diff --git a/Dockerfile b/Dockerfile new file mode 100644 index 0000000..06cf02a --- /dev/null +++ b/Dockerfile @@ -0,0 +1,151 @@ +FROM ubuntu:18.04 + +ENV DEBIAN_FRONTEND=noninteractive +ENV LANG=C.UTF-8 + +COPY install-pkgs.sh /install-pkgs.sh + +RUN bash /install-pkgs.sh + +ENV gvm_libs_version="v11.0.0" \ + openvas_scanner_version="v7.0.0" \ + gvmd_version="v9.0.0" \ + gsa_version="v9.0.0" \ + gvm_tools_version="v2.0.0" \ + openvas_smb="v1.0.5" \ + open_scanner_protocol_daemon="v2.0.0" \ + ospd_openvas="v1.0.0" \ + python_gvm_version="v1.0.0" + +RUN echo "Starting Build..." && mkdir /build + + # + # install libraries module for the Greenbone Vulnerability Management Solution + # + +RUN cd /build && \ + wget --no-verbose https://github.com/greenbone/gvm-libs/archive/$gvm_libs_version.tar.gz && \ + tar -zxf $gvm_libs_version.tar.gz && \ + cd /build/*/ && \ + mkdir build && \ + cd build && \ + cmake -DCMAKE_BUILD_TYPE=Release .. && \ + make && \ + make install && \ + cd /build && \ + rm -rf * + + # + # install smb module for the OpenVAS Scanner + # + +RUN cd /build && \ + wget --no-verbose https://github.com/greenbone/openvas-smb/archive/$openvas_smb.tar.gz && \ + tar -zxf $openvas_smb.tar.gz && \ + cd /build/*/ && \ + mkdir build && \ + cd build && \ + cmake -DCMAKE_BUILD_TYPE=Release .. && \ + make && \ + make install && \ + cd /build && \ + rm -rf * + + # + # Install Greenbone Vulnerability Manager (GVMD) + # + +RUN cd /build && \ + wget --no-verbose https://github.com/greenbone/gvmd/archive/$gvmd_version.tar.gz && \ + tar -zxf $gvmd_version.tar.gz && \ + cd /build/*/ && \ + mkdir build && \ + cd build && \ + cmake -DCMAKE_BUILD_TYPE=Release .. && \ + make && \ + make install && \ + cd /build && \ + rm -rf * + + # + # Install Open Vulnerability Assessment System (OpenVAS) Scanner of the Greenbone Vulnerability Management (GVM) Solution + # + +RUN cd /build && \ + wget --no-verbose https://github.com/greenbone/openvas-scanner/archive/$openvas_scanner_version.tar.gz && \ + tar -zxf $openvas_scanner_version.tar.gz && \ + cd /build/*/ && \ + mkdir build && \ + cd build && \ + cmake -DCMAKE_BUILD_TYPE=Release .. && \ + make && \ + make install && \ + cd /build && \ + rm -rf * + + # + # Install Greenbone Security Assistant (GSA) + # + +RUN cd /build && \ + wget --no-verbose https://github.com/greenbone/gsa/archive/$gsa_version.tar.gz && \ + tar -zxf $gsa_version.tar.gz && \ + cd /build/*/ && \ + mkdir build && \ + cd build && \ + cmake -DCMAKE_BUILD_TYPE=Release .. && \ + make && \ + make install && \ + cd /build && \ + rm -rf * + + # + # Install Greenbone Vulnerability Management Python Library + # + +RUN cd /build && \ + wget --no-verbose https://github.com/greenbone/python-gvm/archive/$python_gvm_version.tar.gz && \ + tar -zxf $python_gvm_version.tar.gz && \ + cd /build/*/ && \ + python3 setup.py install && \ + cd /build && \ + rm -rf * + + # + # Install Open Scanner Protocol daemon (OSPd) + # + +RUN cd /build && \ + wget --no-verbose https://github.com/greenbone/ospd/archive/$open_scanner_protocol_daemon.tar.gz && \ + tar -zxf $open_scanner_protocol_daemon.tar.gz && \ + cd /build/*/ && \ + python3 setup.py install && \ + cd /build && \ + rm -rf * + + # + # Install Open Scanner Protocol for OpenVAS + # + +RUN cd /build && \ + wget --no-verbose https://github.com/greenbone/ospd-openvas/archive/$ospd_openvas.tar.gz && \ + tar -zxf $ospd_openvas.tar.gz && \ + cd /build/*/ && \ + python3 setup.py install && \ + cd /build && \ + rm -rf * + + # + # Install