├── .dockerignore ├── .github ├── FUNDING.yml ├── ISSUE_TEMPLATE │ ├── bug_report.md │ └── feature_request.md ├── PULL_REQUEST_TEMPLATE.md ├── new_releases.md ├── release-drafter.yml └── workflows │ ├── build_base_images.yml │ ├── build_debian_release_data-only.yml │ ├── build_external.yml │ ├── build_gvm_docker.yml │ ├── build_release_images.yml │ ├── check-for-gvm-updates.yml │ ├── docker-publish-debian.yml │ ├── docker-publish.yml │ ├── greenbone_community_data_sync.yml │ └── test.yml ├── .gitignore ├── .idea ├── .gitignore ├── GVM-Docker.iml ├── jsLibraryMappings.xml ├── jsonSchemas.xml ├── misc.xml ├── modules.xml └── vcs.xml ├── AlpineAPKBuilder ├── .github │ ├── new_releases.md │ └── workflows │ │ ├── build-apk.yml │ │ ├── check-for-updates.yml │ │ └── initial-build-apk.yml ├── .gitignore ├── Makefile ├── README.rst ├── aports2 │ └── community │ │ ├── greenbone-security-assistant │ │ ├── APKBUILD │ │ ├── glib_full.patch │ │ ├── gsad-sbin.patch │ │ ├── gsad.initd │ │ ├── gsad.logrotate │ │ ├── musl-stack-size.patch │ │ ├── remove-husky-git-hook.patch │ │ └── timeout.patch │ │ ├── gvm-libs │ │ ├── APKBUILD │ │ ├── glib-include-path.patch │ │ ├── glib_full.patch │ │ ├── gvm-libs.pre-install │ │ ├── malloc-trim.patch │ │ └── strptime.patch │ │ ├── gvm-tools │ │ ├── APKBUILD │ │ └── create-setuppy.patch │ │ ├── gvmd │ │ ├── APKBUILD │ │ ├── added-missing-includes.patch │ │ ├── glib_full.patch │ │ ├── greenbone-certdata-sync.conf │ │ ├── greenbone-nvt-sync.conf │ │ ├── greenbone-scapdata-sync.conf │ │ ├── gvmd.initd │ │ ├── gvmd.logrotate │ │ └── malloc-trim.patch │ │ ├── nmap │ │ ├── APKBUILD │ │ └── fortify-source.patch │ │ ├── openvas-smb │ │ ├── 001-cmakelist-fortify.patch │ │ ├── APKBUILD │ │ ├── comparison_fn_t.patch │ │ ├── disable-backtrace.patch │ │ ├── fix-missing-includes-path.patch │ │ ├── glib_full.patch │ │ └── mingw-alpine-support.patch │ │ ├── openvas │ │ ├── APKBUILD │ │ ├── execinfo-musl-fix.patch │ │ ├── glib_full.patch │ │ ├── greenbone-nvt-sync.cron │ │ ├── malloc-trim.patch │ │ ├── openvas-sysctl.conf │ │ ├── openvas.post-install │ │ └── tcp_mss_include.patch │ │ ├── ospd-openvas │ │ ├── APKBUILD │ │ ├── ospd-openvas.initd │ │ ├── ospd-openvas.post-install │ │ └── ospd.conf │ │ ├── ospd │ │ └── APKBUILD │ │ └── py3-gvm │ │ ├── APKBUILD │ │ └── create-setuppy.patch ├── builder │ ├── Dockerfile │ ├── build_gvm.sh │ ├── build_single.sh │ ├── repositories │ ├── setup.sh │ └── update_checksum.sh ├── create_glib_patch.sh ├── get_releases.sh ├── get_releases_files.sh ├── git_diff_packages.sh └── patches │ ├── greenbone-security-assistant.patch │ ├── gsa │ └── timeout.patch │ ├── gvm-libs.patch │ ├── gvm-tools.patch │ ├── gvmd.patch │ ├── openvas-smb.patch │ ├── openvas.patch │ ├── ospd-openvas.patch │ ├── ospd.patch │ └── py3-gvm.patch ├── CHANGELOG.md ├── CODE_OF_CONDUCT.md ├── CONTRIBUTING.md ├── DataSync ├── README.md └── download.sh ├── DockerComposer ├── .env ├── GSA │ └── Dockerfile ├── GVM-Data-Sync │ ├── Dockerfile │ └── start.sh ├── GVM-Libs │ └── Dockerfile ├── GVM-Tools │ └── Dockerfile ├── GVMD │ ├── Dockerfile │ ├── dummy-script.sh │ └── start.sh ├── LICENSE ├── OpenVAS-SMB │ └── Dockerfile ├── OpenVAS │ ├── Dockerfile │ ├── start.sh │ └── sync.sh ├── PostgreSQL │ ├── Dockerfile │ └── gvm-init.sh ├── Redis │ ├── Dockerfile │ └── redis.conf ├── SSHD │ ├── Dockerfile │ ├── sshd_config │ └── start.sh ├── build.sh └── docker-compose.yaml ├── Dockerfiles ├── bah_postgres.debian.Dockerfile ├── build_base.debian.Dockerfile ├── build_gsa.debian.Dockerfile ├── build_gsad.debian.Dockerfile ├── build_gvm_libs.debian.Dockerfile ├── build_gvmd.debian.Dockerfile ├── build_openvas_scanner.debian.Dockerfile └── build_openvas_smb.debian.Dockerfile ├── GVMDocker ├── .dockerignore ├── Dockerfile ├── Dockerfiles │ ├── _release_latest-data-full.debian.Dockerfile │ ├── _release_latest-data.debian.Dockerfile │ ├── release_data-only.debian.Dockerfile │ ├── release_db_upgrade.debian.Dockerfile │ ├── release_latest-data-full.debian.Dockerfile │ ├── release_latest-data.debian.Dockerfile │ ├── release_latest-full.debian.Dockerfile │ └── release_latest.debian.Dockerfile ├── Makefile ├── Readme.md ├── build-args.txt ├── build.sh ├── build │ ├── build_latest.sh │ └── postgres_ACCC4CF8.asc ├── build_release.sh ├── buster.debian.Dockerfile ├── config │ ├── logrotate-gvm.conf │ ├── redis-openvas.conf │ ├── sshd_config │ └── supervisord.conf ├── debian.Dockerfile ├── docker-compose.yml ├── greenbone-feed-sync-patch.txt ├── local_build.sh ├── local_multistep_build.sh ├── multistep.debian.Dockerfile ├── report_formats │ ├── 5057e5cc-b825-11e4-9d0e-28d24461215b │ │ ├── Anonymous_XML.xsl │ │ ├── generate │ │ └── report_format.xml │ ├── 50c9950a-f326-11e4-800c-28d24461215b │ │ ├── Verinice_ITG.xsl │ │ ├── classification-helpers.xsl │ │ ├── generate │ │ └── report_format.xml │ ├── 5ceff8ba-1f62-11e1-ab9f-406186ea4fc5 │ │ ├── CPE.xsl │ │ ├── generate │ │ └── report_format.xml │ ├── 77bd6c4a-1f62-11e1-abf0-406186ea4fc5 │ │ ├── ITG.xsl │ │ ├── generate │ │ └── report_format.xml │ ├── 9087b18c-626c-11e3-8892-406186ea4fc5 │ │ ├── CSV_Hosts.xsl │ │ ├── generate │ │ └── report_format.xml │ ├── 910200ca-dc05-11e1-954f-406186ea4fc5 │ │ ├── ARF.xsl │ │ ├── generate │ │ └── report_format.xml │ ├── 9ca6fe72-1f62-11e1-9e7c-406186ea4fc5 │ │ ├── NBE.xsl │ │ ├── generate │ │ └── report_format.xml │ ├── 9e5e5deb-879e-4ecc-8be6-a71cd0875cdd │ │ ├── generate │ │ ├── hostvisdot-summary.xsl │ │ └── report_format.xml │ ├── a3810a62-1f62-11e1-9219-406186ea4fc5 │ │ ├── TXT.xsl │ │ ├── generate │ │ └── report_format.xml │ ├── a684c02c-b531-11e1-bdc2-406186ea4fc5 │ │ ├── generate │ │ ├── latex.xsl │ │ └── report_format.xml │ ├── a994b278-1f62-11e1-96ac-406186ea4fc5 │ │ ├── generate │ │ └── report_format.xml │ ├── c15ad349-bd8d-457a-880a-c7056532ee15 │ │ ├── Verinice_ISM.xsl │ │ ├── classification.xsl │ │ ├── generate │ │ └── report_format.xml │ ├── c1645568-627a-11e3-a660-406186ea4fc5 │ │ ├── CSV_Results.xsl │ │ ├── generate │ │ └── report_format.xml │ └── c402cc3e-b531-11e1-9163-406186ea4fc5 │ │ ├── generate │ │ ├── latex.xsl │ │ └── report_format.xml └── scripts │ ├── add-scanner.sh │ ├── debian │ ├── main_pkgs.sh │ └── prepare.sh │ ├── entrypoint.sh │ ├── menu.sh │ ├── migration_v21.4.0_ubuntu_images.sh │ ├── ospd-openvas-wrapper.sh │ ├── reportFix.sh │ ├── reset-gvmd-admin-password.sh │ ├── start.sh │ ├── start.sh.bak │ ├── start_crond.sh │ ├── start_gsad.sh │ ├── start_gvmd.sh │ ├── start_rsyslogd.sh │ ├── sync-all.sh │ └── sync-initial.sh ├── GVMLogstash ├── .github │ └── workflows │ │ └── docker-publish.yml ├── Dockerfile ├── LICENSE ├── README.md ├── config │ └── logstash.yml ├── debian.Dockerfile ├── get-results.sql └── pipeline │ └── gvm.conf ├── LICENSE ├── OpenVASDocker ├── .dockerignore ├── .github │ ├── ISSUE_TEMPLATE │ │ ├── bug_report.md │ │ └── feature_request.md │ ├── PULL_REQUEST_TEMPLATE.md │ └── workflows │ │ └── docker-publish.yml ├── .gitignore ├── Dockerfile ├── Dockerfiles │ ├── release_latest-data.debian.Dockerfile │ └── release_latest.debian.Dockerfile ├── LICENSE ├── Makefile ├── Readme.md ├── build.sh ├── build.sh.old ├── config │ ├── redis-openvas.conf │ └── supervisord.conf ├── debian.Dockerfile └── scripts │ ├── entrypoint.sh │ ├── ospd-openvas-wrapper.sh │ ├── start.sh │ └── update-nvts.sh ├── PULL-REQUEST-POLICY.md ├── README.md ├── SECURITY.md ├── TODO.md ├── bah_postgres.sh ├── build-args.txt ├── docker_test_compose.yml ├── helper ├── BuildKit.Dockerfile ├── LICENSE └── scripts │ ├── build_matrix.js │ ├── build_matrix2.js │ ├── get_releases.sh │ ├── get_releases_files.sh │ └── git_diff_packages.sh ├── local_db_upgrade_image_build.sh └── local_multistep_build_v2.sh /.dockerignore: -------------------------------------------------------------------------------- 1 | * 2 | !apk-build/target/ 3 | !apk-build/user.abuild/*.pub 4 | !config/ 5 | !gvm-sync-data/ 6 | !report_formats/ 7 | !scripts/ 8 | scripts/.github/ 9 | !sshd_config 10 | !*.sh 11 | !*.conf 12 | !/OpenVASDocker/build.sh 13 | -------------------------------------------------------------------------------- /.github/FUNDING.yml: -------------------------------------------------------------------------------- 1 | github: [Dexus,DeineAgenturUG] 2 | open_collective: deineagenturug 3 | patreon: dexus 4 | custom: ["https://github.josef-froehle.de/", deineagentur.com] 5 | -------------------------------------------------------------------------------- /.github/ISSUE_TEMPLATE/bug_report.md: -------------------------------------------------------------------------------- 1 | --- 2 | name: Bug report 3 | about: Create a report to help us improve 4 | title: "[Bug]" 5 | labels: bug 6 | assignees: Dexus, pixelsquared 7 | 8 | --- 9 | 10 | 18 | 19 | 25 | 26 | 27 | **Describe the bug** 28 | A clear and concise description of what the bug is. 29 | 30 | **To Reproduce** 31 | Steps to reproduce the behavior: 32 | 1. Go to '...' 33 | 2. Click on '....' 34 | 3. Scroll down to '....' 35 | 4. See error 36 | 37 | **Expected behavior** 38 | A clear and concise description of what you expected to happen. 39 | 40 | **Screenshots** 41 | If applicable, add screenshots to help explain your problem. 42 | 43 | **Host Device:** 44 | - OS: 45 | - Version: 46 | 47 | **Image in use:** 48 | - Self build? 49 | - Output from `docker image inspect ` : 50 | ``` 51 | # docker image inspect 52 | ``` 53 | 54 | **Additional context** 55 | Add any other context about the problem here. 56 | -------------------------------------------------------------------------------- /.github/ISSUE_TEMPLATE/feature_request.md: -------------------------------------------------------------------------------- 1 | --- 2 | name: Feature request 3 | about: Suggest an idea for this project 4 | title: "[Enhancement]" 5 | labels: '' 6 | assignees: austinsonger, Dexus 7 | 8 | --- 9 | 10 | **Is your feature request related to a problem? Please describe.** 11 | A clear and concise description of what the problem is. Ex. I'm always frustrated when [...] 12 | 13 | **Describe the solution you'd like** 14 | A clear and concise description of what you want to happen. 15 | 16 | **Describe alternatives you've considered** 17 | A clear and concise description of any alternative solutions or features you've considered. 18 | 19 | **Additional context** 20 | Add any other context or screenshots about the feature request here. 21 | -------------------------------------------------------------------------------- /.github/PULL_REQUEST_TEMPLATE.md: -------------------------------------------------------------------------------- 1 | ## Summary 2 | 3 | Summarize your PR. If it involves visual changes, include a screenshot or GIF. 4 | 5 | 6 | ### Checklist 7 | 8 | Delete any items that are not applicable to this PR. 9 | 10 | - [ ] [Update Documentation](https://github.com/Secure-Compliance-Solutions-LLC/gitbook) was added for features that require explanation or tutorials 11 | 12 | ### Enhancements: 13 | 14 | 15 | ### Fixed Bug/Issues solved: 16 | 17 | 18 | ### Breaking Changes: 19 | 20 | -------------------------------------------------------------------------------- /.github/new_releases.md: -------------------------------------------------------------------------------- 1 | --- 2 | title: New Releases available 3 | assignees: 'Dexus' 4 | --- 5 | 6 | Hi, 7 | 8 | there are new releases of the following projects: 9 | 10 | ``` 11 | {{ env.NEWRELEASES }} 12 | ``` 13 | -------------------------------------------------------------------------------- /.github/release-drafter.yml: -------------------------------------------------------------------------------- 1 | name-template: 'v$RESOLVED_VERSION' 2 | tag-template: 'v$RESOLVED_VERSION' 3 | template: | 4 | # What's Changed 5 | $CHANGES 6 | categories: 7 | - title: 'Breaking' 8 | label: 'type: breaking' 9 | - title: 'New' 10 | label: 'type: feature' 11 | - title: 'Bug Fixes' 12 | label: 'type: bug' 13 | - title: 'Maintenance' 14 | label: 'type: maintenance' 15 | - title: 'Dependency Updates' 16 | label: 'type: dependencies' 17 | 18 | version-resolver: 19 | major: 20 | labels: 21 | - 'type: breaking' 22 | minor: 23 | labels: 24 | - 'type: feature' 25 | patch: 26 | labels: 27 | - 'type: bug' 28 | - 'type: maintenance' 29 | - 'type: dependencies' 30 | - 'type: security' 31 | 32 | exclude-labels: 33 | - 'skip-changelog' 34 | -------------------------------------------------------------------------------- /.github/workflows/check-for-gvm-updates.yml: -------------------------------------------------------------------------------- 1 | name: Check for Release Updates 2 | 3 | on: 4 | workflow_dispatch: 5 | schedule: 6 | # * is a special character in YAML, so you have to quote this string 7 | - cron: "30 22 * * *" 8 | 9 | concurrency: ci-${{ github.ref }} 10 | 11 | permissions: 12 | contents: read 13 | issues: write 14 | packages: write 15 | 16 | jobs: 17 | check_updates: 18 | name: Check GVM Updates 19 | runs-on: ubuntu-latest 20 | 21 | steps: 22 | - name: Checkout repository 23 | uses: actions/checkout@v2 24 | with: 25 | submodules: recursive 26 | 27 | - name: Check for updates 28 | run: | 29 | mkdir -p ./.checkupdates 30 | 31 | - uses: actions/cache@v2 32 | with: 33 | path: .checkupdates 34 | key: ${{ runner.os }}-gvm-version-check-v2-${{ github.run_id }} 35 | restore-keys: | 36 | ${{ runner.os }}-gvm-version-check-v2- 37 | 38 | - name: Get Latest Versions 39 | run: | 40 | if [ ! -e ./.checkupdates/latest_version ]; then 41 | touch ./.checkupdates/latest_version 