Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[BUG] Multiple GVMD_ARGS #247

Closed
mgoeppl opened this issue Feb 7, 2024 · 2 comments
Closed

[BUG] Multiple GVMD_ARGS #247

mgoeppl opened this issue Feb 7, 2024 · 2 comments
Assignees
@immauss

Comments

@mgoeppl
Copy link

mgoeppl commented Feb 7, 2024

The GVMD_ARGS option does not allow for multiple arguments.

Steps to reproduce the behavior:
Container started via docker-compose.yml and stopped on start.

  • GVMD_ARGS=--max-ips-per-target=65534
    works fine.
    Attempted, non-working GVMD_ARGS were:
  • GVMD_ARGS=--max-ips-per-target=65534 --schedule-timeout=-1 --auth-timeout=1440
  • GVMD_ARGS=--max-ips-per-target="65534" --schedule-timeout="-1" --auth-timeout="1440"
  • GVMD_ARGS="--max-ips-per-target=65534 --schedule-timeout=-1 --auth-timeout=1440"
  • GVMD_ARGS="--max-ips-per-target=65534 --auth-timeout=1440"

Environment:

  • OS: Ubuntu 22.04 LTS
  • Memory available to OS: 128G
  • Container environment used with version: Docker version 25.0.2, build 29cf629
    log.log
@immauss
Copy link
Owner

immauss commented Feb 7, 2024

Ugh .. .easy fix.
The start up script (single.sh) needs to have the value quoted. I've fixed this in the latest beta, which you can find with the beta tag.
HOWEVER ...
There are some other changes with the current beta you will need to be aware of before trying it out.

You'll need to add these to your docker-compose.yml:

   cap_add:
      - NET_ADMIN # for capturing packages in promiscuous mode
      - NET_RAW # for raw sockets e.g. used for the boreas alive detection

You may also need to add:

    security_opt:
      - seccomp:unconfined

cap_add & security_opt should be inline with the other options after the named server in the docker compose. Here's a full example:

Also note the syntax for the GVMD_ARGS in the Environment section.

version: "3"
services:
  openvas:
    security_opt:
      - seccomp:openvas.json
    ports:
      - "8080:9392"
    environment:
      - "PASSWORD=admin"
      - "USERNAME=admin"
      - "RELAYHOST=172.17.0.1"
      - "SMTPPORT=25"
      - "REDISDBS=512" # number of Redis DBs to use
      - "QUIET=false"  # dump feed sync noise to /dev/null
      - "NEWDB=false"  # only use this for creating a blank DB 
      - "SKIPSYNC=true" # Skips the feed sync on startup.
      - "RESTORE=false"  # This probably not be used from compose... see docs.
      - "DEBUG=false"  # This will cause the container to stop and not actually start gvmd
      - "HTTPS=false"  # wether to use HTTPS or not
      - GVMD_ARGS="--max-ips-per-target=65534 --schedule-timeout=-1 --auth-timeout=1440"
    volumes:
      - "openvas:/data"
    cap_add:
      - NET_ADMIN # for capturing packages in promiscuous mode
      - NET_RAW # for raw sockets e.g. used for the boreas alive detection
    container_name: openvas
    image: immauss/openvas:beta
  scannable:
    container_name: scannable
    image: immauss/scannable
volumes:
  openvas:

These changes are to ensure all tests run by openvas can function properly. The seccomp unconfined bit though is something I'm trying to find a better solution for, but may be needed in the time being. It seems to be implementation specific, and I've not been able to reproduce the problem locally. (see #241 & #242 for more detail)

-Scott

@immauss
Copy link
Owner

immauss commented Feb 13, 2024

This is resolved in the current latest and 22.4.40

@immauss immauss closed this as completed Feb 13, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@immauss immauss

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@immauss @mgoeppl