OpenVAS is a katana forged for vulnerability scanning:
- open source
- container-ready
- minimal noise
- maximum signal
It thrives in Docker.
But what happens in the daemonless, rootless underworld?
The Ghost maps the terrain.
Sharpen the blade
The Docker Compose file is a map. Follow it to find the way in Podman:
https://greenbone.github.io/docs/latest/_static/docker-compose.yml
podman-compose still limps. It won’t create volumes for you.
volumes.txt:
gpg_data_vol
scap_data_vol
cert_data_vol
data_objects_vol
gvmd_data_vol
psql_data_vol
vt_data_vol
notus_data_vol
psql_socket_vol
gvmd_socket_vol
ospd_openvas_socket_vol
redis_socket_vol
openvas_data_vol
openvas_log_data_vol
Manually carve them out:
while read i; do podman volume create $i; done < volumes.txt
Your podman-compose.yaml must be transformed for Podman:
version: "3.8"
services:
vulnerability-tests:
image: registry.community.greenbone.net/community/vulnerability-tests
environment:
FEED_RELEASE: "24.10"
volumes:
- vt_data_vol:/mnt
notus-data:
image: registry.community.greenbone.net/community/notus-data
volumes:
- notus_data_vol:/mnt
scap-data:
image: registry.community.greenbone.net/community/scap-data
volumes:
- scap_data_vol:/mnt
cert-bund-data:
image: registry.community.greenbone.net/community/cert-bund-data
volumes:
- cert_data_vol:/mnt
dfn-cert-data:
image: registry.community.greenbone.net/community/dfn-cert-data
volumes:
- cert_data_vol:/mnt
depends_on:
- cert-bund-data
data-objects:
image: registry.community.greenbone.net/community/data-objects
environment:
FEED_RELEASE: "24.10"
volumes:
- data_objects_vol:/mnt
report-formats:
image: registry.community.greenbone.net/community/report-formats
environment:
FEED_RELEASE: "24.10"
volumes:
- data_objects_vol:/mnt
depends_on:
- data-objects
gpg-data:
image: registry.community.greenbone.net/community/gpg-data
volumes:
- gpg_data_vol:/mnt
redis-server:
image: registry.community.greenbone.net/community/redis-server
restart: on-failure
volumes:
- redis_socket_vol:/run/redis/
pg-gvm:
image: registry.community.greenbone.net/community/pg-gvm:stable
restart: on-failure
volumes:
- psql_data_vol:/var/lib/postgresql
- psql_socket_vol:/var/run/postgresql
gvmd:
image: registry.community.greenbone.net/community/gvmd:stable
restart: on-failure
volumes:
- gvmd_data_vol:/var/lib/gvm
- scap_data_vol:/var/lib/gvm/scap-data/
- cert_data_vol:/var/lib/gvm/cert-data
- data_objects_vol:/var/lib/gvm/data-objects/gvmd
- vt_data_vol:/var/lib/openvas/plugins
- psql_data_vol:/var/lib/postgresql
- gvmd_socket_vol:/run/gvmd
- ospd_openvas_socket_vol:/run/ospd
- psql_socket_vol:/var/run/postgresql
depends_on:
pg-gvm:
condition: service_started
scap-data:
condition: service_completed_successfully
cert-bund-data:
condition: service_completed_successfully
dfn-cert-data:
condition: service_completed_successfully
data-objects:
condition: service_completed_successfully
report-formats:
condition: service_completed_successfully
gsa:
image: registry.community.greenbone.net/community/gsa:stable
restart: on-failure
ports:
- 127.0.0.1:9392:9392
volumes:
- gvmd_socket_vol:/run/gvmd
depends_on:
- gvmd
configure-openvas:
image: registry.community.greenbone.net/community/openvas-scanner:stable
volumes:
- openvas_data_vol:/mnt
- openvas_log_data_vol:/var/log/openvas
command:
- /bin/sh
- -c
- |
printf "table_driven_lsc = yes\nopenvasd_server = http://openvasd:80\n" > /mnt/openvas.conf
sed "s/127/128/" /etc/openvas/openvas_log.conf | sed 's/gvm/openvas/' > /mnt/openvas_log.conf
chmod 644 /mnt/openvas.conf
chmod 644 /mnt/openvas_log.conf
touch /var/log/openvas/openvas.log
chmod 666 /var/log/openvas/openvas.log
openvas:
image: registry.community.greenbone.net/community/openvas-scanner:stable
restart: on-failure
volumes:
- openvas_data_vol:/etc/openvas
- openvas_log_data_vol:/var/log/openvas
command:
- /bin/sh
- -c
- |
cat /etc/openvas/openvas.conf
tail -f /var/log/openvas/openvas.log
depends_on:
configure-openvas:
condition: service_completed_successfully
openvasd:
image: registry.community.greenbone.net/community/openvas-scanner:stable
restart: on-failure
hostname: openvasd
environment:
OPENVASD_MODE: service_notus
GNUPGHOME: /etc/openvas/gnupg
LISTENING: 0.0.0.0:80
volumes:
- openvas_data_vol:/etc/openvas
- openvas_log_data_vol:/var/log/openvas
- gpg_data_vol:/etc/openvas/gnupg
- notus_data_vol:/var/lib/notus
depends_on:
vulnerability-tests:
condition: service_completed_successfully
configure-openvas:
condition: service_completed_successfully
gpg-data:
condition: service_completed_successfully
ospd-openvas:
image: registry.community.greenbone.net/community/ospd-openvas:stable
restart: on-failure
hostname: ospd-openvas.local
cap_add:
- NET_ADMIN
- NET_RAW
security_opt:
- seccomp=unconfined
- apparmor=unconfined
command:
[
"ospd-openvas",
"-f",
"--config",
"/etc/gvm/ospd-openvas.conf",
"--notus-feed-dir",
"/var/lib/notus/advisories",
"-m",
"666",
]
volumes:
- gpg_data_vol:/etc/openvas/gnupg
- vt_data_vol:/var/lib/openvas/plugins
- notus_data_vol:/var/lib/notus
- ospd_openvas_socket_vol:/run/ospd
- redis_socket_vol:/run/redis/
- openvas_data_vol:/etc/openvas/
- openvas_log_data_vol:/var/log/openvas
depends_on:
redis-server:
condition: service_started
gpg-data:
condition: service_completed_successfully
vulnerability-tests:
condition: service_completed_successfully
configure-openvas:
condition: service_completed_successfully
gvm-tools:
image: registry.community.greenbone.net/community/gvm-tools
volumes:
- gvmd_socket_vol:/run/gvmd
- ospd_openvas_socket_vol:/run/ospd
depends_on:
- gvmd
- ospd-openvas
volumes:
gpg_data_vol:
scap_data_vol:
cert_data_vol:
data_objects_vol:
gvmd_data_vol:
psql_data_vol:
vt_data_vol:
notus_data_vol:
psql_socket_vol:
gvmd_socket_vol:
ospd_openvas_socket_vol:
redis_socket_vol:
openvas_data_vol:
openvas_log_data_vol:
Pull in the the arsenal:
podman-compose -f podman-compose.yaml pull
OpenVAS is not monolithic.
Each container does one job.
Silent. Sharp. Modular.
Summon the system:
podman-compose -f podman-compose.yaml up -d
Some containers like vulnerability-tests, notus-data, scap-data are ghosts themselves.
They appear, inject knowledge, vanish.
In case of noise – logs never lie:
podman-compose -f podman-compose.yaml logs -f
Cut
Once online, scan like a specter.
Open browser -> http://localhost:9392
Use credentials:
admin / admin
Then change the password.
The shadows are always watching.
A Ghost’s vision is limited… for now
When you log in:
You are currently using the free Greenbone Community Feed – this shows only a few vulnerabilities for business critical enterprise software such as MS Exchange, Cisco, VMware, Citrix and many more.
Over 60% of all relevant exploits remain hidden.
Translation?
You’re flying low-res. The Community Feed is a shadow of the full arsenal.
Ghosts don’t panic. They adapt.
If you’re hunting in the enterprise jungle, you either:
- Maintain multiple scanners
- Supplement with external intel
- Or switch to the Greenbone Enterprise Feed – at a price.
In this operation we fly free.
But always remember:
60% of the cracks are in the dark.
Clean it up
No trace. No fingerprint. No echo.
Stop the containters:
podman-compose down
Purge the volumes:
while read i; do podman volume rm openvas_$i; done < volumes.txt
Erase the images:
podman image ls |grep greenbone |awk '{print $3}' |xargs podman image rm --
The system breathes clean.
Only the ghost remains.
—
Whisper to DeadSwitch on Matrix: @deadswitch:matrix.org
Maybe the Ghost signals back.
DeadSwitch | The Silent Architect
In silence, I rise. In structure, I endure.
Discover more from Tom's IT Cafe
Subscribe to get the latest posts sent to your email.
Tom's IT Cafe 