mikesplain / openvas-docker Goto Github PK

A Docker container for Openvas

License: MIT License

Shell 15.80% Python 20.43% Dockerfile 63.77%

openvas docker shell docker-container security scan

openvas-docker's Introduction

OpenVAS image for Docker

A Docker container for OpenVAS on Ubuntu. By default, the latest images includes the OpenVAS Base as well as the NVTs and Certs required to run OpenVAS. We made the decision to move to 9 as the default branch since 8 seems to have many issues in docker. We suggest you use 9 as it is much more stable. Our Openvas9 build was designed to be a smaller image with fewer extras built in. Please note, OpenVAS 8 is no longer being built as OpenVAS 9 is now standard. The image is can still be pulled from the Docker hub, however the source has been removed in this github as is standard with deprecated Docker Images.

Openvas Version	Tag	Web UI Port
9	latest/9	443

Usage

Simply run:

# latest (9)
docker run -d -p 443:443 --name openvas mikesplain/openvas
# 9
docker run -d -p 443:443 --name openvas mikesplain/openvas:9

This will grab the container from the docker registry and start it up. Openvas startup can take some time (4-5 minutes while NVT's are scanned and databases rebuilt), so be patient. Once you see a It seems like your OpenVAS-9 installation is OK. process in the logs, the web ui is good to go. Goto https://<machinename>

Username: admin
Password: admin

To check the status of the process, run:

docker top openvas

In the output, look for the process scanning cert data. It contains a percentage.

To run bash inside the container run:

docker exec -it openvas bash

Specify DNS Hostname

By default, the system only allows connections for the hostname "openvas". To allow access using a custom DNS name, you must use this command:

docker run -d -p 443:443 -e PUBLIC_HOSTNAME=myopenvas.example.org --name openvas mikesplain/openvas

OpenVAS Manager

To use OpenVAS Manager, add port 9390 to you docker run command:

docker run -d -p 443:443 -p 9390:9390 --name openvas mikesplain/openvas

Volume Support

We now support volumes. Simply mount your data directory to /var/lib/openvas/mgr/:

mkdir data
docker run -d -p 443:443 -v $(pwd)/data:/var/lib/openvas/mgr/ --name openvas mikesplain/openvas

Note, your local directory must exist prior to running.

Set Admin Password

The admin password can be changed by specifying a password at runtime using the env variable OV_PASSWORD:

docker run -d -p 443:443 -e OV_PASSWORD=securepassword41 --name openvas mikesplain/openvas

Update NVTs

Occasionally you'll need to update NVTs. We update the container about once a week but you can update your container by execing into the container and running a few commands:

docker exec -it openvas bash
## inside container
greenbone-nvt-sync
openvasmd --rebuild --progress
greenbone-certdata-sync
greenbone-scapdata-sync
openvasmd --update --verbose --progress

/etc/init.d/openvas-manager restart
/etc/init.d/openvas-scanner restart

Docker compose (experimental)

For simplicity a docker-compose.yml file is provided, as well as configuration for Nginx as a reverse proxy, with the following features:

Nginx as a reverse proxy
Redirect from port 80 (http) to port 433 (https)
Automatic SSL certificates from Let's Encrypt
A cron that updates daily the NVTs

To run:

Change "example.com" in the following files:
Change the "OV_PASSWORD" enviromental variable in docker-compose.yml
Install the latest docker-compose
run docker-compose up -d

LDAP Support (experimental)

Openvas do not support full ldap integration but only per-user authentication. A workaround is in place here by syncing ldap admin user(defined by LDAP_ADMIN_FILTER ) with openvas admin users everytime the app start up. To use this, just need to specify the required ldap env variables:

docker run -d -p 443:443 -p 9390:9390 --name openvas -e LDAP_HOST=your.ldap.host -e LDAP_BIND_DN=uid=binduid,dc=company,dc=com -e LDAP_BASE_DN=cn=accounts,dc=company,dc=com -e LDAP_AUTH_DN=uid=%s,cn=users,cn=accounts,dc=company,dc=com -e LDAP_ADMIN_FILTER=memberOf=cn=admins,cn=groups,cn=accounts,dc=company,dc=com -e LDAP_PASSWORD=password -e OV_PASSWORD=admin mikesplain/openvas

Email Support

To configure the postfix server, provide the following env variables at runtime: OV_SMTP_HOSTNAME, OV_SMTP_PORT, OV_SMTP_USERNAME, OV_SMTP_KEY

docker run -d -p 443:443 -e OV_SMTP_HOSTNAME=smtp.example.com -e OV_SMTP_PORT=587 -e [email protected] -e OV_SMTP_KEY=g0bBl3de3Go0k --name openvas mikesplain/openvas

Contributing

I'm always happy to accept pull requests or issues.

Thanks

Thanks to hackertarget for the great tutorial: http://hackertarget.com/install-openvas-7-ubuntu/ Thanks to Serge Katzmann for contributing with some great work on OpenVAS 8: https://github.com/sergekatzmann/openvas8-complete

openvas-docker's People

Contributors

Stargazers

Watchers

Forkers

misteritguru linqiangl khzied cdwertmann codering danucalovj tuhaolam sdht0 genee-projects victoryu16 lz-securityteam leebraddy shinsec amismb syst0m lxj616 curtiszimmerman xieyixue banjin ssapym z0x010 1oosur jjediny 4sp1r3 sou-komatsu jsitech daedalus sergekatzmann xxoxx sai-kyaw rsundahl cyberwatch sc-pulsion devisnotnull poeblu lazzarello vinnix trypt1991 digideskio bluewang1211 hofry forsingh m0rpl1ng falegk berney zanyxdev mikalv emailbob slmint rthiago gitter-badger jdonigian dannylee12 stafot mgcfish pombredanne hktalent elisiano toecuta x-lhan fermium x-felix ottimo 4n6strider colinmollenhour stefanosperetta jatkis glennbell cyhook kairotavares kaiyi-zingbox tirasmuturi shasthojoy tommy-tang tomsdl flaviostutz rajan06-singh pjmorr ranvijay-sachan voice1 jeffbildz decibelinsight naman sundhararajand hmartins-bt sanwenkit pich4ya tong212 danfoster jeffgreenca ybudimirov mrnerdhair aug0st scotmatson cckuok xxxdebug owen7005 netdebug fabionitto honos2014

openvas-docker's Issues

Creating credentials

On a fresh install of this image on docker, if I try to create a new credential via the GUI the browser just hangs and will never complete this task. I have tried various solutions found on the internet to no avail.

Failed to create credentials

Hi, I tried lauching openvas9 docker container on Ubuntu 14.04 and CentOS7 and in both the cases I am facing issues while creating credentials. I get the following error:

"An internal error occurred while creating a new credential. It is unclear whether the credential has been created or not. Diagnostics: Failure to receive response from manager daemon."

I checked the /var/log/openvas/openvasmd.log and found below error:
GLib:UNKNOWN:2018-01-11 06h38.29 UTC:401: /build/glib2.0-prJhLS/glib2.0-2.48.2/./glib/gmem.c:100: failed to allocate 18446744073624896127 bytes

Can someone suggest how to fix this?

verinice export 0Byte

Hi, thanks for providing this image, it is very convenient :)

Sadly, the exports for verinice (Verinice ITG & Verninice ISM) don't seem to work, they have zero content.

I suspect it is related to this bug report: http://wald.intevation.de/tracker/?func=detail&atid=220&aid=6754&group_id=29

could you add xmlstarlet and xsltproc to the dockerfile?

This site can’t be reached unexpectedly closed the connection.

Hi i manage to run openvas using your container and login but after i run a scan i get logged off and then i cant reach the url as i get This site can’t be reached ip...... unexpectedly closed the connection.

i tried this twice.

is there a reason why.

sexp.c:1340:vsexp_sscan whiling scanning Windows Machine

Pull the docker. Log in for the first time. Go to scan Windows Server and this is the error that immediately pops up.

Ohhhh jeeee: ... this is a bug (sexp.c:1340:vsexp_sscan)

Consider switching to supervised

Should considering using supervised to run services rather than silly bash files...

Not scanning public/external IP

I have tried scanning public IP addresses using greenbone security web interface and the scanner just finishes with an empty report and /var/log/openvas/openvasmd.log says the host is dead.

I can scan localhost without any problems. I am using boot2docker in Mac OS to run the docker image and it seems that it has something to do with openvassd configuration to allow scanning of external IP addresses but I can't figure it out.

After starting scan, OMP service stops and user gets kicked out of Greenbone

I am running the latest Docker build from 8 days ago:

[root@scanner ~]# docker images
REPOSITORY                     TAG                 IMAGE ID            CREATED             SIZE
docker.io/mikesplain/openvas   latest              6b0c9242fe2a        8 days ago          3.537 GB

On a brand new CentOS 7 host OS (it's a DigitalOcean droplet) I start it like this:

[root@scanner ~]# docker run -d -p 443:443 -p 9390:9390 -p 9391:9391 --name openvas mikesplain/openvas
Unable to find image 'mikesplain/openvas:latest' locally
Trying to pull repository docker.io/mikesplain/openvas ... 
latest: Pulling from docker.io/mikesplain/openvas
96c6a1f3c3b0: Pull complete 
ed40d4bcb313: Pull complete 
b171f9dbc13b: Pull complete 
ccfc4df4fbba: Pull complete 
c17771f08758: Pull complete 
34ac757adce9: Pull complete 
68bb9c8595f1: Pull complete 
Digest: sha256:379d1a81a482fe681b15118ed4cfcf469e7ee6fc50e72ee8bbb02c214b6eaafc
Status: Downloaded newer image for docker.io/mikesplain/openvas:latest
6fbb4756d4798b22d701bb1cac43e8436dd3b66227712171a25013dda690fd5d

I wait until Docker top output looks like this:

[root@scanner ~]# docker top openvas 
UID                 PID                 PPID                C                   STIME               TTY                 TIME                CMD
root                9605                9277                0                   17:45               ?                   00:00:00            /bin/sh -c /openvas/start.sh
root                9615                9605                0                   17:45               ?                   00:00:00            /bin/bash /openvas/start.sh
root                9618                9605                0                   17:45               ?                   00:00:01            redis-server *:6379
root                9622                9605                0                   17:45               ?                   00:00:00            gsad --gnutls-priorities=SECURE128:-AES-128-CBC:-CAMELLIA-128-CBC:-VERS-SSL3.0:-VERS-TLS1.0
root                9623                9622                0                   17:45               ?                   00:00:00            gsad --gnutls-priorities=SECURE128:-AES-128-CBC:-CAMELLIA-128-CBC:-VERS-SSL3.0:-VERS-TLS1.0
root                9631                9605                3                   17:45               ?                   00:01:38            openvassd: Waiting for incoming connections
root                9638                9605                4                   17:45               ?                   00:02:06            openvasmd
root                12824               9615                0                   18:28               ?                   00:00:00            sleep 1

At this point, I can log in with the default admin and openvas credentials. The first thing I do is change the admin password, and then I run a "quick scan" on an external site. The scan commences, and after a couple of minutes I get kicked out of Greenbone Security Assistant with the message "Logged out. OMP service is down." Attempting to log back in displays the message "Login failed. Waiting for OMP service to become available."

Docker log output looks like this:

[root@scanner ~]# docker logs openvas
Starting Redis
Starting Openvas...
Starting gsad
Starting rebuild process...
This may take a minute or two...
Checking setup
openvas-check-setup 2.3.3
  Test completeness and readiness of OpenVAS-8
  (add '--v6' or '--v7' or '--v9'
   if you want to check for another OpenVAS version)
  Please report us any non-detected problems and
  help us to improve this check routine:
  http://lists.wald.intevation.org/mailman/listinfo/openvas-discuss
  Send us the log-file (/tmp/openvas-check-setup.log) to help analyze the problem.
Step 1: Checking OpenVAS Scanner ... 
        OK: OpenVAS Scanner is present in version 5.0.5.
        OK: OpenVAS Scanner CA Certificate is present as /var/lib/openvas/CA/cacert.pem.
        OK: redis-server is present in version v=2.8.4.
        OK: scanner (kb_location setting) is configured properly using the redis-server socket: /var/run/redis/redis.sock
        OK: redis-server is running and listening on socket: /var/run/redis/redis.sock.
        OK: redis-server configuration is OK and redis-server is running.
        OK: NVT collection in /var/lib/openvas/plugins contains 48413 NVTs.
        WARNING: Signature checking of NVTs is not enabled in OpenVAS Scanner.
        SUGGEST: Enable signature checking (see http://www.openvas.org/trusted-nvts.html).
        OK: The NVT cache in /var/cache/openvas contains 48413 files for 48413 NVTs.
Step 2: Checking OpenVAS Manager ... 
        OK: OpenVAS Manager is present in version 6.0.8.
        OK: OpenVAS Manager client certificate is present as /var/lib/openvas/CA/clientcert.pem.
        OK: OpenVAS Manager database found in /var/lib/openvas/mgr/tasks.db.
        OK: Access rights for the OpenVAS Manager database are correct.
        OK: sqlite3 found, extended checks of the OpenVAS Manager installation enabled.
        OK: OpenVAS Manager database is at revision 146.
        OK: OpenVAS Manager expects database at revision 146.
        OK: Database schema is up to date.
        OK: OpenVAS Manager database contains information about 48413 NVTs.
        OK: At least one user exists.
        OK: OpenVAS SCAP database found in /var/lib/openvas/scap-data/scap.db.
        OK: OpenVAS CERT database found in /var/lib/openvas/cert-data/cert.db.
        OK: xsltproc found.
Step 3: Checking user configuration ... 
        WARNING: Your password policy is empty.
        SUGGEST: Edit the /etc/openvas/pwpolicy.conf file to set a password policy.
Step 4: Checking Greenbone Security Assistant (GSA) ... 
        OK: Greenbone Security Assistant is present in version 6.0.10.
Step 5: Checking OpenVAS CLI ... 
        SKIP: Skipping check for OpenVAS CLI.
Step 6: Checking Greenbone Security Desktop (GSD) ... 
        SKIP: Skipping check for Greenbone Security Desktop.
Step 7: Checking if OpenVAS services are up and running ... 
        OK: netstat found, extended checks of the OpenVAS services enabled.
        OK: OpenVAS Scanner is running and listening on all interfaces.
        OK: OpenVAS Scanner is listening on port 9391, which is the default port.
        OK: OpenVAS Manager is running and listening on all interfaces.
        OK: OpenVAS Manager is listening on port 9390, which is the default port.
        OK: Greenbone Security Assistant is listening on port 443, which is the default port.
Step 8: Checking nmap installation ...
        WARNING: Your version of nmap is not fully supported: 6.40
        SUGGEST: You should install nmap 5.51 if you plan to use the nmap NSE NVTs.
Step 10: Checking presence of optional tools ...
        OK: pdflatex found.
        OK: PDF generation successful. The PDF report format is likely to work.
        OK: ssh-keygen found, LSC credential generation for GNU/Linux targets is likely to work.
        OK: rpm found, LSC credential package generation for RPM based targets is likely to work.
        OK: alien found, LSC credential package generation for DEB based targets is likely to work.
        OK: nsis found, LSC credential package generation for Microsoft Windows targets is likely to work.
It seems like your OpenVAS-8 installation is OK.
If you think it is not OK, please report your observation
and help us to improve this check routine:
http://lists.wald.intevation.org/mailman/listinfo/openvas-discuss
Please attach the log-file (/tmp/openvas-check-setup.log) to help us analyze the problem.
Done.
Starting infinite loop...
Press [CTRL+C] to stop..
[root@scanner ~]#

I have run this on an Ubuntu Docker host and a CentOS Docker host with the same results. What am I doing wrong?

Sign docker images on dockerhub

$ export DOCKER_CONTENT_TRUST=1
$ docker pull mikesplain/openvas:9
Error: remote trust data does not exist for docker.io/mikesplain/openvas: notary.docker.io does not have trust data for docker.io/mikesplain/openvas

Any chance you could sign your images with notary for dockerhub?

Openvas scanner does not start

Hi,

This is on the openvas 8 image, I think it is no longer maintained but it's still on the README. Feel free to close if the project is strictly moving to openvas 9 and kills support for OV8.

I'm getting errors with the openvas-scanner not even starting. I followed through the instructions in the README and everything went smooth except that openvas-check-setup warned me that OpenVAS Scanner is not running.

Below are the logs I checked so far.

root@b8e1777c8a40:/# cat /var/log/openvas/openvassd.messages 
[Thu Oct  5 06:38:44 2017][677] 
/var/lib/openvas/plugins/gb_sphere_ftp_server_detect.nasl: Parse error at or near line 1

[Thu Oct  5 06:38:44 2017][677] /var/lib/openvas/plugins/gb_sphere_ftp_server_detect.nasl: Could not be loaded
[Thu Oct  5 06:38:44 2017][677] 
/var/lib/openvas/plugins/gb_sophos_web_appliance_detect.nasl: Parse error at or near line 1

[Thu Oct  5 06:38:44 2017][677] /var/lib/openvas/plugins/gb_sophos_web_appliance_detect.nasl: Could not be loaded
[Thu Oct  5 06:38:44 2017][677] 
/var/lib/openvas/plugins/gb_sony_ip_cam_detect.nasl: Parse error at or near line 1

[Thu Oct  5 06:38:44 2017][677] /var/lib/openvas/plugins/gb_sony_ip_cam_detect.nasl: Could not be loaded
[Thu Oct  5 06:38:45 2017][677] 
/var/lib/openvas/plugins/gb_speedport_detect.nasl: Parse error at or near line 1

[Thu Oct  5 06:38:45 2017][677] /var/lib/openvas/plugins/gb_speedport_detect.nasl: Could not be loaded
[Thu Oct  5 06:38:45 2017][677] 
/var/lib/openvas/plugins/gb_ssl_cert_chain_get.nasl: Parse error at or near line 1

[Thu Oct  5 06:38:45 2017][677] /var/lib/openvas/plugins/gb_ssl_cert_chain_get.nasl: Could not be loaded
[Thu Oct  5 06:38:45 2017][677] 
/var/lib/openvas/plugins/gb_shibboleth_sp_detect_win.nasl: Parse error at or near line 1

[Thu Oct  5 06:38:45 2017][677] /var/lib/openvas/plugins/gb_shibboleth_sp_detect_win.nasl: Could not be loaded
[Thu Oct  5 06:38:45 2017][677] 
/var/lib/openvas/plugins/gb_south_river_webdrive_detect.nasl: Parse error at or near line 1

[Thu Oct  5 06:38:45 2017][677] /var/lib/openvas/plugins/gb_south_river_webdrive_detect.nasl: Could not be loaded
[Thu Oct  5 06:38:45 2017][677] 
/var/lib/openvas/plugins/gb_snom_detect.nasl: Parse error at or near line 1

[Thu Oct  5 06:38:45 2017][677] /var/lib/openvas/plugins/gb_snom_detect.nasl: Could not be loaded
[Thu Oct  5 06:38:46 2017][677] 
/var/lib/openvas/plugins/gb_schneider_modbus_detect.nasl: Parse error at or near line 1

[Thu Oct  5 06:38:46 2017][677] /var/lib/openvas/plugins/gb_schneider_modbus_detect.nasl: Could not be loaded
[Thu Oct  5 06:38:46 2017][677] 
/var/lib/openvas/plugins/gb_starttls_imap.nasl: Parse error at or near line 1

[Thu Oct  5 06:38:46 2017][677] /var/lib/openvas/plugins/gb_starttls_imap.nasl: Could not be loaded
[Thu Oct  5 06:38:46 2017][677] 
/var/lib/openvas/plugins/gb_starttls_ftp.nasl: Parse error at or near line 1

[Thu Oct  5 06:38:46 2017][677] /var/lib/openvas/plugins/gb_starttls_ftp.nasl: Could not be loaded
[Thu Oct  5 06:38:47 2017][677] 
/var/lib/openvas/plugins/gb_ssl_ciphers_pfs_supported.nasl: Parse error at or near line 1

[Thu Oct  5 06:38:47 2017][677] /var/lib/openvas/plugins/gb_ssl_ciphers_pfs_supported.nasl: Could not be loaded
[Thu Oct  5 06:38:47 2017][677] 
/var/lib/openvas/plugins/gb_splunk_light_detect.nasl: Parse error at or near line 1

[Thu Oct  5 06:38:47 2017][677] /var/lib/openvas/plugins/gb_splunk_light_detect.nasl: Could not be loaded
[Thu Oct  5 06:38:47 2017][677] 
/var/lib/openvas/plugins/gb_sigplus_pro_activex_detect.nasl: Parse error at or near line 1

[Thu Oct  5 06:38:47 2017][677] /var/lib/openvas/plugins/gb_sigplus_pro_activex_detect.nasl: Could not be loaded
[Thu Oct  5 06:38:47 2017][677] 
/var/lib/openvas/plugins/gb_simple_machines_forum_detect.nasl: Parse error at or near line 1

[Thu Oct  5 06:38:47 2017][677] /var/lib/openvas/plugins/gb_simple_machines_forum_detect.nasl: Could not be loaded
[Thu Oct  5 06:38:48 2017][677] 
/var/lib/openvas/plugins/gb_soda_pdf_detect_win.nasl: Parse error at or near line 1

[Thu Oct  5 06:38:48 2017][677] /var/lib/openvas/plugins/gb_soda_pdf_detect_win.nasl: Could not be loaded
[Thu Oct  5 06:38:48 2017][677] 
/var/lib/openvas/plugins/gb_ssl_sni_supported.nasl: Parse error at or near line 1

[Thu Oct  5 06:38:48 2017][677] /var/lib/openvas/plugins/gb_ssl_sni_supported.nasl: Could not be loaded
[Thu Oct  5 06:38:48 2017][677] 
/var/lib/openvas/plugins/gb_starttls_irc.nasl: Parse error at or near line 1

[Thu Oct  5 06:38:48 2017][677] /var/lib/openvas/plugins/gb_starttls_irc.nasl: Could not be loaded
[Thu Oct  5 06:39:32 2017][677] 
/var/lib/openvas/plugins/2009/TinyPHPForum_mult_vuln.nasl: Parse error at or near line 1

[Thu Oct  5 06:39:32 2017][677] /var/lib/openvas/plugins/2009/TinyPHPForum_mult_vuln.nasl: Could not be loaded
[Thu Oct  5 06:39:32 2017][677] 
/var/lib/openvas/plugins/2009/SolarWinds_TFTP.nasl: Parse error at or near line 1

[Thu Oct  5 06:39:32 2017][677] /var/lib/openvas/plugins/2009/SolarWinds_TFTP.nasl: Could not be loaded
[Thu Oct  5 06:39:32 2017][677] Stopped loading plugins: High number of errors.

I have not seen those errors elsewhere.

I did re run the commands that sync through the feeds and tried to rebuild. But I guess it won't build when the scanner is down. Anyway, here are logs on the manager.

root@b8e1777c8a40:/# cat /var/log/openvas/openvasmd.log      
lib auth:   INFO:2017-03-14 01h37.13 utc:21652: Authentication configuration not found.
md   main:WARNING:2017-03-14 01h37.13 utc:21652: sql_prepare_internal: sqlite3_prepare failed: no such table: main.meta
md   main:WARNING:2017-03-14 01h37.13 utc:21652: sql_x_internal: sql_prepare failed
md   main:WARNING:2017-03-14 01h37.13 utc:21652: database must be initialised from scanner (with --update or --rebuild)
md   main:MESSAGE:2017-03-14 01h37.13 utc:21652: No SCAP database found
md   main:MESSAGE:2017-03-14 01h37.13 utc:21652: No CERT database found
lib auth:   INFO:2017-03-14 01h37.20 utc:21653: Authentication configuration not found.
md   main:WARNING:2017-03-14 01h37.20 utc:21653: database must be initialised from scanner (with --update or --rebuild)
md   main:MESSAGE:2017-03-14 01h37.20 utc:21653: No SCAP database found
md   main:MESSAGE:2017-03-14 01h37.20 utc:21653: No CERT database found
lib auth:   INFO:2017-03-14 01h37.20 utc:21654: Authentication configuration not found.
md   main:WARNING:2017-03-14 01h37.20 utc:21654: database must be initialised from scanner (with --update or --rebuild)
md   main:MESSAGE:2017-03-14 01h37.20 utc:21654: No SCAP database found
md   main:MESSAGE:2017-03-14 01h37.20 utc:21654: No CERT database found
md   main:WARNING:2017-10-05 06h38.40 utc:666: database must be initialised from scanner (with --update or --rebuild)
lib auth:   INFO:2017-10-05 06h38.40 utc:666: Authentication configuration not found.
md    otp:MESSAGE:2017-10-05 06h38.41 utc:680: Scanner loading: No information provided. SCANNER_LOADING <|> 0 <|> 0

md    otp:MESSAGE:2017-10-05 06h38.52 utc:681: Scanner loading: 650 / 55675 nvts.
md    otp:MESSAGE:2017-10-05 06h39.03 utc:682: Scanner loading: 2150 / 55675 nvts.
md    otp:MESSAGE:2017-10-05 06h39.14 utc:683: Scanner loading: 4500 / 55675 nvts.
md    otp:MESSAGE:2017-10-05 06h39.26 utc:684: Scanner loading: 6300 / 55675 nvts.
lib  serv:WARNING:2017-10-05 06h39.36 utc:685: openvas_server_connect: failed to connect to server: Connection refused

I ran the image like so:
docker run -p 443:443 -p 9390:9390 --name openvas mikesplain/openvas:8

Thanks in advance!

openvas deploy into openshift v3.5

Hi, Mike.

I'm getting this error during deploy on openshift.

I will describe the tasks I did:

Push docker image to my local repository.
Create a project in openshift with that image.
Create a persistent volume attached to /var/lib/openvas/mgr/.
Create a route to get the service. (Port 443 and 9390)

The pod is running but when I'm trying to connect to the console I can't. I'm getting: "502 Bad Gateway
The server returned an invalid or incomplete response".

I will atach the errors.

Thank you.

==> /var/log/openvas/openvassd.messages <==
[Fri Dec 15 17:48:30 2017][858] openvassd 5.1.1 started
[Fri Dec 15 17:49:43 2017][1451] Client closed the communication
[Fri Dec 15 17:50:00 2017][858] Received the Terminated signal
[Tue Jan 9 00:52:23 2018][25] openvassd 5.1.1 started
[Tue Jan 9 00:52:55 2018][118] Client not present

==> /var/log/openvas/openvasmd.log <==
md main:MESSAGE:2018-01-09 16h18.31 utc:367: OpenVAS Manager version 7.0.1 (DB revision 184)
md main: INFO:2018-01-09 16h18.31 utc:367: rebuild_nvt_cache_retry: Reloading NVT cache
md main: INFO:2018-01-09 16h18.31 utc:368: update_or_rebuild_nvt_cache: Rebuilding NVT cache
base gpgme:MESSAGE:2018-01-09 16h18.34 utc:368: Setting GnuPG dir to '/var/lib/openvas/openvasmd/gnupg'
base gpgme:MESSAGE:2018-01-09 16h18.34 utc:368: Using OpenPGP engine version '2.1.11'
md main: INFO:2018-01-09 16h18.38 utc:368: Updating NVT cache.

==> /var/log/openvas/openvassd.messages <==
[Tue Jan 9 16:19:23 2018][385] Client closed the communication

==> /var/log/openvas/gsad.log <==
gsad main:WARNING:2018-01-09 19h01.10 utc:48: MHD: Error: received handshake message out of context
gsad main:WARNING:2018-01-09 19h01.10 utc:48: MHD: Error: received handshake message out of context
gsad main:WARNING:2018-01-09 21h10.07 utc:48: MHD: Error: received handshake message out of context

Dirb, arachni, nikto are not available in this docker image

Dirb, arachni, nikto are not available in this docker image.

getting error messages like

Vulnerability Detection Result
Nikto could not be found in your system path.
OpenVAS was unable to execute Nikto and to perform the scan you
requested.
Please make sure that Nikto is installed and that nikto.pl or nikto is
available in the PATH variable defined for your environment.

Please add these to the image.

Thanks for the great works.

Default credentials not as documented

I followed the README / Docker Hub notes, docker pull ..., docker run ..., wait for gsad process, when I go to login with admin/openvas I get a wrong password. I looked at bin/start.sh and I see it has: -

# Check whether an admin user already exists
if ! openvasmd --get-users | grep -q admin; then

    # Add the user
    echo "Adding new admin user..."
    openvasmd --create-user=admin --role=Admin
    echo "Setting Admin user password..."
    openvasmd --user=admin --new-password=openvas

I grepped the logs for "Adding new admin user..." and I don't see that string. I run openvasmd --get-users and I see admin already exists, so because the user already exists the password wasn't set.

I ran openvasmd --user=admin --new-password=openvas to set the password to a known value and then I was able to login. After a few scans I hit #88 .

Add Serverspec tests

Use serverspec to test if service is up and on ports

unable to connect with openvas

command >>sudo docker run -d -p 443:443 -p 9390:9390 --name openvas mikesplain/openvas
output log>>

d8fe2d93b215df0230b6b393790e7d41a51ae5a3c8208c7db2ad946d682d3972
docker: Error response from daemon: driver failed programming external connectivity on endpoint openvas (2923ba0b96cc116bacb6b35f812d4ff0c8661a707091254227643bf589944bb4): Error starting userland proxy: listen tcp 0.0.0.0:443: listen: address already in use.

FATA[0024] Tag latest not found in repository mikesplain/openvas

I retry docker pull for many many times, but always the exception it raise above. Is it a networking problem? But I can access docker hub normally.

Container fails to rebuild

Returns exit code 4 due to invalid url https://svn.wald.intevation.org/svn/openvas/trunk/tools/openvas-check-setup

Tried two alternatives both worked.

http://svn.wald.intevation.org/svn/openvas/trunk/tools/openvas-check-setup
https://raw.githubusercontent.com/jackl0phty/opschef-cookbook-openvas/master/files/default/openvas-check-setup

Plugins missing on v9

Why did you remove stuff like dirb, nikto and wapiti on version 9?

Thank you

Creating a credential in the web interface breaks all further actions

I can load the web interface but any change to create something like a target doesn't work, it just hangs forever.

Logs have:
gsad main:WARNING:2015-08-27 19h22.38 UTC:613: MHD: Failed to receive data: A TLS packet with unexpected length was received.
(repeating)

[Sat Jul 11 05:49:32 2015][38] openvassd 4.0.7 started
[Sat Jul 11 05:54:47 2015][347] Communication closed by client
[Sat Jul 11 05:54:47 2015][347] Client not present
[Thu Aug 27 19:02:43 2015][11] openvassd 4.0.7 started
[Thu Aug 27 19:04:41 2015][599] Communication closed by client
[Thu Aug 27 19:04:41 2015][599] Client not present
[Thu Aug 27 19:05:27 2015][615] openvassd 4.0.7 started
[Thu Aug 27 19:05:28 2015][627] Communication closed by client
[Thu Aug 27 19:05:28 2015][627] Client not present
(repeating)

root@b22110a62c70:/usr/local/var/log/openvas# cat openvasmd.log
md main:WARNING:2015-07-11 05h54.44 utc:346: sql_x_internal: sqlite3_prepare failed: no such table: main.meta
lib auth: INFO:2015-07-11 05h54.47 utc:351: Authentication configuration not found.
lib auth: INFO:2015-07-11 05h54.47 utc:352: Authentication configuration not found.
lib auth: INFO:2015-08-27 19h04.41 utc:603: Authentication configuration not found.
md main:CRITICAL:2015-08-27 19h04.41 utc:603: main: database is wrong version
lib auth: INFO:2015-08-27 19h04.41 utc:604: Authentication configuration not found.
lib auth: INFO:2015-08-27 19h04.42 utc:611: Authentication configuration not found.
md otp:MESSAGE:2015-08-27 19h05.19 UTC:622: Scanner loading: 37350 / 39585 nvts.
md otp:MESSAGE:2015-08-27 19h05.20 UTC:623: Scanner loading: 37750 / 39585 nvts.
base gpgme:MESSAGE:2015-08-27 19h08.20 UTC:633: Setting GnuPG homedir to '/usr/local/var/lib/openvas/gnupg'
base gpgme:MESSAGE:2015-08-27 19h08.21 UTC:633: Using OpenPGP engine version '1.4.16'
md crypt: INFO:2015-08-27 19h08.21 UTC:633: starting key generation ...
lib rer:WARNING:2015-08-27 19h14.53 UTC:679: Target source configuration could not be loaded.
lib rer:WARNING:2015-08-27 19h23.00 UTC:716: Target source configuration could not be loaded.
md main: INFO:2015-08-27 19h26.44 utc:790: OpenVAS Manager

cannot change web ui port 443

I am not able to change the port 443 when running the command:

docker run -d -p 443:443 --name openvas mikesplain/openvas

im already using the port 443 with nginx and Im having conflicts.
the only workaround I found was stopping nginx and re run the command.
would be great to access openvas web using another port instead of 443.

anyone?
thx

Login failed. Waiting for OMP service to become available.

Hi,
I'm getting this message when trying to log in after running the openvas 9 docker container.
Do you happen to know what might be the problem?

Fail

Changes

Great work so far. Can I hopefully add something worthwhile? Please let me know.

sc-pulsion@99b4095

Initially I was annoyed when I ran the container then added a credential using Greenbone. I am running my Ubuntu 16.04 Docker Hyper-V VM on a Windows server 2012 R2 host if that makes any difference. It seems that GPG takes HOURS in this situation due to entropy. When I left it overnight, the GPG process on the container was finally complete.

The 'fix' for my initial issue was to add the '-v /dev/urandom:/dev/random' to the test.sh file. It seems that mapping the entropy(?) of the host to the container means that something that took hours and hours previously takes less than a second and has no impact on performance any more. (yes, urandom and random are different - this just worked). We are mapping the host to the container here so no doubt there is some security issues

The rest of the changes are just optimisation and bug fixing. Hopefully they make sense.

Summary

Add smbclient package to Dockerfile - allows SMB test
Make setup.sh and start.sh executable in Dockerfile - this is why nothing was updated previously
Remove port 80 binding from Dockerfile - not used
Remove rebuild from setup.sh - not required
Remove admin user creation from setup.sh - not required
Remove openvassd kill from setup.sh - oh the humanity - and not required
Map the hosts urandom to the containers /dev/random - used to speed up the initial GPG stuff majorly

Next?

Next up, assuming you agree, would be to incorporate setup.sh into the Dockerfile, then (as I have seen in the issue tracker) to persist data. We need to remember old information especially when we report stuff as false positives.

Add documentation on how to update the feeds within docker container

Hello,

it would be great to have documentation on how to update the feeds inside the container. In the "Feed Status" page I can only see this:

Too old (13 days) - Please check the automatic synchronization of your system

UI not available

I have just pulled this image and started the container. According to the instructions, http:// should peovide the interface for the web ui, howeverr this is not the case. I also tried other combinations e.g. http://localhost, http://localhost:4000 ... there is no joy yet !! What could be wrong

I have the following messages in the log (openvasmd.messages)

[Mon Mar 6 20:54:33 2017][1359] Client closed the communication [Mon Mar 6 20:54:49 2017][837] Received the Terminated signal [Fri Dec 1 13:01:07 2017][24] openvassd 5.1.0 started [Fri Dec 1 13:01:49 2017][117] Client closed the communication [Fri Dec 1 13:13:42 2017][24] Reloading the scanner. [Fri Dec 1 13:18:20 2017][24] Finished reloading the scanner. [Fri Dec 1 13:19:08 2017][633] Client closed the communication [Fri Dec 1 13:19:21 2017][654] Client closed the communication

Rebuild testing structure.

We need better tests since #32 removes much of what I had attempted.

smbclient missing from image

Please add smbclient to the installed packages as this will allow the smb/cifs related plugins to function.

OpenVAS Checker no longer passes

After update OpenVAS Checker no longer passes:

root@796e124b3e05:~# ./openvas-check-setup
openvas-check-setup 2.2.6
  Test completeness and readiness of OpenVAS-7
  (add '--v4', '--v5', '--v6' or '--v8'
   if you want to check for another OpenVAS version)

  Please report us any non-detected problems and
  help us to improve this check routine:
  http://lists.wald.intevation.org/mailman/listinfo/openvas-discuss

  Send us the log-file (/tmp/openvas-check-setup.log) to help analyze the problem.

  Use the parameter --server to skip checks for client tools
  like GSD and OpenVAS-CLI.

Step 1: Checking OpenVAS Scanner ...
        OK: OpenVAS Scanner is present in version 4.0.5.
        OK: OpenVAS Scanner CA Certificate is present as /usr/local/var/lib/openvas/CA/cacert.pem.
        OK: NVT collection in /usr/local/var/lib/openvas/plugins contains 37630 NVTs.
        WARNING: Signature checking of NVTs is not enabled in OpenVAS Scanner.
        SUGGEST: Enable signature checking (see http://www.openvas.org/trusted-nvts.html).
        OK: The NVT cache in /usr/local/var/cache/openvas contains 37630 files for 37630 NVTs.
Step 2: Checking OpenVAS Manager ...
        OK: OpenVAS Manager is present in version 5.0.7.
        OK: OpenVAS Manager client certificate is present as /usr/local/var/lib/openvas/CA/clientcert.pem.
        OK: OpenVAS Manager database found in /usr/local/var/lib/openvas/mgr/tasks.db.
        OK: Access rights for the OpenVAS Manager database are correct.
        OK: sqlite3 found, extended checks of the OpenVAS Manager installation enabled.
        OK: OpenVAS Manager database is at revision 123.
        OK: OpenVAS Manager expects database at revision 123.
        OK: Database schema is up to date.
        ERROR: The number of NVTs in the OpenVAS Manager database is too low.
        FIX: Make sure OpenVAS Scanner is running with an up-to-date NVT collection and run 'openvasmd --rebuild'.
        WARNING: OpenVAS Scanner is NOT running!
        SUGGEST: Start OpenVAS Scanner (openvassd).

 ERROR: Your OpenVAS-7 installation is not yet complete!

Please follow the instructions marked with FIX above and run this
script again.

If you think this result is wrong, please report your observation
and help us to improve this check routine:
http://lists.wald.intevation.org/mailman/listinfo/openvas-discuss
Please attach the log-file (/tmp/openvas-check-setup.log) to help us analyze the problem.

Cannot install this docker

Any idea what could be wrong?

[~] # docker pull mikesplain/openvas
Using default tag: latest
latest: Pulling from mikesplain/openvas
660c48dd555d: Pull complete
4c7380416e78: Pull complete
421e436b5f80: Pull complete
e4ce6c3651b3: Pull complete
be588e74bd34: Pull complete
39ba35499809: Pull complete
eb6c913ec15f: Pull complete
4f416fdac70d: Pull complete
2c95ef8672b3: Pull complete
a788e9bbe800: Extracting [==================================================>] 262.8 MB/262.8 MB
failed to register layer: ApplyLayer exit status 1 stdout: stderr: open /var/lib/openvas/plugins/2010/gb_fedora_2010_14678_samba_fc12.nasl.asc: no space left on device

User not setup (ERROR: No users found)

When I start the docker container, the user isn't being setup, resulting in error:

        ERROR: No users found. You need to create at least one user to log in.
        It is recommended to have at least one user with role Admin.
        FIX: create a user by running 'openvasmd --create-user=<name> --role=Admin && openvasmd --user=<name> --new-password=<password>'

I've found that in start script the instruction echo "Setting up user" isn't being called so obviously the user is not present.

However, I've checked the tasks.db file (post-installation) and it is present.

Who creates tasks.db? Is it possible that we need to wait some time or move the check below after services have been started?

Persistent volumes

Test and document volumes for persistence of the reports.

Can't create slave with openvas 9

`root@bf4c31c6aca5:/# omp -h localhost -u admin -w admin -i -X - << EOF

<create_slave>
worker-1
worker-1
10.0.0.6
9390
admin
admin
</create_slave>
EOF
<omp_response status_text="Bogus command name" status="400"></omp_response>`

Any idea why?

Feature proposal: Set admin password on start with the value of an env variable

This will make unnecessary login on the docker image to update the password manually.

Working issue for OpenVAS 8.0 Beta

Opens 8 - Report results page doesn't show vulnerability name

Hey Mike,

I ran a scan with openvas 8.
I look at the scan report in GSA and see vulnerabilities OID instead of name

Here is an example:
http://imgur.com/a/dInT6

Any idea why?

Best regards,

Udi.

openvas-scapdata-sync can't seem to finish

docker@boot2docker:~$ docker top 711f459094c3
UID                 PID                 PPID                C                   STIME               TTY                 TIME                CMD
root                9047                773                 0                   01:10               ?                   00:00:00            /usr/bin/python3 -u /sbin/my_init
root                9051                9047                0                   01:10               ?                   00:00:00            /bin/bash /etc/my_init.d/000_setup.sh
root                9082                9047                0                   01:10               ?                   00:00:00            openvassd: Waiting for incoming connections
root                9158                773                 0                   01:12               pts/2               00:00:00            bash
root                9499                9051                0                   01:26               ?                   00:00:00            /bin/sh /usr/local/sbin/openvas-scapdata-sync
root                9506                9499                0                   01:26               ?                   00:00:00            /usr/bin/rsync -ltvrP --delete --exclude /scap.db --exclude private/ rsync://feed.openvas.org:/scap-data /usr/local/var/lib/openvas/scap-data
root                9508                9506                0                   01:26               ?                   00:00:04            /usr/bin/rsync -ltvrP --delete --exclude /scap.db --exclude private/ rsync://feed.openvas.org:/scap-data /usr/local/var/lib/openvas/scap-data

openvas-scapdata-sync can't seem to finish . I wait all day long.

I run "openvas-check-setup --v7" manually,

openvas-check-setup 2.3.0
  Test completeness and readiness of OpenVAS-7

  Please report us any non-detected problems and
  help us to improve this check routine:
  http://lists.wald.intevation.org/mailman/listinfo/openvas-discuss

  Send us the log-file (/tmp/openvas-check-setup.log) to help analyze the problem.

  Use the parameter --server to skip checks for client tools
  like GSD and OpenVAS-CLI.

Step 1: Checking OpenVAS Scanner ... 
        OK: OpenVAS Scanner is present in version 4.0.7.
        OK: OpenVAS Scanner CA Certificate is present as /usr/local/var/lib/openvas/CA/cacert.pem.
        OK: NVT collection in /usr/local/var/lib/openvas/plugins contains 39478 NVTs.
        WARNING: Signature checking of NVTs is not enabled in OpenVAS Scanner.
        SUGGEST: Enable signature checking (see http://www.openvas.org/trusted-nvts.html).
        WARNING: The initial NVT cache has not yet been generated.
        SUGGEST: Start OpenVAS Scanner for the first time to generate the cache.
Step 2: Checking OpenVAS Manager ... 
        OK: OpenVAS Manager is present in version 5.0.11.
        ERROR: No client certificate file of OpenVAS Manager found.
        FIX: Run 'openvas-mkcert-client -n -i'

 ERROR: Your OpenVAS-7 installation is not yet complete!

Please follow the instructions marked with FIX above and run this
script again.

If you think this result is wrong, please report your observation
and help us to improve this check routine:
http://lists.wald.intevation.org/mailman/listinfo/openvas-discuss
Please attach the log-file (/tmp/openvas-check-setup.log) to help us analyze the problem.

OVAL updates

Does the docker version of openVAS use https://oval.cisecurity.org/repository/download ?

when I checked the OVAL listen in openVAS thet all seemed very old.

Feature Request - Openvas9 with postgresql

I know there was an option to build openvas 8 to work with postgresql instead of mysqlite.
I guess that the same is possible for openvas 9. It will be nice to have openvas9 docker image that support this feature.

Login failed. OMP service is down.

Using the mikesplain/openvas:latest build from 12-1-2016, build code bn5kzysjr2vlcbapjafkj8g

I start the container with:
docker run -d -p 443:443 -p 9390:9390 -p 9391:9391 --name openvas mikesplain/openvas

My load average reaches 11 while openvas initializes. When things settle down the container ends up in this state:

$ docker top openvas
UID                 PID                 PPID                C                   STIME               TTY                 TIME                CMD
root                1976                1677                0                   08:19               ?                   00:00:00            /bin/sh -c /openvas/start.sh
root                1987                1976                0                   08:19               ?                   00:00:00            /bin/bash /openvas/start.sh
root                1989                1976                0                   08:19               ?                   00:00:00            /usr/local/bin/redis-server *:6379
root                1993                1976                0                   08:19               ?                   00:00:01            ./gsad --gnutls-priorities=SECURE128:-AES-128-CBC:-CAMELLIA-128-CBC:-VERS-SSL3.0:-VERS-TLS1.0
root                1994                1993                0                   08:19               ?                   00:00:00            ./gsad --gnutls-priorities=SECURE128:-AES-128-CBC:-CAMELLIA-128-CBC:-VERS-SSL3.0:-VERS-TLS1.0
root                1998                1976                7                   08:19               ?                   00:03:07            openvassd: Waiting for incoming connections
root                2051                1976                0                   08:24               ?                   00:00:00            openvasmd
root                5135                1987                99                  08:24               ?                   00:36:06            openvasmd: Initializing.
root                5136                1987                0                   08:24               ?                   00:00:00            fgrep -v admin
root                5137                1987                0                   08:24               ?                   00:00:00            xargs -n1 -IUSER -r openvasmd --delete-user=USER
root                5261                2051                0                   08:49               ?                   00:00:00            openvasmd

The GSA is up and at the login, entering 'admin' and 'openvas', GSA responds with 'Login failed. OMP service is down.'

Using openssl s_client -connect localhost:9390:
The connection is successful and I'm able to issue get_version.

<get_version/>
<get_version_response status="200" status_text="OK"><version>6.0</version></get_version_response>

When I issue authenticate OMP returns a failure.

<authenticate><credentials><username>admin</username><password>openvas</password></credentials></authenticate>
<authenticate_response status="400" status_text="Authentication failed"/>

The --delete-user command is being issued in the start.sh script. That bit of code was introduced 9 days ago in commit 169c5dc56e8f36533cc3aef09be65c87412b8cac.

I was using the mikesplain/openvas:latest from 16 days ago, build code bnjkx5dtqn5fy3medqqxym5, without any issues. A friend was having an issue getting an openvas container working so I tried with the current image and had this problem. I do not see an issue with the code change. I believe this may be an issue with build of the image.

Error: received handshake message out of context

Hi! I'm getting "Error: received handshake message out of context" in /var/log/openvas/gsad.log after startup.
logs.txt

Do you have any ideas about it?

Openvas manager management protocol

Hi Mike!
I have openvas 8 install on another machine and after installation openvas manager is listening on port 9390 for management protocol xml commands.
I installed the openvas9 container successfully and the manager is running over there but does not listen on any port. Do you happen to know why?

Best regards,

Udi.

Add OpenVAS 8 build

Add OpenVAS 8 and decide if we need to build and tag 2 sets of images.

Latest versions of Openvas fail to come online

Earlier, I attempted to upgrade Openvas and it's components to the latest versions. Unfortunately, the web ui did not come back online. I will have to dig in as to why. The changes are in the develop branch.

Error on Login Screen

An error occurs when trying to log into the system

Error:
Login failed. OMP service is down.

How to fix it:
docker exec -it CONTAINER_ID bash
openvas-nvt-sync
openvasmd --rebuild
openvasmd

Manager doesn't start with the new openvas 9 image

md main:MESSAGE:2017-04-10 08h09.06 utc:742: OpenVAS Manager version 7.0.1 (DB revision 184)
base gpgme:MESSAGE:2017-04-10 08h09.06 utc:743: Setting GnuPG dir to '/var/lib/openvas/openvasmd/gnupg'
base gpgme:MESSAGE:2017-04-10 08h09.07 utc:743: Using OpenPGP engine version '2.1.11'
md crypt:MESSAGE:2017-04-10 08h09.07 utc:743: skipping unusable OpenPGP key A8C205BC7B6E8DD9
md crypt:MESSAGE:2017-04-10 08h09.07 utc:743: error searching for OpenPGP key 'OpenVAS Credential Encryption': Not found
md main:CRITICAL:2017-04-10 08h09.07 utc:743: main: failed to initialise OMP daemon

Client closing the connection? Can't connect to UI.

I cannot connect the UI through http://localhost:443
This may have somthing to do with the message in the logs:

[Wed Feb 15 16:46:00 2017][837] openvassd 5.1.0 started
[Wed Feb 15 16:46:56 2017][1359] Client closed the communication
[Wed Feb 15 16:47:19 2017][837] Received the Terminated signal
[Tue Mar 28 13:47:30 2017][23] openvassd 5.1.0 started
[Tue Mar 28 13:48:17 2017][168] Client closed the communication

I have encountered this same issue on two machines. Please tell me what I am doing wrong.
Full logs attached below.

redis not yet ready
Redis ready.
Checking for empty volume
Restarting services
 * Restarting openvas-scanner openvassd
   ...done.
 * Restarting openvas-manager openvasmd
   ...done.
 * Restarting openvas-gsa gsad
   ...done.
Reloading NVTs
Rebuilding NVT cache... done.
Checking setup
openvas-check-setup 2.3.7
  Test completeness and readiness of OpenVAS-9

  Please report us any non-detected problems and
  help us to improve this check routine:
  http://lists.wald.intevation.org/mailman/listinfo/openvas-discuss

  Send us the log-file (/tmp/openvas-check-setup.log) to help analyze the problem.

