merging

immauss · Jul 23, 2023 · d3ca83f · d3ca83f
2 parents 232da00 + cc6ab5d
commit d3ca83f
Show file tree

Hide file tree

Showing 6 changed files with 92 additions and 29 deletions.
diff --git a/Readme.md b/Readme.md
@@ -16,16 +16,46 @@
 # Docker Tags  #
 tag              | Description
 ----------------|-------------------------------------------------------------------
-22.4.19 | This is the latest based on GVMd 22.5.3 available on x86_64, arm64, and armv7.
+22.4.21 | This is the latest based on GVMd 22.5.4 available on x86_64, arm64, and armv7.
 21.04.09 | This is the last 21.4 build.  
 20.08.04.6 | The last 20.08 image
 pre-20.08   | This is the last image from before the 20.08 update. 
 v1.0             | old out of date image for posterity. (Dont` use this one. . . . ever)
 
+# Greenbone Versions in Latest image: #
+Component | Version | | Component | Version
+----------|----------|-|----------|---------
+|pg_gvm|v22.5.1| |gvmd|v22.5.5|
+|notus_scanner|v22.5.0| |openvas|v22.7.3|
+|openvas_smb|v22.5.3| |gvm_libs|v22.6.3|
+|openvas_scanner|v22.7.3| |gsad|v22.5.1|
+|gsa|v22.5.0| |ospd|v21.4.4|
+|ospd_openvas|v22.5.3| |python_gvm|v23.5.1|
+|gvm_tools|v23.4.0| |greenbone_feed_sync|v23.7.0|
+
+
 
 - - - -
 ## Documentation ##
-The current docs are maintained on github [here](https://immauss.github.io/openvas/)
+The current container docs are maintained on github [here](https://immauss.github.io/openvas/)
+
+For docs on the web interface and scanning, use Greenbone's docs [here](https://docs.greenbone.net/GSM-Manual/gos-22.04/en/). Chapter's 8-14 cover the bits you'll need.
+- - - - 
+# 21 July 2023 #
+## 22.4.21 ##
+It's been a busy month. This latest release updates the openvas-scanner to prevent the "out-of-date" scanner warnings. There is also currently a bug with GSA that is preventing user creation from the web interface. GB has resolved the issue, but it has not been released yet. In the interim, if you need to create a new user, use the following:
+```
+docker exec -it -u gvm openvas gvmd --role="Admin" --create-user="$USERNAME" --password="$PASSWORD"
+```
+
+-Scott
+
+# 13 July  2023 #
+##  22.4.20 ##
+
+GB pushed a new gmvd (22.5.4) that resolved some issues with PostgreSQL connections.
+
+-Scott
 - - - - 
 # 9 July 2023 #
 ## 22.4.19 ##

