I am facing a serious issues since last 2 days and unable to find a solution. I am using community containers to build my OpenVAS image. All works fine and I am able to access the web panel. Now the Feed is syncing which roughly takes 30-40 minutes
Now moving on, I am using the same VM in an offline environment, I use the same command sudo docker compose up -d; however, when the UI starts ir says Feed is Syncing, whereas I don’t have internet on the system
Therefore, I cannot initiate any scans.
Is there any global variable to disable the syncing, once it has fetched info once?
The vulnerability test conainer takes most of the time (roughly 3 mintes, when I do start up again)
/bin # cat init.sh #!/bin/sh set -e rm -f "${STATE_FILE}" license_file=${STORAGE_PATH}/LICENSE if [ -n "${FEED_RELEASE}" ]; then echo "Using feed release ${FEED_RELEASE}" STORAGE_PATH="${STORAGE_PATH}/${FEED_RELEASE}/vt-data/nasl" fi if [ ! -d "${STORAGE_PATH}" ]; then echo "Vulnerability tests not found in ${STORAGE_PATH}" exit 1 fi if [ -e "${license_file}" ]; then cat "${license_file}" fi echo -e "\nCopying vulnerability tests data... " if [ -d "${MOUNT_PATH}" ]; then [ -z "$KEEP_DATA" ] && rm -rf "${MOUNT_PATH}/"* cp -r "${STORAGE_PATH}/"* "${MOUNT_PATH}" state_dir=$(dirname ${STATE_FILE}) mkdir -p "${state_dir}" touch "${STATE_FILE}" if [ "$(id -u)" = "0" ]; then if [ -n "${USER_ID}" ]; then chown -R "${USER_ID}" "${MOUNT_PATH}" echo "changed user permissions to ${USER_ID}" fi if [ -n "${GROUP_ID}" ]; then chgrp -R "${GROUP_ID}" "${MOUNT_PATH}" echo "changed group permissions to ${GROUP_ID}" fi fi echo "files copied." else echo "nothing to do." fi if [ -n "${KEEP_ALIVE}" ]; then sleep infinity fi /bin #
Is there any way to disable syncing once it is synced once?
Offline Support for the Community Container is not supported, some commercial appliances does support Airgap and fully offline operations but the container needs at least feed access. You can try to add the feed.community.greenbone.net mapped to localhost to the local host file to get a faster timeout
I’ve mentioned this several times and it also listed at the community docs. The feed sync consists of two parts. First part is downloading the new feed content. Second part is loading the new content into databases. For the community containers part one is done by pulling new images and (re-)starting the data containers (see Workflows - Greenbone Community Documentation). If you don’t (re-)start the data containers part two will not be run.
This is the output, when I will restart the system
greenbone-community-container$ sudo docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES`
716a21e1487b registry.community.greenbone.net/community/gsa:stable “/usr/local/bin/entr…” 21 hours ago Up 21 hours 127.0.0.1:9392->80/tcp greenbone-community-edition-gsa-1
83470a2782e5 registry.community.greenbone.net/community/gvmd:stable “/usr/local/bin/entr…” 21 hours ago Up 21 hours greenbone-community-edition-gvmd-1`
2b5c46ac9c65 registry.community.greenbone.net/community/openvas-scanner:stable “/bin/sh -c /usr/loc…” 21 hours ago Up 21 hours greenbone-community-edition-openvasd-1
9ba4b72701a4 registry.community.greenbone.net/community/ospd-openvas:stable “/usr/bin/tini – /u…” 21 hours ago Up 21 hours greenbone-community-edition-ospd-openvas-1
924a39b3aff1 registry.community.greenbone.net/community/openvas-scanner:stable “/bin/sh -c 'cat /et…” 21 hours ago Up 21 hours greenbone-community-edition-openvas-1`
27c8664daf98 registry.community.greenbone.net/community/redis-server “docker-entrypoint.s…” 21 hours ago Up 21 hours 6379/tcp greenbone-community-edition-redis-server-1
8b2e9dc1698f registry.community.greenbone.net/community/pg-gvm:stable “/usr/local/bin/entr…” 21 hours ago Up 21 hours greenbone-community-edition-pg-gvm-1`
When I log in, the system shows the above containers. When I log in, it says Feed is syncing even on the offline system. What should I change so that it should JUST NOT do syncing on start? do I need to run any other data container or change any state flag?
I really need this please. The feeds are already downloaded. I tried exploring the /init.sh scripts but no help.
As I wrote, if you restart the data containers or the gvmd or openvas containers, a feed sync will happen. The daemons will read the feed content (again) and load it into the databases. Even in offline cases, because downloading (the online case) is only the first part of the feed sync.
And please format your output with three backticks for better readability. See Start Here/Read Me First - #3 by bricks for a detailed explanation and examples.
I don’t know what @immauss did with his containers. But again if the feed content files are updated in some kind, even just overridden with the same content, the daemons need to read them and need to update the databases.
If you don’t update the data and don’t restart the daemons no feed sync is run. If the message still shows up it is considered to be a bug.
@bricks I just have an environment variable that causes the sync not to run on startup. It’s primarily just for this type of scenario. Thought process being, if the feeds are in the image, and the image is updated, then there should be no need to sync. I’m also bundling a database, so if you start without the sync, the container can be up and ready to scan in less than 15 minutes when starting from Zero.
Thank you @immauss How easy is it possible to tweak the branding. I see you have done some image changes through branding.sh, but how can I restore the login page back to the original one? I want to give proper attribution to you through a footer credits though
@immauss I am using your container with the option sudo docker run -d -p 9392:9392 -e PASSWORD=“admin” -e SKIPSYNC=true --restart=always -v openvas:/data --name openvas immauss/openvas
the aim is to skip syncing, it works fine and skip syncing. but when I restart the system and the container starts automatically on startup, it shows feeds are syncing which is weird. I want to foce skipsnycing.
I am still not sure what you are doing actually. As I wrote several time, the feed sync consists of two phases. The downloading of the feed content and the loading of the feed content into the databases. Did you patch gvmd and openvas-scanner to not apply the second phase?
I am using @immauss custom openvas version, which allows skipping the feed sync, once the feed is synced, if we start the container without SKIPSYNC value, it just skip syncing and the machine is available more fastly
the aim is to skip syncing, it works fine and skip syncing. but when I restart the system and the container starts automatically on startup, it shows feeds are syncing which is weird. I want to foce skipsnycing.
yes this is what I was looking for, I want to patch the gvmd and make some updates to skip the scanning (@immauss is already doiing this but it is not persistent on restart)
I’m not skipping anything. I’m doing it in advance. The image ships with a backup of the database that is loaded before gvmd starts on initial image startup. I rebuild that database from the current feeds regularly. So, when you start with SKIPSYNC=true, it is as if you had started, run through both phases @bricks described, then restarted. No need to patch gvmd or openvas. Even if you do run the feedsync, it takes less time as it only needs to pull and update from the changes since the image was built. @sagox23662
As for rebranding … I think the branding.sh is a legacy …. The branding changes are mostly done in the build scripts for the image now. I’d have to look to be certain, but not easily reversed without rebuilding the image.
I’d have to look to be certain, but not easily reversed without rebuilding the image.
Thank you, it would be a great favor if you can redirect me to right scripts
So, when you start with SKIPSYNC=true, it is as if you had started
I am encountering a weird scenario, where if you start it with SKIPSYNC=true and restart your system, next time the container starts automatically but this time the feeds start syncing again. The SKIPSYNC is not persistent.
