GVMD Service 9390 Start Error

vif · April 16, 2025, 8:29am

Hello,

Greenbone CE is installed on docker container. I made the necessary adjustments in docker-compose.yml file. you can see below:

name: greenbone-community-edition

services:
  vulnerability-tests:
    image: registry.community.greenbone.net/community/vulnerability-tests
    environment:
      FEED_RELEASE: "24.10"
    volumes:
      - vt_data_vol:/mnt
    networks:
      - greenbone_net

  notus-data:
    image: registry.community.greenbone.net/community/notus-data
    volumes:
      - notus_data_vol:/mnt
    networks:
      - greenbone_net

  scap-data:
    image: registry.community.greenbone.net/community/scap-data
    volumes:
      - scap_data_vol:/mnt
    networks:
      - greenbone_net

  cert-bund-data:
    image: registry.community.greenbone.net/community/cert-bund-data
    volumes:
      - cert_data_vol:/mnt
    networks:
      - greenbone_net

  dfn-cert-data:
    image: registry.community.greenbone.net/community/dfn-cert-data
    volumes:
      - cert_data_vol:/mnt
    depends_on:
      - cert-bund-data
    networks:
      - greenbone_net

  data-objects:
    image: registry.community.greenbone.net/community/data-objects
    environment:
      FEED_RELEASE: "24.10"
    volumes:
      - data_objects_vol:/mnt
    networks:
      - greenbone_net

 report-formats:
    image: registry.community.greenbone.net/community/report-formats
    environment:
      FEED_RELEASE: "24.10"
    volumes:
      - data_objects_vol:/mnt
    depends_on:
      - data-objects
    networks:
      - greenbone_net

  gpg-data:
    image: registry.community.greenbone.net/community/gpg-data
    volumes:
      - gpg_data_vol:/mnt
    networks:
      - greenbone_net

  redis-server:
    image: registry.community.greenbone.net/community/redis-server
    restart: on-failure
    volumes:
      - redis_socket_vol:/run/redis/
    networks:
      - greenbone_net

  pg-gvm:
    image: registry.community.greenbone.net/community/pg-gvm:stable
    restart: on-failure
    ports:
      - "5432:5432"
    volumes:
      - psql_data_vol:/var/lib/postgresql
      - psql_socket_vol:/var/run/postgresql
    networks:
      - greenbone_net

  gvmd:
    image: registry.community.greenbone.net/community/gvmd:stable
    restart: on-failure
    environment:
      - "GVMD_LISTEN=0.0.0.0"
      - "GVMD_PORT=9390"
      - GVMD_POSTGRESQL_USERNAME=gvmd
      - GVMD_POSTGRESQL_PASSWORD=gvmd
    ports:
      - "9390:9390"
    networks:
      - greenbone_net
    volumes:
      - gvmd_socket_vol:/run/gvmd
      - gvmd_data_vol:/var/lib/gvm
      - scap_data_vol:/var/lib/gvm/scap-data/
      - cert_data_vol:/var/lib/gvm/cert-data
      - data_objects_vol:/var/lib/gvm/data-objects/gvmd
      - vt_data_vol:/var/lib/openvas/plugins
      - psql_data_vol:/var/lib/postgresql
      - ospd_openvas_socket_vol:/run/ospd
      - psql_socket_vol:/var/run/postgresql
    depends_on:
      pg-gvm:
        condition: service_started
      scap-data:
        condition: service_completed_successfully
      cert-bund-data:
        condition: service_completed_successfully
      dfn-cert-data:
        condition: service_completed_successfully
      data-objects:
        condition: service_completed_successfully
      report-formats:
        condition: service_completed_successfully
#    command:
#      - "--listen=0.0.0.0"
#      - "--port=9390"
#      - "--foreground"

  gsa:
    image: registry.community.greenbone.net/community/gsa:stable
    restart: on-failure
    ports:
      - 10.155.101.149:9392:80
    networks:
      - greenbone_net
    volumes:
      - /tmp/gvm/gvmd:/run/gvmd
    depends_on:
      - gvmd

  configure-openvas:
    image: registry.community.greenbone.net/community/openvas-scanner:stable
    volumes:
      - openvas_data_vol:/mnt
      - openvas_log_data_vol:/var/log/openvas
    command:
      - /bin/sh
      - -c
      - |
        printf "table_driven_lsc = yes\nopenvasd_server = http://openvasd:80\n" > /mnt/openvas.conf
        sed "s/127/128/" /etc/openvas/openvas_log.conf | sed 's/gvm/openvas/' > /mnt/openvas_log.conf
        chmod 644 /mnt/openvas.conf
        chmod 644 /mnt/openvas_log.conf
        touch /var/log/openvas/openvas.log
        chmod 666 /var/log/openvas/openvas.log
    networks:
      - greenbone_net

  openvas:
    image: registry.community.greenbone.net/community/openvas-scanner:stable
    restart: on-failure
    volumes:
      - openvas_data_vol:/etc/openvas
      - openvas_log_data_vol:/var/log/openvas
    command:
      - /bin/sh
      - -c
      - |
        cat /etc/openvas/openvas.conf
        tail -f /var/log/openvas/openvas.log
    depends_on:
      configure-openvas:
        condition: service_completed_successfully
    networks:
      - greenbone_net

