Update to openvas packages.

rsundahl · Feb 24, 2016 · 54e9ee5 · 54e9ee5
1 parent 88f4964
commit 54e9ee5
Show file tree

Hide file tree

Showing 5 changed files with 69 additions and 184 deletions.
diff --git a/Dockerfile b/Dockerfile
@@ -1,107 +1,39 @@
 # OpenVAS
-# Based on: http://hackertarget.com/install-openvas-7-ubuntu/
 
-FROM ubuntu:15.04
+FROM ubuntu:14.04
 MAINTAINER Mike Splain [email protected]
 
 ADD bin/* /openvas/
 ADD config/redis.config /etc/redis/redis.config
 
 RUN apt-get update && \
-    apt-get install build-essential \
-                    bison \
-                    flex \
-                    cmake \
-                    rpm \
-                    alien \
+    apt-get install software-properties-common -yq && \
+    add-apt-repository ppa:mikesplain/openvas -y && \
+    apt-get update && \
+    apt-get install alien \
+                    dirb \
+                    nikto \
+                    nmap \
                     nsis \
-                    net-tools \
-                    pkg-config \
-                    libglib2.0-dev \
-                    libgnutls-dev \
-                    libpcap0.8-dev \
-                    libgpgme11 \
-                    libgcrypt11-dev \
-                    libgpgme11-dev \
                     openssh-client \
-                    doxygen \
-                    libuuid1 \
-                    uuid-dev \
-                    sqlfairy \
-                    xmltoman \
-                    sqlite3 \
-                    libsqlite3-dev \
-                    libsqlite3-tcl \
-                    libxml2-dev \
-                    libxslt1.1 \
-                    libxslt1-dev \
-                    libhiredis-dev \
-                    heimdal-dev \
-                    libssh-dev \
-                    libpopt-dev \
-                    mingw-w64 \
-                    xsltproc \
-                    libmicrohttpd-dev \
-                    wget \
+                    openvas \
+                    openvas-smb \
+                    psmisc \
+                    python \
+                    python-paramiko \
+                    python-pip \
+                    python-setuptools \
+                    rpm \
                     rsync \
+                    sqlite3 \
                     texlive-latex-base \
-                    texlive-latex-recommended \
                     texlive-latex-extra \
-                    unzip \
+                    texlive-latex-recommended \
                     wapiti \
-                    nmap \
-                    python \
-                    python-pip \
-                    python-setuptools \
-                    python-paramiko \
-                    -y --no-install-recommends && \
-    mkdir /openvas-src && \
-    cd /openvas-src && \
-        wget http://wald.intevation.org/frs/download.php/2262/openvas-libraries-8.0.6.tar.gz -O openvas-libraries.tar.gz && \
-        wget http://wald.intevation.org/frs/download.php/2266/openvas-scanner-5.0.5.tar.gz -O openvas-scanner.tar.gz && \
-        wget http://wald.intevation.org/frs/download.php/2270/openvas-manager-6.0.7.tar.gz -O openvas-manager.tar.gz && \
-        wget http://wald.intevation.org/frs/download.php/2287/greenbone-security-assistant-6.0.9.tar.gz -O greenbone-security-assistant.tar.gz && \
-        wget http://wald.intevation.org/frs/download.php/2209/openvas-cli-1.4.3.tar.gz -O openvas-cli.tar.gz && \
-        wget http://wald.intevation.org/frs/download.php/1975/openvas-smb-1.0.1.tar.gz -O openvas-smb.tar.gz && \
-    cd /openvas-src/ && \
-        tar zxvf openvas-libraries.tar.gz && \
-        tar zxvf openvas-scanner.tar.gz && \
-        tar zxvf openvas-manager.tar.gz && \
-        tar zxvf greenbone-security-assistant.tar.gz && \
-        tar zxvf openvas-cli.tar.gz && \
-        tar zxvf openvas-smb.tar.gz && \
-    cd /openvas-src/openvas-libraries-* && \
-        mkdir source && \
-        cd source && \
-        cmake .. && \
-        make && \
-        make install && \
-    cd /openvas-src/openvas-scanner-* && \
-        mkdir source && \
-        cd source && \
-        cmake .. && \
-        make && \
-        make install && \
-    cd /openvas-src/openvas-manager-* && \
-        mkdir source && \
-        cd source && \
-        cmake .. && \
-        make && \
-        make install && \
-    cd /openvas-src/greenbone-security-assistant-* && \
-        mkdir source && \
-        cd source && \
-        cmake .. && \
-        make && \
-        make install && \
-    cd /openvas-src/openvas-cli-* && \
-        mkdir source && \
-        cd source && \
-        cmake .. && \
-        make && \
-        make install && \
+                    wget \
+                    -yq && \
     mkdir /osp && \
-    cd /osp &&\
+    cd /osp && \
         wget http://wald.intevation.org/frs/download.php/1999/ospd-1.0.0.tar.gz && \
         wget http://wald.intevation.org/frs/download.php/2145/ospd-1.0.1.tar.gz && \
         wget http://wald.intevation.org/frs/download.php/2177/ospd-1.0.2.tar.gz && \
@@ -140,58 +72,21 @@ RUN apt-get update && \
         python setup.py install && \
     cd /osp/ospd-1.0.2 && \
         python setup.py install && \
-    mkdir /redis && \
-        cd /redis && \
-        wget http://download.redis.io/releases/redis-3.0.5.tar.gz  && \
-            tar zxvf redis-3.0.5.tar.gz && \
-            cd redis-3.0.5 && \
-            make -j $(nproc)&& \
-            make install && \
-            rm -fr /redis && \
-    apt-get remove heimdal-dev -y && \
-    apt-get install curl \
-            libcurl4-gnutls-dev \
-            libkrb5-dev -y && \
-    cd /openvas-src/openvas-smb-* && \
-        mkdir source && \
-        cd source && \
-        cmake .. && \
-        make && \
-        make install && \
-    rm -rf /openvas-src && \
-    mkdir /dirb && \
-    cd /dirb && \
-    wget http://downloads.sourceforge.net/project/dirb/dirb/2.22/dirb222.tar.gz && \
-        tar -zxvf dirb222.tar.gz && \
-        cd dirb222 && \
-        chmod 700 -R * && \
-        ./configure && \
-        make && \
-        make install && \
-    cd / && \
     cd /tmp && \
     wget https://github.com/Arachni/arachni/releases/download/v1.2.1/arachni-1.2.1-0.5.7.1-linux-x86_64.tar.gz && \
         tar -zxvf arachni-1.2.1-0.5.7.1-linux-x86_64.tar.gz && \
         mv arachni-1.2.1-0.5.7.1 /opt/arachni && \
         ln -s /opt/arachni/bin/* /usr/local/bin/ && \
-    cd ~ && \
-    wget https://github.com/sullo/nikto/archive/master.zip && \
-    unzip master.zip -d /tmp && \
-    mv /tmp/nikto-master/program /opt/nikto && \
-    rm -rf /tmp/nikto-master && \
-    echo "EXECDIR=/opt/nikto\nPLUGINDIR=/opt/nikto/plugins\nDBDIR=/opt/nikto/databases\nTEMPLATEDIR=/opt/nikto/templates\nDOCDIR=/opt/nikto/docs" >> /opt/nikto/nikto.conf && \
-    ln -s /opt/nikto/nikto.pl /usr/local/bin/nikto.pl && \
-    ln -s /opt/nikto/nikto.conf /etc/nikto.conf && \
+    rm -rf /tmp/arachni* && \
     mkdir -p /openvas && \
     wget https://svn.wald.intevation.org/svn/openvas/trunk/tools/openvas-check-setup --no-check-certificate -O /openvas/openvas-check-setup && \
     chmod a+x /openvas/openvas-check-setup && \
     apt-get clean -yq && \
     apt-get autoremove -yq && \
-    apt-get purge -y --auto-remove build-essential cmake && \
     rm -rf /var/lib/apt/lists/* && \
     /openvas/setup.sh
 