GVM-Tools + # + +RUN cd /build && \ + wget --no-verbose https://github.com/greenbone/gvm-tools/archive/$gvm_tools_version.tar.gz && \ + tar -zxf $gvm_tools_version.tar.gz && \ + cd /build/*/ && \ + python3 setup.py install && \ + echo "/usr/local/lib" > /etc/ld.so.conf.d/openvas.conf && ldconfig && cd / && rm -rf /build + +COPY scripts/* / + +CMD '/start.sh' diff --git a/LICENSE b/LICENSE new file mode 100644 index 0000000..e4e7d72 --- /dev/null +++ b/LICENSE @@ -0,0 +1,21 @@ +MIT License + +Copyright (c) 2019 Secure Compliance Solutions LLC + +Permission is hereby granted, free of charge, to any person obtaining a copy +of this software and associated documentation files (the "Software"), to deal +in the Software without restriction, including without limitation the rights +to use, copy, modify, merge, publish, distribute, sublicense, and/or sell +copies of the Software, and to permit persons to whom the Software is +furnished to do so, subject to the following conditions: + +The above copyright notice and this permission notice shall be included in all +copies or substantial portions of the Software. + +THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR +IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, +FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE +AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER +LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, +OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE +SOFTWARE. diff --git a/Readme.md b/Readme.md new file mode 100644 index 0000000..2ce24a0 --- /dev/null +++ b/Readme.md @@ -0,0 +1,103 @@ + + +NOTE: This was shamelesy copied from: https://github.com/Secure-Compliance-Solutions-LLC/GVM-Docker +I liked how they did things, but needed to make a few tweaks so I could import my old openvas DB from v7 -> v8 - v9. +The only major change in the end was adding "locales-all" to the list of installed packages so I wouldn't have to rebuild the database .... again." + +In the future, I want to rewrite some of the build scripts to build from git pull, but for now, a stable build was more important. + +-Scott + + +# A Greenbone Vulnerability Management 11 Docker Image + +This docker image is based on GVM 11 but with a few package modifications. After years of successfully using the OpenVAS 8/9 package, maintained by the Kali project, we started having performance issues. After months of trying to tweak OpenVAS, with varying and short lived success, we decided to maintain our own packaged version of GVM 11. This was done to streamline the installation, cleanup, and improve reliability. + +## Important Note + +Currently the GVM reporting does not allow you to export reports containing more than 1000 lines. This is true for all report types. We have found a way around this limitation; however, it creates a problem with the webUI and the vulnerability data will take longer to load in the browser the higher you set the max rows. We have created a script that will allow you to set a custom rows per page value based on the size of your scan results. We have found that it isn't worth the hassle to try exporting reports with more than 15000 lines. 