I have a docker build that runs every 12 hours and part of the build is to basically install and provision OpenVAS. These are the only commands that are running in the Dockerfile:
# Configure OpenVAS
service postgresql start && \
gvm-setup | tee ~/.openvas_install_logs.txt && \
sed -i"" 's/GSA_MAJOR="21.04"/GSA_MAJOR="21.4"/g' $(which gvm-check-setup) && \
service postgresql start && \
runuser -u _gvm -- greenbone-nvt-sync && \
runuser -u _gvm -- greenbone-feed-sync --type CERT && \
gvm-check-setup && \
while ! grep daba56c8-73ec-11df-a475-002264764cea /var/log/gvm/gvmd.log ; do sleep 10; done && \
while ! grep "Updating DFN-CERT CVSS max succeeded." /var/log/gvm/gvmd.log ; do echo "Waiting on DFN-CERT updates" ; sleep 10; done && \
while ! grep "Updating CERT-Bund CVSS max succeeded" /var/log/gvm/gvmd.log ; do echo "Waiting on CERT-Bund update" ; sleep 10; done && \
while ! grep "Updating SCAP info succeeded" /var/log/gvm/gvmd.log ; do echo "Waiting on SCAP updates" ; sleep 10; done && \
openvas -u && \
The goal is basically to have a docker container that’s ready to go when my other automated processes pull our custom docker container for scanning. This seems to run pretty OK about 70% of the time. The other 30% of the times where it doesn’t run properly, it’s due to a “failed to connect to XYZ” error.
There are plenty of other things in this process that requires Internet access, so I don’t have any suspicions that AWS is having some kind of Internet issue when going outbound.
Here’s the specific error that I see from time to time:
<28>Sep 12 12:32:28 greenbone-nvt-sync: The log facility is not working as expected. All messages will be written to the standard error stream.
<29>Sep 12 12:32:28 greenbone-nvt-sync: No Greenbone Security Feed access key found, falling back to Greenbone Community Feed
<29>Sep 12 12:32:33 greenbone-nvt-sync: Configured NVT rsync feed: rsync://feed.community.greenbone.net:/nvt-feed
rsync: [Receiver] failed to connect to feed.community.greenbone.net (45.135.106.142): Connection refused (111)
rsync: [Receiver] failed to connect to feed.community.greenbone.net (2a0e:6b40:20:106:20c:29ff:fe67:cbb5): Cannot assign requested address (99)
rsync error: error in socket IO (code 10) at clientserver.c(137) [Receiver=3.2.3]
<27>Sep 12 12:32:33 greenbone-nvt-sync: rsync failed.
rsync: [Receiver] failed to connect to feed.community.greenbone.net (45.135.106.142): Connection refused (111)
rsync: [Receiver] failed to connect to feed.community.greenbone.net (2a0e:6b40:20:106:20c:29ff:fe67:cbb5): Cannot assign requested address (99)
rsync error: error in socket IO (code 10) at clientserver.c(137) [Receiver=3.2.3]
I hope someone comes back and tells me I’m doing too much to install GVM inside of my docker container, but this seems to be the only thing that I’ve been able to do to get it to work properly and start up just fine when I’m ready for it.
Is once every 12 hours too much? If so, I can just move my task to once a day, but I just wanted to mention that since I saw some issues in other threads about IP blocking.
Any help on these issues would be greatly appreciated.