Hi, I am looking to test Greenbone Community Edition and followed the instructions in this documentation. There seem to be errors in the gvmd and ospd-openvas containers. Here is my docker-compose.yml:
version: '3.7'
services:
redis-server:
image: greenbone/redis-server:latest
container_name: gb-redis
restart: on-failure
environment:
PUID: 1000
PGID: 1000
TZ: America/Denver
cap_drop:
- ALL
volumes:
- redis_socket_vol:/run/redis/
gpg-data:
image: greenbone/gpg-data
container_name: gb-gpg
environment:
PUID: 1000
PGID: 1000
TZ: America/Denver
volumes:
- gpg_data_vol:/mnt
pg-gvm:
image: greenbone/pg-gvm:latest
container_name: gb-psql
restart: on-failure
environment:
PUID: 1000
PGID: 1000
TZ: America/Denver
volumes:
- psql_data_vol:/var/lib/postgresql
- psql_socket_vol:/var/run/postgresql
gvmd:
image: greenbone/gvmd:latest
container_name: gb-gvmd
restart: on-failure
environment:
PUID: 1000
PGID: 1000
TZ: 'America/Denver'
volumes:
- gvmd_data_vol:/var/lib/gvm
- vt_data_vol:/var/lib/openvas
- psql_data_vol:/var/lib/postgresql
- gvmd_socket_vol:/run/gvmd
- ospd_openvas_socket_vol:/run/ospd
- psql_socket_vol:/var/run/postgresql
depends_on:
- pg-gvm
gsa:
image: greenbone/gsa:latest
container_name: gb-gsa
restart: on-failure
environment:
PUID: 1000
PGID: 1000
TZ: America/Denver
ports:
- 9392:80
volumes:
- gvmd_socket_vol:/run/gvmd
depends_on:
- gvmd
ospd-openvas:
image: greenbone/ospd-openvas:22.4.0
container_name: gb-openvas
restart: on-failure
environment:
PUID: 1000
PGID: 1000
TZ: America/Denver
cap_add:
- NET_ADMIN # for capturing packages in promiscuous mode
- NET_RAW # for raw sockets e.g. used for the boreas alive detection
security_opt:
- seccomp=unconfined
- apparmor=unconfined
volumes:
- gpg_data_vol:/etc/openvas/gnupg
- vt_data_vol:/var/lib/openvas
- ospd_openvas_socket_vol:/run/ospd
- redis_socket_vol:/run/redis/
depends_on:
- redis-server
- gpg-data
networks:
default:
name: nginx-proxy-manager_default
external: true
volumes:
gpg_data_vol:
driver: local
driver_opts:
type: "nfs"
o: "addr=192.168.1.10,nfsvers=4.1,nolock,soft,rw"
device: ":/volume1/docker-volumes/greenbone-community/gpg_data"
gvmd_data_vol:
driver: local
driver_opts:
type: "nfs"
o: "addr=192.168.1.10,nfsvers=4.1,nolock,soft,rw"
device: ":/volume1/docker-volumes/greenbone-community/gvmd_data"
psql_data_vol:
driver: local
driver_opts:
type: "nfs"
o: "addr=192.168.1.10,nfsvers=4.1,nolock,soft,rw"
device: ":/volume1/docker-volumes/greenbone-community/psql_data"
vt_data_vol:
driver: local
driver_opts:
type: "nfs"
o: "addr=192.168.1.10,nfsvers=4.1,nolock,soft,rw"
device: ":/volume1/docker-volumes/greenbone-community/vt_data"
psql_socket_vol:
driver: local
driver_opts:
type: "nfs"
o: "addr=192.168.1.10,nfsvers=4.1,nolock,soft,rw"
device: ":/volume1/docker-volumes/greenbone-community/psql_socket"
gvmd_socket_vol:
driver: local
driver_opts:
type: "nfs"
o: "addr=192.168.1.10,nfsvers=4.1,nolock,soft,rw"
device: ":/volume1/docker-volumes/greenbone-community/gvmd_socket"
ospd_openvas_socket_vol:
driver: local
driver_opts:
type: "nfs"
o: "addr=192.168.1.10,nfsvers=4.1,nolock,soft,rw"
device: ":/volume1/docker-volumes/greenbone-community/ospd_openvas_socket"
redis_socket_vol:
driver: local
driver_opts:
type: "nfs"
o: "addr=192.168.1.10,nfsvers=4.1,nolock,soft,rw"
device: ":/volume1/docker-volumes/greenbone-community/redis_socket"
gvmd logs are:
md main:MESSAGE:2022-07-22 20h01.04 utc:62: Greenbone Vulnerability Manager version 22.4.0~dev1 (DB revision 250)
md manage:MESSAGE:2022-07-22 20h01.04 utc:63: No SCAP database found
md main:WARNING:2022-07-22 20h01.05 utc:63: The gvmd data feed directory /var/lib/gvm/data-objects/gvmd/22.04 or one of its subdirectories does not exist.
