I have a similar issue. Every time I use the latest NVT’s I got like 60k, but the repo says there is more than 160k NVT’s. How do I get all of it? I even open an issue in github: Failed to get all of NVT's using docker-compose latest containers · Issue #2308 · greenbone/gvmd · GitHub
I’m guessing that you’re using the community feed, which has a limited amount of NVTs in comparison to the enterprise feed. See here for more information.
I am not sure if it’s the case, locally I get the 140k NVT’s, and as I mentioned, if I update the images I get the more as well.
What image link are the enterprise feed?
Honestly, I’m a bit confused about the problem at hand here. Where do you get 60k NVTs and where do you get 140k? How do you check the amount?
Not sure if there even is a public image link for the enterprise feed as they don’t allow it on self hosted instances.
Basically when I spin up on VPS using podman-compose I got 70K
I was expecting this result when I spin up using docker-compose locally: 144K
Here the code I am using:
services:
vulnerability-tests:
image: registry.community.greenbone.net/community/vulnerability-tests
restart:
environment:
STORAGE_PATH: /var/lib/openvas/22.04/vt-data/nasl
volumes:
- vt_data_vol:/mnt
notus-data:
image: registry.community.greenbone.net/community/notus-data
volumes:
- notus_data_vol:/mnt
scap-data:
image: registry.community.greenbone.net/community/scap-data
volumes:
- scap_data_vol:/mnt
cert-bund-data:
image: registry.community.greenbone.net/community/cert-bund-data
volumes:
- cert_data_vol:/mnt
dfn-cert-data:
image: registry.community.greenbone.net/community/dfn-cert-data
volumes:
- cert_data_vol:/mnt
depends_on:
- cert-bund-data
data-objects:
image: registry.community.greenbone.net/community/data-objects
volumes:
- data_objects_vol:/mnt
report-formats:
image: registry.community.greenbone.net/community/report-formats
volumes:
- data_objects_vol:/mnt
depends_on:
- data-objects
gpg-data:
image: registry.community.greenbone.net/community/gpg-data
volumes:
- gpg_data_vol:/mnt
redis-server:
image: registry.community.greenbone.net/community/redis-server
restart: on-failure
volumes:
- redis_socket_vol:/run/redis/
pg-gvm:
image: registry.community.greenbone.net/community/pg-gvm:stable
restart: on-failure
ports:
- 5432:5432
volumes:
- psql_data_vol:/var/lib/postgresql
- psql_socket_vol:/var/run/postgresql
gvmd:
image: registry.community.greenbone.net/community/gvmd:stable
restart: on-failure
environment:
USER: admin
PASSWORD: adminpassword
GVMD_ARGS: --port=9390 --listen=0.0.0.0
ports:
- 9390:9390
command: >
/bin/bash -c "
gvm-manage-certs -V ||
gvm-manage-certs -a -C;
/usr/local/bin/start-gvmd
"
volumes:
- gvmd_data_vol:/var/lib/gvm
- scap_data_vol:/var/lib/gvm/scap-data/
- cert_data_vol:/var/lib/gvm/cert-data
- data_objects_vol:/var/lib/gvm/data-objects/gvmd
- vt_data_vol:/var/lib/openvas/plugins
- psql_data_vol:/var/lib/postgresql
- gvmd_socket_vol:/run/gvmd
- ospd_openvas_socket_vol:/run/ospd
- psql_socket_vol:/var/run/postgresql
depends_on:
- pg-gvm
- scap-data
- cert-bund-data
- dfn-cert-data
- data-objects
- report-formats
gsa:
image: registry.community.greenbone.net/community/gsa:stable
restart: on-failure
environment:
- GSAD_ARGS= --mlisten=gvmd --mport=9390 --port 9392 --http-only
# - GSAD_ARGS=--no-redirect --http-sts --gnutls-priorities=SECURE256:-VERS-TLS-ALL:+VERS-TLS1.2:+VERS-TLS1.3 --port=9392
ports:
- 9392:9392
volumes:
- gvmd_socket_vol:/run/gvmd
depends_on:
- gvmd
# Sets log level of openvas to the set LOG_LEVEL within the env
# and changes log output to /var/log/openvas instead /var/log/gvm
# to reduce likelyhood of unwanted log interferences
configure-openvas:
image: registry.community.greenbone.net/community/openvas-scanner:stable
volumes:
- openvas_data_vol:/mnt
- openvas_log_data_vol:/var/log/openvas
command:
- /bin/sh
- -c
- |
printf "table_driven_lsc = yes\nopenvasd_server = http://openvasd:80\n" > /mnt/openvas.conf
sed "s/127/128/" /etc/openvas/openvas_log.conf | sed 's/gvm/openvas/' > /mnt/openvas_log.conf
chmod 644 /mnt/openvas.conf
chmod 644 /mnt/openvas_log.conf
touch /var/log/openvas/openvas.log
chmod 666 /var/log/openvas/openvas.log
# shows logs of openvas
openvas:
image: registry.community.greenbone.net/community/openvas-scanner:stable
restart: on-failure
volumes:
- openvas_data_vol:/etc/openvas
- openvas_log_data_vol:/var/log/openvas
command:
- /bin/sh
- -c
- |
cat /etc/openvas/openvas.conf
tail -f /var/log/openvas/openvas.log
depends_on:
- configure-openvas
openvasd:
image: registry.community.greenbone.net/community/openvas-scanner:stable
restart: on-failure
environment:
# `service_notus` is set to disable everything but notus,
# if you want to utilize openvasd directly removed `OPENVASD_MODE`
OPENVASD_MODE: service_notus
GNUPGHOME: /etc/openvas/gnupg
LISTENING: 0.0.0.0:80
volumes:
- openvas_data_vol:/etc/openvas
- openvas_log_data_vol:/var/log/openvas
- gpg_data_vol:/etc/openvas/gnupg
- notus_data_vol:/var/lib/notus
# enable port forwarding when you want to use the http api from your host machine
ports:
- 3000:80
depends_on:
- vulnerability-tests
- configure-openvas
- gpg-data
networks:
default:
aliases:
- openvasd
ospd-openvas:
image: registry.community.greenbone.net/community/ospd-openvas:stable
restart: on-failure
hostname: ospd-openvas.local
cap_add:
- NET_ADMIN # for capturing packages in promiscuous mode
- NET_RAW # for raw sockets e.g. used for the boreas alive detection
security_opt:
- seccomp=unconfined
- apparmor=unconfined
command:
[
"ospd-openvas",
"-f",
"--config",
"/etc/gvm/ospd-openvas.conf",
"--mqtt-broker-address",
"mqtt-broker",
"--notus-feed-dir",
"/var/lib/notus/advisories",
"-m",
"666"
]
volumes:
- gpg_data_vol:/etc/openvas/gnupg
- vt_data_vol:/var/lib/openvas/plugins
- notus_data_vol:/var/lib/notus
- ospd_openvas_socket_vol:/run/ospd
- redis_socket_vol:/run/redis/
- openvas_data_vol:/etc/openvas/
- openvas_log_data_vol:/var/log/openvas
depends_on:
- redis-server
- gpg-data
- vulnerability-tests
- configure-openvas
gvm-tools:
image: registry.community.greenbone.net/community/gvm-tools
volumes:
- gvmd_socket_vol:/run/gvmd
- ospd_openvas_socket_vol:/run/ospd
depends_on:
- gvmd
- ospd-openvas
volumes:
gpg_data_vol:
scap_data_vol:
cert_data_vol:
data_objects_vol:
gvmd_data_vol:
psql_data_vol:
vt_data_vol:
notus_data_vol:
psql_socket_vol:
gvmd_socket_vol:
ospd_openvas_socket_vol:
redis_socket_vol:
openvas_data_vol:
openvas_log_data_vol:
I kind of solve the problem. The podman-compose implementation does not fully supports the depends_on and the gvdm relies on the ospd-openvas, therefore you must wait for it. Then the NVT’s are sync correctly.
1 Like