42 | fi 43 | if [ ! -e ./.checkupdates/latest_version.sum ]; then 44 | touch ./.checkupdates/latest_version.sum 45 | fi 46 | chmod +x ./helper/scripts/get_releases.sh 47 | echo "${{github.token}}" | gh auth login --with-token 48 | echo 'NEWRELEASES<> $GITHUB_ENV 49 | ./helper/scripts/get_releases.sh >> $GITHUB_ENV 50 | echo 'EOF' >> $GITHUB_ENV 51 | 52 | - name: Check for updates - Step 1 53 | id: updates 54 | continue-on-error: true 55 | run: | 56 | echo "${NEWRELEASES}" > ./.checkupdates/latest_version 57 | sha1sum -c ./.checkupdates/latest_version.sum 58 | 59 | - name: Check for updates - Step 2 60 | id: updates_available 61 | if: ${{ steps.updates.outcome == 'failure' }} 62 | run: | 63 | sha1sum ./.checkupdates/latest_version > ./.checkupdates/latest_version.sum 64 | echo "::set-output name=UPDATES_AVAILABLE::true" 65 | 66 | - name: Create Issue 67 | uses: JasonEtco/create-an-issue@v2 68 | if: ${{ steps.updates.outcome == 'failure' && steps.updates_available.outputs.UPDATES_AVAILABLE == 'true' }} 69 | env: 70 | GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} 71 | with: 72 | update_existing: true 73 | filename: .github/new_releases.md 74 | 75 | - name: Cache permissions 76 | if: always() 77 | run: sudo chown -R $USER:$GROUP .checkupdates 78 | -------------------------------------------------------------------------------- /.github/workflows/greenbone_community_data_sync.yml: -------------------------------------------------------------------------------- 1 | name: Download Greenbone Sync Data 2 | 3 | on: 4 | schedule: 5 | - cron: "0 0 * * *" 6 | 7 | workflow_dispatch: 8 | 9 | jobs: 10 | sync: 11 | runs-on: ubuntu-latest 12 | 13 | steps: 14 | - uses: actions/checkout@v2 15 | 16 | - name: Download Data 17 | run: bash ./DataSync/download.sh 18 | 19 | - name: Create data TAR 20 | uses: ihiroky/archive-action@v1 21 | with: 22 | root_dir: ./data 23 | file_path: data.tar.xz 24 | 25 | - name: Create NVT Feed TAR 26 | uses: ihiroky/archive-action@v1 27 | with: 28 | root_dir: ./data/nvt-feed 29 | file_path: nvt-feed.tar.xz 30 | 31 | - uses: wilsonzlin/setup-b2@v3 32 | 33 | - name: Authorize Backblaze Account 34 | run: b2 authorize-account ${{ secrets.BACKBLAZE_KEYID }} ${{ secrets.BACKBLAZE_APPKEY }} 35 | 36 | - name: Upload data TAR to Backblaze 37 | run: b2 upload-file --noProgress daug-vulndata data.tar.xz data.tar.xz 38 | 39 | - name: Upload NVT Feed TAR to Backblaze 40 | run: b2 upload-file --noProgress daug-vulndata nvt-feed.tar.xz nvt-feed.tar.xz 41 | -------------------------------------------------------------------------------- /.github/workflows/test.yml: -------------------------------------------------------------------------------- 1 | name: Test Build Base Images 2 | 3 | on: 4 | workflow_dispatch: 5 | 6 | concurrency: 7 | group: ci-test-${{ github.ref }}-${{ github.event_name }} 8 | cancel-in-progress: true 9 | 10 | env: 11 | IMAGE_NAME: ${{ github.repository }} 12 | IMAGE_NAME_GHCR: ghcr.io/${{ github.repository }} 13 | IMAGE_NAME_DOCKER: deineagenturug/gvm 14 | IMAGE_NAME_OCIR: fra.ocir.io/fraj3sqdynbw/gvm 15 | 16 | 17 | permissions: 18 | id-token: write 19 | actions: read 20 | contents: read 21 | packages: write 22 | pull-requests: read 23 | security-events: write 24 | 25 | jobs: 26 | 27 | 28 | build_prepare: 29 | name: Image latest 30 | runs-on: ubuntu-latest 31 | steps: 32 | - name: Checkout repository 33 | uses: actions/checkout@v2 34 | - uses: actions/cache@v2 35 | with: 36 | path: ./.checkupdates/ 37 | key: ${{ runner.os }}-gvm-version-check-v2-${{ github.run_id }} 38 | restore-keys: | 39 | ${{ runner.os }}-gvm-version-check-v2- 40 | - run: | 41 | chmod +x ./helper/scripts/get_releases.sh 42 | echo "${{github.token}}" | gh auth login --with-token 43 | mkdir -p ./.checkupdates/ 44 | if [ ! -e ./.checkupdates/latest_version ]; then 45 | ./helper/scripts/get_releases.sh > ./.checkupdates/latest_version 46 | sha1sum ./.checkupdates/latest_version > ./.checkupdates/latest_version.sum 47 | fi 48 | echo "BUILD_VERSION=$(date '+%F.%H%M')" > ./.checkupdates/build_time 49 | 50 | build_base: 51 | name: Building Base Images 52 | needs: build_prepare 53 | uses: DeineAgenturUG/greenbone-gvm-openvas-for-docker/.github/workflows/build_base_images.yml@main 54 | with: 55 | POSTGRESQL_VERSION: 13 56 | secrets: 57 | DOCKERHUB_USERNAME: ${{ secrets.DOCKERHUB_USERNAME }} 58 | DOCKERHUB_TOKEN: ${{ secrets.DOCKERHUB_TOKEN }} 59 | GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} 60 | 61 | build_relese: 62 | name: Building Release Images 63 | needs: build_base 64 | uses: DeineAgenturUG/greenbone-gvm-openvas-for-docker/.github/workflows/build_release_images.yml@main 65 | with: 66 | POSTGRESQL_VERSION: 13 67 | secrets: 68 | DOCKERHUB_USERNAME: ${{ secrets.DOCKERHUB_USERNAME }} 69 | DOCKERHUB_TOKEN: ${{ secrets.DOCKERHUB_TOKEN }} 70 | GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} 71 | -------------------------------------------------------------------------------- /.gitignore: -------------------------------------------------------------------------------- 1 | # Created by .ignore support plugin (hsz.mobi) 2 | ### Linux template 3 | *~ 4 | 5 | # temporary files which can be created if a process still has a handle open of a deleted file 6 | .fuse_hidden* 7 | 8 | # KDE directory preferences 9 | .directory 10 | 11 | # Linux trash folder which might appear on any partition or disk 12 | .Trash-* 13 | 14 | # .nfs files are created when an open file is removed but is still being accessed 15 | .nfs* 16 | 17 | ### macOS template 18 | # General 19 | .DS_Store 20 | .AppleDouble 21 | .LSOverride 22 | 23 | # Icon must end with two \r 24 | Icon 25 | 26 | # Thumbnails 27 | ._* 28 | 29 | # Files that might appear in the root of a volume 30 | .DocumentRevisions-V100 31 | .fseventsd 32 | .Spotlight-V100 33 | .TemporaryItems 34 | .Trashes 35 | .VolumeIcon.icns 36 | .com.apple.timemachine.donotpresent 37 | 38 | # Directories potentially created on remote AFP share 39 | .AppleDB 40 | .AppleDesktop 41 | Network Trash Folder 42 | Temporary Items 43 | .apdisk 44 | 45 | ### Windows template 46 | # Windows thumbnail cache files 47 | Thumbs.db 48 | Thumbs.db:encryptable 49 | ehthumbs.db 50 | ehthumbs_vista.db 51 | 52 | # Dump file 53 | *.stackdump 54 | 55 | # Folder config file 56 | [Dd]esktop.ini 57 | 58 | # Recycle Bin used on file shares 59 | $RECYCLE.BIN/ 60 | 61 | # Windows Installer files 62 | *.cab 63 | *.msi 64 | *.msix 65 | *.msm 66 | *.msp 67 | 68 | # Windows shortcuts 69 | *.lnk 70 | 71 | # Docker Build Local 72 | /apk-build/ 73 | /storage/ 74 | /build_data/ 75 | # For github.com/nektos/act local workflow testing 76 | .env 77 | .secrets 78 | /secrets/ 79 | /GVMDocker/gvm-sync-data/ 80 | node_modules 81 | -------------------------------------------------------------------------------- /.idea/.gitignore: -------------------------------------------------------------------------------- 1 | # Default ignored files 2 | /shelf/ 3 | /workspace.xml 4 | # Editor-based HTTP Client requests 5 | /httpRequests/ 6 | # Datasource local storage ignored files 7 | /dataSources/ 8 | /dataSources.local.xml 9 | -------------------------------------------------------------------------------- /.idea/GVM-Docker.iml: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | -------------------------------------------------------------------------------- /.idea/jsLibraryMappings.xml: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 5 | 6 | -------------------------------------------------------------------------------- /.idea/jsonSchemas.xml: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | 19 | 20 | 21 | 22 | 23 | 24 | 25 | -------------------------------------------------------------------------------- /.idea/misc.xml: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 5 | 6 | -------------------------------------------------------------------------------- /.idea/modules.xml: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | -------------------------------------------------------------------------------- /.idea/vcs.xml: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 5 | 6 | -------------------------------------------------------------------------------- /AlpineAPKBuilder/.github/new_releases.md: -------------------------------------------------------------------------------- 1 | --- 2 | title: New Releases 3 | assignees: 'Dexus' 4 | --- 5 | 6 | Hi, 7 | 8 | there are new releases of the following projects: 9 | 10 | ``` 11 | {{ env.NEWRELEASES }} 12 | ``` -------------------------------------------------------------------------------- /AlpineAPKBuilder/.github/workflows/check-for-updates.yml: -------------------------------------------------------------------------------- 1 | name: Check for Release Updates 2 | 3 | on: 4 | workflow_dispatch: 5 | schedule: 6 | # * is a special character in YAML so you have to quote this string 7 | - cron: "30 22 * * *" 8 | 9 | concurrency: ci-${{ github.ref }} 10 | 11 | permissions: 12 | contents: read 13 | issues: write 14 | packages: write 15 | 16 | jobs: 17 | check_updates: 18 | name: Check GVM Updates 19 | runs-on: ubuntu-latest 20 | 21 | steps: 22 | - name: Checkout repository 23 | uses: actions/checkout@v2 24 | with: 25 | submodules: recursive 26 | 27 | - name: Check for updates 28 | run: | 29 | mkdir -p ./.checkupdates 30 | 31 | - uses: actions/cache@v2 32 | with: 33 | path: .checkupdates 34 | key: ${{ runner.os }}-gvm-version-check-v2-${{ github.run_id }} 35 | restore-keys: | 36 | ${{ runner.os }}-gvm-version-check-v2- 37 | 38 | - name: Get Latest Versions 39 | run: | 40 | if [ ! -e ./.checkupdates/latest_version ]; then 41 | touch ./.checkupdates/latest_version 42 | fi 43 | if [ ! -e ./.checkupdates/latest_version.sum ]; then 44 | touch ./.checkupdates/latest_version.sum 45 | fi 46 | chmod +x ./get_releases.sh 47 | echo 'NEWRELEASES<> $GITHUB_ENV 48 | ./get_releases.sh >> $GITHUB_ENV 49 | echo 'EOF' >> $GITHUB_ENV 50 | 51 | - name: Check for updates - Step 1 52 | id: updates 53 | continue-on-error: true 54 | run: | 55 | echo "${NEWRELEASES}" > ./.checkupdates/latest_version 56 | sha1sum -c ./.checkupdates/latest_version.sum 57 | 58 | - name: Check for updates - Step 2 59 | id: updates_available 60 | if: ${{ steps.updates.outcome == 'failure' }} 61 | run: | 62 | sha1sum ./.checkupdates/latest_version > ./.checkupdates/latest_version.sum 63 | echo "::set-output name=UPDATES_AVAILABLE::true" 64 | 65 | - name: Create Issue 66 | uses: JasonEtco/create-an-issue@v2 67 | if: ${{ steps.updates.outcome == 'failure' && steps.updates_available.outputs.UPDATES_AVAILABLE == 'true' }} 68 | env: 69 | GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} 70 | with: 71 | update_existing: true 72 | filename: .github/new_releases.md 73 | 74 | - name: Cache permissions 75 | if: always() 76 | run: sudo chown -R $USER:$GROUP .checkupdates 77 | -------------------------------------------------------------------------------- /AlpineAPKBuilder/.gitignore: -------------------------------------------------------------------------------- 1 | .*.swp 2 | /*.tar.gz 3 | /jq*.json 4 | user.abuild/ 5 | target/ 6 | aports/ 7 | aports2/community/*/src/ 8 | /src/ 9 | -------------------------------------------------------------------------------- /AlpineAPKBuilder/Makefile: -------------------------------------------------------------------------------- 1 | 2 | BUILD_ID ?= ${USER} 3 | CHECKSUM ?= ${CHECKSUM:-0} 4 | PKG ?= ${PKG:-gvmd} 5 | 6 | 7 | .PHONY: builder 8 | builder: 9 | docker build -t apk_builder:${BUILD_ID} builder/ 10 | 11 | target: 12 | mkdir -p target 13 | rm -rf target/*.tar.gz target/*.apk 14 | mkdir -p aports2 15 | 16 | .PHONY: cp_build_files 17 | cp_build_files: 18 | cp -r aports/community/gvm-libs aports2/community/ 19 | cp -r aports/community/openvas-smb aports2/community/ 20 | cp -r aports/community/gvmd aports2/community/ 21 | cp -r aports/community/openvas aports2/community/ 22 | cp -r aports/community/py3-gvm aports2/community/ 23 | cp -r aports/community/gvm-tools aports2/community/ 24 | cp -r aports/community/ospd-openvas aports2/community/ 25 | cp -r aports/community/greenbone-security-assistant aports2/community/ 26 | 27 | aports: 28 | git clone git://git.alpinelinux.org/aports 29 | 30 | .PHONY: aports_update 31 | aports_update: aports 32 | GIT_DIR=aports/.git git fetch origin -p 33 | GIT_DIR=aports/.git git pull origin master 34 | 35 | .PHONY: aports_set_V3.14 36 | aports_set_V3.14: aports 37 | GIT_DIR=aports/.git git fetch origin -p 38 | GIT_DIR=aports/.git git checkout origin/3.14-stable 39 | 40 | .PHONY: aports_update_V3.14 41 | aports_update_V3.14: aports_set_V3.14 42 | GIT_DIR=aports/.git git fetch origin -p 43 | GIT_DIR=aports/.git git pull origin 3.14-stable 44 | 45 | user.abuild: 46 | mkdir -p user.abuild 47 | 48 | build: builder target 49 | docker run \ 50 | --rm \ 51 | --name apk_builder \ 52 | -v ${PWD}/user.abuild/:/home/packager/.abuild \ 53 | -v ${PWD}/aports2:/work \ 54 | -v ${PWD}/target:/target \ 55 | -v ${HOME}/.gitconfig/:/home/packager/.gitconfig \ 56 | -e CHECKSUM=${CHECKSUM} \ 57 | apk_builder:${BUILD_ID} \ 58 | sh -c '~/bin/build.sh' 59 | 60 | build_checksum: builder target 61 | docker run \ 62 | --rm \ 63 | --name apk_builder \ 64 | -v ${PWD}/user.abuild/:/home/packager/.abuild \ 65 | -v ${PWD}/aports2:/work \ 66 | -v ${PWD}/target:/target \ 67 | -v ${HOME}/.gitconfig/:/home/packager/.gitconfig \ 68 | -e CHECKSUM=${CHECKSUM} \ 69 | apk_builder:${BUILD_ID} \ 70 | sh -c '~/bin/update_checksum.sh' 71 | 72 | build_single: builder target 73 | docker run \ 74 | --rm \ 75 | --name apk_builder \ 76 | -v ${PWD}/user.abuild/:/home/packager/.abuild \ 77 | -v ${PWD}/aports2:/work \ 78 | -v ${PWD}/target:/target \ 79 | -v ${HOME}/.gitconfig/:/home/packager/.gitconfig \ 80 | -e CHECKSUM=${CHECKSUM} \ 81 | apk_builder:${BUILD_ID} \ 82 | sh -c '~/bin/build_single.sh $(PKG)' 83 | 84 | build2: builder target 85 | docker run -ti \ 86 | --rm \ 87 | --name apk_builder2 \ 88 | -v ${PWD}/user.abuild/:/home/packager/.abuild \ 89 | -v ${PWD}/aports2:/work \ 90 | -v ${PWD}/target:/target \ 91 | -v ${HOME}/.gitconfig/:/home/packager/.gitconfig \ 92 | -e CHECKSUM=${CHECKSUM} \ 93 | apk_builder:${BUILD_ID} \ 94 | sh 95 | -------------------------------------------------------------------------------- /AlpineAPKBuilder/README.rst: -------------------------------------------------------------------------------- 1 | 2 | Docker APK Build Environment 3 | ============================ 4 | 5 | An alpine linux environment for building apk packages using docker. 