Hello,
Greenbone CE is installed on docker container. I made the necessary adjustments in docker-compose.yml file. you can see below:
name: greenbone-community-edition
services:
vulnerability-tests:
image: registry.community.greenbone.net/community/vulnerability-tests
environment:
FEED_RELEASE: "24.10"
volumes:
- vt_data_vol:/mnt
networks:
- greenbone_net
notus-data:
image: registry.community.greenbone.net/community/notus-data
volumes:
- notus_data_vol:/mnt
networks:
- greenbone_net
scap-data:
image: registry.community.greenbone.net/community/scap-data
volumes:
- scap_data_vol:/mnt
networks:
- greenbone_net
cert-bund-data:
image: registry.community.greenbone.net/community/cert-bund-data
volumes:
- cert_data_vol:/mnt
networks:
- greenbone_net
dfn-cert-data:
image: registry.community.greenbone.net/community/dfn-cert-data
volumes:
- cert_data_vol:/mnt
depends_on:
- cert-bund-data
networks:
- greenbone_net
data-objects:
image: registry.community.greenbone.net/community/data-objects
environment:
FEED_RELEASE: "24.10"
volumes:
- data_objects_vol:/mnt
networks:
- greenbone_net
report-formats:
image: registry.community.greenbone.net/community/report-formats
environment:
FEED_RELEASE: "24.10"
volumes:
- data_objects_vol:/mnt
depends_on:
- data-objects
networks:
- greenbone_net
gpg-data:
image: registry.community.greenbone.net/community/gpg-data
volumes:
- gpg_data_vol:/mnt
networks:
- greenbone_net
redis-server:
image: registry.community.greenbone.net/community/redis-server
restart: on-failure
volumes:
- redis_socket_vol:/run/redis/
networks:
- greenbone_net
pg-gvm:
image: registry.community.greenbone.net/community/pg-gvm:stable
restart: on-failure
ports:
- "5432:5432"
volumes:
- psql_data_vol:/var/lib/postgresql
- psql_socket_vol:/var/run/postgresql
networks:
- greenbone_net
gvmd:
image: registry.community.greenbone.net/community/gvmd:stable
restart: on-failure
environment:
- "GVMD_LISTEN=0.0.0.0"
- "GVMD_PORT=9390"
- GVMD_POSTGRESQL_USERNAME=gvmd
- GVMD_POSTGRESQL_PASSWORD=gvmd
ports:
- "9390:9390"
networks:
- greenbone_net
volumes:
- gvmd_socket_vol:/run/gvmd
- gvmd_data_vol:/var/lib/gvm
- scap_data_vol:/var/lib/gvm/scap-data/
- cert_data_vol:/var/lib/gvm/cert-data
- data_objects_vol:/var/lib/gvm/data-objects/gvmd
- vt_data_vol:/var/lib/openvas/plugins
- psql_data_vol:/var/lib/postgresql
- ospd_openvas_socket_vol:/run/ospd
- psql_socket_vol:/var/run/postgresql
depends_on:
pg-gvm:
condition: service_started
scap-data:
condition: service_completed_successfully
cert-bund-data:
condition: service_completed_successfully
dfn-cert-data:
condition: service_completed_successfully
data-objects:
condition: service_completed_successfully
report-formats:
condition: service_completed_successfully
# command:
# - "--listen=0.0.0.0"
# - "--port=9390"
# - "--foreground"
gsa:
image: registry.community.greenbone.net/community/gsa:stable
restart: on-failure
ports:
- 10.155.101.149:9392:80
networks:
- greenbone_net
volumes:
- /tmp/gvm/gvmd:/run/gvmd
depends_on:
- gvmd
configure-openvas:
image: registry.community.greenbone.net/community/openvas-scanner:stable
volumes:
- openvas_data_vol:/mnt
- openvas_log_data_vol:/var/log/openvas
command:
- /bin/sh
- -c
- |
printf "table_driven_lsc = yes\nopenvasd_server = http://openvasd:80\n" > /mnt/openvas.conf