15000 seems to be the sweet spot that will usually work, provided you have enough RAM in the device used to access the web UI. + +To implement this fix, run the following command AFTER you finished the rest of the setup. +```bash +docker exec -it gvm bash -exec "/reportFix.sh" +``` +Note: we have used the container name gvm to be consistent with the rest of the documentation. Modify the command accordingly. + + + +## Deployment + +**Install docker** + +If you have Kali or Ubuntu you can use the docker.io package. +```shell +apt install docker.io +``` + +If you are using any debian based OS that does not have the docker.io package, you can follow [this guide](https://docs.docker.com/install/linux/docker-ce/debian/) + +You can also use the docker install script by running: +```bash +curl https://get.docker.com | sh +``` + +**Run our container** + +This command will pull, create, and start the container: + +Without persistent volume: + +```shell +docker run --detach --publish 8080:9392 -e PASSWORD="Your admin password here" --name gvm securecompliance/gvm +``` +With persistent volume: + +```shell +docker run --detach --publish 8080:9392 -e PASSWORD="Your admin password here" --volume gvm-data:/data --name gvm securecompliance/gvm +``` + +You can use whatever `--name` you'd like but for the sake of this guide we're using gvm. + +The `-p 8080:9392` switch will port forward `8080` on the host to `9392` (the container web interface port) in the docker container. Port `8080` was chosen only to avoid conflicts with any existing OpenVAS/GVM installation. You can change `8080` to any available port that you'd like. + +Depending on your hardware, it can take anywhere from a few seconds to 10 minutes while the NVTs are scanned and the database is rebuilt. **The default admin user account is created after this process has completed. If you are unable to access the web interface, it means it is still loading (be patient).** + +**Checking Deployment Progress** + +There is no easy way to estimate the remaining NVT loading time, but you can check if the NVTs have finished loading by running: +``` +docker logs gvm +``` + +If you see "Your GVM 11 container is now ready to use!" then, you guessed it, your container is ready to use. + +## Accessing Web Interface + +Access web interface using the IP address of the docker host on port 8080 - `http://:8080` + +Default credentials: +``` +Username: admin +Password: admin +``` + +## Monitoring Scan Progress + +This command will show you the GVM processes running inside the container: +``` +docker top gvm +``` + +## Checking the GVM Logs + +All the logs from /usr/local/var/log/gvm/* can be viewed by running: +``` +docker logs gvm +``` + +## Updating the NVTs + +The NVTs will update every time the container starts. Even if you leave your container running 24/7, the easiest way to update your NVTs is to restart the container. +``` +docker restart gvm +``` diff --git a/build-10.sh b/build-10.sh new file mode 100644 index 0000000..e51812a --- /dev/null +++ b/build-10.sh @@ -0,0 +1,144 @@ +export LANG="C.UTF-8" + + +bash ./install-pkgs.sh + +gvm_libs_version="v10.0.0" \ +openvas_scanner_version="v7.0.0" \ +gvmd_version="v8.0.0" \ +gsa_version="v9.0.0" \ +gvm_tools_version="v2.0.0" \ +openvas_smb="v1.0.5" \ +open_scanner_protocol_daemon="v2.0.0" \ +ospd_openvas="v1.0.0" \ +python_gvm_version="v1.0.0" + +echo "Starting Build..." && mkdir /build + + # + # install libraries module for the Greenbone Vulnerability Management Solution + # +mkdir /build +cd /build && \ + wget --no-verbose https://github.com/greenbone/gvm-libs/archive/$gvm_libs_version.tar.gz && \ + tar -zxf $gvm_libs_version.tar.gz && \ + cd /build/*/ && \ + mkdir build && \ + cd build && \ + cmake -DCMAKE_BUILD_TYPE=Release .. && \ + make -j 4 && \ + make install && \ + cd /build && \ + rm -rf * + + # + # install smb