 CMD /openvas/start.sh
 
 # Expose UI
-EXPOSE 443 9390 9391 9392
+EXPOSE 80 443 9390 9391 9392
diff --git a/README.md b/README.md
@@ -1,13 +1,16 @@
 OpenVAS image for Docker
 ==============
 
-[![Circle CI](https://img.shields.io/circleci/project/mikesplain/openvas-docker.svg)](https://circleci.com/gh/mikesplain/openvas-docker)
+[![Circle CI](https://img.shields.io/circleci/project/mikesplain/openvas-docker/master.svg)](https://circleci.com/gh/mikesplain/openvas-docker/tree/master)
 [![Docker Pulls](https://img.shields.io/docker/pulls/mikesplain/openvas.svg)](https://hub.docker.com/r/mikesplain/openvas/)
 [![Docker Stars](https://img.shields.io/docker/stars/mikesplain/openvas.svg)](https://hub.docker.com/r/mikesplain/openvas/)
-[![](https://badge.imagelayers.io/mikesplain/openvas:latest.svg)](https://imagelayers.io/?images=mikesplain/openvas:latest 'Get your own badge on imagelayers.io')
+[![ImageLayers Layers](https://img.shields.io/imagelayers/layers/mikesplain/openvas/latest.svg)](https://imagelayers.io/?images=mikesplain/openvas:latest)
+[![ImageLayers Size](https://img.shields.io/imagelayers/image-size/mikesplain/openvas/latest.svg)](https://imagelayers.io/?images=mikesplain/openvas:latest)
 
 A Docker container for OpenVAS 8 on the Ubuntu 14.04 image.  By default, the latest images includes the OpenVAS Base as well as the NVTs and Certs required to run OpenVAS.
 