diff --git a/bin/get-gvm-releases.sh b/bin/get-gvm-releases.sh
@@ -4,16 +4,34 @@ echo "Checking github for the latest releases."
 rm build.rc
 # Source the api token
 . .token
-for repo in pg-gvm notus-scanner gvmd openvas openvas-smb gvm-libs openvas-scanner gsad gsa ospd ospd-openvas; do
-
+COUNT=0
+rm versions.md
+echo "# Greenbone Versions in Latest image: #
+Component | Version | | Component | Version
+----------|----------|-|----------|---------" > versions.md
+for repo in pg-gvm notus-scanner gvmd openvas openvas-smb gvm-libs openvas-scanner gsa gsad ospd ospd-openvas ; do 
 	VERSION=$(curl -s -H "Authorization: token $Oauth" -L https://api.github.com/repos/greenbone/$repo/releases/latest |  jq -r ".assets[].browser_download_url" | sed "s/^.*download\/\(v.*\)\/.*$/\1/" | head -1)
 	echo "$repo current version is $VERSION"
 	VAR=$( echo $repo | tr - _ )
 	echo "$VAR=$VERSION" >> build.rc
+	COUNT=$( expr $COUNT + 1 )
+	LF=$( expr $COUNT % 2)
+	if [ $LF -eq 1 ]; then
+		echo -n "| $VAR | $VERSION |" >> versions.md
+	else
+		echo " | $VAR | $VERSION |" >> versions.md
+	fi	
 done
 for repo in python-gvm gvm-tools greenbone-feed-sync; do 
-	python_gvm=$(curl -s -H "Authorization: token $Oauth" -L https://api.github.com/repos/greenbone/$repo/releases/latest | jq -r ".tarball_url" | awk -F/ '{print $NF}' )
-	echo "$repo current version is $python_gvm"
+	VERSION=$(curl -s -H "Authorization: token $Oauth" -L https://api.github.com/repos/greenbone/$repo/releases/latest | jq -r ".tarball_url" | awk -F/ '{print $NF}' )
+	echo "$repo current version is $VERSION"
 	VAR=$(echo $repo | tr - _ )
-	echo "$VAR=$python_gvm" >> build.rc
+	echo "$VAR=$VERSION" >> build.rc
+	COUNT=$( expr $COUNT + 1 )
+	LF=$( expr $COUNT % 2)
+	if [ $LF -eq 1 ]; then
+		echo -n "| $VAR | $VERSION |" >> versions.md
+	else
+		echo " | $VAR | $VERSION |" >> versions.md
+	fi	
 done
diff --git a/build.rc b/build.rc
@@ -5,8 +5,8 @@ openvas=v22.7.3
 openvas_smb=v22.5.3
 gvm_libs=v22.6.3
 openvas_scanner=v22.7.3
-gsad=v22.5.1
 gsa=v22.5.0
+gsad=v22.5.1
 ospd=v21.4.4
 ospd_openvas=v22.5.3
 python_gvm=v23.5.1

diff --git a/compose/.env b/compose/.env
@@ -1 +1 @@
-TAG="22.4.18"
+TAG="22.4.21"
diff --git a/docs/Readme.md b/docs/Readme.md
@@ -17,25 +17,25 @@ The Greenbone Source code can be found at:
 [Greenbone Source Code](https://github.com/greenbone)
 
 The advantages of the Immauss container image vs the Greenbone images:
-- Able to run a full scanner in a sinlge image with or without volumes. 
+- Able to run a full scanner in a single image with or without volumes. 
 - Image contains a full database.
-- Speed to scanning. The Immauss image can be up and scanning in 15-20 minutes. ( With sufficent machine resources).
+- Speed to scanning. The Immauss image can be up and scanning in 15-20 minutes. ( With sufficient machine resources).
 - The image on docker hub is updated weekly to ensure the database is up to date.
 
-The the latest image is based on GVM 22.4.x  In single container mode, it runs all the components needed to create a scanner in a single container including:
-- gvmd - the Greenbone Vulnerability Managedment daemon
+The latest image is based on GVM 22.5.x  In single container mode, it runs all the components needed to create a scanner in a single container including:
+- gvmd - the Greenbone Vulnerability Management daemon
 - openvas scanner - the scanner component of GVM
-- ospd - the openvas scanner protocal daemon
+- ospd - the openvas scanner protocol daemon
 - notusscanner - the new piece from Greenbone that handles the local scans of machines.
 - postgresql - the database backend for the scanner and gvm
-- redis - in memory database store used by gvmd 
+- redis - in-memory database store used by gvmd 
 - postfix mail server for delivering email notices from GVM
 - A copy of the baseline data feeds and associated database
-- Option to restore from existing postgresql database dump
+- Option to restore from existing Postgresql database dump
 - Option to skip the data sync on startup
 - Proper database shutdown on container stop to prevent db corruption. 
 
