From 54e9ee55e59e8bac841d742419a8554d1fac84ef Mon Sep 17 00:00:00 2001 From: Mike Splain Date: Mon, 8 Feb 2016 15:59:07 -0500 Subject: [PATCH] Update to openvas packages. --- Dockerfile | 151 +++++++------------------------------------- README.md | 17 ++++- bin/setup.sh | 38 +++++------ bin/start.sh | 45 +++++-------- config/redis.config | 2 +- 5 files changed, 69 insertions(+), 184 deletions(-) diff --git a/Dockerfile b/Dockerfile index 2f3e8d1..9066b49 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,107 +1,39 @@ # OpenVAS -# Based on: http://hackertarget.com/install-openvas-7-ubuntu/ -FROM ubuntu:15.04 +FROM ubuntu:14.04 MAINTAINER Mike Splain mike.splain@gmail.com ADD bin/* /openvas/ ADD config/redis.config /etc/redis/redis.config RUN apt-get update && \ - apt-get install build-essential \ - bison \ - flex \ - cmake \ - rpm \ - alien \ + apt-get install software-properties-common -yq && \ + add-apt-repository ppa:mikesplain/openvas -y && \ + apt-get update && \ + apt-get install alien \ + dirb \ + nikto \ + nmap \ nsis \ - net-tools \ - pkg-config \ - libglib2.0-dev \ - libgnutls-dev \ - libpcap0.8-dev \ - libgpgme11 \ - libgcrypt11-dev \ - libgpgme11-dev \ openssh-client \ - doxygen \ - libuuid1 \ - uuid-dev \ - sqlfairy \ - xmltoman \ - sqlite3 \ - libsqlite3-dev \ - libsqlite3-tcl \ - libxml2-dev \ - libxslt1.1 \ - libxslt1-dev \ - libhiredis-dev \ - heimdal-dev \ - libssh-dev \ - libpopt-dev \ - mingw-w64 \ - xsltproc \ - libmicrohttpd-dev \ - wget \ + openvas \ + openvas-smb \ + psmisc \ + python \ + python-paramiko \ + python-pip \ + python-setuptools \ + rpm \ rsync \ + sqlite3 \ texlive-latex-base \ - texlive-latex-recommended \ texlive-latex-extra \ - unzip \ + texlive-latex-recommended \ wapiti \ - nmap \ - python \ - python-pip \ - python-setuptools \ - python-paramiko \ - -y --no-install-recommends && \ - mkdir /openvas-src && \ - cd /openvas-src && \ - wget http://wald.intevation.org/frs/download.php/2262/openvas-libraries-8.0.6.tar.gz -O openvas-libraries.tar.gz && \ - wget http://wald.intevation.org/frs/download.php/2266/openvas-scanner-5.0.5.tar.gz -O openvas-scanner.tar.gz && \ - wget http://wald.intevation.org/frs/download.php/2270/openvas-manager-6.0.7.tar.gz -O openvas-manager.tar.gz && \ - wget http://wald.intevation.org/frs/download.php/2287/greenbone-security-assistant-6.0.9.tar.gz -O greenbone-security-assistant.tar.gz && \ - wget http://wald.intevation.org/frs/download.php/2209/openvas-cli-1.4.3.tar.gz -O openvas-cli.tar.gz && \ - wget http://wald.intevation.org/frs/download.php/1975/openvas-smb-1.0.1.tar.gz -O openvas-smb.tar.gz && \ - cd /openvas-src/ && \ - tar zxvf openvas-libraries.tar.gz && \ - tar zxvf openvas-scanner.tar.gz && \ - tar zxvf openvas-manager.tar.gz && \ - tar zxvf greenbone-security-assistant.tar.gz && \ - tar zxvf openvas-cli.tar.gz && \ - tar zxvf openvas-smb.tar.gz && \ - cd /openvas-src/openvas-libraries-* && \ - mkdir source && \ - cd source && \ - cmake .. && \ - make && \ - make install && \ - cd /openvas-src/openvas-scanner-* && \ - mkdir source && \ - cd source && \ - cmake .. && \ - make && \ - make install && \ - cd /openvas-src/openvas-manager-* && \ - mkdir source && \ - cd source && \ - cmake .. && \ - make && \ - make install && \ - cd /openvas-src/greenbone-security-assistant-* && \ - mkdir source && \ - cd source && \ - cmake .. && \ - make && \ - make install && \ - cd /openvas-src/openvas-cli-* && \ - mkdir source && \ - cd source && \ - cmake .. && \ - make && \ - make install && \ + wget \ + -yq && \ mkdir /osp && \ - cd /osp &&\ + cd /osp && \ wget http://wald.intevation.org/frs/download.php/1999/ospd-1.0.0.tar.gz && \ wget http://wald.intevation.org/frs/download.php/2145/ospd-1.0.1.tar.gz && \ wget http://wald.intevation.org/frs/download.php/2177/ospd-1.0.2.tar.gz && \ @@ -140,58 +72,21 @@ RUN apt-get update && \ python setup.py install && \ cd /osp/ospd-1.0.2 && \ python setup.py install && \ - mkdir /redis && \ - cd /redis && \ - wget http://download.redis.io/releases/redis-3.0.5.tar.gz && \ - tar zxvf redis-3.0.5.tar.gz && \ - cd redis-3.0.5 && \ - make -j $(nproc)&& \ - make install && \ - rm -fr /redis && \ - apt-get remove heimdal-dev -y && \ - apt-get install curl \ - libcurl4-gnutls-dev \ - libkrb5-dev -y && \ - cd /openvas-src/openvas-smb-* && \ - mkdir source && \ - cd source && \ - cmake .. && \ - make && \ - make install && \ - rm -rf /openvas-src && \ - mkdir /dirb && \ - cd /dirb && \ - wget http://downloads.sourceforge.net/project/dirb/dirb/2.22/dirb222.tar.gz && \ - tar -zxvf dirb222.tar.gz && \ - cd dirb222 && \ - chmod 700 -R * && \ - ./configure && \ - make && \ - make install && \ - cd / && \ cd /tmp && \ wget https://github.com/Arachni/arachni/releases/download/v1.2.1/arachni-1.2.1-0.5.7.1-linux-x86_64.tar.gz && \ tar -zxvf arachni-1.2.1-0.5.7.1-linux-x86_64.tar.gz && \ mv arachni-1.2.1-0.5.7.1 /opt/arachni && \ ln -s /opt/arachni/bin/* /usr/local/bin/ && \ - cd ~ && \ - wget https://github.com/sullo/nikto/archive/master.zip && \ - unzip master.zip -d /tmp && \ - mv /tmp/nikto-master/program /opt/nikto && \ - rm -rf /tmp/nikto-master && \ - echo "EXECDIR=/opt/nikto\nPLUGINDIR=/opt/nikto/plugins\nDBDIR=/opt/nikto/databases\nTEMPLATEDIR=/opt/nikto/templates\nDOCDIR=/opt/nikto/docs" >> /opt/nikto/nikto.conf && \ - ln -s /opt/nikto/nikto.pl /usr/local/bin/nikto.pl && \ - ln -s /opt/nikto/nikto.conf /etc/nikto.conf && \ + rm -rf /tmp/arachni* && \ mkdir -p /openvas && \ wget https://svn.wald.intevation.org/svn/openvas/trunk/tools/openvas-check-setup --no-check-certificate -O /openvas/openvas-check-setup && \ chmod a+x /openvas/openvas-check-setup && \ apt-get clean -yq && \ apt-get autoremove -yq && \ - apt-get purge -y --auto-remove build-essential cmake && \ rm -rf /var/lib/apt/lists/* && \ /openvas/setup.sh CMD /openvas/start.sh # Expose UI -EXPOSE 443 9390 9391 9392 +EXPOSE 80 443 9390 9391 9392 diff --git a/README.md b/README.md index 2c2d5e3..24d9e69 100644 --- a/README.md +++ b/README.md @@ -1,13 +1,16 @@ OpenVAS image for Docker ============== -[![Circle CI](https://img.shields.io/circleci/project/mikesplain/openvas-docker.svg)](https://circleci.com/gh/mikesplain/openvas-docker) +[![Circle CI](https://img.shields.io/circleci/project/mikesplain/openvas-docker/master.svg)](https://circleci.com/gh/mikesplain/openvas-docker/tree/master) [![Docker Pulls](https://img.shields.io/docker/pulls/mikesplain/openvas.svg)](https://hub.docker.com/r/mikesplain/openvas/) [![Docker Stars](https://img.shields.io/docker/stars/mikesplain/openvas.svg)](https://hub.docker.com/r/mikesplain/openvas/) -[![](https://badge.imagelayers.io/mikesplain/openvas:latest.svg)](https://imagelayers.io/?images=mikesplain/openvas:latest 'Get your own badge on imagelayers.io') +[![ImageLayers Layers](https://img.shields.io/imagelayers/layers/mikesplain/openvas/latest.svg)](https://imagelayers.io/?images=mikesplain/openvas:latest) +[![ImageLayers Size](https://img.shields.io/imagelayers/image-size/mikesplain/openvas/latest.svg)](https://imagelayers.io/?images=mikesplain/openvas:latest) A Docker container for OpenVAS 8 on the Ubuntu 14.04 image. By default, the latest images includes the OpenVAS Base as well as the NVTs and Certs required to run OpenVAS. +Update Feb 22nd 2016: We now build using packages rather than compilition in container. If you see any issues, please submit an issue! + Requirements ------------ Docker @@ -42,8 +45,16 @@ To run bash inside the container run: ``` docker exec -it openvas bash ``` -# Open PR +Config +------ +By default GSAD will run on 443 with self signed certs. If you would like to run +this on 80 without certs you can pass the following param and change the port in +docker run from 443 to 80 + +``` +docker run -d -p 80:80 -p 9390:9390 -p 9391:9391 -e HTTP_ONLY=true --name openvas mikesplain/openvas +``` Contributing ------------ diff --git a/bin/setup.sh b/bin/setup.sh index 268ae2a..d32bda1 100755 --- a/bin/setup.sh +++ b/bin/setup.sh @@ -1,37 +1,29 @@ #!