Add: openvas logs, openvasd; Remove: notus-scanner, mqtt

src/22.4/source-build/index.md

@@ -142,7 +142,7 @@ export GSAD_VERSION=22.9.0
 ```{code-block}
 :caption: Setting the openvas-scanner version to use
 
-export OPENVAS_SCANNER_VERSION=22.7.9
+export OPENVAS_SCANNER_VERSION=23.0.1
 ```
 
 ```{include} /22.4/source-build/openvas-scanner/dependencies.md
@@ -174,24 +174,24 @@ export OSPD_OPENVAS_VERSION=22.6.2
 ```{include} /22.4/source-build/ospd-openvas/build.md
 ```
 
-### notus-scanner
+### openvasd
 
-```{include} /22.4/source-build/notus-scanner/description.md
+```{include} /22.4/source-build/openvasd/description.md
 ```
 
 ```{code-block}
-:caption: Setting the notus version to use
+:caption: Setting the openvas versions to use
 
-export NOTUS_VERSION=22.6.2
+export OPENVAS_DAEMON=23.0.1
 ```
 
-```{include} /22.4/source-build/notus-scanner/dependencies.md
+```{include} /22.4/source-build/openvasd/dependencies.md
 ```
 
-```{include} /22.4/source-build/notus-scanner/download.md
+```{include} /22.4/source-build/openvasd/download.md
 ```
 