  openvasd:
    image: registry.community.greenbone.net/community/openvas-scanner:stable
    restart: on-failure
    environment:
      OPENVASD_MODE: service_notus
      GNUPGHOME: /etc/openvas/gnupg
      LISTENING: 0.0.0.0:80
    volumes:
      - openvas_data_vol:/etc/openvas
      - openvas_log_data_vol:/var/log/openvas
      - gpg_data_vol:/etc/openvas/gnupg
      - notus_data_vol:/var/lib/notus
    depends_on:
      vulnerability-tests:
        condition: service_completed_successfully
      configure-openvas:
        condition: service_completed_successfully
      gpg-data:
        condition: service_completed_successfully
    networks:
      - greenbone_net

  ospd-openvas:
    image: registry.community.greenbone.net/community/ospd-openvas:stable
    restart: always
    hostname: ospd-openvas.local
    cap_add:
      - NET_ADMIN
      - NET_RAW
    security_opt:
      - seccomp=unconfined
      - apparmor=unconfined
    command:
      [
        "ospd-openvas",
        "-f",
        "--config",
        "/etc/gvm/ospd-openvas.conf",
        "--notus-feed-dir",
        "/var/lib/notus/advisories",
        "-m",
        "666",
      ]
    volumes:
      - gpg_data_vol:/etc/openvas/gnupg
      - vt_data_vol:/var/lib/openvas/plugins
      - notus_data_vol:/var/lib/notus
      - ospd_openvas_socket_vol:/run/ospd
      - redis_socket_vol:/run/redis/
      - openvas_data_vol:/etc/openvas/
      - openvas_log_data_vol:/var/log/openvas
    networks:
      - greenbone_net

  gvm-tools:
    image: registry.community.greenbone.net/community/gvm-tools
    volumes:
      - gvmd_socket_vol:/run/gvmd
      - ospd_openvas_socket_vol:/run/ospd
    depends_on:
      - gvmd
      - ospd-openvas
    networks:
      - greenbone_net

volumes:
  gpg_data_vol:
  scap_data_vol:
  cert_data_vol:
  data_objects_vol:
  gvmd_data_vol:
  psql_data_vol:
  vt_data_vol:
  notus_data_vol:
  psql_socket_vol:
  gvmd_socket_vol:
  ospd_openvas_socket_vol:
  redis_socket_vol:
  openvas_data_vol:
  openvas_log_data_vol:

networks:
  greenbone_net:
    external: true
    driver: bridge
    ipam:
      config:
        - subnet: 192.168.120.0/24
          gateway: 192.168.120.1

But the problem is that I can’t send gvm-cli commands from a different server, they are on the same VLAN. I can ping from my other server and access psql in gvmd.

But the gvmd service is not listening on port 9390. I have tried various methods. I try to start the GVMD service with port 9390 but it won’t start. –listen=666.

gvmd in container ps aux | grep gvmd output:

gvmd 1 0.0 0.0 2576 1560 ? Ss 08:06 0:00 /bin/sh /usr/local/bin/start-gvmd

gvmd 24 1.3 4. 1 498784 331660 ? SL 08:06 0:12 gvmd -f --listen-mode=666

root 277 0.0 0.0 3324 1604 pts/0 S+ 08:22 0:00 grep gvmd

The output of the sudo ss -tnlp | grep 9390 command I ran on my host:

LISTEN 0 4096 0.0.0.0.0:9390 0.0.0.0.0:* users:(("docker-proxy",pid=185801,fd=7))

LISTEN 0 4096 [:::]:9390 [:::]:* users:(("docker-proxy",pid=185809,fd=7))

Also, the PostgreSQL service is running on my GVMD server, port 5432 is open (accessible from my other server).

Can you help me to open port 9390 to the outside on my server?

bricks · April 16, 2025, 9:05am

Take a look at gvmd/.docker/start-gvmd.sh at main · greenbone/gvmd · GitHub to find out how to adjust the start arguments for gvmd. Btw. if you change gvmd to use TLS you need to adjust the start arguments of gsad too. Otherwise gsad would not be able to communicate with gvmd.

vif · April 16, 2025, 9:08am

Thanks for your reply. Should I write this in .sh file or in my docker-compose.yml file? I’ve been interested in this setup for a long time and your support is very much appreciated.

vif · April 16, 2025, 12:13pm

I don’t understand how to start it. can you help me in more detail?

bricks · April 17, 2025, 5:37am

When the docker container is started and the command is not overridden it runs the start-gvmd shell script, which is placed in the container image at /usr/local/bin/start-gvmd.

If you look at the start-gvmd.sh file you will see that there is a variable to set the desired start arguments for gvmd. This variable can be set via the environment.

barmeier · April 22, 2025, 4:57pm

Hi,

I added these lines to the docker-compose.yml in the gvmd section:

environment:
  - GVMD_ARGS=$GVMD_ARGS --port=9390 --listen=0.0.0.0
ports:
  - 9390:9390

But after adding this the gvmd container exited with the message:

 No scap data available

What is the correct way to enable remote access to gvmd ?

barmeier · April 24, 2025, 7:13am

The error message was not correct in my previous post. This is the relevant part of docker logs:

md main:MESSAGE:2025-04-22 16h46.56 utc:25: Greenbone Vulnerability Manager version 25.2.1 (DB revision 259)
md manage: INFO:2025-04-22 16h46.56 utc:25: Modifying setting.
md manage:MESSAGE:2025-04-22 16h46.56 utc:25: No SCAP database found