/bin/bash -echo "Starting setup..." +# Adapted test from http://www.openvas.org/install-packages-v6.html -openvas-mkcert -f -q +echo "Starting setup..." +mkdir -p /var/run/redis +redis-server /etc/redis/redis.config ldconfig -openvassd + +test -e /var/lib/openvas/CA/cacert.pem || openvas-mkcert -q openvas-nvt-sync +test -e /var/lib/openvas/users/om || openvas-mkcert-client -n om -i +/etc/init.d/openvas-manager stop +/etc/init.d/openvas-scanner stop +openvassd +openvasmd --rebuild openvas-scapdata-sync openvas-certdata-sync -openvas-mkcert-client -n -i -echo "Starting openvasmd" -openvasmd -echo "Rebuilding Openvasmd..." -n=1 -until [ $n -eq 4 ] -do - timeout 10m openvasmd --rebuild -v; - if [ $? -eq 0 ]; then - break; - fi - echo "Rebuild failed, attempt: $n" - n=$[$n+1] - echo "Cleaning up" - ps aux | grep openvassd| awk '{print $2}' |xargs kill -9 - ps aux | grep openvasmd| awk '{print $2}' |xargs kill -9 - openvassd -done + + echo "Creating Admin user..." openvasmd --create-user=admin --role=Admin echo "Setting Admin user password..." openvasmd --user=admin --new-password=openvas echo "Killing some locked up openvassd's" -# At this point, usually openvassd locks up so lets kill it -ps aux | grep openvassd| awk '{print $2}' |xargs kill -9 +killall openvassd +sleep 15 echo "Finished setup..." diff --git a/bin/start.sh b/bin/start.sh index cbb051f..5bc2fed 100755 --- a/bin/start.sh +++ b/bin/start.sh @@ -1,7 +1,15 @@ #!/bin/bash +HTTP_ONLY=${HTTP_ONLY:-} +set_http_only="" + +if [ "$HTTP_ONLY" = "true" ]; then + set_http_only="--http-only" +fi + echo "Starting Redis" -/usr/local/bin/redis-server /etc/redis/redis.config +mkdir -p /var/run/redis +redis-server /etc/redis/redis.config echo "Starting Openvas..." @@ -9,38 +17,17 @@ cd /usr/local/sbin echo "Starting gsad" # http://wiki.openvas.org/index.php/Edit_the_SSL_ciphers_used_by_GSAD -./gsad --gnutls-priorities="SECURE128:-AES-128-CBC:-CAMELLIA-128-CBC:-VERS-SSL3.0:-VERS-TLS1.0" -echo "Starting Openvassd" -./openvassd -echo "Rebuilding openvasmd" -n=1 -until [ $n -eq 4 ] -do - timeout 10m openvasmd --rebuild -v; - if [ $? -eq 0 ]; then - break; - fi - echo "Rebuild failed, attempt: $n" - n=$[$n+1] - echo "Cleaning up:" - rm -rf /usr/local/var/lib/openvas/mgr/tasks.db -done +gsad --gnutls-priorities="SECURE128:-AES-128-CBC:-CAMELLIA-128-CBC:-VERS-SSL3.0:-VERS-TLS1.0" $set_http_only -echo "Starting Openvasmd" -./openvasmd +/etc/init.d/openvas-scanner start +/etc/init.d/openvas-manager start +echo "Starting rebuild process..." +echo "This may take a minute or two..." +openvasmd --rebuild echo "Checking setup" -until [ $n -eq 50 ] -do - timeout 10s /openvas/openvas-check-setup --v8 --server; - if [ $? -eq 0 ]; then - break; - fi - echo "Re-running openvas-check-setup, attempt: $n" - n=$[$n+1] -done - +/openvas/openvas-check-setup --v8 --server; echo "Done." echo "Starting infinite loop..." diff --git a/config/redis.config b/config/redis.config index 582406c..1001d87 100644 --- a/config/redis.config +++ b/config/redis.config @@ -1,4 +1,4 @@ -unixsocket /tmp/redis.sock +unixsocket /var/run/redis/redis.sock unixsocketperm 700 timeout 0 #DB = 1 + (#of parallel tasks) * (#of parallel hosts)