這是本文件的舊版!
[draft] OpenVAS
- Alpine 3.19
- vCPU : 4
- RAM : 8GB
- SSD : 60GB
安裝程序
curl -f -L https://greenbone.github.io/docs/latest/_static/docker-compose-22.4.yml -o docker-compose.ymldocker-compose.yml
services: vulnerability-tests: image: greenbone/vulnerability-tests environment: STORAGE_PATH: /var/lib/openvas/22.04/vt-data/nasl volumes: - vt_data_vol:/mnt notus-data: image: greenbone/notus-data volumes: - notus_data_vol:/mnt scap-data: image: greenbone/scap-data volumes: - scap_data_vol:/mnt cert-bund-data: image: greenbone/cert-bund-data volumes: - cert_data_vol:/mnt dfn-cert-data: image: greenbone/dfn-cert-data volumes: - cert_data_vol:/mnt depends_on: - cert-bund-data data-objects: image: greenbone/data-objects volumes: - data_objects_vol:/mnt report-formats: image: greenbone/report-formats volumes: - data_objects_vol:/mnt depends_on: - data-objects gpg-data: image: greenbone/gpg-data volumes: - gpg_data_vol:/mnt redis-server: image: greenbone/redis-server restart: on-failure volumes: - redis_socket_vol:/run/redis/ pg-gvm: image: greenbone/pg-gvm:stable restart: on-failure volumes: - psql_data_vol:/var/lib/postgresql - psql_socket_vol:/var/run/postgresql gvmd: image: greenbone/gvmd:stable restart: on-failure volumes: - gvmd_data_vol:/var/lib/gvm - scap_data_vol:/var/lib/gvm/scap-data/ - cert_data_vol:/var/lib/gvm/cert-data - data_objects_vol:/var/lib/gvm/data-objects/gvmd - vt_data_vol:/var/lib/openvas/plugins - psql_data_vol:/var/lib/postgresql - gvmd_socket_vol:/run/gvmd - ospd_openvas_socket_vol:/run/ospd - psql_socket_vol:/var/run/postgresql depends_on: pg-gvm: condition: service_started scap-data: condition: service_completed_successfully cert-bund-data: condition: service_completed_successfully dfn-cert-data: condition: service_completed_successfully data-objects: condition: service_completed_successfully report-formats: condition: service_completed_successfully gsa: image: greenbone/gsa:stable restart: on-failure ports: - 127.0.0.1:9392:80 volumes: - gvmd_socket_vol:/run/gvmd depends_on: - gvmd # Sets log level of openvas to the set LOG_LEVEL within the env # and changes log output to /var/log/openvas instead /var/log/gvm # to reduce likelyhood of unwanted log interferences configure-openvas: image: greenbone/openvas-scanner:stable volumes: - openvas_data_vol:/mnt - openvas_log_data_vol:/var/log/openvas command: - /bin/sh - -c - | printf "table_driven_lsc = yes\nopenvasd_server = http://openvasd:80\n" > /mnt/openvas.conf sed "s/127/128/" /etc/openvas/openvas_log.conf | sed 's/gvm/openvas/' > /mnt/openvas_log.conf chmod 644 /mnt/openvas.conf chmod 644 /mnt/openvas_log.conf touch /var/log/openvas/openvas.log chmod 666 /var/log/openvas/openvas.log # shows logs of openvas openvas: image: greenbone/openvas-scanner:stable restart: on-failure volumes: - openvas_data_vol:/etc/openvas - openvas_log_data_vol:/var/log/openvas command: - /bin/sh - -c - | cat /etc/openvas/openvas.conf tail -f /var/log/openvas/openvas.log depends_on: configure-openvas: condition: service_completed_successfully openvasd: image: greenbone/openvas-scanner:stable restart: on-failure environment: # `service_notus` is set to disable everything but notus, # if you want to utilize openvasd directly removed `OPENVASD_MODE` OPENVASD_MODE: service_notus GNUPGHOME: /etc/openvas/gnupg LISTENING: 0.0.0.0:80 volumes: - openvas_data_vol:/etc/openvas - openvas_log_data_vol:/var/log/openvas - gpg_data_vol:/etc/openvas/gnupg - notus_data_vol:/var/lib/notus # enable port forwarding when you want to use the http api from your host machine # ports: # - 127.0.0.1:3000:80 depends_on: vulnerability-tests: condition: service_completed_successfully configure-openvas: condition: service_completed_successfully gpg-data: condition: service_completed_successfully networks: default: aliases: - openvasd ospd-openvas: image: greenbone/ospd-openvas:stable restart: on-failure hostname: ospd-openvas.local cap_add: - NET_ADMIN # for capturing packages in promiscuous mode - NET_RAW # for raw sockets e.g. used for the boreas alive detection security_opt: - seccomp=unconfined - apparmor=unconfined command: [ "ospd-openvas", "-f", "--config", "/etc/gvm/ospd-openvas.conf", "--notus-feed-dir", "/var/lib/notus/advisories", "-m", "666" ] volumes: - gpg_data_vol:/etc/openvas/gnupg - vt_data_vol:/var/lib/openvas/plugins - notus_data_vol:/var/lib/notus - ospd_openvas_socket_vol:/run/ospd - redis_socket_vol:/run/redis/ - openvas_data_vol:/etc/openvas/ - openvas_log_data_vol:/var/log/openvas depends_on: redis-server: condition: service_started gpg-data: condition: service_completed_successfully vulnerability-tests: condition: service_completed_successfully configure-openvas: condition: service_completed_successfully gvm-tools: image: greenbone/gvm-tools volumes: - gvmd_socket_vol:/run/gvmd - ospd_openvas_socket_vol:/run/ospd depends_on: - gvmd - ospd-openvas volumes: gpg_data_vol: scap_data_vol: cert_data_vol: data_objects_vol: gvmd_data_vol: psql_data_vol: vt_data_vol: notus_data_vol: psql_socket_vol: gvmd_socket_vol: ospd_openvas_socket_vol: redis_socket_vol: openvas_data_vol: openvas_log_data_vol:- 啟動服務
docker compose -p greenbone-community-edition up -d docker compose -p greenbone-community-edition logs -f
- 設定管理者帳號密碼
docker compose -p greenbone-community-edition exec -u gvmd gvmd gvmd --user=admin --new-password='<password>' - 開啟網頁進入管理介面 - http://server-ip:9392 (使用 admin 與設定的密碼登入)