module for the OpenVAS Scanner + # + +cd /build && \ + wget --no-verbose https://github.com/greenbone/openvas-smb/archive/$openvas_smb.tar.gz && \ + tar -zxf $openvas_smb.tar.gz && \ + cd /build/*/ && \ + mkdir build && \ + cd build && \ + cmake -DCMAKE_BUILD_TYPE=Release .. && \ + make -j 4 && \ + make install && \ + cd /build && \ + rm -rf * + + # + # Install Greenbone Vulnerability Manager (GVMD) + # + +cd /build && \ + wget --no-verbose https://github.com/greenbone/gvmd/archive/$gvmd_version.tar.gz && \ + tar -zxf $gvmd_version.tar.gz && \ + cd /build/*/ && \ + mkdir build && \ + cd build && \ + cmake -DCMAKE_BUILD_TYPE=Release .. && \ + make -j 4 && \ + make install && \ + cd /build && \ + rm -rf * + exit + # + # Install Open Vulnerability Assessment System (OpenVAS) Scanner of the Greenbone Vulnerability Management (GVM) Solution + # + +cd /build && \ + wget --no-verbose https://github.com/greenbone/openvas-scanner/archive/$openvas_scanner_version.tar.gz && \ + tar -zxf $openvas_scanner_version.tar.gz && \ + cd /build/*/ && \ + mkdir build && \ + cd build && \ + cmake -DCMAKE_BUILD_TYPE=Release .. && \ + make && \ + make install && \ + cd /build && \ + rm -rf * + + # + # Install Greenbone Security Assistant (GSA) + # + +cd /build && \ + wget --no-verbose https://github.com/greenbone/gsa/archive/$gsa_version.tar.gz && \ + tar -zxf $gsa_version.tar.gz && \ + cd /build/*/ && \ + mkdir build && \ + cd build && \ + cmake -DCMAKE_BUILD_TYPE=Release .. && \ + make && \ + make install && \ + cd /build && \ + rm -rf * + + # + # Install Greenbone Vulnerability Management Python Library + # + +cd /build && \ + wget --no-verbose https://github.com/greenbone/python-gvm/archive/$python_gvm_version.tar.gz && \ + tar -zxf $python_gvm_version.tar.gz && \ + cd /build/*/ && \ + python3 setup.py install && \ + cd /build && \ + rm -rf * + + # + # Install Open Scanner Protocol daemon (OSPd) + # + +cd /build && \ + wget --no-verbose https://github.com/greenbone/ospd/archive/$open_scanner_protocol_daemon.tar.gz && \ + tar -zxf $open_scanner_protocol_daemon.tar.gz && \ + cd /build/*/ && \ + python3 setup.py install && \ + cd /build && \ + rm -rf * + + # + # Install Open Scanner Protocol for OpenVAS + # + +cd /build && \ + wget --no-verbose https://github.com/greenbone/ospd-openvas/archive/$ospd_openvas.tar.gz && \ + tar -zxf $ospd_openvas.tar.gz && \ + cd /build/*/ && \ + python3 setup.py install && \ + cd /build && \ + rm -rf * + + # + # Install GVM-Tools + # + +cd /build && \ + wget --no-verbose https://github.com/greenbone/gvm-tools/archive/$gvm_tools_version.tar.gz && \ + tar -zxf $gvm_tools_version.tar.gz && \ + cd /build/*/ && \ + python3 setup.py install && \ + echo "/usr/local/lib" > /etc/ld.so.conf.d/openvas.conf && ldconfig && cd / && rm -rf /build + diff --git a/build.sh b/build.sh new file mode 100644 index 0000000..317cd9d --- /dev/null +++ b/build.sh @@ -0,0 +1,144 @@ +export LANG="C.UTF-8" + + +bash ./install-pkgs.sh + +gvm_libs_version="v11.0.0" \ +openvas_scanner_version="v7.0.0" \ +gvmd_version="v9.0.0" \ +gsa_version="v9.0.0" \ +gvm_tools_version="v2.0.0" \ +openvas_smb="v1.0.5" \ +open_scanner_protocol_daemon="v2.0.0" \ +ospd_openvas="v1.0.0" \ +python_gvm_version="v1.0.0" + +echo "Starting Build..." && mkdir /build + + # + # install libraries module for the Greenbone Vulnerability Management Solution + # +mkdir /build +cd /build && \ + wget --no-verbose https://github.com/greenbone/gvm-libs/archive/$gvm_libs_version.tar.gz && \ + tar -zxf $gvm_libs_version.tar.gz && \ + cd /build/*/ && \ + mkdir build && \ + cd build && \ + cmake -DCMAKE_BUILD_TYPE=Release .. && \ + make && \ + make install && \ + cd /build && \ + rm -rf * + + # + # install smb module for the OpenVAS Scanner + # + +cd /build && \ + wget --no-verbose https://github.com/greenbone/openvas-smb/archive/$openvas_smb.tar.gz && \ + tar -zxf $openvas_smb.tar.gz && \ + cd /build/*/ && \ + mkdir build && \ + cd build && \ + cmake -DCMAKE_BUILD_TYPE=Release .. && \ + make && \ + make install && \ + cd /build && \ + rm -rf * + + # + # Install Greenbone Vulnerability Manager (GVMD) + # + +cd /build && \ + wget --no-verbose https://github.com/greenbone/gvmd/archive/$gvmd_version.tar.gz && \ + tar -zxf $gvmd_version.tar.gz && \ + cd /build/*/ && \ + mkdir build && \ + cd build && \ + cmake -DCMAKE_BUILD_TYPE=Release .. && \ + make && \ + make install && \ + cd /build && \ + rm -rf * + + # + # Install Open Vulnerability Assessment System (OpenVAS) Scanner of the Greenbone Vulnerability Management (GVM) Solution + # + +cd /build && \ + wget --no-verbose https://github.com/greenbone/openvas-scanner/archive/$openvas_scanner_version.tar.gz && \ + tar -zxf $openvas_scanner_version.tar.gz && \ + cd /build/*/ && \ + mkdir build && \ + cd build && \ + cmake -DCMAKE_BUILD_TYPE=Release .. && \ + make && \ + make install && \ + cd /build && \ + rm -rf * + + # + # Install Greenbone Security Assistant (GSA) + # + +cd /build && \ + wget --no-verbose https://github.com/greenbone/gsa/archive/$gsa_version.tar.gz && \ + tar -zxf $gsa_version.tar.gz && \ + cd /build/*/ && \ + mkdir build && \ + cd build && \ + cmake -DCMAKE_BUILD_TYPE=Release .. && \ + make && \ + make install && \ + cd /build && \ + rm -rf * + + # + # Install Greenbone Vulnerability Management Python Library + # + +cd /build && \ + wget --no-verbose https://github.com/greenbone/python-gvm/archive/$python_gvm_version.tar.gz && \ + tar -zxf $python_gvm_version.tar.gz && \ + cd /build/*/ && \ + python3 setup.py install && \ + cd /build && \ + rm -rf * + + # + # Install Open Scanner Protocol daemon (OSPd) + # + +cd /build && \ + wget --no-verbose https://github.com/greenbone/ospd/archive/$open_scanner_protocol_daemon.tar.gz && \ + tar -zxf $open_scanner_protocol_daemon.tar.gz && \ + cd /build/*/ && \ + python3 setup.py install && \ + cd /build && \ + rm -rf * + + # + # Install Open Scanner Protocol for OpenVAS + # + +cd /build && \ + wget --no-verbose https://github.com/greenbone/ospd-openvas/archive/$ospd_openvas.tar.gz && \ + tar -zxf $ospd_openvas.tar.gz && \ + cd /build/*/ && \ + python3 setup.py install && \ + cd /build && \ + rm -rf * + + # + # Install GVM-Tools + # + +cd /build && \ + wget --no-verbose https://github.com/greenbone/gvm-tools/archive/$gvm_tools_version.tar.gz && \ + tar -zxf $gvm_tools_version.tar.gz && \ + cd /build/*/ && \ + python3 setup.py install && \ + echo "/usr/local/lib" > /etc/ld.so.conf.d/openvas.conf && ldconfig && cd / && rm -rf /build + diff --git a/install-pkgs.sh b/install-pkgs.sh new file mode 100644 index 0000000..9e76a9a --- /dev/null +++ b/install-pkgs.sh @@ -0,0 +1,78 @@ +#!/bin/bash + +apt-get update + +{ cat < $CERT_DIR/feed.xml + +CERT +$FEED_NAME +$FEED_VERSION +$FEED_VENDOR +$FEED_HOME + +This script synchronizes a CERT collection with the '$FEED_NAME'. +The '$FEED_NAME' is provided by '$FEED_VENDOR'. +Online information about this feed: '$FEED_HOME'. + + +EOF diff --git a/scripts/reportFix.sh b/scripts/reportFix.sh new file mode 100755 index 0000000..6f309bd --- /dev/null +++ b/scripts/reportFix.sh @@ -0,0 +1,61 @@ +#!/bin/bash + +numCheck='^[0-9]+$' + +abortChange(){ + if ! [[ $? -eq 0 ]]; then echo "Aborted, no changes have been made" && exit 1; fi +} + +reportRows(){ + reportRPP=$(whiptail --inputbox "How many rows do you need to export your report?" 10 30 3>&1 1>&2 2>&3) +} + +webRows(){ + webRPP=$(whiptail --inputbox "How many rows per page would you like to display in the web UI?" 10 30 3>&1 1>&2 2>&3) +} + + +whiptail --title "Modify Rows Per Page Setting" --msgbox "This tool allows you to modify the max_rows_per_page setting. A larger number will allow you to export more data, but it will make the web UI load much slower. Any scan with more than 15000 results should be broken into multiple scans. For more details, please view our github README" 15 60 + +# patching functions +exportingPatch(){ +reportRows +abortChange +while ! [[ $reportRPP =~ $numCheck ]]; do + whiptail --msgbox "Please enter a valid integer" 10 30 + reportRows + abortChange +done +su -c "gvmd --modify-setting 76374a7a-0569-11e6-b6da-28d24461215b --value ${reportRPP}" gvm +} +webUIPatch(){ +webRows +abortChange +while ! [[ $webRPP =~ $numCheck ]]; do + whiptail --msgbox "Please enter a valid integer" 10 30 + webRows + abortChange +done +su -c "gvmd --modify-setting 76374a7a-0569-11e6-b6da-28d24461215b --value ${webRPP}" gvm +} + +fixMenu=$( +whiptail --title "GVM Reporting Fix" --menu "Please select an option:" 15 75 3 \ + '1)' "Exporting Patch - Export more than 1000 lines in reports" \ + '2)' "WebUI Patch - Be able to view report data in the web interface" \ + 'X)' "exit" 3>&2 2>&1 1>&3 +) +abortChange + +case $fixMenu in + "1)") + exportingPatch + ;; + "2)") + webUIPatch + ;; + "X)") + exit + ;; +esac + diff --git a/scripts/scap-data-sync.sh b/scripts/scap-data-sync.sh new file mode 100755 index 0000000..7be7784 --- /dev/null +++ b/scripts/scap-data-sync.sh @@ -0,0 +1,31 @@ +#!/usr/bin/env bash + +FEED_NAME="Greenbone Community SCAP Feed" +FEED_VENDOR="Greenbone Networks GmbH" +FEED_HOME="https://community.greenbone.net/t/about-greenbone-community-feed-gcf/1224" +SCAP_DIR="/usr/local/var/lib/gvm/scap-data" +TIMESTAMP="$SCAP_DIR/timestamp" + +rsync --compress-level=9 --links --times --omit-dir-times --recursive --partial --quiet --delete --exclude feed.xml rsync://feed.openvas.org:/scap-data $SCAP_DIR + +if [ -r "$TIMESTAMP" ]; then + FEED_VERSION=$(cat "$TIMESTAMP") +else + FEED_VERSION=0 +fi + +mkdir -p $SCAP_DIR +cat << EOF > $SCAP_DIR/feed.xml + +SCAP +$FEED_NAME +$FEED_VERSION +$FEED_VENDOR +$FEED_HOME + +This script synchronizes a SCAP collection with the '$FEED_NAME'. +The '$FEED_NAME' is provided by '$FEED_VENDOR'. +Online information about this feed: '$FEED_HOME'. + + +EOF diff --git a/scripts/start.sh b/scripts/start.sh new file mode 100755 index 0000000..ef0dba7 --- /dev/null +++ b/scripts/start.sh @@ -0,0 +1,138 @@ +#!/usr/bin/env bash +set -Eeuo pipefail + +USERNAME=${USERNAME:-admin} +PASSWORD=${PASSWORD:-admin} + +if [ ! -d "/run/redis" ]; then + mkdir /run/redis +fi +if [ -S /run/redis/redis.sock ]; then + rm /run/redis/redis.sock +fi +redis-server --unixsocket /run/redis/redis.sock --unixsocketperm 700 --timeout 0 --databases 128 --maxclients 512 --daemonize yes --port 6379 --bind 0.0.0.0 + +echo "Wait for redis socket to be created..." +while [ ! -S /run/redis/redis.sock ]; do + sleep 1 +done + +echo "Testing redis status..." +X="$(redis-cli -s /run/redis/redis.sock ping)" +while [ "${X}" != "PONG" ]; do + echo "Redis not yet ready..." + sleep 1 + X="$(redis-cli -s /run/redis/redis.sock ping)" +done +echo "Redis ready." + + +if [ ! -d /data ]; then + echo "Creating Data folder..." + mkdir /data +fi + +if [ ! -d /data/database ]; then + echo "Creating Database folder..." + mv /var/lib/postgresql/10/main /data/database + ln -s /data/database /var/lib/postgresql/10/main + chown postgres:postgres -R /var/lib/postgresql/10/main + chown postgres:postgres -R /data/database +fi + +if [ ! -L /var/lib/postgresql/10/main ]; then + echo "Fixing Database folder..." + rm -rf /var/lib/postgresql/10/main + ln -s /data/database /var/lib/postgresql/10/main + chown postgres:postgres -R /var/lib/postgresql/10/main + chown postgres:postgres -R /data/database +fi + +echo "Starting PostgreSQL..." +/usr/bin/pg_ctlcluster --skip-systemctl-redirect 10 main start + +if [ ! -f "/firstrun" ]; then + echo "Running first start configuration..." + + echo "Creating Openvas NVT sync user..." + useradd --home-dir /usr/local/share/openvas openvas-sync + chown openvas-sync:openvas-sync -R /usr/local/share/openvas + chown openvas-sync:openvas-sync -R /usr/local/var/lib/openvas + + echo "Creating Greenbone Vulnerability system user..." + useradd --home-dir /usr/local/share/gvm gvm + chown gvm:gvm -R /usr/local/share/gvm + mkdir /usr/local/var/lib/gvm/cert-data + chown gvm:gvm -R /usr/local/var/lib/gvm + chmod 770 -R /usr/local/var/lib/gvm + chown gvm:gvm -R /usr/local/var/log/gvm + chown gvm:gvm -R /usr/local/var/run + + adduser openvas-sync gvm + adduser gvm openvas-sync + touch /firstrun +fi + +if [ ! -f "/data/firstrun" ]; then + echo "Creating Greenbone Vulnerability Manager database" + su -c "createuser -DRS gvm" postgres + su -c "createdb -O gvm gvmd" postgres + su -c "psql --dbname=gvmd --command='create role dba with superuser noinherit;'" postgres + su -c "psql --dbname=gvmd --command='grant dba to gvm;'" postgres + su -c "psql --dbname=gvmd --command='create extension \"uuid-ossp\";'" postgres + touch /data/firstrun +fi + +echo "Updating NVTs..." +su -c "rsync --compress-level=9 --links --times --omit-dir-times --recursive --partial --quiet rsync://feed.openvas.org:/nvt-feed /usr/local/var/lib/openvas/plugins" openvas-sync +sleep 5 + +echo "Updating CERT data..." +su -c "/cert-data-sync.sh" openvas-sync +sleep 5 + +echo "Updating SCAP data..." +su -c "/scap-data-sync.sh" openvas-sync + +if [ -f /var/run/ospd.pid ]; then + rm /var/run/ospd.pid +fi + +if [ -S /tmp/ospd.sock ]; then + rm /tmp/ospd.sock +fi + +echo "Starting Open Scanner Protocol daemon for OpenVAS..." +ospd-openvas --log-file /usr/local/var/log/gvm/ospd-openvas.log --unix-socket /tmp/ospd.sock --log-level INFO + +while [ ! -S /tmp/ospd.sock ]; do + sleep 1 +done + +chmod 666 /tmp/ospd.sock + +echo "Starting Greenbone Vulnerability Manager..." +su -c "gvmd" gvm + +until su -c "gvmd --get-users" gvm; do + sleep 1 +done + +if [ ! -f "/data/created_gvm_user" ]; then + echo "Creating Greenbone Vulnerability Manager admin user" + su -c "gvmd --create-user=${USERNAME} --password=${PASSWORD}" gvm + + touch /data/created_gvm_user +fi + +echo "Starting Greenbone Security Assistant..." +su -c "gsad --verbose --http-only --no-redirect --port=9392" gvm + +echo "++++++++++++++++++++++++++++++++++++++++++++++" +echo "+ Your GVM 11 container is now ready to use! +" +echo "++++++++++++++++++++++++++++++++++++++++++++++" +echo "" +echo "++++++++++++++++" +echo "+ Tailing logs +" +echo "++++++++++++++++" +tail -F /usr/local/var/log/gvm/*