Latest docker (22.4) worked great last week, now is suddenly unstable and broken

Hi,

I’ve moved over to the docker version of 22.4 for a few weeks now and it has been fine up until the last few days. Everything used to work perfectly including SMB credentials scanning. (I have a test unpatched Win10 1809 to verify each build is doing as it should. ) In the last few days there seems to be a few more containers being pulled down and it is from this point that things have gone quite unstable.

I am also seeing differing results in scans aganist my test system. Importantly, over the last few days SMB credentials scanning has simply stopped working. Credentials scanning is not even acknoledged in the logs or scan reports as though is does not exist. A few weeks ago the same scan would print the results and status of the credentials used.

This should be easy to reproce. I’ve just reproduced the credentials issue on a blank Ubuntu 22.04 and then following the exact instrautions on the Greenone site @ Building 22.4 from Source - Greenbone Community Documentation, and then settting an a creditials scan against the same lab that all the over GVM versions can read no problem. I’ve even performed the tests using the same IP addresses to emlimiate all variations

Anyone else seeing this?

So you changed the Host system ? Please check your ressources …

We added new new containers for improved feed sync yesterday. See Improved Feed Sync for Greenbone Community Containers

But I don’t think this change has something to do with your issues if you tested a clean setup from scratch already. Is the scan otherwise run normally despite smb? Do you get some errors in the log? You need to check the openvas.log file in the ospd-openvas container too which is not printed in the docker-compose log at the moment.

2 Likes

hi there,
Yes it is a fully clean install. I’ve used the same install method for several weeks for a few of my clients without issue. In the last few days more containers come down and at the same time credentials scanning goes “deaf” Scans run ok, and otherwise everything else feels normal.

There are no errors in logs that I can see so far. I’ts a pretty easy problem to replicate. I’ve replicated it on 4 fresh separate systems now, some manually built, some with the provided script, but all end up with the same result. If I go back to my script for a source build of the same version its all fine.

I dont understand what you mean by changed the host? All I’m saying is that I can roll forward or backward on the same physical hardware and netowork addresses to test (this elimiates all other variables.) Rolling back to A GVM image built in the least 2 weeks and everything works ok. Using the exact same build method 2 weeks later, GVM no longer works with credential scanning.

At Docker & GVM 22.4 on Ubuntu 22.4: Community install script is broken. (credential scanning now not working but last week it did)) · Issue #2 · greenbone/greenbone-container-images · GitHub @davo listed two issues

  1. Scans of windows machines using SMB credentials stopped working in the last days with the Greenbone Community Containers. Using the source build still works.

  2. Despite having docker-compose installed the setup-and-start script still fails to detect it, exists and shows an error message.

2 Likes

I think I’ve found the culprit. openvas-smb is missing for the scanner in the container images. I am not sure why it ever worked ever but I am also not familiar with the Windows scanning at all. We will add openvas-smb in the next weeks.

3 Likes

I suppose ~/.local/bin is not in your PATH. We will adjust the docs (and the script) for a more reliable solution.

2 Likes

We also identified and fixed an issue that affected SMB login attempts during vulnerability scans. Please try out the newest version including Fix: set transport again if falls back in a unecrypted connection (backport #1190) by mergify[bot] · Pull Request #1191 · greenbone/openvas-scanner · GitHub to see if this improves the situation for you.

Note: Adding openvas-smb to the container images may still be necessary, I do not have any insight into this at the moment.

2 Likes

We are currently adding the project to our community containers!

1 Like

5 posts were split to a new topic: Compose file has errors

We have added openvas-smb to the openvas-scanner and ospd-openvas container images. Thus the issue should be fixed now.

2 Likes

I can confirm that SMB credential scans work again. Thankyou!

2 Likes

You are welcome