6 | 7 | See http://wiki.alpinelinux.org/wiki/Creating_an_Alpine_package for additional 8 | documentation and 9 | https://engineering.fundingcircle.com/blog/2015/04/28/create-alpine-linux-repository/ 10 | for some background about testing and signing packages. 11 | 12 | 13 | .. contents:: 14 | :backlinks: none 15 | 16 | 17 | Setup 18 | ----- 19 | 20 | To sign packages you'll need a key pair. To generate a pair of keys for this 21 | purpose run: 22 | 23 | .. code:: sh 24 | 25 | # builds an image and starts a container 26 | make build 27 | # generate keys automatical on startup 28 | # ~/bin/setup.sh 29 | 30 | 31 | Building a Package 32 | ------------------ 33 | 34 | Run ``make build`` to start the docker environment. In the build environment 35 | cd to the package directory which contains an ``APKBUILD`` file and run 36 | the build. 37 | 38 | .. code:: sh 39 | 40 | cd /work// 41 | # Condtionally rebuild checksums if files has changed 42 | abuild checksum 43 | # Run the build 44 | abuild -c -r -P /target 45 | 46 | The built packages will be in ``./target`` on the host. 47 | 48 | 49 | Indexing and Signing 50 | -------------------- 51 | 52 | .. code:: sh 53 | 54 | cd /target/// 55 | apk index -o APKINDEX.tar.gz *.apk 56 | abuild-sign APKINDEX.tar.gz 57 | 58 | 59 | Local Repo 60 | ---------- 61 | 62 | .. code:: sh 63 | 64 | # user.abuild folder -> Alpine Docker Container 65 | cp /home/abuild/*.pub /etc/apk/keys/ 66 | 67 | # add /target/* to image i.e. /repo/* 68 | 69 | # create local repo 70 | echo "@custom-main /repo/main" >> /etc/apk/repositories 71 | echo "@custom-community /repo/community" >> /etc/apk/repositories 72 | # or 73 | echo "/repo/main" >> /etc/apk/repositories 74 | echo "/repo/community" >> /etc/apk/repositories 75 | 76 | apk update 77 | 78 | # install packages: 79 | apk add gvmd@custom-main gvm-libs@custom-community 80 | # or 81 | apk add gvmd gvm-libs 82 | -------------------------------------------------------------------------------- /AlpineAPKBuilder/aports2/community/greenbone-security-assistant/gsad-sbin.patch: -------------------------------------------------------------------------------- 1 | diff --git a/gsad/src/CMakeLists.txt b/gsad/src/CMakeLists.txt 2 | index 27dbb22..b7f6d6f 100644 3 | --- a/gsad/src/CMakeLists.txt 4 | +++ b/gsad/src/CMakeLists.txt 5 | @@ -177,7 +177,7 @@ add_definitions (-DPREFIX="${CMAKE_INSTALL_PREFIX}") 6 | ## Install 7 | 8 | install (TARGETS gsad 9 | - RUNTIME DESTINATION ${SBINDIR} 10 | + RUNTIME DESTINATION ${BINDIR} 11 | LIBRARY DESTINATION ${LIBDIR} 12 | ARCHIVE DESTINATION ${LIBDIR}/static) 13 | 14 | -------------------------------------------------------------------------------- /AlpineAPKBuilder/aports2/community/greenbone-security-assistant/gsad.initd: -------------------------------------------------------------------------------- 1 | #!/sbin/openrc-run 2 | 3 | : ${GSAD_USER:=gvm} 4 | : ${GSAD_GROUP:=gvm} 5 | : ${GSAD_TIMEOUT:=30} 6 | : ${GSAD_OPTIONS:=--no-redirect --http-only} 7 | : ${GSAD_LISTEN_ADDRESS:=127.0.0.1} 8 | : ${GSAD_LISTEN_PORT:=9392} 9 | : ${GVMD_LISTEN_ADDRESS:=127.0.0.1} 10 | : ${GVMD_LISTEN_PORT:=9390} 11 | : ${GVMD_GNUTLS_PRIORITIES:=NORMAL} 12 | 13 | name="Greenbone Security Assistant (GSA)" 14 | command="/usr/bin/gsad" 15 | command_args="--foreground ${GSAD_OPTIONS} --listen=${GSAD_LISTEN_ADDRESS} --port=${GSAD_LISTEN_PORT} --mlisten=${GVMD_LISTEN_ADDRESS} --mport=${GVMD_LISTEN_PORT} --gnutls-priorities=${GSAD_GNUTLS_PRIORITIES}" 16 | command_background="true" 17 | command_user="${GSAD_USER}:${GSAD_GROUP}" 18 | pidfile="/run/gvm/gsad.pid" 19 | retry="${GSAD_TIMEOUT}" 20 | 21 | depend() { 22 | after firewall 23 | need net gvmd 24 | } 25 | 26 | start_pre() { 27 | checkpath --directory --owner "$command_user" "${pidfile%/*}" /var/log/gvm 28 | } 29 | -------------------------------------------------------------------------------- /AlpineAPKBuilder/aports2/community/greenbone-security-assistant/gsad.logrotate: -------------------------------------------------------------------------------- 1 | # Copyright 1999-2019 Gentoo Authors 2 | # Distributed under the terms of the GNU General Public License v2 3 | # Daemon ignore HUP so we use 'copytruncate' instead of 'create' 4 | # with safe file size to prevent losing log entries. 5 | 6 | /var/log/gvm/gsad.log { 7 | compress 8 | missingok 9 | notifempty 10 | sharedscripts 11 | copytruncate 12 | maxsize 10M 13 | } 14 | -------------------------------------------------------------------------------- /AlpineAPKBuilder/aports2/community/greenbone-security-assistant/musl-stack-size.patch: -------------------------------------------------------------------------------- 1 | diff --git a/gsad/src/gsad.c b/gsad/src/gsad.c 2 | index f176b62..37a9d66 100644 3 | --- a/gsad/src/gsad.c 4 | +++ b/gsad/src/gsad.c 5 | @@ -2556,6 +2556,7 @@ start_unix_http_daemon (const char *unix_socket_path, 6 | 0, NULL, NULL, handler, http_handlers, MHD_OPTION_NOTIFY_COMPLETED, 7 | free_resources, NULL, MHD_OPTION_LISTEN_SOCKET, unix_socket, 8 | MHD_OPTION_PER_IP_CONNECTION_LIMIT, get_per_ip_connection_limit (), 9 | + MHD_OPTION_THREAD_STACK_SIZE, (size_t) 4*1024*1024, 10 | MHD_OPTION_EXTERNAL_LOGGER, mhd_logger, NULL, MHD_OPTION_END); 11 | } 12 | 13 | @@ -2590,6 +2591,7 @@ start_http_daemon (int port, 14 | flags, port, NULL, NULL, handler, http_handlers, 15 | MHD_OPTION_NOTIFY_COMPLETED, free_resources, NULL, MHD_OPTION_SOCK_ADDR, 16 | address, MHD_OPTION_PER_IP_CONNECTION_LIMIT, get_per_ip_connection_limit (), 17 | + MHD_OPTION_THREAD_STACK_SIZE, (size_t) 4*1024*1024, 18 | MHD_OPTION_EXTERNAL_LOGGER, mhd_logger, NULL, MHD_OPTION_END); 19 | } 20 | 21 | @@ -2623,6 +2625,7 @@ start_https_daemon (int port, const char *key, const char *cert, 22 | MHD_OPTION_HTTPS_MEM_KEY, key, MHD_OPTION_HTTPS_MEM_CERT, cert, 23 | MHD_OPTION_NOTIFY_COMPLETED, free_resources, NULL, MHD_OPTION_SOCK_ADDR, 24 | address, MHD_OPTION_PER_IP_CONNECTION_LIMIT, get_per_ip_connection_limit (), 25 | + MHD_OPTION_THREAD_STACK_SIZE, (size_t) 4*1024*1024, 26 | MHD_OPTION_HTTPS_PRIORITIES, priorities, MHD_OPTION_EXTERNAL_LOGGER, 27 | mhd_logger, NULL, 28 | /* LibmicroHTTPD 0.9.35 and higher. */ 29 | -------------------------------------------------------------------------------- /AlpineAPKBuilder/aports2/community/greenbone-security-assistant/remove-husky-git-hook.patch: -------------------------------------------------------------------------------- 1 | diff --git a/gsa/package.json b/gsa/package.json 2 | index a4c7309..3076a51 100644 3 | --- a/gsa/package.json 4 | +++ b/gsa/package.json 5 | @@ -87,7 +87,6 @@ 6 | "@types/jest": "^26.0.23", 7 | "babel-plugin-i18next-extract": "^0.8.3", 8 | "eslint-config-prettier": "^8.3.0", 9 | - "husky": "^2.7.0", 10 | "jest-environment-jsdom-sixteen": "^2.0.0", 11 | "jest-junit": "^12.0.0", 12 | "jest-styled-components": "^6.3.4", 13 | @@ -113,11 +112,6 @@ 14 | "not op_mini all", 15 | "ff ESR" 16 | ], 17 | - "husky": { 18 | - "hooks": { 19 | - "pre-commit": "lint-staged" 20 | - } 21 | - }, 22 | "lint-staged": { 23 | "*.{js,json}": [ 24 | "prettier --write", 25 | -------------------------------------------------------------------------------- /AlpineAPKBuilder/aports2/community/greenbone-security-assistant/timeout.patch: -------------------------------------------------------------------------------- 1 | diff -Naur origin/gsa/src/gmp/gmpsettings.js patch/gsa/src/gmp/gmpsettings.js 2 | --- origin/gsa/src/gmp/gmpsettings.js 2021-04-16 11:27:51.000000000 +0200 3 | +++ patch/gsa/src/gmp/gmpsettings.js 2021-06-28 10:08:42.787815562 +0200 4 | @@ -26,7 +26,7 @@ 5 | 'https://docs.greenbone.net/API/GMP/gmp-20.08.html'; 6 | export const DEFAULT_REPORT_RESULTS_THRESHOLD = 25000; 7 | export const DEFAULT_LOG_LEVEL = 'warn'; 8 | -export const DEFAULT_TIMEOUT = 300000; // 5 minutes 9 | +export const DEFAULT_TIMEOUT = 90000000; // 5 minutes 10 | 11 | const set = (storage, name, value) => { 12 | if (isDefined(value)) { 13 | diff -Naur origin/gsa/src/gmp/__tests__/gmpsettings.js patch/gsa/src/gmp/__tests__/gmpsettings.js 14 | --- origin/gsa/src/gmp/__tests__/gmpsettings.js 2021-04-16 11:27:51.000000000 +0200 15 | +++ patch/gsa/src/gmp/__tests__/gmpsettings.js 2021-06-28 10:08:27.144046612 +0200 16 | @@ -94,7 +94,7 @@ 17 | reloadIntervalInactive: 60, 18 | reportResultsThreshold: 10000, 19 | token: 'atoken', 20 | - timeout: 30000, 21 | + timeout: 9000000, 22 | timezone: 'cet', 23 | username: 'foo', 24 | vendorVersion: 'foo', 25 | @@ -118,7 +118,7 @@ 26 | expect(settings.reloadIntervalInactive).toEqual(60); 27 | expect(settings.reportResultsThreshold).toEqual(10000); 28 | expect(settings.token).toBeUndefined(); 29 | - expect(settings.timeout).toEqual(30000); 30 | + expect(settings.timeout).toEqual(9000000); 31 | expect(settings.timezone).toBeUndefined(); 32 | expect(settings.username).toBeUndefined(); 33 | expect(settings.vendorVersion).toEqual('foo'); 34 | @@ -214,7 +214,7 @@ 35 | reloadIntervalInactive: 60, 36 | reportResultsThreshold: 10000, 37 | token: 'atoken', 38 | - timeout: 30000, 39 | + timeout: 9000000, 40 | timezone: 'cet', 41 | username: 'foo', 42 | vendorVersion: 'bar', 43 | @@ -234,7 +234,7 @@ 44 | expect(settings.reloadIntervalInactive).toEqual(60); 45 | expect(settings.reportResultsThreshold).toEqual(10000); 46 | expect(settings.token).toEqual('btoken'); 47 | - expect(settings.timeout).toEqual(30000); 48 | + expect(settings.timeout).toEqual(9000000); 49 | expect(settings.timezone).toEqual('cest'); 50 | expect(settings.username).toEqual('bar'); 51 | expect(settings.vendorVersion).toEqual('bar'); 52 | @@ -306,7 +306,7 @@ 53 | protocolDocUrl: 'http://protocol', 54 | reloadInterval: 10, 55 | token: 'atoken', 56 | - timeout: 30000, 57 | + timeout: 9000000, 58 | timezone: 'cet', 59 | username: 'foo', 60 | vendorVersion: 'foobar', 61 | -------------------------------------------------------------------------------- /AlpineAPKBuilder/aports2/community/gvm-libs/APKBUILD: -------------------------------------------------------------------------------- 1 | # Contributor: Francesco Colista 2 | # Maintainer: Francesco Colista 3 | pkgname=gvm-libs 4 | pkgver=21.4.2 5 | pkgrel=11 6 | pkgdesc="Greenbone Vulnerability Management Libraries" 7 | url="https://www.openvas.org/" 8 | arch="all" 9 | license="GPL-2.0-or-later" 10 | options="!check" # test fails: https://github.com/greenbone/gvm-libs/issues/279 11 | pkgusers="gvm" 12 | pkggroups="gvm" 13 | install="$pkgname.pre-install" 14 | depends="gcompat" 15 | makedepends="cmake bison glib-dev libpcap-dev libssh-dev 16 | hiredis-dev gnutls-dev util-linux-dev 17 | libgcrypt-dev libksba-dev openldap-dev 18 | gpgme-dev gpgmepp net-snmp-libs e2fsprogs-dev 19 | clang-dev freeradius-client-dev 20 | doxygen libxslt graphviz xmltoman perl-sql-translator 21 | libxml2-dev libnet-dev gcompat" 22 | subpackages="$pkgname-dbg $pkgname-dev $pkgname-doc" 23 | source="$pkgname-$pkgver.tar.gz::https://github.com/greenbone/gvm-libs/archive/v$pkgver.tar.gz 24 | malloc-trim.patch 25 | strptime.patch 26 | glib_full.patch 27 | " 28 | 29 | prepare() { 30 | default_prepare 31 | mkdir build 32 | } 33 | 34 | build() { 35 | cd $builddir/build 36 | cmake -DCMAKE_BUILD_TYPE=None \ 37 | -DCMAKE_INSTALL_PREFIX=/usr \ 38 | -DBUILD_STATIC=0 \ 39 | -DBUILD_SHARED=1 \ 40 | -DLIBDIR=/usr/lib \ 41 | -DSYSCONFDIR=/etc \ 42 | -DLOCALSTATEDIR=/var \ 43 | -DGVM_PID_DIR=/var/lib/gvm \ 44 | .. 