Skip to content

admirito/gvm-containers

Repository files navigation

gvm-containers

Introduction

This is the Git repo of the tools to deploy Greenbone Vulnerability Management with containers. It is based on the Greenbone Source Edition (GSE) open source project.

Docker

The source code of admirito’s unofficial docker images for Greenbone Vulnerability Management 22–which is based on admirito’s GVM PPA–is hosted on this repo. It contains the source for the following docker images:

  • gvmd: Greenbone Vulnerability Manager
  • openvas-scanner: OpenVAS remote network security scanner
  • gsad: Greenbone Security Assistant
  • gvm-postgres: PostgreSQL 14 Database with postgresql-14-gvm extension to be used by gvmd

To setup the GVM system with docker-compose, first clone the repo and issue docker-compose up commands to download and synchronize the data feeds required by the GVM:

git clone https://github.com/admirito/gvm-containers.git

cd gvm-containers

docker-compose -f nvt-sync.yml up
docker-compose -f cert-sync.yml up
docker-compose -f scap-sync.yml up
docker-compose -f gvmd-data-sync.yml up

Then, you can run GVM services with a simple docker-compose up command. The initialization process can take a few minutes for the first time:

# in the gvm-containers directory
docker-compose up

## docker images of a specific version can also be specified with
## an environment variable (for more information take a look at the
## .env file):
# GVM_VERSION=22 docker-compose up

The Greenbone Security Assistant gsad port is exposed on the host’s port 8080. So you can access it from http://localhost:8080.

Helm Chart

A helm chart for deploying the docker images on kubernetes is also available. To install GVM on a kubernetes cluster, first create a namespace and then install the helm chart:

kubectl create namespace gvm

helm install gvm \
    https://github.com/admirito/gvm-containers/releases/download/chart-1.3.0/gvm-1.3.0.tgz \
    --namespace gvm --set gvmd-db.postgresqlPassword="mypassword"

By default a cron job with a @daily schedule will be created to update the GVM feeds. You can also enable a helm post installation hook to perform the feeds synchronization before the installation is complete by adding --timeout 90m --set syncFeedsAfterInstall=true arguments to the helm install command. Of course, this will slow down the installation process considerably, although you can view the feeds sync post installation progress by kubectl logs command:

NS=gvm

kubectl logs -n $NS -f $(kubectl get pod -n $NS -l job-name=gvm-feeds-sync -o custom-columns=:metadata.name --no-headers)

Please note that feed.community.greenbone.net servers will only allow only one feed sync per time so you should avoid running multiple feed sync jobs, otherwise the source ip will be temporarily blocked. So if you are enabling syncFeedsAfterInstall you have to make sure the cron job will not be scheduled during the post installation process.

For more information and see other options please read the chart/README.org.