First Commit

Dockerfile

@@ -0,0 +1,151 @@
+FROM ubuntu:18.04
+
+ENV DEBIAN_FRONTEND=noninteractive
+ENV LANG=C.UTF-8
+
+COPY install-pkgs.sh /install-pkgs.sh
+
+RUN bash /install-pkgs.sh
+
+ENV gvm_libs_version="v11.0.0" \
+    openvas_scanner_version="v7.0.0" \
+    gvmd_version="v9.0.0" \
+    gsa_version="v9.0.0" \
+    gvm_tools_version="v2.0.0" \
+    openvas_smb="v1.0.5" \
+    open_scanner_protocol_daemon="v2.0.0" \
+    ospd_openvas="v1.0.0" \
+    python_gvm_version="v1.0.0"
+
+RUN echo "Starting Build..." && mkdir /build
+
+    #
+    # install libraries module for the Greenbone Vulnerability Management Solution
+    #
+
+RUN cd /build && \
+    wget --no-verbose https://github.com/greenbone/gvm-libs/archive/$gvm_libs_version.tar.gz && \
+    tar -zxf $gvm_libs_version.tar.gz && \
+    cd /build/*/ && \
+    mkdir build && \
+    cd build && \
+    cmake -DCMAKE_BUILD_TYPE=Release .. && \
+    make && \
+    make install && \
+    cd /build && \
+    rm -rf *
+
+    #
+    # install smb module for the OpenVAS Scanner
+    #
+
+RUN cd /build && \
+    wget --no-verbose https://github.com/greenbone/openvas-smb/archive/$openvas_smb.tar.gz && \
+    tar -zxf $openvas_smb.tar.gz && \
+    cd /build/*/ && \
+    mkdir build && \
+    cd build && \
+    cmake -DCMAKE_BUILD_TYPE=Release .. && \
+    make && \
+    make install && \
+    cd /build && \
+    rm -rf *
+
+    #
+    # Install Greenbone Vulnerability Manager (GVMD)
+    #
+
+RUN cd /build && \
+    wget --no-verbose https://github.com/greenbone/gvmd/archive/$gvmd_version.tar.gz && \
+    tar -zxf $gvmd_version.tar.gz && \
+    cd /build/*/ && \
+    mkdir build && \
+    cd build && \
+    cmake -DCMAKE_BUILD_TYPE=Release .. && \
+    make && \
+    make install && \
+    cd /build && \
+    rm -rf *
+
+    #
+    # Install Open Vulnerability Assessment System (OpenVAS) Scanner of the Greenbone Vulnerability Management (GVM) Solution
+    #
+
+RUN cd /build && \
+    wget --no-verbose https://github.com/greenbone/openvas-scanner/archive/$openvas_scanner_version.tar.gz && \
+    tar -zxf $openvas_scanner_version.tar.gz && \
+    cd /build/*/ && \
+    mkdir build && \
+    cd build && \
+    cmake -DCMAKE_BUILD_TYPE=Release .. && \
+    make && \
+    make install && \
+    cd /build && \
+    rm -rf *
+
+    #
+    # Install Greenbone Security Assistant (GSA)
+    #
+
+RUN cd /build && \
+    wget --no-verbose https://github.com/greenbone/gsa/archive/$gsa_version.tar.gz && \
+    tar -zxf $gsa_version.tar.gz && \
+    cd /build/*/ && \
+    mkdir build && \
+    cd build && \
+    cmake -DCMAKE_BUILD_TYPE=Release .. && \
+    make && \
+    make install && \
+    cd /build && \
+    rm -rf *
+
+    #
+    # Install Greenbone Vulnerability Management Python Library
+    #
+
+RUN cd /build && \
+    wget --no-verbose https://github.com/greenbone/python-gvm/archive/$python_gvm_version.tar.gz && \
+    tar -zxf $python_gvm_version.tar.gz && \
+    cd /build/*/ && \
+    python3 setup.py install && \
+    cd /build && \
+    rm -rf *
+
+    #
+    # Install Open Scanner Protocol daemon (OSPd)
+    #
+
+RUN cd /build && \
+    wget --no-verbose https://github.com/greenbone/ospd/archive/$open_scanner_protocol_daemon.tar.gz && \
+    tar -zxf $open_scanner_protocol_daemon.tar.gz && \
+    cd /build/*/ && \
+    python3 setup.py install && \
+    cd /build && \
+    rm -rf *
+
+    #
+    # Install Open Scanner Protocol for OpenVAS
+    #
+
+RUN cd /build && \
+    wget --no-verbose https://github.com/greenbone/ospd-openvas/archive/$ospd_openvas.tar.gz && \
+    tar -zxf $ospd_openvas.tar.gz && \
+    cd /build/*/ && \
+    python3 setup.py install && \
+    cd /build && \
+    rm -rf *
+
+    #
+    # Install GVM-Tools
+    #
+
+RUN cd /build && \
+    wget --no-verbose https://github.com/greenbone/gvm-tools/archive/$gvm_tools_version.tar.gz && \
+    tar -zxf $gvm_tools_version.tar.gz && \
+    cd /build/*/ && \
+    python3 setup.py install && \
+    echo "/usr/local/lib" > /etc/ld.so.conf.d/openvas.conf && ldconfig && cd / && rm -rf /build
+
+COPY scripts/* /
+
+CMD '/start.sh'

LICENSE

@@ -0,0 +1,21 @@
+MIT License
+
+Copyright (c) 2019 Secure Compliance Solutions LLC
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.