45 | make 46 | } 47 | 48 | check() { 49 | cd $builddir/build 50 | return 0 51 | } 52 | 53 | package() { 54 | cd $builddir/build 55 | make DESTDIR="$pkgdir" install 56 | mkdir -p "$pkgdir"/var/lib/gvm 57 | chown -R $pkgusers:$pkggroups "$pkgdir"/var/lib/gvm 58 | } 59 | 60 | doc() { 61 | cd $builddir/build 62 | default_doc 63 | make doc 64 | mkdir -p "$subpkgdir"/usr/share/doc/$pkgname 65 | mv doc/generated/* "$subpkgdir"/usr/share/doc/$pkgname 66 | } 67 | 68 | sha512sums=" 69 | 2eb1855c60a3afb66634d1aee07455b7d2868f6d7e772618215dc0991ca773d95ee04a65ffa41d4737e7d3cdbd28b546d82ba0aa371a5cec0a656297dd7103b1 gvm-libs-21.4.2.tar.gz 70 | ae93ac7ec929325926d785bb58ed9c09f8bdaf518adf09db54bb9a8a4b5e4474c0ab61fc987c91114f2013cbe39868115006b528865fbd027e5b88eca58f1954 malloc-trim.patch 71 | b10f2b6a8e126a184c65c91bdd18a21e4ee16cbc442775288a11c2768c8e5c1db4ce3749025e7cc3f360c7c1011b79dca836fee742fb9f06034ca0a986f718b5 strptime.patch 72 | 09e4216a2db63fe1e013e21e11fdc84409c2adb7eb36003285e17746796484c7fa0579e80e710e6370ee0bbefa4b46207a23bb0f1b9a5e8d4a272ad7d23f35c6 glib_full.patch 73 | " 74 | -------------------------------------------------------------------------------- /AlpineAPKBuilder/aports2/community/gvm-libs/glib-include-path.patch: -------------------------------------------------------------------------------- 1 | diff --git a/base/pidfile.h b/base/pidfile.h 2 | index ee0e3e3..2ea781b 100644 3 | --- a/base/pidfile.h 4 | +++ b/base/pidfile.h 5 | @@ -25,7 +25,7 @@ 6 | #ifndef _GVM_PIDFILE_H 7 | #define _GVM_PIDFILE_H 8 | 9 | -#include 10 | +#include 11 | 12 | int 13 | pidfile_create (gchar *); 14 | -------------------------------------------------------------------------------- /AlpineAPKBuilder/aports2/community/gvm-libs/gvm-libs.pre-install: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | addgroup -S gvm 2>/dev/null 3 | adduser -D -H -h /var/lib/gvm -s /bin/sh -G gvm gvm 2>/dev/null 4 | exit 0 5 | -------------------------------------------------------------------------------- /AlpineAPKBuilder/aports2/community/gvm-libs/malloc-trim.patch: -------------------------------------------------------------------------------- 1 | diff --git a/base/hosts.c b/base/hosts.c 2 | index 74f5d92..1073e2c 100644 3 | --- a/base/hosts.c 4 | +++ b/base/hosts.c 5 | @@ -1013,7 +1013,9 @@ gvm_hosts_deduplicate (gvm_hosts_t *hosts) 6 | hosts->count -= duplicates; 7 | hosts->removed += duplicates; 8 | hosts->current = 0; 9 | +#ifdef __GLIBC__ 10 | malloc_trim (0); 11 | +#endif 12 | } 13 | 14 | /** 15 | @@ -1208,7 +1210,9 @@ gvm_hosts_new_with_max (const gchar *hosts_str, unsigned int max_hosts) 16 | gvm_hosts_deduplicate (hosts); 17 | 18 | g_strfreev (split); 19 | +#ifdef __GLIBC__ 20 | malloc_trim (0); 21 | +#endif 22 | return hosts; 23 | } 24 | 25 | -------------------------------------------------------------------------------- /AlpineAPKBuilder/aports2/community/gvm-libs/strptime.patch: -------------------------------------------------------------------------------- 1 | diff --git a/base/nvti.c b/base/nvti.c 2 | index 97f1ec63..f1f36cc7 100644 3 | --- a/base/nvti.c 4 | +++ b/base/nvti.c 5 | @@ -192,22 +192,19 @@ parse_nvt_timestamp (const gchar *str_time) 6 | /* $Date: 2012-02-17 16:05:26 +0100 (Fr, 17. Feb 2012) $ */ 7 | /* $Date: Fri, 11 Nov 2011 14:42:28 +0100 $ */ 8 | memset (&tm, 0, sizeof (struct tm)); 9 | - if (strptime ((char *) str_time, "%F %T %z", &tm) == NULL) 10 | + if (strptime ((char *) str_time, "%Y-%m-%d %T +%H%M", &tm) == NULL && strptime ((char *) str_time, "%Y-%m-%d %T -%H%M", &tm) == NULL) 11 | { 12 | memset (&tm, 0, sizeof (struct tm)); 13 | - if (strptime ((char *) str_time, "$Date: %F %T %z", &tm) == NULL) 14 | + if (strptime ((char *) str_time, "$Date: %Y-%m-%d %T +%H%M", &tm) == NULL && strptime ((char *) str_time, "$Date: %Y-%m-%d %T -%H%M", &tm) == NULL) 15 | { 16 | memset (&tm, 0, sizeof (struct tm)); 17 | - if (strptime ((char *) str_time, "%a %b %d %T %Y %z", &tm) == NULL) 18 | + if (strptime ((char *) str_time, "%a %b %d %T %Y +%H%M", &tm) == NULL && strptime ((char *) str_time, "%a %b %d %T %Y -%H%M", &tm) == NULL) 19 | { 20 | memset (&tm, 0, sizeof (struct tm)); 21 | - if (strptime ((char *) str_time, "$Date: %a, %d %b %Y %T %z", &tm) 22 | - == NULL) 23 | + if (strptime ((char *) str_time, "$Date: %a, %d %b %Y %T +%H%M", &tm) == NULL && strptime ((char *) str_time, "$Date: %a, %d %b %Y %T -%H%M", &tm) == NULL) 24 | { 25 | memset (&tm, 0, sizeof (struct tm)); 26 | - if (strptime ((char *) str_time, "$Date: %a %b %d %T %Y %z", 27 | - &tm) 28 | - == NULL) 29 | + if (strptime ((char *) str_time, "$Date: %a %b %d %T %Y +%H%M", &tm) == NULL && strptime ((char *) str_time, "$Date: %a %b %d %T %Y -%H%M", &tm) == NULL) 30 | { 31 | g_warning ("%s: Failed to parse time: %s", __FUNCTION__, 32 | str_time); 33 | -------------------------------------------------------------------------------- /AlpineAPKBuilder/aports2/community/gvm-tools/APKBUILD: -------------------------------------------------------------------------------- 1 | # Contributor: Francesco Colista 2 | # Maintainer: Francesco Colista 3 | pkgname=gvm-tools 4 | pkgver=21.6.1 5 | pkgrel=10 6 | pkgdesc="Collection of tools for remote controlling a OpenVAS / Greenbone" 7 | url="https://github.com/greenbone/gvm-tools" 8 | arch="noarch" 9 | license="GPL" 10 | depends="python3 py3-dialog py3-defusedxml py3-paramiko py3-lxml" 11 | makedepends="py3-setuptools pyproject2setuppy" 12 | source="$pkgname-$pkgver.tar.gz::https://github.com/greenbone/gvm-tools/archive/v$pkgver.tar.gz 13 | create-setuppy.patch" 14 | 15 | build() { 16 | python3 setup.py build 17 | } 18 | 19 | check() { 20 | python3 setup.py check 21 | } 22 | 23 | package() { 24 | python3 setup.py install --prefix=/usr --root="$pkgdir" 25 | } 26 | 27 | sha512sums=" 28 | 7aa63b55b9925aa0a845ff50ed73b273564f274d8c6b5a4cfab6459fa7ab4b50e2ea5e1066c9301db64c83c6003a4c7c50c2fd359b16cd537a915e5ce731b854 gvm-tools-21.6.1.tar.gz 29 | 716d1298104d924170041d69708fc417ec6d2bf96197c7c2f77397584b6c67881190272adbf224431be400a2e391d3d3e213a340411c0b9be9e6c9e097eedd5f create-setuppy.patch 30 | " 31 | -------------------------------------------------------------------------------- /AlpineAPKBuilder/aports2/community/gvm-tools/create-setuppy.patch: -------------------------------------------------------------------------------- 1 | commit d5d5ef1473bd1163f1309ca83642a1be2a96c5b5 2 | Author: Francesco Colista 3 | Date: Tue May 19 18:56:39 2020 +0000 4 | 5 | added setup.py to build package with setuptools 6 | 7 | diff --git a/setup.py b/setup.py 8 | new file mode 100644 9 | index 0000000..ebe2f51 10 | --- /dev/null 11 | +++ b/setup.py 12 | @@ -0,0 +1,3 @@ 13 | +#!/usr/bin/env python3 14 | +from pyproject2setuppy.main import main 15 | +main() 16 | -------------------------------------------------------------------------------- /AlpineAPKBuilder/aports2/community/gvmd/added-missing-includes.patch: -------------------------------------------------------------------------------- 1 | diff --git a/src/gvmd.c b/src/gvmd.c 2 | index 419a585..3158bce 100644 3 | --- a/src/gvmd.c 4 | +++ b/src/gvmd.c 5 | @@ -91,6 +91,7 @@ 6 | #include 7 | #include 8 | #include 9 | +#include 10 | 11 | #include 12 | #include 13 | diff --git a/src/sql_pg.c b/src/sql_pg.c 14 | index 06b2e1d..8803e83 100644 15 | --- a/src/sql_pg.c 16 | +++ b/src/sql_pg.c 17 | @@ -33,7 +33,7 @@ 18 | #include 19 | #include 20 | #include 21 | -#include 22 | +#include 23 | #include 24 | #include 25 | 26 | -------------------------------------------------------------------------------- /AlpineAPKBuilder/aports2/community/gvmd/greenbone-certdata-sync.conf: -------------------------------------------------------------------------------- 1 | COMMUNITY_CERT_RSYNC_FEED="rsync://feed.community.greenbone.net:/cert-data" 2 | -------------------------------------------------------------------------------- /AlpineAPKBuilder/aports2/community/gvmd/greenbone-nvt-sync.conf: -------------------------------------------------------------------------------- 1 | COMMUNITY_NVT_RSYNC_FEED="rsync://feed.community.greenbone.net:/nvt-feed" 2 | -------------------------------------------------------------------------------- /AlpineAPKBuilder/aports2/community/gvmd/greenbone-scapdata-sync.conf: -------------------------------------------------------------------------------- 1 | COMMUNITY_SCAP_RSYNC_FEED="rsync://feed.community.greenbone.net:/scap-data" 2 | -------------------------------------------------------------------------------- /AlpineAPKBuilder/aports2/community/gvmd/gvmd.initd: -------------------------------------------------------------------------------- 1 | #!/sbin/openrc-run 2 | 3 | name="Greenbone Vulnerability Manager" 4 | command=/usr/bin/gvmd 5 | pidfile=/run/gvmd/${RC_SVCNAME}.pid 6 | command_background="true" 7 | 8 | : ${GVMD_USER:=gvm} 9 | : ${GVMD_GROUP:=gvm} 10 | : ${GVMD_TIMEOUT:=30} 11 | : ${GVMD_LISTEN_ADDRESS_UNIX:=$(dirname $pidfile)/gvmd.sock} 12 | : ${GVMD_SCANNER_HOST:=/run/ospd/ospd.sock} 13 | : ${GVMD_LISTEN_OWNER:=$GVMD_USER} 14 | : ${GVMD_LISTEN_GROUP=$GVMD_GROUP} 15 | : ${GVMD_LISTEN_MODE:=755} 16 | : ${GVMD_GNUTLS_PRIORITIES:=SECURE256:+SUITEB192:+SECURE192:+SECURE128:+SUITEB128:-MD5:-SHA1:-VERS-TLS1.0:-VERS-TLS1.1:-VERS-SSL3.0} 17 | : ${GVMD_LISTEN_ADDRESS_TCP:=127.0.0.1} 18 | : ${GVMD_PORT:=9390} 19 | 20 | command_user="${GVMD_USER}:${GVMD_GROUP}" 21 | retry="${GVMD_TIMEOUT}" 22 | command_args="--foreground ${GVMD_OPTIONS} --listen=${GVMD_LISTEN_ADDRESS_TCP} --port=${GVMD_PORT} --scanner-host=${GVMD_SCANNER_HOST} --gnutls-priorities=${GVMD_GNUTLS_PRIORITIES}" 23 | 24 | depend() { 25 | after firewall 26 | need net ospd-openvas 27 | } 28 | 29 | start_pre() { 30 | checkpath --directory --mode 775 --owner "$command_user" ${pidfile%/*} /var/log/gvm 31 | } 32 | -------------------------------------------------------------------------------- /AlpineAPKBuilder/aports2/community/gvmd/gvmd.logrotate: -------------------------------------------------------------------------------- 1 | # Copyright 1999-2019 Gentoo Authors 2 | # Distributed under the terms of the GNU General Public License v2 3 | # Daemon ignore HUP so we use 'copytruncate' instead of 'create' 4 | # with safe file size to prevent losing log entries. 5 | 6 | /var/log/gvm/gvmd.log { 7 | compress 8 | missingok 9 | notifempty 10 | sharedscripts 11 | copytruncate 12 | maxsize 10M 13 | } 14 | -------------------------------------------------------------------------------- /AlpineAPKBuilder/aports2/community/gvmd/malloc-trim.patch: -------------------------------------------------------------------------------- 1 | diff --git a/src/manage_sql.c b/src/manage_sql.c 2 | index b41e5c6..48e3fdb 100644 3 | --- a/src/manage_sql.c 4 | +++ b/src/manage_sql.c 5 | @@ -15276,7 +15276,9 @@ update_nvti_cache () 6 | 7 | cleanup_iterator (&nvts); 8 | 9 | - malloc_trim (0); 10 | +#ifdef __GLIBC__ 11 | + malloc_trim (0); 12 | +#endif 13 | } 14 | 15 | /** 16 | -------------------------------------------------------------------------------- /AlpineAPKBuilder/aports2/community/nmap/APKBUILD: -------------------------------------------------------------------------------- 1 | # Maintainer: Leonardo Arena 2 | pkgname=nmap 3 | pkgver=7.92 4 | pkgrel=11 5 | pkgdesc="network exploration tool and security/port scanner" 6 | url="https://nmap.org" 7 | arch="all" 8 | license="custom" 9 | depends="gcompat" 10 | makedepends="linux-headers openssl-dev libpcap-dev pcre-dev zlib-dev libssh2-dev lua5.3-dev gcompat" 11 | options="!check" #FIXME: fails on armhf and aarch64 12 | subpackages=" 13 | $pkgname-dbg 14 | $pkgname-doc 15 | $pkgname-scripts::noarch 16 | $pkgname-nselibs::noarch 17 | $pkgname-nping 18 | $pkgname-ncat" 19 | source="https://nmap.org/dist/nmap-$pkgver.tar.bz2 20 | fortify-source.patch" 21 | 22 | # secfixes: 23 | # 7.80-r0: 24 | # - CVE-2017-18594 25 | # - CVE-2018-15173 26 | 27 | prepare() { 28 | default_prepare 29 | update_config_sub 30 | } 31 | 32 | build() { 33 | ./configure \ 34 | --build=$CBUILD \ 35 | --host=$CHOST \ 36 | --prefix=/usr \ 37 | --sysconfdir=/etc \ 38 | --mandir=/usr/share/man \ 39 | --infodir=/usr/share/info \ 40 | --without-zenmap \ 41 | --with-openssl=yes \ 42 | --with-libpcap=yes \ 43 | --with-libpcre=yes \ 44 | --with-libz=yes \ 45 | --with-libssh2=yes \ 46 | --with-liblua=/usr/lua5.3 47 | make 48 | } 49 | 50 | check() { 51 | make check 52 | } 53 | 54 | package() { 55 | make -j1 DESTDIR="$pkgdir" install 56 | } 57 | 58 | scripts() { 59 | depends="$pkgname-nselibs" 60 | pkgdesc="$pkgdesc (scripts)" 61 | amove usr/share/nmap/scripts 62 | } 63 | 64 | nselibs() { 65 | pkgdesc="$pkgdesc (nselibs)" 66 | amove usr/share/nmap/nse_main.lua 67 | amove usr/share/nmap/nselib 68 | } 69 | 70 | ncat() { 71 | pkgdesc="$pkgdesc (ncat tool)" 72 | amove usr/bin/ncat 73 | } 74 | 75 | nping() { 76 | pkgdesc="$pkgdesc (nping tool)" 77 | amove usr/bin/nping 78 | } 79 | 80 | sha512sums=" 81 | 7828367f9dc76ff4d1e8c821260e565fb0c3cb6aba0473d24759133a3006cdf2cb087574f0dd7d2ba47a63754ba4f72e0b78cdae1333a58f05c41d428b56ad59 nmap-7.92.tar.bz2 82 | 23c1fa38256a73a1fcec81560d54d0fd68123745cdfc601e43e4a4e24df0b551c9d26a28fc4f1890b5cd318ff4197e9201e1cb2446c2b7a7c4cdc5f898c1adc2 fortify-source.patch 83 | " 84 | -------------------------------------------------------------------------------- /AlpineAPKBuilder/aports2/community/nmap/fortify-source.patch: -------------------------------------------------------------------------------- 1 | -D_FORTIFY_SOURCE=2 is enable in gcc by default on alpine. See the 2 | 010_all_default-fortify-source.patch patch in main/gcc. Disabling 3 | it here silences a bunch of compiler warnings. 4 | 5 | diff -upr nmap-7.10.orig/Makefile.in nmap-7.10/Makefile.in 6 | --- nmap-7.10.orig/Makefile.in 2016-03-20 00:47:16.555111217 +0100 7 | +++ nmap-7.10/Makefile.in 2016-03-20 00:47:26.348392650 +0100 8 | @@ -41,7 +41,7 @@ DEFS = @DEFS@ -DNMAP_NAME=\"$(NMAP_NAME) 9 | # http://gcc.gnu.org/ml/gcc-patches/2004-09/msg02055.html 10 | # Level 1 only makes changes that don't affect "conforming" programs, 11 | # while level 2 enforces additional restrictions. 12 | -DEFS += -D_FORTIFY_SOURCE=2 13 | +# DEFS += -D_FORTIFY_SOURCE=2 14 | # For mtrace debugging -- see MTRACE define in main.cc for instructions 15 | # Should only be enabled during debugging and not in any real release. 