+Update Feb 22nd 2016: We now build using packages rather than compilition in container.  If you see any issues, please submit an issue!
+
 Requirements
 ------------
 Docker
@@ -42,8 +45,16 @@ To run bash inside the container run:
 ```
 docker exec -it openvas bash
 ```
-# Open PR
 
+Config
+------
+By default GSAD will run on 443 with self signed certs.  If you would like to run
+this on 80 without certs you can pass the following param and change the port in
+docker run from 443 to 80
+
+```
+docker run -d -p 80:80 -p 9390:9390 -p 9391:9391 -e HTTP_ONLY=true  --name openvas mikesplain/openvas
+```
 
 Contributing
 ------------

diff --git a/bin/setup.sh b/bin/setup.sh
@@ -1,37 +1,29 @@
 #!/bin/bash
 
-echo "Starting setup..."
+# Adapted test from http://www.openvas.org/install-packages-v6.html
 
-openvas-mkcert -f -q
+echo "Starting setup..."
+mkdir -p /var/run/redis
+redis-server /etc/redis/redis.config
 ldconfig
-openvassd
+
+test -e /var/lib/openvas/CA/cacert.pem  || openvas-mkcert -q
 openvas-nvt-sync
+test -e /var/lib/openvas/users/om || openvas-mkcert-client -n om -i
+/etc/init.d/openvas-manager stop
+/etc/init.d/openvas-scanner stop
+openvassd
+openvasmd --rebuild
 openvas-scapdata-sync
 openvas-certdata-sync
-openvas-mkcert-client -n -i
-echo "Starting openvasmd"
-openvasmd
-echo "Rebuilding Openvasmd..."
-n=1
-until [ $n -eq 4 ]
-do
-         timeout 10m openvasmd --rebuild -v;
-        if [ $? -eq 0 ]; then
-                 break;
-         fi
-         echo "Rebuild failed, attempt: $n"
-         n=$[$n+1]
-         echo "Cleaning up"
-         ps aux | grep openvassd| awk '{print $2}' |xargs kill -9
-         ps aux | grep openvasmd| awk '{print $2}' |xargs kill -9
-         openvassd
-done
+
+
 echo "Creating Admin user..."
 openvasmd --create-user=admin --role=Admin
 echo "Setting Admin user password..."
 openvasmd --user=admin --new-password=openvas
 echo "Killing some locked up openvassd's"
-# At this point, usually openvassd locks up so lets kill it
-ps aux | grep openvassd| awk '{print $2}' |xargs kill -9
+killall openvassd
+sleep 15
 
 echo "Finished setup..."
diff --git a/bin/start.sh b/bin/start.sh
@@ -1,46 +1,33 @@
 #!/bin/bash
 
+HTTP_ONLY=${HTTP_ONLY:-}
+set_http_only=""
+
+if [ "$HTTP_ONLY" = "true" ]; then
+  set_http_only="--http-only"
+fi
+
 echo "Starting Redis"
-/usr/local/bin/redis-server /etc/redis/redis.config
+mkdir -p /var/run/redis
+redis-server /etc/redis/redis.config
 
 echo "Starting Openvas..."
 
 cd /usr/local/sbin
 
 echo "Starting gsad"
 # http://wiki.openvas.org/index.php/Edit_the_SSL_ciphers_used_by_GSAD
-./gsad --gnutls-priorities="SECURE128:-AES-128-CBC:-CAMELLIA-128-CBC:-VERS-SSL3.0:-VERS-TLS1.0"
-echo "Starting Openvassd"
-./openvassd
-echo "Rebuilding openvasmd"
-n=1
-until [ $n -eq 4 ]
-do
-         timeout 10m openvasmd --rebuild -v;
-        if [ $? -eq 0 ]; then
-                 break;
-         fi
-         echo "Rebuild failed, attempt: $n"
-         n=$[$n+1]
-         echo "Cleaning up:"
-         rm -rf /usr/local/var/lib/openvas/mgr/tasks.db
-done
+gsad --gnutls-priorities="SECURE128:-AES-128-CBC:-CAMELLIA-128-CBC:-VERS-SSL3.0:-VERS-TLS1.0" $set_http_only
 
-echo "Starting Openvasmd"
-./openvasmd
+/etc/init.d/openvas-scanner start
+/etc/init.d/openvas-manager start
+echo "Starting rebuild process..."
+echo "This may take a minute or two..."
+openvasmd --rebuild
 
 echo "Checking setup"
 
-until [ $n -eq 50 ]
-do
-         timeout 10s /openvas/openvas-check-setup --v8 --server;
-        if [ $? -eq 0 ]; then
-                 break;
-         fi
-         echo "Re-running openvas-check-setup, attempt: $n"
-         n=$[$n+1]
-done
-
+/openvas/openvas-check-setup --v8 --server;
 echo "Done."
 
 echo "Starting infinite loop..."

diff --git a/config/redis.config b/config/redis.config
@@ -1,4 +1,4 @@
-unixsocket /tmp/redis.sock
+unixsocket /var/run/redis/redis.sock
 unixsocketperm 700
 timeout 0
 #DB = 1 + (#of parallel tasks) * (#of parallel hosts)