sed "s/127/128/" /etc/openvas/openvas_log.conf | sed 's/gvm/openvas/' > /mnt/openvas_log.conf
chmod 644 /mnt/openvas.conf
chmod 644 /mnt/openvas_log.conf
touch /var/log/openvas/openvas.log
chmod 666 /var/log/openvas/openvas.log
networks:
- greenbone_net
openvas:
image: registry.community.greenbone.net/community/openvas-scanner:stable
restart: on-failure
volumes:
- openvas_data_vol:/etc/openvas
- openvas_log_data_vol:/var/log/openvas
command:
- /bin/sh
- -c
- |
cat /etc/openvas/openvas.conf
tail -f /var/log/openvas/openvas.log
depends_on:
configure-openvas:
condition: service_completed_successfully
networks:
- greenbone_net
openvasd:
image: registry.community.greenbone.net/community/openvas-scanner:stable
restart: on-failure
environment:
OPENVASD_MODE: service_notus
GNUPGHOME: /etc/openvas/gnupg
LISTENING: 0.0.0.0:80
volumes:
- openvas_data_vol:/etc/openvas
- openvas_log_data_vol:/var/log/openvas
- gpg_data_vol:/etc/openvas/gnupg
- notus_data_vol:/var/lib/notus
depends_on:
vulnerability-tests:
condition: service_completed_successfully
configure-openvas:
condition: service_completed_successfully
gpg-data:
condition: service_completed_successfully
networks:
- greenbone_net
ospd-openvas:
image: registry.community.greenbone.net/community/ospd-openvas:stable
restart: always
hostname: ospd-openvas.local
cap_add:
- NET_ADMIN
- NET_RAW
security_opt:
- seccomp=unconfined
- apparmor=unconfined
command:
[
"ospd-openvas",
"-f",
"--config",
"/etc/gvm/ospd-openvas.conf",
"--notus-feed-dir",
"/var/lib/notus/advisories",
"-m",
"666",
]
volumes:
- gpg_data_vol:/etc/openvas/gnupg
- vt_data_vol:/var/lib/openvas/plugins
- notus_data_vol:/var/lib/notus
- ospd_openvas_socket_vol:/run/ospd
- redis_socket_vol:/run/redis/
- openvas_data_vol:/etc/openvas/
- openvas_log_data_vol:/var/log/openvas
networks:
- greenbone_net
gvm-tools:
image: registry.community.greenbone.net/community/gvm-tools
volumes:
- gvmd_socket_vol:/run/gvmd
- ospd_openvas_socket_vol:/run/ospd
depends_on:
- gvmd
- ospd-openvas
networks:
- greenbone_net
volumes:
gpg_data_vol:
scap_data_vol:
cert_data_vol:
data_objects_vol:
gvmd_data_vol:
psql_data_vol:
vt_data_vol:
notus_data_vol:
psql_socket_vol:
gvmd_socket_vol:
ospd_openvas_socket_vol:
redis_socket_vol:
openvas_data_vol:
openvas_log_data_vol:
networks:
greenbone_net:
external: true
driver: bridge
ipam:
config:
- subnet: 192.168.120.0/24
gateway: 192.168.120.1
But the problem is that I can’t send gvm-cli commands from a different server, they are on the same VLAN. I can ping from my other server and access psql in gvmd.
But the gvmd service is not listening on port 9390. I have tried various methods. I try to start the GVMD service with port 9390 but it won’t start. –listen=666.
gvmd in container ps aux | grep gvmd output:
gvmd 1 0.0 0.0 2576 1560 ? Ss 08:06 0:00 /bin/sh /usr/local/bin/start-gvmd
gvmd 24 1.3 4. 1 498784 331660 ? SL 08:06 0:12 gvmd -f --listen-mode=666
root 277 0.0 0.0 3324 1604 pts/0 S+ 08:22 0:00 grep gvmd
The output of the sudo ss -tnlp | grep 9390 command I ran on my host:
LISTEN 0 4096 0.0.0.0.0:9390 0.0.0.0.0:* users:(("docker-proxy",pid=185801,fd=7))
LISTEN 0 4096 [:::]:9390 [:::]:* users:(("docker-proxy",pid=185809,fd=7))
Also, the PostgreSQL service is running on my GVMD server, port 5432 is open (accessible from my other server).
Can you help me to open port 9390 to the outside on my server?