-```{include} /22.4/source-build/notus-scanner/build.md
+```{include} /22.4/source-build/openvasd/build.md
 ```
 
 ### greenbone-feed-sync
@@ -221,9 +221,6 @@ export NOTUS_VERSION=22.6.2
 ```{include} /22.4/source-build/redis.md
 ```
 
-```{include} /22.4/source-build/mqtt-broker.md
-```
-
 ```{include} /22.4/source-build/directory-permissions.md
 ```
 

src/22.4/source-build/openvasd/build.md

@@ -0,0 +1,23 @@
+```{eval-rst}
+.. tabs::
+  .. tab:: Debian/Ubuntu
+    .. code-block::
+      :caption: Installing openvas-scanner
+
+      cd $SOURCE_DIR/openvas-scanner-$NOTUS_VERSION/rust/openvasd
+
+      cargo build --release
+
+      sudo cp -v ../target/release/openvasd /usr/local/bin/
+
+  .. tab:: Fedora/CentOS
+    .. code-block::
+      :caption: Installing openvas-scanner
+
+
+      cd $SOURCE_DIR/openvas-scanner-$NOTUS_VERSION/rust/openvasd
+
+      cargo build --release
+
+      sudo cp -v ../target/release/openvasd /usr/local/bin/
+```

src/22.4/source-build/openvasd/dependencies.md

@@ -0,0 +1,29 @@
+```{eval-rst}
+.. tabs::
+  .. tab:: Debian/Ubuntu
+   .. code-block::
+     :caption: Required dependencies for openvasd
+
+     sudo apt install -y \
+       cargo \
+       pkg-config \
+       libssl-dev 
+
+  .. tab:: Fedora
+   .. code-block::
+     :caption: Required dependencies for openvasd
+
+     sudo dnf install -y \
+       cargo \
+       pkg-config \
+       openssl-devel
+
+  .. tab:: CentOS
+   .. code-block::
+     :caption: Required dependencies for openvasd
+
+     sudo dnf install -y \
+       cargo \
+       pkg-config \
+       openssl-devel
+```

src/22.4/source-build/openvasd/description.md

@@ -0,0 +1,7 @@
+*OpenVASD* is used for detecting vulnerable products.
+
+It controls `openvas-scanner` for scanning and is used to get the results.
+
+For more information see:
+- https://greenbone.github.io/scanner-api/
+- https://github.com/greenbone/openvas-scanner/tree/main/rust/openvasd

src/22.4/source-build/openvasd/download.md

@@ -0,0 +1,23 @@
+```{code-block}
+:caption: Downloading the openvas-scanner sources
+
+curl -f -L https://github.com/greenbone/openvas-scanner/archive/refs/tags/v$OPENVAS_DAEMON.tar.gz -o $SOURCE_DIR/openvas-scanner-$OPENVAS_DAEMON.tar.gz
+curl -f -L https://github.com/greenbone/openvas-scanner/releases/download/v$OPENVAS_DAEMON/openvas-scanner-v$OPENVAS_DAEMON.tar.gz.asc -o $SOURCE_DIR/openvas-scanner-$OPENVAS_DAEMON.tar.gz.asc
+```
+
+```{code-block}
+:caption: Verifying the source file
+
+gpg --verify $SOURCE_DIR/openvas-scanner-$OPENVAS_DAEMON.tar.gz.asc $SOURCE_DIR/openvas-scanner-$OPENVAS_DAEMON.tar.gz
+```
+
+The output of the last command should be similar to:
+
+```{include} /22.4/source-build/verify.md
+```
+
+If the signature is valid, the tarball can be extracted.
+
+```
+tar -C $SOURCE_DIR -xvzf $SOURCE_DIR/openvas-scanner-$OPENVAS_DAEMON.tar.gz
+```

src/_static/docker-compose-22.4.yml

@@ -94,6 +94,66 @@ services:
       - gvmd_socket_vol:/run/gvmd
     depends_on:
       - gvmd
+  # Sets log level of openvas to the set LOG_LEVEL within the env
+  # and changes log output to /var/log/openvas instead /var/log/gvm
+  # to reduce likelyhood of unwanted log interferences
+  configure-openvas:
+    image: greenbone/openvas-scanner:stable
+    volumes:
+      - openvas_data_vol:/mnt
+    command: 
+      - /bin/sh
+      - -c
+      - |
+        printf "table_driven_lsc = yes\nopenvasd_server = http://openvasd:80\n" > /mnt/openvas.conf
+        sed "s/127/128/" /etc/openvas/openvas_log.conf | sed 's/gvm/openvas/' > /mnt/openvas_log.conf
+        chmod 644 /mnt/openvas.conf
+        chmod 644 /mnt/openvas_log.conf
+  # shows logs of openvas
+  openvas:
+    image: greenbone/openvas-scanner:stable
+    restart: on-failure
+    volumes:
+      - openvas_data_vol:/etc/openvas
+      - openvas_log_data_vol:/var/log/openvas
+    command:
+      - /bin/sh
+      - -c
+      - |
+        cat /etc/openvas/openvas.conf
+        tail -f /var/log/openvas/openvas.log
+    depends_on:
+      configure-openvas:
+        condition: service_completed_successfully
+
+  openvasd:
+    image: greenbone/openvas-scanner:stable
+    restart: on-failure
+    environment:
+      # `service_notus` is set to disable everything but notus,
+      # if you want to utilize openvasd directly removed `OPENVAS_MOD`
+      OPENVASD_MOD: service_notus
+      GNUPGHOME: /etc/openvas/gnupg
+      LISTENING: 0.0.0.0:80
+    volumes:
+      - openvas_data_vol:/etc/openvas
+      - openvas_log_data_vol:/var/log/openvas
+      - gpg_data_vol:/etc/openvas/gnupg
+      - notus_data_vol:/var/lib/notus
+    # enable port forwarding when you want to use the http api from your host machine
+    # ports:
+    #   - 127.0.0.1:3000:80
+    depends_on:
+      vulnerability-tests:
+        condition: service_completed_successfully
+      configure-openvas:
+        condition: service_completed_successfully
+      gpg-data:
+        condition: service_completed_successfully
+    networks:
+      default:
+        aliases:
+          - openvasd
 
   ospd-openvas:
     image: greenbone/ospd-openvas:stable
@@ -111,8 +171,6 @@ services:
         "-f",
         "--config",
         "/etc/gvm/ospd-openvas.conf",
-        "--mqtt-broker-address",
-        "mqtt-broker",
         "--notus-feed-dir",
         "/var/lib/notus/advisories",
         "-m",
@@ -124,36 +182,17 @@ services:
       - notus_data_vol:/var/lib/notus
       - ospd_openvas_socket_vol:/run/ospd
       - redis_socket_vol:/run/redis/
+      - openvas_data_vol:/etc/openvas
+      - openvas_log_data_vol:/var/log/openvas
     depends_on:
       redis-server:
         condition: service_started
       gpg-data:
         condition: service_completed_successfully
       vulnerability-tests:
         condition: service_completed_successfully
-
-  mqtt-broker:
-    restart: on-failure
-    image: greenbone/mqtt-broker
-    networks:
-      default:
-        aliases:
-          - mqtt-broker
-          - broker
-
-  notus-scanner:
-    restart: on-failure
-    image: greenbone/notus-scanner:stable
-    volumes:
-      - notus_data_vol:/var/lib/notus
-      - gpg_data_vol:/etc/openvas/gnupg
-    environment:
-      NOTUS_SCANNER_MQTT_BROKER_ADDRESS: mqtt-broker
-      NOTUS_SCANNER_PRODUCTS_DIRECTORY: /var/lib/notus/products
-    depends_on:
-      - mqtt-broker
-      - gpg-data
-      - vulnerability-tests
+      configure-openvas:
+        condition: service_completed_successfully
 
   gvm-tools:
     image: greenbone/gvm-tools
@@ -177,3 +216,5 @@ volumes:
   gvmd_socket_vol:
   ospd_openvas_socket_vol:
   redis_socket_vol:
+  openvas_data_vol:
+  openvas_log_data_vol: