Vulnerability management is the process of identifying, assessing, prioritizing, and mitigating security vulnerabilities in an organization’s systems, applications, and networks. The goal of vulnerability management is to proactively reduce the likelihood of a successful cyber attack by identifying and remedying vulnerabilities before they can be exploited by attackers.
There are many popular vulnerability management tools available today, each with its own unique set of features and capabilities. Some of the most widely used vulnerability management tools include; Nessus, Qualys, Rapid7 Nexpose, Tenable.io, Microsoft Defender for Endpoint, OpenVAS etc.
Greenbone Vulnerability Management (GVM) is an open-source vulnerability management platform that provides comprehensive vulnerability scanning and management capabilities for networks, systems, and applications. GVM is based on the Open Vulnerability Assessment System (OpenVAS), an open-source vulnerability scanner, and offers a range of features for identifying, prioritizing, and mitigating vulnerabilities.
GVM consists of several components, including:
- Greenbone Security Assistant (GSA): A web-based user interface that allows users to manage and configure the GVM system, as well as view and analyze vulnerability scan results.
- Greenbone Vulnerability Manager (GVM): A management server that controls the scanning process and provides centralized storage of vulnerability data.
- OpenVAS Scanner: A vulnerability scanner that identifies vulnerabilities in networks, systems, and applications.
- Greenbone Security Feed: A regularly updated database of vulnerability checks that enable the GVM system to detect the latest known vulnerabilities.
GVM supports a range of scanning techniques, That include network-based scans, authenticated scans, and unauthenticated scans. It also provides a variety of reporting options, allowing users to generate customized reports that highlight vulnerabilities and provide remediation guidance.
The key benefit of GVM is its open-source nature, which allows organizations to customize and extend the platform to meet their specific needs. GVM is also well suited for small to medium-sized organizations that require robust vulnerability management capabilities but may not have the resources to invest in a commercial vulnerability management solution.
The key features provided by Greenbone Vulnerability Management include the following:
- Ease of use: GVM is designed to be user-friendly and easy to use, with a web-based user interface that allows users to manage and configure the system, view scan results, and generate reports.
- Risk prioritization: GVM uses a proprietary risk scoring system to prioritize vulnerabilities based on their severity, potential impact on the organization, and other factors.
- Comprehensive vulnerability database: GVM maintains a regularly updated database of vulnerability checks that enable the system to detect the latest known vulnerabilities.
- Vulnerability scanning: GVM offers a variety of scanning techniques, including network-based scans, authenticated scans, and unauthenticated scans, to identify potential vulnerabilities in networks, systems, and applications.
- Customizable reporting: GVM provides various reporting options, allowing users to generate customized reports that highlight vulnerabilities and provide remediation guidance.
- Integration with other security tools: GVM integrates with a range of security tools, including security information and event management (SIEM) solutions and intrusion detection systems (IDS), to provide a more comprehensive security posture.
- Scalability: GVM is highly scalable and can be used to manage vulnerabilities across small to large enterprise environments.
This guide demonstrates how to run Greenbone Vulnerability Management in Docker Container. Running GVM in docker is preferred because the container ships all the required components to create a scanner. These include:
- gvmd – the Greenbone Vulnerability Management daemon
- openvas scanner – the scanner component of GVM
- ospd – the Openvas scanner protocol daemon
- notusscanner – the new piece from Greenbone that handles the local scans of machines.
- PostgreSQL – the database backend for the scanner and gvm
- Redis – an in-memory database store used by gvmd
- postfix mail server for delivering email notices from GVM
- A copy of the baseline data feeds and associated database
- Option to restore from existing PostgreSQL database dump
- Option to skip the data sync on startup
- Proper database shutdown on container stop to prevent db corruption.
Let’s dive in!
Prerequisites
This guide requires you to have the Docker Engine installed. This can be accomplished by following the aid provided in the below guide:
Once installed and running, add your system user, to the Docker group using the command:
sudo usermod -aG docker $USER
newgrp dockerCheck the installed version:
$ docker version
Client: Docker Engine - Community
Version: 23.0.1
API version: 1.42
Go version: go1.19.5
Git commit: a5ee5b1
Built: Thu Feb 9 19:46:56 2023
OS/Arch: linux/amd64
Context: default
Server: Docker Engine - Community
Engine:
Version: 23.0.1
API version: 1.42 (minimum version 1.12)
Go version: go1.19.5
Git commit: bc3805a
Built: Thu Feb 9 19:46:56 2023
OS/Arch: linux/amd64
Experimental: false
containerd:
Version: 1.6.18
GitCommit: 2456e983eb9e37e47538f59ea18f2043c9a73640
runc:
Version: 1.1.4
GitCommit: v1.1.4-0-g5fd4c4d
docker-init:
Version: 0.19.0
GitCommit: de40ad0
Also, install Docker-compose using the guide:
1. Create a Persistent Storage for GVM
For data to persist even when the container is restarted, you need to have persistent storage created for the container.