16 | # DEFS += -DMTRACE=1 -------------------------------------------------------------------------------- /AlpineAPKBuilder/aports2/community/openvas-smb/001-cmakelist-fortify.patch: -------------------------------------------------------------------------------- 1 | diff --git a/CMakeLists.txt b/CMakeLists.txt 2 | index 021b08f..cf21e05 100644 3 | --- a/CMakeLists.txt 4 | +++ b/CMakeLists.txt 5 | @@ -150,7 +150,7 @@ pkg_check_modules (POPT REQUIRED popt) 6 | if(${GSSAPI_VERSION} VERSION_LESS "7.5.0") 7 | add_definitions(-DOLD_HEIMDAL) 8 | endif() 9 | -set (CMAKE_C_FLAGS "-fPIC -O2 -D_FORTIFY_SOURCE=2 -fstack-protector ${CMAKE_C_FLAGS}") 10 | +set (CMAKE_C_FLAGS "-fPIC -O2 -U_FORTIFY_SOURCE -D_FORTIFY_SOURCE=2 -fstack-protector ${CMAKE_C_FLAGS}") 11 | set (CMAKE_C_FLAGS "-Wno-unused-result -fno-strict-aliasing ${CMAKE_C_FLAGS}") 12 | set (LINKER_HARDENING_FLAGS "-Wl,-z,relro -Wl,-z,now") 13 | 14 | -------------------------------------------------------------------------------- /AlpineAPKBuilder/aports2/community/openvas-smb/APKBUILD: -------------------------------------------------------------------------------- 1 | # Contributor: Francesco Colista 2 | # Maintainer: Francesco Colista 3 | pkgname=openvas-smb 4 | pkgver=21.4.0 5 | pkgrel=11 6 | pkgdesc="SMB module for OpenVAS Scanner" 7 | url="https://github.com/greenbone/openvas-smb" 8 | arch="x86 x86_64" 9 | license="GPL-2.0" 10 | options="!check" #no check available 11 | depends="gcompat" 12 | makedepends="cmake mingw-w64-gcc mingw-w64-binutils mingw-w64-headers mingw-w64-crt 13 | gvm-libs-dev gnutls-dev popt-dev perl-dev glib-dev 14 | glib-dev xmltoman doxygen graphviz heimdal-dev 15 | sqlite-dev libunistring-dev gcompat" 16 | subpackages="$pkgname-dbg $pkgname-dev $pkgname-doc" 17 | source="$pkgname-$pkgver.tar.gz::https://github.com/greenbone/openvas-smb/archive/v$pkgver.tar.gz 18 | mingw-alpine-support.patch 19 | fix-missing-includes-path.patch 20 | comparison_fn_t.patch 21 | disable-backtrace.patch 22 | 001-cmakelist-fortify.patch 23 | glib_full.patch" 24 | 25 | build() { 26 | cmake \ 27 | -DCMAKE_BUILD_TYPE=None \ 28 | -DCMAKE_INSTALL_PREFIX=/usr \ 29 | -DCMAKE_VERBOSE_MAKEFILE=ON . 30 | # generate winexesvc_exe.c early to work around parallel build issue 31 | make -C winexe bin2c 32 | make -j1 -C winexe winexesvc_exe.c.o 33 | make 34 | } 35 | 36 | package() { 37 | make DESTDIR="$pkgdir" install 38 | } 39 | 40 | sha512sums=" 41 | 6689cef95d128ea4444d3b3f6fb0d1201d55ae494ff758051b792e58c90ad7497502430b843ceba6d92aa06fbdf830a4c17a24042c1c3ce9affbcd8f587d0b0a openvas-smb-21.4.0.tar.gz 42 | bd139b2317feb5fe3ea3ab4b62664ae70547b2859c372e30cd7062dbaef535a5ea665d33253d85a28553ab13ab0b943f609e86f7fcb9572c403d5b7612052701 mingw-alpine-support.patch 43 | 494ec5c871959b9493fbbec7060778d2bb2be689f2434f4b0489b24e9800ea0b3a91015537deae60ffd071ad8740913ee1598f04e1a416516f45658bd9d4315f fix-missing-includes-path.patch 44 | 96b81bb378d0a70b1d31c19c646a95b96056ca3f85c02edc221bc17093b5403ba1fcdf9f3175e455aa32b7399e58a1c9cda525985c09c8b7dee8068bf3643a14 comparison_fn_t.patch 45 | 6a5f67177ca74ce051d190a81727b94938addf538c52831b5af3394f4d8d2ea990bcd58e3dc92570c7c4b0719deea49e2aa2fa549297c6e36ec4f8fa3f0a5270 disable-backtrace.patch 46 | 56c150d8fcc46720d71a632e7f6ff7a1ad92d90c84361eb8ad81c4b4811ac9ff56f06654f70840895ac7bec4f852bafeff0599e29a4c5572d826403df1d2ca68 001-cmakelist-fortify.patch 47 | d74f519ec19690f8056eff4b1949b43c7e360b0d95838990faa9c7c08638b91afbf44249f730c2f07c07ad6251b0587f538411c302ad2482e74435ee41f2a3a6 glib_full.patch 48 | " 49 | -------------------------------------------------------------------------------- /AlpineAPKBuilder/aports2/community/openvas-smb/comparison_fn_t.patch: -------------------------------------------------------------------------------- 1 | diff --git a/samba/librpc/ndr/libndr_proto.h b/samba/librpc/ndr/libndr_proto.h 2 | index f60d93d..b97df1d 100644 3 | --- a/samba/librpc/ndr/libndr_proto.h 4 | +++ b/samba/librpc/ndr/libndr_proto.h 5 | @@ -9,6 +9,7 @@ 6 | #define _PUBLIC_ 7 | #endif 8 | 9 | +typedef int (*comparison_fn_t)(const void *, const void *); 10 | 11 | /* The following definitions come from librpc/ndr/ndr.c */ 12 | 13 | diff --git a/samba/lib/ldb/common/ldb_msg.c b/samba/lib/ldb/common/ldb_msg.c 14 | index 0f7a214..7ff1583 100644 15 | --- a/samba/lib/ldb/common/ldb_msg.c 16 | +++ b/samba/lib/ldb/common/ldb_msg.c 17 | @@ -35,6 +35,8 @@ 18 | #include "includes.h" 19 | #include "ldb/include/includes.h" 20 | 21 | +typedef int (*comparison_fn_t)(const void *, const void *); 22 | + 23 | /* 24 | create a new ldb_message in a given memory context (NULL for top level) 25 | */ 26 | diff --git a/samba/lib/ldb/include/includes.h b/samba/lib/ldb/include/includes.h 27 | index ce0d40e..c07f117 100644 28 | --- a/samba/lib/ldb/include/includes.h 29 | +++ b/samba/lib/ldb/include/includes.h 30 | @@ -16,7 +16,7 @@ 31 | #define dyn_MODULESDIR dyn_LIBDIR 32 | #endif 33 | 34 | - 35 | +typedef int (*comparison_fn_t)(const void *, const void *); 36 | 37 | #define discard_const(ptr) ((void *)((intptr_t)(ptr))) 38 | #define discard_const_p(type, ptr) ((type *)discard_const(ptr)) 39 | -------------------------------------------------------------------------------- /AlpineAPKBuilder/aports2/community/openvas-smb/glib_full.patch: -------------------------------------------------------------------------------- 1 | diff --git a/samba/pidl/lib/Parse/Pidl/Wireshark/NDR.pm b/samba/pidl/lib/Parse/Pidl/Wireshark/NDR.pm 2 | index 14b9223..e684b91 100644 3 | --- a/samba/pidl/lib/Parse/Pidl/Wireshark/NDR.pm 4 | +++ b/samba/pidl/lib/Parse/Pidl/Wireshark/NDR.pm 5 | @@ -894,7 +894,7 @@ sub Parse($$$$) 6 | $res{headers} .= "#ifdef HAVE_CONFIG_H\n"; 7 | $res{headers} .= "#include \"config.h\"\n"; 8 | $res{headers} .= "#endif\n\n"; 9 | - $res{headers} .= "#include \n"; 10 | + $res{headers} .= "#include \n"; 11 | $res{headers} .= "#include \n"; 12 | $res{headers} .= "#include \n\n"; 13 | 14 | diff --git a/winexe/wincmd.c b/winexe/wincmd.c 15 | index 0bdf9ff..257e00f 100644 16 | --- a/winexe/wincmd.c 17 | +++ b/winexe/wincmd.c 18 | @@ -44,7 +44,7 @@ 19 | #include "winexe.h" 20 | #include "winexesvc/shared.h" 21 | 22 | -#include /* for g_malloc0 */ 23 | +#include /* for g_malloc0 */ 24 | 25 | #include 26 | #include 27 | -------------------------------------------------------------------------------- /AlpineAPKBuilder/aports2/community/openvas-smb/mingw-alpine-support.patch: -------------------------------------------------------------------------------- 1 | diff --git a/winexe/CMakeLists.txt b/winexe/CMakeLists.txt 2 | index a0e8bb5..2cb6040 100644 3 | --- a/winexe/CMakeLists.txt 4 | +++ b/winexe/CMakeLists.txt 5 | @@ -54,7 +54,7 @@ include_directories(${SMB_INCLUDES}) 6 | include_directories(${POPT_INCLUDE_DIRS}) 7 | include_directories(${GLIB_INCLUDE_DIRS}) 8 | 9 | -find_program(MINGW_GCC NAMES i686-w64-mingw32-gcc i586-mingw32msvc-gcc) 10 | +find_program(MINGW_GCC NAMES i686-w64-mingw32-gcc i586-mingw32msvc-gcc x86_64-w64-mingw32-gcc x86-w64-mingw32-gcc) 11 | 12 | if (NOT MINGW_GCC) 13 | message(SEND_ERROR "i586-mingw32msvc-gcc not found in PATH.\nIt is needed to build the Windows Service for winexe.") 14 | -------------------------------------------------------------------------------- /AlpineAPKBuilder/aports2/community/openvas/execinfo-musl-fix.patch: -------------------------------------------------------------------------------- 1 | diff --git a/src/sighand.c b/src/sighand.c 2 | index 38205ec4..72b2e056 100644 3 | --- a/src/sighand.c 4 | +++ b/src/sighand.c 5 | @@ -22,8 +22,9 @@ 6 | * @file sighand.c 7 | * @brief Provides signal handling functions. 8 | */ 9 | - 10 | +#ifdef HAVE_EXECINFO_H 11 | #include /* for backtrace() */ 12 | +#endif 13 | #include /* for G_LOG_DOMAIN, for g_critical() */ 14 | #include /* for kill() */ 15 | #include /* for waitpid() */ 16 | @@ -105,7 +106,7 @@ sighand_chld (int sig) 17 | (void) sig; 18 | waitpid (-1, NULL, WNOHANG); 19 | } 20 | - 21 | +#ifdef HAVE_EXECINFO_H 22 | static void 23 | print_trace (void) 24 | { 25 | @@ -124,12 +125,15 @@ print_trace (void) 26 | 27 | g_free (strings); 28 | } 29 | +#endif 30 | 31 | void 32 | sighand_segv (int given_signal) 33 | { 34 | signal (SIGSEGV, _exit); 35 | +#ifdef HAVE_EXECINFO_H 36 | print_trace (); 37 | +#endif 38 | make_em_die (SIGTERM); 39 | /* Raise signal again, to exit with the correct return value, 40 | * and to enable core dumping. */ 41 | -------------------------------------------------------------------------------- /AlpineAPKBuilder/aports2/community/openvas/greenbone-nvt-sync.cron: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | /usr/bin/greenbone-nvt-sync >& /dev/null 3 | /usr/bin/greenbone-scapdata-sync >& /dev/null 4 | /usr/bin/greenbone-certdata-sync >& /dev/null 5 | 6 | -------------------------------------------------------------------------------- /AlpineAPKBuilder/aports2/community/openvas/malloc-trim.patch: -------------------------------------------------------------------------------- 1 | diff --git a/src/pluginscheduler.c b/src/pluginscheduler.c 2 | index 069b110..8e0f1f7 100644 3 | --- a/src/pluginscheduler.c 4 | +++ b/src/pluginscheduler.c 5 | @@ -305,7 +305,9 @@ plugins_scheduler_init (const char *plugins_list, int autoload, 6 | plugins_scheduler_free (ret); 7 | return NULL; 8 | } 9 | +#ifdef __GLIBC__ 10 | malloc_trim (0); 11 | +#endif 12 | return ret; 13 | } 14 | 15 | @@ -407,7 +409,9 @@ scheduler_phase_cleanup (plugins_scheduler_t sched, int start, int end) 16 | element = element->next; 17 | } 18 | } 19 | +#ifdef __GLIBC__ 20 | malloc_trim (0); 21 | +#endif 22 | } 23 | 24 | struct scheduler_plugin * 25 | -------------------------------------------------------------------------------- /AlpineAPKBuilder/aports2/community/openvas/openvas-sysctl.conf: -------------------------------------------------------------------------------- 1 | net.core.somaxconn=1024 2 | vm.overcommit_memory=1 3 | -------------------------------------------------------------------------------- /AlpineAPKBuilder/aports2/community/openvas/openvas.post-install: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | echo 'cfgfile="/etc/redis-openvas.conf"' >> /etc/conf.d/redis 3 | echo 'db_address = /run/redis-openvas/redis.sock' > /etc/openvas/openvas.conf 4 | exit 0 5 | -------------------------------------------------------------------------------- /AlpineAPKBuilder/aports2/community/openvas/tcp_mss_include.patch: -------------------------------------------------------------------------------- 1 | diff --git a/nasl/nasl_packet_forgery_v6.c b/nasl/nasl_packet_forgery_v6.c 2 | index a93302c..c255b0f 100644 3 | --- a/nasl/nasl_packet_forgery_v6.c 4 | +++ b/nasl/nasl_packet_forgery_v6.c 5 | @@ -75,6 +75,7 @@ 6 | #define UNFIX(n) ntohs (n) 7 | #endif 8 | 9 | +#define TCP_MSS_DESIRED 1220U /* IPv6 (tunneled), EDNS0 (RFC3226) */ 10 | /*--------------[ cksum ]-----------------------------------------*/ 11 | 12 | /* 13 | diff --git a/nasl/nasl_packet_forgery.c b/nasl/nasl_packet_forgery.c 14 | index 7d185df..c0a5ffb 100644 15 | --- a/nasl/nasl_packet_forgery.c 16 | +++ b/nasl/nasl_packet_forgery.c 17 | @@ -52,6 +52,7 @@ 18 | #define UNFIX(n) ntohs (n) 19 | #endif 20 | 21 | +#define TCP_MSS_DEFAULT 536U /* IPv4 (RFC1122, RFC2581) */ 22 | /*--------------[ cksum ]-----------------------------------------*/ 23 | 24 | /* 25 | -------------------------------------------------------------------------------- /AlpineAPKBuilder/aports2/community/ospd-openvas/APKBUILD: -------------------------------------------------------------------------------- 1 | # Contributor: Leonardo Arena 2 | # Contributor: Francesco Colista 3 | # Maintainer: Francesco Colista 4 | pkgname=ospd-openvas 5 | pkgver=21.4.2 6 | pkgrel=10 7 | pkgdesc="ospd-openvas is an OSP server implementation to allow GVM to remotely control an OpenVAS Scanner" 8 | url="https://github.com/greenbone/ospd-openvas" 9 | arch="noarch" 10 | license="AGPL-3.0-or-later" 11 | pkgusers="gvm" 12 | pkggroups="gvm" 13 | depends="py3-psutil py3-redis py3-packaging py3-deprecated ospd" 14 | makedepends="py3-setuptools" 15 | subpackages="$pkgname-openrc" 16 | install="$pkgname.post-install" 17 | source="$pkgname-$pkgver.tar.gz::https://github.com/greenbone/ospd-openvas/archive/v$pkgver.tar.gz 18 | $pkgname.initd 19 | ospd.conf" 20 | 21 | build() { 22 | python3 setup.py build 23 | } 24 | 25 | check() { 26 | python3 setup.py check 27 | } 28 | 29 | package() { 30 | python3 setup.py install --root="$pkgdir" --optimize=1 31 | install -d -o $pkgusers -g $pkggroups "$pkgdir"/run/ospd 32 | install -Dm755 "$srcdir"/$pkgname.initd "$pkgdir"/etc/init.d/$pkgname 33 | install -Dm644 "$srcdir"/ospd.conf "$pkgdir"/etc/openvas/ospd.conf 34 | } 35 | 36 | sha512sums=" 37 | dab02c45e301e7b9610d7bda90864d08aa3f71eb4ff3b116a1a97f7e321fe369199a11816561350185240c555eda8886c30a3578dfd1206f211fb14c5a26fd97 ospd-openvas-21.4.2.tar.gz 38 | 7567dd8541fb84b8a8ef82c51c8a1e9d29f9a78483525f55f59cb29a57d42ca96499b7e3bf30e5fef0e02293ecb1455a7a748e3093b1892b2be80632f75e7e32 ospd-openvas.initd 39 | c3714d1555dac2b557e8faa1dba7bd3d4b27930b0a18ec644f3bd4ef4e02d598eaca012651b105899d2ca192196cbbdb2eeef1d70a514222bbe2698c1874ae19 ospd.conf 40 | " 41 | -------------------------------------------------------------------------------- /AlpineAPKBuilder/aports2/community/ospd-openvas/ospd-openvas.initd: -------------------------------------------------------------------------------- 1 | #!/sbin/openrc-run 2 | 3 | name="Remotely control an OpenVAS Scanner" 4 | command="/usr/bin/ospd-openvas" 5 | pidfile="/run/ospd/${RC_SVCNAME}.pid" 6 | 7 | : ${OSPD_OPENVAS_UNIX_SOCKET:=$(dirname $pidfile)/ospd.sock} 8 | : ${OSPD_OPENVAS_SOCKET_MODE:=0o777} 9 | 10 | command_args="${OSPD_OPENVAS_OPTIONS} \ 11 | --unix-socket=${OSPD_OPENVAS_UNIX_SOCKET} \ 12 | --socket-mode=${OSPD_OPENVAS_SOCKET_MODE} \ 13 | --pid-file ${pidfile} \ 14 | --config /etc/openvas/ospd.conf" 15 | 16 | depend() { 17 | after firewall 18 | need redis 19 | } 20 | 21 | start_pre() { 22 | checkpath --directory "${pidfile%/*}" /var/log/gvm 23 | } 24 | -------------------------------------------------------------------------------- /AlpineAPKBuilder/aports2/community/ospd-openvas/ospd-openvas.post-install: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | addgroup gvm redis 2>/dev/null 3 | -------------------------------------------------------------------------------- /AlpineAPKBuilder/aports2/community/ospd-openvas/ospd.conf: -------------------------------------------------------------------------------- 1 | [OSPD - openvas] 2 | 3 | #required by gvmd 4 | unix_socket = /run/ospd/ospd.sock 5 | 6 | #socket_mode = 0o770 7 | pid_file = /run/ospd/ospd-openvas.pid 8 | 9 | log_level = DEBUG 10 | log_file = /var/log/gvm/openvas.log 11 | -------------------------------------------------------------------------------- /AlpineAPKBuilder/aports2/community/ospd/APKBUILD: -------------------------------------------------------------------------------- 1 | # Contributor: Francesco Colista 2 | # Maintainer: Francesco Colista 3 | pkgname=ospd 4 | pkgver=21.4.3 5 | pkgrel=10 6 | pkgdesc="Collection of scanner wrappers for OpenVAS" 7 | url="https://www.openvas.org/" 8 | arch="noarch" 9 | license="GPL-2.0-or-later" 10 | depends="python3 py3-paramiko py3-defusedxml py3-lxml" 11 | makedepends="py3-setuptools" 12 | source="$pkgname-$pkgver.tar.gz::https://github.com/greenbone/ospd/archive/v$pkgver.tar.gz" 13 | 14 | build() { 15 | python3 setup.py build 16 | } 17 | 18 | check() { 19 | python3 setup.py check 20 | } 21 | 22 | package() { 23 | python3 setup.py install --prefix=/usr --root="$pkgdir" 24 | } 25 | 26 | sha512sums=" 27 | 551c4243eb9e8ee667eec4ee91259465b66353c70741602304faab94041ec144b1cc082ead7383a2d58bf3812a3e965568cd826e8a34152fc87680a049af4f5e ospd-21.4.3.tar.gz 28 | " 29 | -------------------------------------------------------------------------------- /AlpineAPKBuilder/aports2/community/py3-gvm/APKBUILD: -------------------------------------------------------------------------------- 1 | # Contributor: Francesco Colista 2 | # Maintainer: Francesco Colista 3 | pkgname=py3-gvm 4 | _pkgname=${pkgname/py3/python} 5 | pkgver=21.6.0 6 | pkgrel=10 7 | pkgdesc="Greenbone Vulnerability Management Python Library " 8 | url="https://github.com/greenbone/python-gvm" 9 | arch="noarch" 10 | license="GPL-3.0" 11 | makedepends="pyproject2setuppy py3-setuptools" 12 | checkdepends="py3-defusedxml py3-pytest py3-lxml py3-paramiko" 13 | source="$pkgname-$pkgver.tar.gz::https://github.com/greenbone/$_pkgname/archive/v${pkgver/_/.}.tar.gz 14 | create-setuppy.patch" 15 | builddir="$srcdir/$_pkgname-${pkgver/_/.}" 16 | 17 | build() { 18 | python3 setup.py build 19 | } 20 | 21 | check() { 22 | python3 setup.py check 23 | } 24 | 25 | package() { 26 | python3 setup.py install --prefix=/usr --root="$pkgdir" 27 | } 28 | 29 | sha512sums=" 30 | 9ba8a14eb8a887834a00a0d589a6ddda4a332e12f57de05b7a7fee580a8270dcb1595eb2066f11343e9365038e5be058ad8ad63879a4840ddd0f733f79b535bc py3-gvm-21.6.0.tar.gz 31 | 1b561db05974468eecec48f2b4e0f705b4bb9bdfdf6a1c1ce40ad884824ca468243cd4296325674fa311b3ce32827d924383f814c8475b6ccddad302a5c23f51 create-setuppy.patch 32 | " 33 | -------------------------------------------------------------------------------- /AlpineAPKBuilder/aports2/community/py3-gvm/create-setuppy.patch: -------------------------------------------------------------------------------- 1 | Author: Francesco Colista 2 | Date: Tue May 19 18:56:39 2020 +0000 3 | 4 | added setup.py to build package with setuptools 5 | 6 | diff --git a/setup.py b/setup.py 7 | new file mode 100644 8 | index 0000000..ebe2f51 9 | --- /dev/null 10 | +++ b/setup.py 11 | @@ -0,0 +1,3 @@ 12 | +#!/usr/bin/env python3 13 | +from pyproject2setuppy.main import main 14 | +main() 15 | -------------------------------------------------------------------------------- /AlpineAPKBuilder/builder/Dockerfile: -------------------------------------------------------------------------------- 1 | 2 | 3 | FROM alpine:3.14 4 | 5 | ADD repositories /etc/apk/repositories 6 | RUN apk -U add alpine-sdk sudo nano bash 7 | 8 | RUN mkdir -p /var/cache/distfiles && \ 9 | adduser -D packager && \ 10 | addgroup packager abuild && \ 11 | chgrp abuild /var/cache/distfiles && \ 12 | chmod g+w /var/cache/distfiles && \ 13 | echo "packager ALL=(ALL) NOPASSWD: ALL" >> /etc/sudoers && \ 14 | apk -U upgrade 15 | 16 | ADD setup.sh /home/packager/bin/setup.sh 17 | ADD build_gvm.sh /home/packager/bin/build.sh 18 | ADD build_single.sh /home/packager/bin/build_single.sh 19 | ADD update_checksum.sh /home/packager/bin/update_checksum.sh 20 | # TODO: customize /etc/abuild.conf 21 | 22 | WORKDIR /work 23 | USER packager 24 | 25 | ENTRYPOINT [ "/home/packager/bin/setup.sh" ] 26 | -------------------------------------------------------------------------------- /AlpineAPKBuilder/builder/build_single.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | # 3 | # Run the first time to setup keys 4 | # 5 | 6 | PKG=${1:-gvmd} 7 | 8 | set -euo pipefail 9 | 10 | mkdir -p /target/community/noarch/ 11 | mkdir -p /target/community/x86_64/ 12 | 13 | BUILD_CHECKSUM=${CHECKSUM:-0} 14 | 15 | BuilldAndSingMe() { 16 | if [ "${BUILD_CHECKSUM}" == "1" ]; then 17 | abuild checksum 18 | fi 19 | sleep 1 20 | abuild -c -r -P /target 21 | sleep 1 22 | cd /target/community/x86_64/ || exit 23 | sleep 1 24 | apk index -o APKINDEX.tar.gz *.apk 25 | abuild-sign APKINDEX.tar.gz 26 | } 27 | BuildThis() { 28 | cd /work/community/"$1"/ || exit 29 | BuilldAndSingMe 30 | } 31 | 32 | case "${PKG}" in 33 | libs | "gvm-libs") BuildThis gvm-libs ;; 34 | "openvas-smb") BuildThis openvas-smb ;; 35 | "gvmd") BuildThis gvmd ;; 36 | "openvas") BuildThis openvas ;; 37 | "py3-gvm") BuildThis py3-gvm ;; 38 | tools | "gvm-tools") BuildThis gvm-tools ;; 39 | "ospd") BuildThis ospd ;; 40 | "ospd-openvas") BuildThis ospd-openvas ;; 41 | "greenbone-security-assistant") BuildThis greenbone-security-assistant ;; 42 | #"texlive") BuildThis texlive ;; 43 | *) echo " ERROR" ;; 44 | esac 45 | 46 | sleep 10 47 | 48 | cd /target/community/x86_64/ || exit 49 | sleep 1 50 | apk index -o APKINDEX.tar.gz *.apk 51 | abuild-sign APKINDEX.tar.gz 52 | 53 | cd /target/community/noarch/ || exit 54 | cp ../x86_64/nmap-scripts*.apk ./ 55 | cp ../x86_64/nmap-nselibs*.apk ./ 56 | cp ../x86_64/py3-gvm*.apk ./ 57 | cp ../x86_64/gvm-tools*.apk ./ 58 | cp ../x86_64/ospd*.apk ./ 59 | sleep 1 60 | apk index -o APKINDEX.tar.gz *.apk 61 | abuild-sign APKINDEX.tar.gz 62 | -------------------------------------------------------------------------------- /AlpineAPKBuilder/builder/repositories: -------------------------------------------------------------------------------- 1 | /target/main/ 2 | /target/community/ 3 | 4 | https://dl-5.alpinelinux.org/alpine/v3.14/main 5 | https://dl-cdn.alpinelinux.org/alpine/v3.14/main 6 | https://dl-5.alpinelinux.org/alpine/v3.14/community 7 | https://dl-cdn.alpinelinux.org/alpine/v3.14/community 8 | 9 | -------------------------------------------------------------------------------- /AlpineAPKBuilder/builder/setup.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | # 3 | # Run the first time to setup keys 4 | # 5 | 6 | set -e 7 | 8 | sudo chown packager:packager ~/.abuild/ 9 | 10 | pub_files1=(/home/packager/.abuild/*.pub) 11 | numpub1=${#pub_files1[@]} 12 | 13 | if [ ! -f ~/.abuild/abuild.conf ] || [ "${numpub1}" == "0" ]; then 14 | abuild-keygen -a -i 15 | fi 16 | 17 | pub_files2=(/home/packager/.abuild/*.pub) 18 | numpub2=${#pub_files2[@]} 19 | 20 | if [ "${numpub2}" -gt "0" ]; then 21 | 22 | export $(grep -v '#.*' /home/packager/.abuild/abuild.conf | xargs) 23 | 24 | sudo cp "${PACKAGER_PRIVKEY}.pub" /etc/apk/keys/ 25 | sudo chown -R root: /etc/apk/keys/ 26 | sudo apk update 27 | # unset PACKAGER_PRIVKEY 28 | fi 29 | sudo apk update 30 | exec "$@" 31 | -------------------------------------------------------------------------------- /AlpineAPKBuilder/builder/update_checksum.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | # 3 | # Run the first time to setup keys 4 | # 5 | set -euo pipefail 6 | 7 | BuildThis() { 8 | cd /work/community/"$1"/ || exit 9 | abuild checksum 10 | } 11 | 12 | BuildThis nmap 13 | BuildThis gvm-libs 14 | BuildThis openvas-smb 15 | BuildThis gvmd 16 | BuildThis openvas 17 | BuildThis py3-gvm 18 | BuildThis gvm-tools 19 | BuildThis ospd 20 | BuildThis ospd-openvas 21 | BuildThis greenbone-security-assistant 22 | 23 | # BuildThis texlive 24 | -------------------------------------------------------------------------------- /AlpineAPKBuilder/create_glib_patch.sh: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env bash 2 | set -x 3 | GH_TOKEN=$(cat ~/.github_token) 4 | MYDIR=$( 5 | cd $(dirname $0) 6 | pwd 7 | ) 8 | 9 | declare -A TOOLMATCHES 10 | TOOLMATCHES["gsa"]="greenbone-security-assistant" 11 | TOOLMATCHES["gvmd"]="gvmd" 12 | TOOLMATCHES["gvm-libs"]="gvm-libs" 13 | TOOLMATCHES["gvm-tools"]="gvm-tools" 14 | TOOLMATCHES["openvas-scanner"]="openvas" 15 | TOOLMATCHES["openvas-smb"]="openvas-smb" 16 | TOOLMATCHES["ospd"]="ospd" 17 | TOOLMATCHES["ospd-openvas"]="ospd-openvas" 18 | TOOLMATCHES["python-gvm"]="py3-gvm" 19 | 20 | for name in gvmd gsa gvm-libs gvm-tools ospd ospd-openvas openvas-scanner openvas-smb python-gvm; do 21 | 22 | # ignore all python packages 23 | if [ "${name}" == "gvm-tools" ] || [ "${name}" == "ospd" ] || [ "${name}" == "ospd-openvas" ] || [ "${name}" == "python-gvm" ]; then 24 | continue 25 | fi 26 | 27 | LOCALDIR="${MYDIR}/aports2/community/${TOOLMATCHES[$name]}/" 28 | LOCALREPO="${MYDIR}/src/${TOOLMATCHES[$name]}" 29 | echo "> ${name} (${LOCALDIR}" 30 | ( 31 | cd "${LOCALREPO}" || exit 1 32 | # grep -E -o "([a-z0-9-]*.patch)" aports2/community/gvm-libs/APKBUILD | awk '!seen[$0]++' 33 | 34 | for patch in $(cat "${LOCALDIR}APKBUILD" | grep -E -o "([a-z0-9-]*.patch)" | grep -v "glib_full.patch" | awk '!seen[$0]++'); do 35 | echo " > ${patch}" 36 | git apply "${LOCALDIR}${patch}" || exit 1 37 | git add . 38 | git commit -m "Patch: ${patch}" 39 | done 40 | ) 41 | ( 42 | cd "${LOCALREPO}" || exit 1 43 | git grep -rl "#include " . | xargs sed -i 's/#include /#include /g' 44 | git grep -rl "#include " . | xargs sed -i 's/#include /#include /g' 46 | ) 47 | 48 | ( 49 | cd "${LOCALREPO}" || exit 1 50 | #git add . 51 | #git commit -m "Patch glib2" || exit 52 | #git format-patch -k -o "${LOCALDIR}" -1 53 | git diff >"${LOCALDIR}glib_full.patch" 54 | ) 55 | 56 | done 57 | -------------------------------------------------------------------------------- /AlpineAPKBuilder/get_releases.sh: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env bash 2 | 3 | for name in gvmd gsa gvm-libs gvm-tools ospd ospd-openvas openvas-scanner openvas-smb python-gvm; do 4 | 5 | echo "${name}: $(curl --silent \ 6 | -H "Accept: application/vnd.github.v3+json" \ 7 | https://api.github.com/repos/greenbone/${name}/releases | jq -r .[].tag_name | grep '^v21\.[0-9]*\.[0-9]*$' -m1)" 8 | done 9 | -------------------------------------------------------------------------------- /AlpineAPKBuilder/get_releases_files.sh: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env bash 2 | GH_TOKEN=$(cat ~/.github_token) 3 | MYDIR=$( 4 | cd $(dirname $0) 5 | pwd 6 | ) 7 | 8 | declare -A TOOLMATCHES 9 | TOOLMATCHES["gsa"]="greenbone-security-assistant" 10 | TOOLMATCHES["gvmd"]="gvmd" 11 | TOOLMATCHES["gvm-libs"]="gvm-libs" 12 | TOOLMATCHES["gvm-tools"]="gvm-tools" 13 | TOOLMATCHES["openvas-scanner"]="openvas" 14 | TOOLMATCHES["openvas-smb"]="openvas-smb" 15 | TOOLMATCHES["ospd"]="ospd" 16 | TOOLMATCHES["ospd-openvas"]="ospd-openvas" 17 | TOOLMATCHES["python-gvm"]="py3-gvm" 18 | 19 | for name in gvmd gsa gvm-libs gvm-tools ospd ospd-openvas openvas-scanner openvas-smb python-gvm; do 20 | echo "> ${name}" 21 | jsonData=$(curl --silent \ 22 | -H "Authorization: token ${GH_TOKEN}" \ 23 | -H "Accept: application/vnd.github.v3+json" \ 24 | https://api.github.com/repos/greenbone/${name}/releases) 25 | #echo "${jsonData}" >"jq_${name}.json" 26 | #jsonData=$(cat "jq_${name}.json") 27 | version=$(echo "${jsonData}" | jq -r .[].tag_name | grep '21\.[0-9]*\.[0-9]*$' -m1) 28 | #version=$(jq -r .[].tag_name <"jq_${name}.json" | grep '21\.[0-9]*\.[0-9]*$' -m1) 29 | 30 | echo ">>> ${name}: ${version}" 31 | 32 | LOCALDIR="${MYDIR}/aports2/community/${TOOLMATCHES[$name]}/" 33 | #rm -rf "${LOCALDIR}src/" 34 | LOCALREPO="${MYDIR}/src/${TOOLMATCHES[$name]}" 35 | #rm -rf "$LOCALREPO" 36 | git clone https://github.com/greenbone/${name}.git "${LOCALREPO}" 2>/dev/null || git -C "${LOCALREPO}" pull 37 | git -C "${LOCALREPO}" fetch --all --tags 38 | git -C "${LOCALREPO}" checkout -qf "tags/${version}" 39 | git -C "${LOCALREPO}" reset --hard HEAD 40 | #echo "${jsonData}" | jq --arg PVERSION "${version}" -r '.[] | select(.tag_name | startswith($PVERSION)).tarball_url' <"jq_${name}.json" | xargs curl -L -o "./${name}_${version}.tar.gz" 41 | #jq --arg PVERSION "${version}" -r '.[] | select(.tag_name | startswith($PVERSION)).tarball_url' <"jq_${name}.json" | xargs curl -L -o "./${name}_${version}.tar.gz" 42 | done 43 | -------------------------------------------------------------------------------- /AlpineAPKBuilder/git_diff_packages.sh: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env bash 2 | 3 | for name in gvmd greenbone-security-assistant gvm-libs gvm-tools ospd ospd-openvas openvas openvas-smb py3-gvm; do 4 | 5 | #git diff -- "aports2/community/${name}" "aports/community/${name}" 6 | #diff -ruN "aports2/community/${name}" "aports/community/${name}" >./patches/"${name}".patch 7 | cp -a "aports/community/${name}" "aports2/community/" 8 | done 9 | -------------------------------------------------------------------------------- /AlpineAPKBuilder/patches/gsa/timeout.patch: -------------------------------------------------------------------------------- 1 | diff -Naur origin/gsa/src/gmp/gmpsettings.js patch/gsa/src/gmp/gmpsettings.js 2 | --- origin/gsa/src/gmp/gmpsettings.js 2021-04-16 11:27:51.000000000 +0200 3 | +++ patch/gsa/src/gmp/gmpsettings.js 2021-06-28 10:08:42.787815562 +0200 4 | @@ -26,7 +26,7 @@ 5 | 'https://docs.greenbone.net/API/GMP/gmp-20.08.html'; 6 | export const DEFAULT_REPORT_RESULTS_THRESHOLD = 25000; 7 | export const DEFAULT_LOG_LEVEL = 'warn'; 8 | -export const DEFAULT_TIMEOUT = 300000; // 5 minutes 9 | +export const DEFAULT_TIMEOUT = 90000000; // 5 minutes 10 | 11 | const set = (storage, name, value) => { 12 | if (isDefined(value)) { 13 | diff -Naur origin/gsa/src/gmp/__tests__/gmpsettings.js patch/gsa/src/gmp/__tests__/gmpsettings.js 14 | --- origin/gsa/src/gmp/__tests__/gmpsettings.js 2021-04-16 11:27:51.000000000 +0200 15 | +++ patch/gsa/src/gmp/__tests__/gmpsettings.js 2021-06-28 10:08:27.144046612 +0200 16 | @@ -94,7 +94,7 @@ 17 | reloadIntervalInactive: 60, 18 | reportResultsThreshold: 10000, 19 | token: 'atoken', 20 | - timeout: 30000, 21 | + timeout: 9000000, 22 | timezone: 'cet', 23 | username: 'foo', 24 | vendorVersion: 'foo', 25 | @@ -118,7 +118,7 @@ 26 | expect(settings.reloadIntervalInactive).toEqual(60); 27 | expect(settings.reportResultsThreshold).toEqual(10000); 28 | expect(settings.token).toBeUndefined(); 29 | - expect(settings.timeout).toEqual(30000); 30 | + expect(settings.timeout).toEqual(9000000); 31 | expect(settings.timezone).toBeUndefined(); 32 | expect(settings.username).toBeUndefined(); 33 | expect(settings.vendorVersion).toEqual('foo'); 34 | @@ -214,7 +214,7 @@ 35 | reloadIntervalInactive: 60, 36 | reportResultsThreshold: 10000, 37 | token: 'atoken', 38 | - timeout: 30000, 39 | + timeout: 9000000, 40 | timezone: 'cet', 41 | username: 'foo', 42 | vendorVersion: 'bar', 43 | @@ -234,7 +234,7 @@ 44 | expect(settings.reloadIntervalInactive).toEqual(60); 45 | expect(settings.reportResultsThreshold).toEqual(10000); 46 | expect(settings.token).toEqual('btoken'); 47 | - expect(settings.timeout).toEqual(30000); 48 | + expect(settings.timeout).toEqual(9000000); 49 | expect(settings.timezone).toEqual('cest'); 50 | expect(settings.username).toEqual('bar'); 51 | expect(settings.vendorVersion).toEqual('bar'); 52 | @@ -306,7 +306,7 @@ 53 | protocolDocUrl: 'http://protocol', 54 | reloadInterval: 10, 55 | token: 'atoken', 56 | - timeout: 30000, 57 | + timeout: 9000000, 58 | timezone: 'cet', 59 | username: 'foo', 60 | vendorVersion: 'foobar', 61 | -------------------------------------------------------------------------------- /AlpineAPKBuilder/patches/gvm-libs.patch: -------------------------------------------------------------------------------- 1 | diff -ruN aports2/community/gvm-libs/APKBUILD aports/community/gvm-libs/APKBUILD 2 | --- aports2/community/gvm-libs/APKBUILD 2021-07-01 15:22:58.677870926 +0200 3 | +++ aports/community/gvm-libs/APKBUILD 2021-06-28 21:19:03.920045864 +0200 4 | @@ -2,7 +2,7 @@ 5 | # Maintainer: Francesco Colista 6 | pkgname=gvm-libs 7 | pkgver=21.4.1 8 | -pkgrel=10 9 | +pkgrel=0 10 | pkgdesc="Greenbone Vulnerability Management Libraries" 11 | url="https://www.openvas.org/" 12 | arch="all" 13 | @@ -39,7 +39,7 @@ 14 | -DSYSCONFDIR=/etc \ 15 | -DLOCALSTATEDIR=/var \ 16 | -DGVM_PID_DIR=/var/lib/gvm \ 17 | - .. 18 | + .. 19 | make 20 | } 21 | 22 | -------------------------------------------------------------------------------- /AlpineAPKBuilder/patches/gvm-tools.patch: -------------------------------------------------------------------------------- 1 | diff -ruN aports2/community/gvm-tools/APKBUILD aports/community/gvm-tools/APKBUILD 2 | --- aports2/community/gvm-tools/APKBUILD 2021-07-01 15:30:12.284673219 +0200 3 | +++ aports/community/gvm-tools/APKBUILD 2021-06-28 21:19:03.920045864 +0200 4 | @@ -2,7 +2,7 @@ 5 | # Maintainer: Francesco Colista 6 | pkgname=gvm-tools 7 | pkgver=21.6.1 8 | -pkgrel=10 9 | +pkgrel=0 10 | pkgdesc="Collection of tools for remote controlling a OpenVAS / Greenbone" 11 | url="https://github.com/greenbone/gvm-tools" 12 | arch="noarch" 13 | -------------------------------------------------------------------------------- /AlpineAPKBuilder/patches/gvmd.patch: -------------------------------------------------------------------------------- 1 | diff -ruN aports2/community/gvmd/APKBUILD aports/community/gvmd/APKBUILD 2 | --- aports2/community/gvmd/APKBUILD 2021-07-01 15:26:29.709519182 +0200 3 | +++ aports/community/gvmd/APKBUILD 2021-07-05 16:45:36.106073865 +0200 4 | @@ -3,7 +3,7 @@ 5 | # Maintainer: Francesco Colista 6 | pkgname=gvmd 7 | pkgver=21.4.2 8 | -pkgrel=10 9 | +pkgrel=0 10 | pkgdesc="Greenbone Vulnerability Manager" 11 | url="https://www.openvas.org/" 12 | arch="all" 13 | @@ -30,8 +30,8 @@ 14 | malloc-trim.patch" 15 | 16 | case "$CARCH" in 17 | -# cppcheck is not available 18 | -s390x | aarch64 | mips | mips64) options="$options !check" ;; 19 | + # cppcheck is not available 20 | + s390x|aarch64|mips|mips64) options="$options !check" 21 | esac 22 | 23 | prepare() { 24 | @@ -52,7 +52,7 @@ 25 | -DDEFAULT_CONFIG_DIR=/etc/gvm \ 26 | -DLOGROTATE_DIR=/etc/logrotate.d \ 27 | -DOPENVAS_DEFAULT_SOCKET=/run/ospd/ospd.sock \ 28 | - .. 29 | + .. 30 | make 31 | } 32 | 33 | @@ -87,6 +87,7 @@ 34 | EOF 35 | } 36 | 37 | + 38 | sha512sums=" 39 | fd752d12187e74f9b43e2fc5fef9fdee0441710a881cc718296cc001b02ef63012ee0492f4a56af4a339d487b0e70060932d37a1ab89abf5fd88f2f3931edcb9 gvmd-21.4.2.tar.gz 40 | c90247bc8d0797f7d3e3ae0f87fd2bbf58ef67eb7fb60318928b174e366380d1f7cfc23fa9d4c552035d1d1b31577bc097ae9a1e51cfba2c36ed57bba3a52328 gvmd.initd 41 | -------------------------------------------------------------------------------- /AlpineAPKBuilder/patches/openvas-smb.patch: -------------------------------------------------------------------------------- 1 | diff -ruN aports2/community/openvas-smb/APKBUILD aports/community/openvas-smb/APKBUILD 2 | --- aports2/community/openvas-smb/APKBUILD 2021-07-01 15:24:36.517889707 +0200 3 | +++ aports/community/openvas-smb/APKBUILD 2021-06-28 21:19:04.076047047 +0200 4 | @@ -2,10 +2,10 @@ 5 | # Maintainer: Francesco Colista 6 | pkgname=openvas-smb 7 | pkgver=21.4.0 8 | -pkgrel=10 9 | +pkgrel=0 10 | pkgdesc="SMB module for OpenVAS Scanner" 11 | url="https://github.com/greenbone/openvas-smb" 12 | -arch="x86 x86_64" 13 | +#arch="x86 x86_64" 14 | license="GPL-2.0" 15 | options="!check" #no check available 16 | makedepends="cmake mingw-w64-gcc mingw-w64-binutils mingw-w64-headers mingw-w64-crt 17 | @@ -35,11 +35,9 @@ 18 | make DESTDIR="$pkgdir" install 19 | } 20 | 21 | -sha512sums=" 22 | -6689cef95d128ea4444d3b3f6fb0d1201d55ae494ff758051b792e58c90ad7497502430b843ceba6d92aa06fbdf830a4c17a24042c1c3ce9affbcd8f587d0b0a openvas-smb-21.4.0.tar.gz 23 | +sha512sums="6689cef95d128ea4444d3b3f6fb0d1201d55ae494ff758051b792e58c90ad7497502430b843ceba6d92aa06fbdf830a4c17a24042c1c3ce9affbcd8f587d0b0a openvas-smb-21.4.0.tar.gz 24 | bd139b2317feb5fe3ea3ab4b62664ae70547b2859c372e30cd7062dbaef535a5ea665d33253d85a28553ab13ab0b943f609e86f7fcb9572c403d5b7612052701 mingw-alpine-support.patch 25 | 494ec5c871959b9493fbbec7060778d2bb2be689f2434f4b0489b24e9800ea0b3a91015537deae60ffd071ad8740913ee1598f04e1a416516f45658bd9d4315f fix-missing-includes-path.patch 26 | 96b81bb378d0a70b1d31c19c646a95b96056ca3f85c02edc221bc17093b5403ba1fcdf9f3175e455aa32b7399e58a1c9cda525985c09c8b7dee8068bf3643a14 comparison_fn_t.patch 27 | 6a5f67177ca74ce051d190a81727b94938addf538c52831b5af3394f4d8d2ea990bcd58e3dc92570c7c4b0719deea49e2aa2fa549297c6e36ec4f8fa3f0a5270 disable-backtrace.patch 28 | -56c150d8fcc46720d71a632e7f6ff7a1ad92d90c84361eb8ad81c4b4811ac9ff56f06654f70840895ac7bec4f852bafeff0599e29a4c5572d826403df1d2ca68 001-cmakelist-fortify.patch 29 | -" 30 | +56c150d8fcc46720d71a632e7f6ff7a1ad92d90c84361eb8ad81c4b4811ac9ff56f06654f70840895ac7bec4f852bafeff0599e29a4c5572d826403df1d2ca68 001-cmakelist-fortify.patch" 31 | -------------------------------------------------------------------------------- /AlpineAPKBuilder/patches/openvas.patch: -------------------------------------------------------------------------------- 1 | diff -ruN aports2/community/openvas/APKBUILD aports/community/openvas/APKBUILD 2 | --- aports2/community/openvas/APKBUILD 2021-07-04 19:05:22.950943781 +0200 3 | +++ aports/community/openvas/APKBUILD 2021-06-28 21:19:04.076047047 +0200 4 | @@ -3,7 +3,7 @@ 5 | # Maintainer: Francesco Colista 6 | pkgname=openvas 7 | pkgver=21.4.1 8 | -pkgrel=10 9 | +pkgrel=0 10 | pkgdesc="Open Vulnerability Assessment Scanner" 11 | url="https://openvas.org/" 12 | arch="all !x86 !armhf !armv7" # Fails to build, see #12616 13 | @@ -15,7 +15,7 @@ 14 | makedepends="cmake bison gvm-libs-dev glib-dev libgcrypt-dev 15 | doxygen xmltoman graphviz libpcap-dev gpgme-dev 16 | clang-dev libssh-dev libksba-dev net-snmp-dev 17 | - linux-headers glibmm-dev flex" 18 | + linux-headers glibmm-dev" 19 | subpackages="$pkgname-doc $pkgname-config" 20 | source="$pkgname-$pkgver.tar.gz::https://github.com/greenbone/openvas/archive/v$pkgver.tar.gz 21 | greenbone-nvt-sync.cron 22 | @@ -39,7 +39,7 @@ 23 | -DSYSCONFDIR=/etc \ 24 | -DLOCALSTATEDIR=/var \ 25 | -DOPENVAS_RUN_DIR=/run/ospd \ 26 | - .. 27 | + .. 28 | make 29 | } 30 | 31 | -------------------------------------------------------------------------------- /AlpineAPKBuilder/patches/ospd-openvas.patch: -------------------------------------------------------------------------------- 1 | diff -ruN aports2/community/ospd-openvas/APKBUILD aports/community/ospd-openvas/APKBUILD 2 | --- aports2/community/ospd-openvas/APKBUILD 2021-07-01 15:30:22.700641030 +0200 3 | +++ aports/community/ospd-openvas/APKBUILD 2021-07-05 16:45:36.110073773 +0200 4 | @@ -3,7 +3,7 @@ 5 | # Maintainer: Francesco Colista 6 | pkgname=ospd-openvas 7 | pkgver=21.4.1 8 | -pkgrel=10 9 | +pkgrel=0 10 | pkgdesc="ospd-openvas is an OSP server implementation to allow GVM to remotely control an OpenVAS Scanner" 11 | url="https://github.com/greenbone/ospd-openvas" 12 | arch="noarch" 13 | -------------------------------------------------------------------------------- /AlpineAPKBuilder/patches/ospd.patch: -------------------------------------------------------------------------------- 1 | diff -ruN aports2/community/ospd/APKBUILD aports/community/ospd/APKBUILD 2 | --- aports2/community/ospd/APKBUILD 1970-01-01 01:00:00.000000000 +0100 3 | +++ aports/community/ospd/APKBUILD 2021-06-28 21:19:04.080047077 +0200 4 | @@ -0,0 +1,28 @@ 5 | +# Contributor: Francesco Colista 6 | +# Maintainer: Francesco Colista 7 | +pkgname=ospd 8 | +pkgver=21.4.1 9 | +pkgrel=0 10 | +pkgdesc="Collection of scanner wrappers for OpenVAS" 11 | +url="https://www.openvas.org/" 12 | +arch="noarch" 13 | +license="GPL-2.0-or-later" 14 | +depends="python3 py3-paramiko py3-defusedxml py3-lxml" 15 | +makedepends="py3-setuptools" 16 | +source="$pkgname-$pkgver.tar.gz::https://github.com/greenbone/ospd/archive/v$pkgver.tar.gz" 17 | + 18 | +build() { 19 | + python3 setup.py build 20 | +} 21 | + 22 | +check() { 23 | + python3 setup.py check 24 | +} 25 | + 26 | +package() { 27 | + python3 setup.py install --prefix=/usr --root="$pkgdir" 28 | +} 29 | + 30 | +sha512sums=" 31 | +2c9156dc79f3afd009a72b8fc0de48a2c8b3721e76840b82b27fa621f06395b0afd475cabae5c8f2ab48494dbbb2666c65fc43544342b2444ef52ceed867f707 ospd-21.4.1.tar.gz 32 | +" 33 | -------------------------------------------------------------------------------- /AlpineAPKBuilder/patches/py3-gvm.patch: -------------------------------------------------------------------------------- 1 | diff -ruN aports2/community/py3-gvm/APKBUILD aports/community/py3-gvm/APKBUILD 2 | --- aports2/community/py3-gvm/APKBUILD 2021-07-01 15:30:00.528710238 +0200 3 | +++ aports/community/py3-gvm/APKBUILD 2021-06-28 21:19:04.164047714 +0200 4 | @@ -3,7 +3,7 @@ 5 | pkgname=py3-gvm 6 | _pkgname=${pkgname/py3/python} 7 | pkgver=21.6.0 8 | -pkgrel=10 9 | +pkgrel=0 10 | pkgdesc="Greenbone Vulnerability Management Python Library " 11 | url="https://github.com/greenbone/python-gvm" 12 | arch="noarch" 13 | -------------------------------------------------------------------------------- /CHANGELOG.md: -------------------------------------------------------------------------------- 1 | # Changelog 2 | All notable changes to this docker project will be documented in this file. 3 | 4 | 5 | 6 | -------------------------------------------------------------------------------- /DataSync/README.md: -------------------------------------------------------------------------------- 1 | # GVM Data Sync 2 | [![Sync Data](https://github.com/Secure-Compliance-Solutions-LLC/gvm-data-sync/actions/workflows/main.yml/badge.svg)](https://github.com/Secure-Compliance-Solutions-LLC/gvm-data-sync/actions/workflows/main.yml) 3 | 4 | This repo is used for updating the file located here: https://vulndata.securecompliance.solutions/file/VulnData/data.tar.xz 5 | 6 | That file is used in our [GVM Docker image](https://github.com/Secure-Compliance-Solutions-LLC/GVM-Docker). 