md manage:WARNING:2022-07-22 20h01.05 utc:83: update_scap: No SCAP db present, rebuilding SCAP db from scratch
md manage: INFO:2022-07-22 20h01.05 utc:83: update_scap: Updating data from feed
md manage:WARNING:2022-07-22 20h01.05 utc:83: update_scap_cpes: No CPE dictionary found at /var/lib/gvm/scap-data/official-cpe-dictionary_v2.2.xml
md manage:WARNING:2022-07-22 20h01.06 utc:84: osp_scanner_feed_version: failed to connect to /run/ospd/ospd-openvas.sock
md manage:WARNING:2022-07-22 20h01.15 utc:89: osp_scanner_feed_version: failed to connect to /run/ospd/ospd-openvas.sock
md manage:WARNING:2022-07-22 20h01.16 utc:88: update_scap: No SCAP db present, rebuilding SCAP db from scratch
md manage: INFO:2022-07-22 20h01.17 utc:88: update_scap: Updating data from feed
md manage:WARNING:2022-07-22 20h01.17 utc:88: update_scap_cpes: No CPE dictionary found at /var/lib/gvm/scap-data/official-cpe-dictionary_v2.2.xml
md manage:WARNING:2022-07-22 20h01.25 utc:93: update_scap: No SCAP db present, rebuilding SCAP db from scratch
The ospd-openvas container seems to have an error in the command line because I don’t think it’s starting based on the logs:
ospd-openvas: error: argument --disable-notus-hashsum-verification: expected one argument
usage: ospd-openvas [-h] [--version] [-s [CONFIG]] [--log-config [LOG_CONFIG]]
[-p PORT] [-b ADDRESS] [-u UNIX_SOCKET]
[--pid-file PID_FILE] [--lock-file-dir LOCK_FILE_DIR]
[-m SOCKET_MODE] [-k KEY_FILE] [-c CERT_FILE]
[--ca-file CA_FILE] [-L LOG_LEVEL] [-f]
[-t STREAM_TIMEOUT] [-l LOG_FILE] [--niceness NICENESS]
[--scaninfo-store-time SCANINFO_STORE_TIME]
[--list-commands] [--max-scans MAX_SCANS]
[--min-free-mem-scan-queue MIN_FREE_MEM_SCAN_QUEUE]
[--max-queued-scans MAX_QUEUED_SCANS]
[--mqtt-broker-address MQTT_BROKER_ADDRESS]
[--mqtt-broker-port MQTT_BROKER_PORT]
[--notus-feed-dir NOTUS_FEED_DIR]
I’ve tried using the oldstable image tags, but those don’t seem to work either.
Also somewhat unrelated, when I try to change the admin user password, it fails:
docker exec -it gb-gvmd gvmd --user=admin --new-password=<password>
Docker log from postgresql container:
2022-07-22 20:26:42.883 UTC [767] root@gvmd FATAL: role "root" does not exist
I can log into the web console with default credentials, but I can’t change the password in there. And I think there is no data because of the inability to load the SCAP database info.