS:
https://github.com/mikesplain/openvas-docker/blob/master/9/start#L100

That 3rd part script (https://github.com/kurobeats/OpenVas-Management-Scripts/blob/master/openvas-check-setup#L213) is unable to determine the CA File:

CAFILE=`openvassd -s 2>>$LOG | grep ca_file | sed -e "s/^ca_file = //"`

When I log into the running mikesplain/openvas container and run openvassd -s, that ca_file config is not even listed in the output at all.

vertoforce commented 5 years ago

Good find @boomshadow. Thankfully the container still works without fixing this, but would be useful to find a fix. Noting this issue here https://github.com/mikesplain/openvas-docker/issues/239, as it's related to not being able to run that command.

fredairic[bot] commented 4 years ago

This issue has been automatically marked as stale because it has not had recent activity. It will be closed in 30 days if no further activity occurs. Thank you for your contributions.

nqb commented 4 years ago

@mikesplain, do you will accept PR for this issue or openvas-docker will not be updated anymore ?

Thanks.

fredairic[bot] commented 4 years ago

This issue has been automatically marked as stale because it has not had recent activity. It will be closed in 30 days if no further activity occurs. Thank you for your contributions.

fredairic[bot] commented 4 years ago

This issue has been automatically closed because it has not had recent activity. Issue creator may reopen if the issue still exists. Thank you for your contributions.

ddadsx commented 2 years ago

Managed to solve this by running openvasmd --new-password admin --user admin inside the container.

Apparently reseting user's password also reset how it uses the certificate. If it doesn't work, maybe creating a new user does.