-In multi-container mode it creates individual containers for each of the components. Since most of the Greenbone components utlize unix sockets for comunication, the contianers share a volume (the default name is: ovasrun) soley for the sharing of the sokets.`
+In multi-container mode, it creates individual containers for each of the components. Since most of the Greenbone components utilize unix sockets for communication, the containers share a volume (the default name is: ovasrun) solely for the sharing of the sockets.`
 
 ## Deployment
 
@@ -83,7 +83,7 @@ There is also a script in the container that will initiate the sync.
 ```
 /scripts/sync.sh
 ```
-You can run the sync at anytime on a running container with:
+You can run the sync at any time on a running container with:
 ```
 docker exec -it <container-name> /scripts/sync.sh
 ```
@@ -94,9 +94,9 @@ docker exec -it <container-name> /scripts/sync.sh
 	- /compose/docker-compose.yml
 	- /multi-container/docker-compose.yml
 
-  The 'yml' in /compose is a single container immplementation. The 'yml' in /multi-container is for  .... multiple containers. Both utilize a '.env" file. You can set the docker tag in the ".env" file.
+  The 'yml' in /compose is a single container implementation. The 'yml' in /multi-container is for  .... multiple containers. Both utilize a '.env" file. You can set the docker tag in the ".env" file.
 
-	To utilze the docker-compose.yml files, change to the desired directory and run:
+	To utilize the docker-compose.yml files, change to the desired directory and run:
 ```
 docker-compose up -d
 ```
@@ -105,7 +105,7 @@ docker-compose up -d
 docker-compose up -d
 ```
 
-* For upgrades from major versions, ensure you are using the most recent docker-compose.yml for the git repo. For instance, from  21.4 -> 22.4, the notus scanner was added. If you do not utilize the new docker-compose.yml with the mulit-container "yml", then there will be no container with the "notuscanner". *
+* For upgrades from major versions, ensure you are using the most recent docker-compose.yml for the git repo. For instance, from  21.4 -> 22.4, the notus scanner was added. If you do not utilize the new docker-compose.yml with the multi-container "yml", then there will be no container with the "notuscanner". *
 
 
 # Database backup
@@ -132,7 +132,7 @@ docker run -it -e RESTORE=true -v <path to backupfile>:/usr/lib/db-backup.sql --
 
 # Full backup 
 
-There are a number of crucial items not stored in the database such as encryption keys for credentials, SSL certificates etc. All of these will however be stored on the persitent volume located in /data of the container filesystem. The easiest way to backup the entireity of the volume is shutdown the openvas container and use a new container to create the backup. This is the safest way to create the backup to ensure no files are changed during the backup process. The below commands assume a container name of openvas-prod and a volume name of openvas. 
+There are a number of crucial items not stored in the database such as encryption keys for credentials, SSL certificates etc. All of these will however be stored on the persistent volume located in /data of the container filesystem. The easiest way to backup the entirety of volume is shutdown the openvas container and use a new container to create the backup. This is the safest way to create the backup to ensure no files are changed during the backup process. The below commands assume a container name of openvas-prod and a volume name of openvas. 
 
 **Stop the running container**
 ```
@@ -146,7 +146,7 @@ docker run -it --rm -v openvas:/opt -v $(pwd):/mnt alpine /bin/sh -c "cd /opt; t
 ```
 docker start openvas-prod
 ```
-* Note: alpine is very lightweight linux container which is well suited for this purpose.
+* Note: alpine is a very lightweight Linux container which is well-suited for this purpose.
 
 # Full restoral
 
@@ -159,9 +159,14 @@ Then extract the backup into the volume with alpine.
 ```
 docker run --rm -it -v <path to backup file>:/backup.tar.gz -v openvas:/mnt alpine /bin/sh -c "cd /mnt; tar xvf /backup.tar.gz"
 ```
+# Scripting
+
+It's possible to interact with gvmd via custom scripts and scripts provided by Greenbone. If you are running openvas/gvmd on a single machine, then the scripts will usually communicate with gvmd via socket. With it running in the container, you would need to copy the scripts into the container to run them. Alternatively, your scripts can communicate with gvmd via tcp on port 9390.  The easiest way to do this is to tell docker to expose the port by adding ''' -p 9390:9390 ''' to the start command. This forwards port 9390 on your host machine to port 9390 on the container. Now you should be able to send the connection to the IP of your host computer and and script will connect to the container.
+
+Alternatively, you  could start a new container with the scripts installed on the same docker network, and have the script connect to the container IP on port 9390.
 
