Wednesday, December 25, 2024
Google search engine
HomeSecurity & TestingRun Greenbone Vulnerability Management in Docker Container

Run Greenbone Vulnerability Management in Docker Container

.tdi_3.td-a-rec{text-align:center}.tdi_3 .td-element-style{z-index:-1}.tdi_3.td-a-rec-img{text-align:left}.tdi_3.td-a-rec-img img{margin:0 auto 0 0}@media(max-width:767px){.tdi_3.td-a-rec-img{text-align:center}}

Vulnerability management is the process of identifying, assessing, prioritizing, and mitigating security vulnerabilities in an organization’s systems, applications, and networks. The goal of vulnerability management is to proactively reduce the likelihood of a successful cyber attack by identifying and remedying vulnerabilities before they can be exploited by attackers.

There are many popular vulnerability management tools available today, each with its own unique set of features and capabilities. Some of the most widely used vulnerability management tools include; Nessus, Qualys, Rapid7 Nexpose, Tenable.io, Microsoft Defender for Endpoint, OpenVAS etc.

Greenbone Vulnerability Management (GVM) is an open-source vulnerability management platform that provides comprehensive vulnerability scanning and management capabilities for networks, systems, and applications. GVM is based on the Open Vulnerability Assessment System (OpenVAS), an open-source vulnerability scanner, and offers a range of features for identifying, prioritizing, and mitigating vulnerabilities.

.tdi_2.td-a-rec{text-align:center}.tdi_2 .td-element-style{z-index:-1}.tdi_2.td-a-rec-img{text-align:left}.tdi_2.td-a-rec-img img{margin:0 auto 0 0}@media(max-width:767px){.tdi_2.td-a-rec-img{text-align:center}}

GVM consists of several components, including:

  • Greenbone Security Assistant (GSA): A web-based user interface that allows users to manage and configure the GVM system, as well as view and analyze vulnerability scan results.
  • Greenbone Vulnerability Manager (GVM): A management server that controls the scanning process and provides centralized storage of vulnerability data.
  • OpenVAS Scanner: A vulnerability scanner that identifies vulnerabilities in networks, systems, and applications.
  • Greenbone Security Feed: A regularly updated database of vulnerability checks that enable the GVM system to detect the latest known vulnerabilities.

GVM supports a range of scanning techniques, That include network-based scans, authenticated scans, and unauthenticated scans. It also provides a variety of reporting options, allowing users to generate customized reports that highlight vulnerabilities and provide remediation guidance.

The key benefit of GVM is its open-source nature, which allows organizations to customize and extend the platform to meet their specific needs. GVM is also well suited for small to medium-sized organizations that require robust vulnerability management capabilities but may not have the resources to invest in a commercial vulnerability management solution.

The key features provided by Greenbone Vulnerability Management include the following:

  • Ease of use: GVM is designed to be user-friendly and easy to use, with a web-based user interface that allows users to manage and configure the system, view scan results, and generate reports.
  • Risk prioritization: GVM uses a proprietary risk scoring system to prioritize vulnerabilities based on their severity, potential impact on the organization, and other factors.
  • Comprehensive vulnerability database: GVM maintains a regularly updated database of vulnerability checks that enable the system to detect the latest known vulnerabilities.
  • Vulnerability scanning: GVM offers a variety of scanning techniques, including network-based scans, authenticated scans, and unauthenticated scans, to identify potential vulnerabilities in networks, systems, and applications.
  • Customizable reporting: GVM provides various reporting options, allowing users to generate customized reports that highlight vulnerabilities and provide remediation guidance.
  • Integration with other security tools: GVM integrates with a range of security tools, including security information and event management (SIEM) solutions and intrusion detection systems (IDS), to provide a more comprehensive security posture.
  • Scalability: GVM is highly scalable and can be used to manage vulnerabilities across small to large enterprise environments.

This guide demonstrates how to run Greenbone Vulnerability Management in Docker Container. Running GVM in docker is preferred because the container ships all the required components to create a scanner. These include:

  • gvmd – the Greenbone Vulnerability Management daemon
  • openvas scanner – the scanner component of GVM
  • ospd – the Openvas scanner protocol daemon
  • notusscanner – the new piece from Greenbone that handles the local scans of machines.
  • PostgreSQL – the database backend for the scanner and gvm
  • Redis – an in-memory database store used by gvmd
  • postfix mail server for delivering email notices from GVM
  • A copy of the baseline data feeds and associated database
  • Option to restore from existing PostgreSQL database dump
  • Option to skip the data sync on startup
  • Proper database shutdown on container stop to prevent db corruption.

Let’s dive in!

Prerequisites

This guide requires you to have the Docker Engine installed. This can be accomplished by following the aid provided in the below guide:

Once installed and running, add your system user, to the Docker group using the command:

sudo usermod -aG docker $USER
newgrp docker

Check the installed version:

$ docker version
Client: Docker Engine - Community
 Version:           23.0.1
 API version:       1.42
 Go version:        go1.19.5
 Git commit:        a5ee5b1
 Built:             Thu Feb  9 19:46:56 2023
 OS/Arch:           linux/amd64
 Context:           default

Server: Docker Engine - Community
 Engine:
  Version:          23.0.1
  API version:      1.42 (minimum version 1.12)
  Go version:       go1.19.5
  Git commit:       bc3805a
  Built:            Thu Feb  9 19:46:56 2023
  OS/Arch:          linux/amd64
  Experimental:     false
 containerd:
  Version:          1.6.18
  GitCommit:        2456e983eb9e37e47538f59ea18f2043c9a73640
 runc:
  Version:          1.1.4
  GitCommit:        v1.1.4-0-g5fd4c4d
 docker-init:
  Version:          0.19.0
  GitCommit:        de40ad0

Also, install Docker-compose using the guide:

1. Create a Persistent Storage for GVM

For data to persist even when the container is restarted, you need to have persistent storage created for the container.

First, create a local directory to be used as storage:

sudo mkdir -p /greenbone/data

Set the required permissions:

sudo chmod 775 -R /greenbone/data
sudo chown -R $USER:docker /greenbone/data

On Rhel-based systems, configure SELinux as shown:

sudo setenforce 0
sudo sed -i 's/^SELINUX=.*/SELINUX=permissive/g' /etc/selinux/config

Now create a docker volume using the above directory:

docker volume create --driver local \
     --opt type=none \
     --opt device=/greenbone/data \
     --opt o=bind openvas

Now you can verify the creation:

$ docker volume list
DRIVER    VOLUME NAME
local     openvas

We have a docker volume openvas for our container.

2. Run Greenbone Vulnerability Management in Docker Container

Now we can run GVM in Docker Containers using the persistent storage. You can directly run the container using the Docker CLI as shown:

docker run -d \
  --publish 8080:9392 \
  -e PASSWORD="Str0ngPassw0rdHere" \
  --volume openvas:/data \
  --name openvas \
  immauss/openvas

You need to replace your password with the preferred password string for the default admin user.

But for production environments, it is preferred to spin docker containers using docker-compose. For that case, you need the Docker Compose YAML.

This can be pulled from the Greenbone Git repo as shown:

git clone https://github.com/immauss/openvas.git
cd openvas/compose

Now, in the directory, there are two files. Here, we will use the docker-compose.yml . This file has the below contents.

$ vim docker-compose.yml
version: "3"
services:
  openvas:
    ports:
      - "8080:9392"
    environment:
      - "PASSWORD=admin"
      - "USERNAME=admin"
      - "RELAYHOST=172.17.0.1"
      - "SMTPPORT=25"
      - "REDISDBS=512" # number of Redis DBs to use
      - "QUIET=false"  # dump feed sync noise to /dev/null
      - "NEWDB=false"  # only use this for creating a blank DB 
      - "SKIPSYNC=true" # Skips the feed sync on startup.
      - "RESTORE=false"  # This probably not be used from compose... see docs.
      - "DEBUG=false"  # This will cause the container to stop and not actually start gvmd
      - "HTTPS=false"  # wether to use HTTPS or not
    volumes:
      - "openvas:/data"
    container_name: openvas
    image: immauss/openvas:$TAG
volumes:
  openvas:

The file contains several variables:

  • RELAYHOST : The IP address or hostname of the email relay to send emails through. Default = 172.17.01 (This is the default for the docker host.
  • SMTPPORT : The TCP port for the RELAYHOST. Default = 25
  • REDISDBS : Number or Redis databases to allow.
  • QUIET : During container start, the data feed synchronization can be quite noisy. Setting this to ‘true’ will silence all of that output. Default = false
  • SKIPSYNC : If you would prefer to skip the data feed synchronizations on container start, then set this to true
  • RESTORE : Set this to true in order to use the database restore function. After the DB is restored, the container will ex

There is also the .env file that contains the variables for the deployment. Modify it as shown:

$ vim .env
TAG="latest"

Once desired changes have been made, start the container with the command:

docker-compose up -d

Sample Output:

[+] Running 23/23
 ✔ openvas 22 layers [⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿]      0B/0B      Pulled                                                                                                                    60.9s 
   ✔ 001c52e26ad5 Pull complete                                                                                                                                                         17.3s 
   ✔ 5a254d26d130 Pull complete                                                                                                                                                         17.4s 
   ✔ 67121d74f31d Pull complete                                                                                                                                                         49.2s 
   ✔ b02899d9d752 Pull complete                                                                                                                                                         49.3s 
   .....
   ✔ 5cf13e0e89ce Pull complete                                                                                                                                                         52.0s 
   ✔ 45fcec80dad4 Pull complete                                                                                                                                                         58.7s 
   ✔ 4f4fb700ef54 Pull complete                                                                                                                                                         58.9s 
   ✔ 18f25eac85c8 Pull complete                                                                                                                                                         59.0s 
[+] Running 3/3
 ✔ Network compose_default   Created                                                                                                                                                     0.2s 
 ✔ Volume "compose_openvas"  Created                                                                                                                                                     0.0s 
 ✔ Container openvas         Started                                                                                                                                                     1.0s 

Verify if the container is running:

$ docker ps
CONTAINER ID   IMAGE             COMMAND               CREATED         STATUS                   PORTS                                       NAMES
7387a4775ec9   immauss/openvas   "/scripts/start.sh"   4 minutes ago   Up 4 minutes (healthy)   0.0.0.0:8080->9392/tcp, :::8080->9392/tcp   openvas

3. Access Greenbone Vulnerability Management

Once installed and running, access the Greenbone Vulnerability Management web UI on port 8080 using the URL http://IP_Address:8080. Login using the created creds.

Greenbone Vulnerability Management in Docker Container

Once authenticates, you will see the below page.

Greenbone Vulnerability Management in Docker Container 1

To be able to perform scans, we need to add Targets to GVM. Navigate to Configuration–>Targets

Greenbone Vulnerability Management in Docker Container 2

We will then add a target as shown:

Greenbone Vulnerability Management in Docker Container 3

Once added, we will create a scan task. Navigate to ScansTasks

Greenbone Vulnerability Management in Docker Container 4

Add a new task for the added target as shown.

Greenbone Vulnerability Management in Docker Container 5

Now start the task.

Greenbone Vulnerability Management in Docker Container 6

Once complete, you will see this.

Greenbone Vulnerability Management in Docker Container 7

View all the scan results as shown.

Greenbone Vulnerability Management in Docker Container 8

Verdict

Today we have learned how to run Greenbone Vulnerability Management in Docker Container. I hope this was of value to you.

See more on this page:

.tdi_4.td-a-rec{text-align:center}.tdi_4 .td-element-style{z-index:-1}.tdi_4.td-a-rec-img{text-align:left}.tdi_4.td-a-rec-img img{margin:0 auto 0 0}@media(max-width:767px){.tdi_4.td-a-rec-img{text-align:center}}

RELATED ARTICLES

Most Popular

Recent Comments