First, create a local directory to be used as storage:
sudo mkdir -p /greenbone/dataSet the required permissions:
sudo chmod 775 -R /greenbone/data
sudo chown -R $USER:docker /greenbone/dataOn Rhel-based systems, configure SELinux as shown:
sudo setenforce 0
sudo sed -i 's/^SELINUX=.*/SELINUX=permissive/g' /etc/selinux/configNow create a docker volume using the above directory:
docker volume create --driver local \
--opt type=none \
--opt device=/greenbone/data \
--opt o=bind openvasNow you can verify the creation:
$ docker volume list
DRIVER VOLUME NAME
local openvasWe have a docker volume openvas for our container.
2. Run Greenbone Vulnerability Management in Docker Container
Now we can run GVM in Docker Containers using the persistent storage. You can directly run the container using the Docker CLI as shown:
docker run -d \
--publish 8080:9392 \
-e PASSWORD="Str0ngPassw0rdHere" \
--volume openvas:/data \
--name openvas \
immauss/openvasYou need to replace your password with the preferred password string for the default admin user.
But for production environments, it is preferred to spin docker containers using docker-compose. For that case, you need the Docker Compose YAML.
This can be pulled from the Greenbone Git repo as shown:
git clone https://github.com/immauss/openvas.git
cd openvas/composeNow, in the directory, there are two files. Here, we will use the docker-compose.yml . This file has the below contents.
$ vim docker-compose.yml
version: "3"
services:
openvas:
ports:
- "8080:9392"
environment:
- "PASSWORD=admin"
- "USERNAME=admin"
- "RELAYHOST=172.17.0.1"
- "SMTPPORT=25"
- "REDISDBS=512" # number of Redis DBs to use
- "QUIET=false" # dump feed sync noise to /dev/null
- "NEWDB=false" # only use this for creating a blank DB
- "SKIPSYNC=true" # Skips the feed sync on startup.
- "RESTORE=false" # This probably not be used from compose... see docs.
- "DEBUG=false" # This will cause the container to stop and not actually start gvmd
- "HTTPS=false" # wether to use HTTPS or not
volumes:
- "openvas:/data"
container_name: openvas
image: immauss/openvas:$TAG
volumes:
openvas:The file contains several variables:
- RELAYHOST : The IP address or hostname of the email relay to send emails through. Default = 172.17.01 (This is the default for the docker host.
- SMTPPORT : The TCP port for the RELAYHOST. Default = 25
- REDISDBS : Number or Redis databases to allow.
- QUIET : During container start, the data feed synchronization can be quite noisy. Setting this to ‘true’ will silence all of that output. Default = false
- SKIPSYNC : If you would prefer to skip the data feed synchronizations on container start, then set this to true
- RESTORE : Set this to true in order to use the database restore function. After the DB is restored, the container will ex
There is also the .env file that contains the variables for the deployment. Modify it as shown:
$ vim .env
TAG="latest"Once desired changes have been made, start the container with the command:
docker-compose up -dSample Output:
[+] Running 23/23
✔ openvas 22 layers [⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿] 0B/0B Pulled 60.9s
✔ 001c52e26ad5 Pull complete 17.3s
✔ 5a254d26d130 Pull complete 17.4s
✔ 67121d74f31d Pull complete 49.2s
✔ b02899d9d752 Pull complete 49.3s
.....
✔ 5cf13e0e89ce Pull complete 52.0s
✔ 45fcec80dad4 Pull complete 58.7s
✔ 4f4fb700ef54 Pull complete 58.9s
✔ 18f25eac85c8 Pull complete 59.0s
[+] Running 3/3
✔ Network compose_default Created 0.2s
✔ Volume "compose_openvas" Created 0.0s
✔ Container openvas Started 1.0s Verify if the container is running:
$ docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
7387a4775ec9 immauss/openvas "/scripts/start.sh" 4 minutes ago Up 4 minutes (healthy) 0.0.0.0:8080->9392/tcp, :::8080->9392/tcp openvas3. Access Greenbone Vulnerability Management
Once installed and running, access the Greenbone Vulnerability Management web UI on port 8080 using the URL http://IP_Address:8080. Login using the created creds.
Once authenticates, you will see the below page.
To be able to perform scans, we need to add Targets to GVM. Navigate to Configuration–>Targets
We will then add a target as shown:
Once added, we will create a scan task. Navigate to Scans—Tasks
Add a new task for the added target as shown.
Now start the task.
Once complete, you will see this.
View all the scan results as shown.
Verdict
Today we have learned how to run Greenbone Vulnerability Management in Docker Container. I hope this was of value to you.
See more on this page: