Skip to content

wh330/GVM-Deployment

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

141 Commits

chart

chart

 
 

gsad

gsad

 
 

gvm-postgres

gvm-postgres

 
 

gvmd

gvmd

 
 

openvas

openvas

 
 

.gitignore

.gitignore

 
 

.gitlab-ci.yml

.gitlab-ci.yml

 
 

README.md

README.md

 
 

cert-sync.yml

cert-sync.yml

 
 

docker-compose.yml

docker-compose.yml

 
 

nvt-sync.yml

nvt-sync.yml

 
 

remote-scanner.yml

remote-scanner.yml

 
 

scanner-certs.yml

scanner-certs.yml

 
 

scap-sync.yml

scap-sync.yml

 
 

Repository files navigation

GVM deployment

Introduction

This project proposes and implements the following deployment of Greenbone Vulnerability Management using Docker containers.

Docker images

The project builds the following docker images:

Development

For testing and development, you can deploy the GVM components with docker-compose.

Run gvm-postgres, gvmd, gsad, openvas, and redis services:

docker-compose -f docker-compose.yml up

GSA dashboard will then be accessible on http://localhost:8080.

To run NVT data sync:

docker-compose -f docker-compose.yml -f nvt-sync.yml up

To run SCAP data sync:

docker-compose -f docker-compose.yml -f scap-sync.yml up

To run CERT data sync:

docker-compose -f docker-compose.yml -f cert-sync.yml up

To add a remote OpenVAS scanner:

  1. Generate certificates for the new scanner:
docker-compose -f docker-compose.yml -f scanner-certs.yml up
  1. Create the scanner container:
docker-compose -f docker-compose.yml -f remote-scanner.yml up
  1. Add the scanner to GVM:
$ docker exec -it gvm-deployment_gvmd_1 ./add-scanner.sh
Scanner Name: openvas-1
Scanner Host: openvas-1
Scanner Port [9390]:
Scanner Type [OpenVAS]:
Scanner CA certificate [/usr/var/lib/gvm/cacert.pem]:
Scanner public key [/usr/var/lib/gvm/cert.pem]:
Scanner private key [/usr/var/lib/gvm/key.pem]:
Adding scanner openvas-1...
md   main:MESSAGE:2020-10-09 16h15.55 utc:1349:    Greenbone Vulnerability Manager version 9.0.1 (DB revision 221)
md manage:   INFO:2020-10-09 16h15.55 utc:1349:    Creating scanner.
md manage:WARNING:2020-10-09 16h15.55 utc:1349: database must be initialised from scanner
util gpgme:MESSAGE:2020-10-09 16h16.01 utc:1349: Setting GnuPG dir to '/var/lib/gvm/gvmd/gnupg'
util gpgme:MESSAGE:2020-10-09 16h16.01 utc:1349: Using OpenPGP engine version '2.2.19'
Scanner created.

Production

To deploy GVM components in Kubernetes cluster for production, use the helm chart described in chart/README.

Resources

About

Dockerised Greenbone Vulnerability Management components

Topics

docker security chart tcp docker-compose images scanner helm remote vulnerability k8s scap openvas vulnerability-scanners gvm gsa socker gvm-cli gvm-openvas-docker

Resources

Readme
Activity

Stars

3 stars

Watchers

1 watching

Forks

2 forks
Report repository

Releases

No releases published

Packages

No packages published

Contributors 3

  •  
  •  
  •  

Languages