 # Options
-The following options can be set as environement variables when starting the container. To set an environement variable use "-e": 
+The following options can be set as environment variables when starting the container. To set an environment variable use "-e": 
 
 - USERNAME : Use a different default username. Default = admin
 ``` 
@@ -172,30 +177,30 @@ The following options can be set as environement variables when starting the con
  -e PASSWORD='<password>'
 ```
 ## Important note about USERNAME and PASSWORD
-**You should only use these for initial setup of the container. Always change the password aftewards. If you start the container from the command line with the PASSWORD env set, then the password is readily readible in your command history and in /proc etc ....**
+**You should only use these for the initial setup of the container. Always change the password afterward. If you start the container from the command line with the PASSWORD env set, then the password is readily readable in your command history and in /proc etc ....**
 **If you choose to create a new user at startup, the "admin" user will still exist with the default admin password. The admin user is needed as it is the owner of the "feed import process" and gvmd will not let it be deleted. Make sure you change the password for admin in this scenario. 
 you have been warned.  :)
-- RELAYHOST : The IP address or hostname of the email relay to send emails through. Default = 172.17.01 (This is default for the docker host. If you are running the mail relay on your docker host, this should work, but you will need to make sure you allow the conections through the host`s firewall/iptables)
+- RELAYHOST : The IP address or hostname of the email relay to send emails through. Default = 172.17.01 (This is default for the docker host. If you are running the mail relay on your docker host, this should work, but you will need to make sure you allow the connections through the host`s firewall/iptables)
 ```
 -e RELAYHOST=mail.example.com 
 ```
 - SMTPPORT : The TCP port for the RELAYHOST. Default = 25
 ```
 -e SMTPPORT=25
 ```
-- REDISDBS : Number or redis databases to allow. (This was specific user request. In somecases, when running scans against a large number of targets, the default can be low and increasing the nubmer of redis databases can improve scan performance.) Default = 512
+- REDISDBS : Number or redis databases to allow. (This was a specific user request. In some cases, when running scans against a large number of targets, the default can be low, and increasing the number of redis databases can improve scan performance.) Default = 512
 ```
 -e REDISDBS=512
 ```
 - QUIET : During container start, the data feed synchronization can be quite noisy. Setting this to 'true' will silence all of that output.  Default = false
 ```
 -e QUIET=true
 ```
-- SKIPSYNC : If you would prefer to skip the data feed synchronizations on container start, then set this to true. Thils will get the scanner operational faster, at the cost of using what might be slightly out of date NVTs. Default = false
+- SKIPSYNC : If you would prefer to skip the data feed synchronizations on container start, then set this to true. This will get the scanner operational faster, at the cost of using what might be slightly out-of-date NVTs. Default = false
 ```
 -e SKIPSYNC=true
 ```
-- RESTORE : Set this to true to in order to use the database restore function. After the db is restored, the container will exit. This is to prevent the possiblity of container restart with the RESTORE option still set which would again restore the DB from the backup file. (See Restore section above for more details) Default = false
+- RESTORE : Set this to true to in order to use the database restore function. After the db is restored, the container will exit. This is to prevent the possibility of container restart with the RESTORE option still set which would again restore the DB from the backup file. (See the Restore section above for more details) Default = false
 ```
 -e RESTORE=true
 ```

diff --git a/versions.md b/versions.md
@@ -0,0 +1,10 @@
+# Greenbone Versions in Latest image: #
+Component | Version | | Component | Version
+----------|----------|-|----------|---------
+| pg_gvm | v22.5.1 | | notus_scanner | v22.5.0 |
+| gvmd | v22.5.5 | | openvas | v22.7.3 |
+| openvas_smb | v22.5.3 | | gvm_libs | v22.6.3 |
+| openvas_scanner | v22.7.3 | | gsa | v22.5.0 |
+| gsad | v22.5.1 | | ospd | v21.4.4 |
+| ospd_openvas | v22.5.3 | | python_gvm | v23.5.1 |
+| gvm_tools | v23.4.0 | | greenbone_feed_sync | v23.7.0 |