GVM deployment

Introduction

This project proposes and implements the following deployment of Greenbone Vulnerability Management using Docker containers.

Docker images

The project builds the following docker images:

Greenbone Vulnerability Manager versio built based on admirito's GVM PPA.
PostgreSQL 12 Database with libgvm-pg-server built based on admirito's GVM PPA
Greenbone Security Assistant built from https://github.com/greenbone/gsa.git.
OpenVAS scanner built from https://github.com/greenbone/openvas.git.

Development

For testing and development, you can deploy the GVM components with docker-compose.

Run gvm-postgres, gvmd, gsad, openvas, and redis services:

docker-compose -f docker-compose.yml up

GSA dashboard will then be accessible on http://localhost:8080.

To run NVT data sync:

docker-compose -f docker-compose.yml -f nvt-sync.yml up

To run SCAP data sync:

docker-compose -f docker-compose.yml -f scap-sync.yml up

To run CERT data sync:

docker-compose -f docker-compose.yml -f cert-sync.yml up

To add a remote OpenVAS scanner:

Generate certificates for the new scanner:

docker-compose -f docker-compose.yml -f scanner-certs.yml up

Create the scanner container:

docker-compose -f docker-compose.yml -f remote-scanner.yml up

Add the scanner to GVM:

$ docker exec -it gvm-deployment_gvmd_1 ./add-scanner.sh
Scanner Name: openvas-1
Scanner Host: openvas-1
Scanner Port [9390]:
Scanner Type [OpenVAS]:
Scanner CA certificate [/usr/var/lib/gvm/cacert.pem]:
Scanner public key [/usr/var/lib/gvm/cert.pem]:
Scanner private key [/usr/var/lib/gvm/key.pem]:
Adding scanner openvas-1...
md   main:MESSAGE:2020-10-09 16h15.55 utc:1349:    Greenbone Vulnerability Manager version 9.0.1 (DB revision 221)
md manage:   INFO:2020-10-09 16h15.55 utc:1349:    Creating scanner.
md manage:WARNING:2020-10-09 16h15.55 utc:1349: database must be initialised from scanner
util gpgme:MESSAGE:2020-10-09 16h16.01 utc:1349: Setting GnuPG dir to '/var/lib/gvm/gvmd/gnupg'
util gpgme:MESSAGE:2020-10-09 16h16.01 utc:1349: Using OpenPGP engine version '2.2.19'
Scanner created.

Production

To deploy GVM components in Kubernetes cluster for production, use the helm chart described in chart/README.

Resources

https://github.com/admirito/gvm-containers

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Repository files navigation

GVM deployment

Introduction

Docker images

Development

Production

Resources

About

Releases

Packages

Contributors 3

Languages

Name		Name	Last commit message	Last commit date
Latest commit History 141 Commits
chart		chart
gsad		gsad
gvm-postgres		gvm-postgres
gvmd		gvmd
openvas		openvas
.gitignore		.gitignore
.gitlab-ci.yml		.gitlab-ci.yml
README.md		README.md
cert-sync.yml		cert-sync.yml
docker-compose.yml		docker-compose.yml
nvt-sync.yml		nvt-sync.yml
remote-scanner.yml		remote-scanner.yml
scanner-certs.yml		scanner-certs.yml
scap-sync.yml		scap-sync.yml

wh330/GVM-Deployment

Folders and files

Latest commit

History

Repository files navigation

GVM deployment

Introduction

Docker images

Development

Production

Resources

About

Topics

Resources

Stars

Watchers

Forks

Releases

Packages 0

Contributors 3

Languages

Packages