  Use the parameter --server to skip checks for client tools
  like GSD and OpenVAS-CLI.

Step 1: Checking OpenVAS Scanner ...
        OK: OpenVAS Scanner is present in version 5.1.0.
        OK: redis-server is present in version v=3.0.6.
        OK: scanner (kb_location setting) is configured properly using the redis-server socket: /var/run/redis/redis.sock
        OK: redis-server is running and listening on socket: /var/run/redis/redis.sock.
        OK: redis-server configuration is OK and redis-server is running.
        OK: NVT collection in /var/lib/openvas/plugins contains 51943 NVTs.
        WARNING: Signature checking of NVTs is not enabled in OpenVAS Scanner.
        SUGGEST: Enable signature checking (see http://www.openvas.org/trusted-nvts.html).
        OK: The NVT cache in /var/cache/openvas contains 51943 files for 51943 NVTs.
Step 2: Checking OpenVAS Manager ...
        OK: OpenVAS Manager is present in version 7.0.0.
        OK: OpenVAS Manager database found in /var/lib/openvas/mgr/tasks.db.
        OK: Access rights for the OpenVAS Manager database are correct.
        OK: sqlite3 found, extended checks of the OpenVAS Manager installation enabled.
        OK: OpenVAS Manager database is at revision 184.
        OK: OpenVAS Manager expects database at revision 184.
        OK: Database schema is up to date.
        OK: OpenVAS Manager database contains information about 51943 NVTs.
        OK: At least one user exists.
        OK: OpenVAS SCAP database found in /var/lib/openvas/scap-data/scap.db.
        OK: OpenVAS CERT database found in /var/lib/openvas/cert-data/cert.db.
        OK: xsltproc found.
Step 3: Checking user configuration ...
        WARNING: Your password policy is empty.
        SUGGEST: Edit the /etc/openvas/pwpolicy.conf file to set a password policy.
Step 4: Checking Greenbone Security Assistant (GSA) ...
        OK: Greenbone Security Assistant is present in version 7.0.0.
        OK: Your OpenVAS certificate infrastructure passed validation.
Step 5: Checking OpenVAS CLI ...
        OK: OpenVAS CLI version 1.4.5.
Step 6: Checking Greenbone Security Desktop (GSD) ...
        SKIP: Skipping check for Greenbone Security Desktop.
Step 7: Checking if OpenVAS services are up and running ...
        OK: netstat found, extended checks of the OpenVAS services enabled.
        OK: OpenVAS Scanner is running and listening on a Unix domain socket.
        OK: OpenVAS Manager is running and listening on a Unix domain socket.
        OK: Greenbone Security Assistant is running and listening on all interfaces.
        WARNING: Greenbone Security Assistant is listening on port 4000, which is NOT the default port!
        SUGGEST: Ensure Greenbone Security Assistant is listening on one of the following ports: 80, 443, 9392.
Step 8: Checking nmap installation ...
        WARNING: Your version of nmap is not fully supported: 7.01
        SUGGEST: You should install nmap 5.51 if you plan to use the nmap NSE NVTs.
Step 10: Checking presence of optional tools ...
        OK: pdflatex found.
        OK: PDF generation successful. The PDF report format is likely to work.
        OK: ssh-keygen found, LSC credential generation for GNU/Linux targets is likely to work.
        OK: rpm found, LSC credential package generation for RPM based targets is likely to work.
        OK: alien found, LSC credential package generation for DEB based targets is likely to work.
        OK: nsis found, LSC credential package generation for Microsoft Windows targets is likely to work.

It seems like your OpenVAS-9 installation is OK.

If you think it is not OK, please report your observation
and help us to improve this check routine:
http://lists.wald.intevation.org/mailman/listinfo/openvas-discuss
Please attach the log-file (/tmp/openvas-check-setup.log) to help us analyze the problem.

Tailing logs
==> /var/log/openvas/gsad.log <==
gsad main:MESSAGE:2017-02-15 16h41.02 utc:859: Starting GSAD version 7.0.0
gsad main:MESSAGE:2017-02-15 16h41.02 utc:859: main: Locale for gettext extensions set to "C", gettext translations are disabled.
gsad xslt:WARNING:2017-02-15 16h41.02 utc:859: init_language_lists: Failed to open locale directory "/usr/share/openvas/gsa/locale": No such file or directory
gsad main:MESSAGE:2017-03-28 13h46.16 utc:45: Starting GSAD version 7.0.0
gsad main:MESSAGE:2017-03-28 13h46.16 utc:45: main: Locale for gettext extensions set to "C", gettext translations are disabled.
gsad xslt:WARNING:2017-03-28 13h46.16 utc:45: init_language_lists: Failed to open locale directory "/usr/share/openvas/gsa/locale": No such file or directory

==> /var/log/openvas/openvasmd.log <==
base gpgme:MESSAGE:2017-03-28 13h47.19 utc:134: Setting GnuPG dir to '/var/lib/openvas/openvasmd/gnupg'
base gpgme:MESSAGE:2017-03-28 13h47.20 utc:134: Using OpenPGP engine version '2.1.11'
md   main:   INFO:2017-03-28 13h47.21 utc:134:    Updating NVT cache.
md    otp:MESSAGE:2017-03-28 13h47.22 utc:134: Waiting for scanner to load NVTs: 45400 / 51943.
md   main:   INFO:2017-03-28 13h47.32 utc:151: update_or_rebuild_nvt_cache: Rebuilding NVT cache
base gpgme:MESSAGE:2017-03-28 13h47.32 utc:151: Setting GnuPG dir to '/var/lib/openvas/openvasmd/gnupg'
base gpgme:MESSAGE:2017-03-28 13h47.33 utc:151: Using OpenPGP engine version '2.1.11'
md   main:   INFO:2017-03-28 13h47.33 utc:151:    Updating NVT cache.
md   main:MESSAGE:2017-03-28 13h51.19 utc:244:    OpenVAS Manager version 7.0.0 (DB revision 184)
md manage:   INFO:2017-03-28 13h51.19 utc:244:    Getting users.

==> /var/log/openvas/openvassd.dump <==

==> /var/log/openvas/openvassd.messages <==
[Wed Feb 15 16:46:00 2017][837] openvassd 5.1.0 started
[Wed Feb 15 16:46:56 2017][1359] Client closed the communication
[Wed Feb 15 16:47:19 2017][837] Received the Terminated signal
[Tue Mar 28 13:47:30 2017][23] openvassd 5.1.0 started
[Tue Mar 28 13:48:17 2017][168] Client closed the communication

Starting infinite loop...
Press [CTRL+C] to stop..
Ohhhh jeeee: ... this is a bug (sexp.c:1340:vsexp_sscan)

No user created at deployment?

Hi,

I deployed the image a few time to test it out if I'm doing things wrong.

But when the rebuild of rules is done I try to login to gsad webui, and no cigarr.

If I do a check of the installation with /openvas/openvas-check-setup

        ERROR: No users found. You need to create at least one user to log in.
        It is recommended to have at least one user with role Admin.
        FIX: create a user by running 'openvasmd --create-user=<name> --role=Admin && openvasmd --user=<name> --new-password=<password>'

This fixes the problem..

Is this me doing stuff the wrong way, or a bug?

Regards Falk