Readme.md

@@ -0,0 +1,103 @@
+
+
+NOTE: This was shamelesy copied from: https://github.com/Secure-Compliance-Solutions-LLC/GVM-Docker 
+I liked how they did things, but needed to make a few tweaks so I could import my old openvas DB from v7 -> v8 - v9. 
+The only major change in the end was adding "locales-all" to the list of installed packages so I wouldn't have to rebuild the database .... again." 
+
+In the future, I want to rewrite some of the build scripts to build from git pull, but for now, a stable build was more important. 
+
+-Scott
+
+
+# A Greenbone Vulnerability Management 11 Docker Image
+
+This docker image is based on GVM 11 but with a few package modifications. After years of successfully using the OpenVAS 8/9 package, maintained by the Kali project, we started having performance issues. After months of trying to tweak OpenVAS, with varying and short lived success, we decided to maintain our own packaged version of GVM 11. This was done to streamline the installation, cleanup, and improve reliability.
+
+## Important Note
+
+Currently the GVM reporting does not allow you to export reports containing more than 1000 lines. This is true for all report types. We have found a way around this limitation; however, it creates a problem with the webUI and the vulnerability data will take longer to load in the browser the higher you set the max rows. We have created a script that will allow you to set a custom rows per page value based on the size of your scan results. We have found that it isn't worth the hassle to try exporting reports with more than 15000 lines. 15000 seems to be the sweet spot that will usually work, provided you have enough RAM in the device used to access the web UI. 
+
+To implement this fix, run the following command AFTER you finished the rest of the setup.
+```bash
+docker exec -it gvm bash -exec "/reportFix.sh"
+```
+Note: we have used the container name gvm to be consistent with the rest of the documentation. Modify the command accordingly.
+
+
+
+## Deployment
+
+**Install docker**
+
+If you have Kali or Ubuntu you can use the docker.io package.
+```shell
+apt install docker.io
+```
+
+If you are using any debian based OS that does not have the docker.io package, you can follow [this guide](https://docs.docker.com/install/linux/docker-ce/debian/) 
+
+You can also use the docker install script by running:
+```bash
+curl https://get.docker.com | sh
+```
+
+**Run our container**
+
+This command will pull, create, and start the container:
+
+Without persistent volume:
+
+```shell
+docker run --detach --publish 8080:9392 -e PASSWORD="Your admin password here" --name gvm securecompliance/gvm
+```
+With persistent volume:
+
+```shell
+docker run --detach --publish 8080:9392 -e PASSWORD="Your admin password here" --volume gvm-data:/data --name gvm securecompliance/gvm
+```
+
+You can use whatever `--name` you'd like but for the sake of this guide we're using gvm.
+
+The `-p 8080:9392` switch will port forward `8080` on the host to `9392` (the container web interface port) in the docker container. Port `8080` was chosen only to avoid conflicts with any existing OpenVAS/GVM installation. You can change `8080` to any available port that you'd like.
+
+Depending on your hardware, it can take anywhere from a few seconds to 10 minutes while the NVTs are scanned and the database is rebuilt. **The default admin user account is created after this process has completed. If you are unable to access the web interface, it means it is still loading (be patient).**
+
+**Checking Deployment Progress**
+
+There is no easy way to estimate the remaining NVT loading time, but you can check if the NVTs have finished loading by running:
+```
+docker logs gvm
+```
+
+If you see "Your GVM 11 container is now ready to use!" then, you guessed it, your container is ready to use.
+
+## Accessing Web Interface
+
+Access web interface using the IP address of the docker host on port 8080 - `http://<IP address>:8080`
+
+Default credentials:
+```
+Username: admin
+Password: admin
+```
+
+## Monitoring Scan Progress
+
+This command will show you the GVM processes running inside the container:
+```
+docker top gvm
+```
+
+## Checking the GVM Logs
+
+All the logs from /usr/local/var/log/gvm/* can be viewed by running:
+```
+docker logs gvm
+```
+
+## Updating the NVTs
+
+The NVTs will update every time the container starts. Even if you leave your container running 24/7, the easiest way to update your NVTs is to restart the container.
+```
+docker restart gvm
+```