7 | -------------------------------------------------------------------------------- /DataSync/download.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | FEED_HOME="https://community.greenbone.net/t/about-greenbone-community-feed-gcf/1224" 4 | FEED_VENDOR="Greenbone Networks GmbH" 5 | 6 | write_feed_xml () { 7 | 8 | if [ ! -f "${FEED_DIR}/timestamp" ]; then 9 | echo "timestamp file not found!" 10 | exit 1 11 | fi 12 | 13 | FEED_VERSION=$(cat "${FEED_DIR}/timestamp") 14 | 15 | mkdir -p "${FEED_DIR}" 16 | { 17 | echo '' 18 | echo "${FEED_TYPE}" 19 | echo "${FEED_NAME}" 20 | echo "${FEED_VERSION}" 21 | echo "${FEED_VENDOR}" 22 | echo "${FEED_HOME}" 23 | echo "" 24 | echo "This script synchronizes a ${FEED_TYPE} collection with the '${FEED_NAME}'." 25 | echo "The '${FEED_NAME}' is provided by '${FEED_VENDOR}'." 26 | echo "Online information about this feed: '${FEED_HOME}'." 27 | echo "" 28 | echo "" 29 | } > "${FEED_DIR}/feed.xml" 30 | } 31 | 32 | mkdir -p data 33 | 34 | echo "RSYNC: NVT-Feed..." 35 | 36 | while ! rsync --compress-level=9 --links --times --omit-dir-times --recursive --partial --quiet rsync://feed.community.greenbone.net:/nvt-feed ./data/nvt-feed 37 | do 38 | echo "Retrying..." 39 | sleep 10 40 | done 41 | 42 | sleep 10 43 | 44 | FEED_DIR="./data/gvmd-data" 45 | FEED_TYPE="GVMD_DATA" 46 | FEED_NAME="Greenbone Community gvmd Data Feed" 47 | 48 | echo "RSYNC: Data-Objects GVMD..." 49 | 50 | while ! rsync --compress-level=9 --links --times --omit-dir-times --recursive --partial --quiet rsync://feed.community.greenbone.net:/data-objects/gvmd/ "${FEED_DIR}" 51 | do 52 | echo "Retrying..." 53 | sleep 10 54 | done 55 | 56 | write_feed_xml 57 | 58 | sleep 10 59 | 60 | FEED_DIR="./data/cert-data" 61 | FEED_TYPE="CERT" 62 | FEED_NAME="Greenbone Community CERT Feed" 63 | 64 | echo "RSYNC: Cert-Data..." 65 | 66 | while ! rsync --compress-level=9 --links --times --omit-dir-times --recursive --partial --quiet rsync://feed.community.greenbone.net:/cert-data "${FEED_DIR}" 67 | do 68 | echo "Retrying..." 69 | sleep 10 70 | done 71 | 72 | write_feed_xml 73 | 74 | sleep 10 75 | 76 | FEED_DIR="./data/scap-data" 77 | FEED_TYPE="SCAP" 78 | FEED_NAME="Greenbone Community SCAP Feed" 79 | 80 | echo "RSYNC: Scap-Data..." 81 | 82 | while ! rsync --compress-level=9 --links --times --omit-dir-times --recursive --partial --quiet rsync://feed.community.greenbone.net:/scap-data "${FEED_DIR}" 83 | do 84 | echo "Retrying..." 85 | sleep 10 86 | done 87 | 88 | write_feed_xml 89 | -------------------------------------------------------------------------------- /DockerComposer/.env: -------------------------------------------------------------------------------- 1 | POSTGRES_HOST_AUTH_METHOD=trust 2 | POSTGRES_USER=gvmd 3 | POSTGRES_DB=gvmd 4 | 5 | GVM_USERNAME=admin 6 | GVM_PASSWORD=admin 7 | -------------------------------------------------------------------------------- /DockerComposer/GSA/Dockerfile: -------------------------------------------------------------------------------- 1 | FROM bitnami/minideb:bullseye AS build 2 | 3 | COPY --from=securecompliance/gvm-libs:latest /gvm /gvm/ 4 | 5 | RUN apt-get update && \ 6 | apt-get install --no-install-recommends --assume-yes ca-certificates curl && \ 7 | curl -fsSL https://deb.nodesource.com/setup_lts.x | bash - && \ 8 | apt-get install --no-install-recommends --assume-yes ca-certificates curl build-essential pkg-config cmake libmicrohttpd-dev libxml2-dev libglib2.0-dev nodejs libgpgme11 libradcli4 libssh-gcrypt-4 libhiredis0.14 libgcrypt20-dev && \ 9 | npm install -g yarn && \ 10 | mkdir /build && \ 11 | cd /build && \ 12 | curl -L -o gsa.tar.gz https://github.com/greenbone/gsa/archive/refs/tags/v21.4.2.tar.gz && \ 13 | tar -xvf gsa.tar.gz && \ 14 | cd gsa-* && \ 15 | mkdir build && \ 16 | cd build && \ 17 | export PKG_CONFIG_PATH=/gvm/lib/pkgconfig:$PKG_CONFIG_PATH && \ 18 | cmake -DCMAKE_INSTALL_PREFIX=/gvm .. && \ 19 | make install 20 | 21 | FROM bitnami/minideb:bullseye 22 | 23 | ENV LD_LIBRARY_PATH=/gvm/lib/ 24 | 25 | COPY --from=build /gvm /gvm/ 26 | 27 | RUN apt-get update && \ 28 | apt-get install --no-install-recommends --assume-yes libmicrohttpd12 libglib2.0-0 libxml2 libgpgme11 libradcli4 libssh-gcrypt-4 libhiredis0.14 && \ 29 | useradd --home-dir /home/gsad --create-home gsad --shell /bin/false && \ 30 | chown gsad:gsad -R /gvm/var/run 31 | 32 | USER gsad 33 | 34 | CMD ["/gvm/sbin/gsad", "--foreground", "--listen=::", "--port=9392", "--munix-socket=/gvm/var/run/gvmd.sock", "--gnutls-priorities=SECURE128:-AES-128-CBC:-CAMELLIA-128-CBC:-VERS-SSL3.0:-VERS-TLS1.0"] 35 | -------------------------------------------------------------------------------- /DockerComposer/GVM-Data-Sync/Dockerfile: -------------------------------------------------------------------------------- 1 | FROM bitnami/minideb:bullseye 2 | 3 | RUN apt-get update && \ 4 | apt-get install --no-install-recommends --assume-yes ca-certificates curl tar xz-utils rsync && \ 5 | apt-get clean 6 | 7 | COPY start.sh /start.sh 8 | 9 | CMD ["/start.sh"] 10 | -------------------------------------------------------------------------------- /DockerComposer/GVM-Data-Sync/start.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | sync () { 4 | echo "--- Sync: Start ---" 5 | 6 | rm /tmp/data.tar.xz 7 | rm -r /tmp/data 8 | 9 | echo "Downloading data TAR..." 10 | curl -o /tmp/data.tar.xz https://vulndata.securecompliance.solutions/file/VulnData/data.tar.xz # This file is updated at 0:00 UTC every day 11 | mkdir /tmp/data 12 | 13 | echo "Extracting data TAR..." 14 | tar --extract --file=/tmp/data.tar.xz --directory=/tmp/data 15 | 16 | echo "Removing Old Data..." 17 | rm -rf /gvm/var/lib/gvm/data-objects/gvmd 18 | rm -rf /gvm/var/lib/gvm/scap-data 19 | rm -rf /gvm/var/lib/gvm/cert-data 20 | 21 | echo "Moving Data..." 22 | mkdir -p /gvm/var/lib/gvm/data-objects 23 | mv --force /tmp/data/gvmd-data /gvm/var/lib/gvm/data-objects/gvmd 24 | mv --force /tmp/data/scap-data /gvm/var/lib/gvm/scap-data 25 | mv --force /tmp/data/cert-data /gvm/var/lib/gvm/cert-data 26 | 27 | echo "Fixing Permissions..." 28 | chmod 777 -R /gvm/var/lib/gvm/data-objects 29 | chmod 777 -R /gvm/var/lib/gvm/scap-data 30 | chmod 777 -R /gvm/var/lib/gvm/cert-data 31 | 32 | rm /tmp/data.tar.xz 33 | rm -r /tmp/data 34 | 35 | echo "--- Sync: Done ---" 36 | } 37 | 38 | sync 39 | 40 | while true; do 41 | sleep 12h 42 | sync 43 | done 44 | -------------------------------------------------------------------------------- /DockerComposer/GVM-Libs/Dockerfile: -------------------------------------------------------------------------------- 1 | FROM bitnami/minideb:bullseye AS build 2 | 3 | RUN apt-get update && \ 4 | apt-get install --no-install-recommends --assume-yes ca-certificates curl build-essential cmake pkg-config libglib2.0-dev libgpgme-dev libgnutls28-dev uuid-dev libssh-gcrypt-dev libhiredis-dev libxml2-dev libpcap-dev libnet1-dev libldap2-dev libradcli-dev && \ 5 | mkdir /build && \ 6 | mkdir /gvm && \ 7 | cd /build && \ 8 | curl -L -o gvm-libs.tar.gz https://github.com/greenbone/gvm-libs/archive/refs/tags/v21.4.2.tar.gz && \ 9 | tar -xvf gvm-libs.tar.gz && \ 10 | cd gvm-libs-* && \ 11 | mkdir build && \ 12 | cd build && \ 13 | cmake -DCMAKE_INSTALL_PREFIX=/gvm .. && \ 14 | make install 15 | 16 | FROM scratch 17 | 18 | COPY --from=build /gvm /gvm/ 19 | -------------------------------------------------------------------------------- /DockerComposer/GVM-Tools/Dockerfile: -------------------------------------------------------------------------------- 1 | FROM bitnami/minideb:bullseye 2 | -------------------------------------------------------------------------------- /DockerComposer/GVMD/Dockerfile: -------------------------------------------------------------------------------- 1 | FROM bitnami/minideb:bullseye AS build 2 | 3 | COPY --from=securecompliance/gvm-libs:latest /gvm /gvm/ 4 | 5 | ADD https://www.postgresql.org/media/keys/ACCC4CF8.asc /postgresql.asc 6 | 7 | RUN apt-get update && apt-get install --no-install-recommends --assume-yes gnupg 8 | 9 | RUN sh -c 'echo "deb http://apt.postgresql.org/pub/repos/apt bullseye-pgdg main" > /etc/apt/sources.list.d/pgdg.list' && \ 10 | apt-key add /postgresql.asc && \ 11 | apt-get update && \ 12 | apt-get install --no-install-recommends --assume-yes ca-certificates curl build-essential cmake libglib2.0-dev libgnutls28-dev libpq-dev postgresql-server-dev-12 pkg-config libical-dev libgpgme-dev xsltproc xml-twig-tools libradcli4 libssh-gcrypt-4 libhiredis0.14 && \ 13 | mkdir /build && \ 14 | cd /build && \ 15 | curl -L -o gvmd.tar.gz https://github.com/greenbone/gvmd/archive/refs/tags/v21.4.3.tar.gz && \ 16 | tar -xvf gvmd.tar.gz && \ 17 | cd gvmd-* && \ 18 | mkdir build && \ 19 | cd build && \ 20 | export PKG_CONFIG_PATH=/gvm/lib/pkgconfig:$PKG_CONFIG_PATH && \ 21 | cmake -DCMAKE_INSTALL_PREFIX=/gvm .. && \ 22 | make install 23 | 24 | FROM bitnami/minideb:bullseye 25 | 26 | ENV LD_LIBRARY_PATH=/gvm/lib/ 27 | 28 | COPY --from=build /gvm /gvm/ 29 | COPY --from=securecompliance/openvas:latest /gvm/bin/greenbone-nvt-sync /gvm/bin/greenbone-nvt-sync 30 | 31 | RUN apt-get update && \ 32 | apt-get install --no-install-recommends --assume-yes libgpgme11 libpq5 libglib2.0-0 libical3 libradcli4 libssh-gcrypt-4 libhiredis0.14 libxml2 gnutls-bin xml-twig-tools texlive-latex-extra texlive-fonts-recommended xsltproc nsis wget rpm dpkg fakeroot && \ 33 | apt-get clean && \ 34 | useradd --home-dir /home/gvm --create-home gvmd --shell /bin/false && \ 35 | chown gvmd:gvmd -R /gvm/var/run && \ 36 | mkdir -p /gvm/var/log && \ 37 | chown gvmd:gvmd -R /gvm/var/log && \ 38 | mkdir -p /gvm/var/lib/gvm && \ 39 | chown gvmd:gvmd -R /gvm/var/lib/gvm 40 | 41 | COPY start.sh /start.sh 42 | COPY dummy-script.sh /usr/bin/rsync 43 | 44 | USER gvmd 45 | 46 | CMD ["/start.sh"] 47 | -------------------------------------------------------------------------------- /DockerComposer/GVMD/dummy-script.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | sleep 5 4 | -------------------------------------------------------------------------------- /DockerComposer/GVMD/start.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | set -e 3 | 4 | gvmd () { 5 | /gvm/sbin/gvmd --database=$POSTGRES_DB --db-host=database --db-port=5432 --db-user=$POSTGRES_USER "$@" 6 | } 7 | 8 | if [ ! -f "/gvm/var/lib/gvm/CA/cacert.pem" ]; then 9 | /gvm/bin/gvm-manage-certs -a 10 | fi 11 | 12 | gvmd --migrate 13 | 14 | gvmd 15 | 16 | echo "Waiting for Greenbone Vulnerability Manager to finish startup..." 17 | until gvmd --get-users; do 18 | sleep 1 19 | done 20 | 21 | if [ ! -f "/gvm/var/lib/gvm/created_gvm_user" ]; then 22 | echo "Creating Greenbone Vulnerability Manager admin user" 23 | gvmd --role="Super Admin" --create-user="$GVM_USERNAME" --password="$GVM_PASSWORD" 24 | 25 | USERSLIST=$(gvmd --get-users --verbose) 26 | IFS=' ' 27 | read -ra ADDR <<<"$USERSLIST" 28 | 29 | echo "${ADDR[1]}" 30 | 31 | gvmd --modify-setting 78eceaec-3385-11ea-b237-28d24461215b --value ${ADDR[1]} 32 | 33 | touch /gvm/var/lib/gvm/created_gvm_user 34 | fi 35 | 36 | echo "--- GVMD Started ---" 37 | 38 | tail -f /gvm/var/log/gvm/gvmd.log 39 | -------------------------------------------------------------------------------- /DockerComposer/LICENSE: -------------------------------------------------------------------------------- 1 | MIT License 2 | 3 | Copyright (c) 2022 DeineAgentur UG 4 | 5 | Permission is hereby granted, free of charge, to any person obtaining a copy 6 | of this software and associated documentation files (the "Software"), to deal 7 | in the Software without restriction, including without limitation the rights 8 | to use, copy, modify, merge, publish, distribute, sublicense, and/or sell 9 | copies of the Software, and to permit persons to whom the Software is 10 | furnished to do so, subject to the following conditions: 11 | 12 | The above copyright notice and this permission notice shall be included in all 13 | copies or substantial portions of the Software. 14 | 15 | THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR 16 | IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 17 | FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE 18 | AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER 19 | LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, 20 | OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE 21 | SOFTWARE. 22 | -------------------------------------------------------------------------------- /DockerComposer/OpenVAS-SMB/Dockerfile: -------------------------------------------------------------------------------- 1 | FROM bitnami/minideb:bullseye AS build 2 | 3 | RUN apt-get update && \ 4 | apt-get install --no-install-recommends --assume-yes ca-certificates curl build-essential cmake pkg-config gcc-mingw-w64 libgnutls28-dev perl-base heimdal-dev libpopt-dev libglib2.0-dev libunistring-dev && \ 5 | mkdir /build && \ 6 | mkdir /gvm && \ 7 | cd /build && \ 8 | curl -L -o openvas-smb.tar.gz https://github.com/greenbone/openvas-smb/archive/refs/tags/v21.4.0.tar.gz && \ 9 | tar -xvf openvas-smb.tar.gz && \ 10 | cd openvas-smb-* && \ 11 | mkdir build && \ 12 | cd build && \ 13 | cmake -DCMAKE_INSTALL_PREFIX=/gvm .. && \ 14 | make install 15 | 16 | FROM scratch 17 | 18 | COPY --from=build /gvm /gvm/ 19 | -------------------------------------------------------------------------------- /DockerComposer/OpenVAS/Dockerfile: -------------------------------------------------------------------------------- 1 | FROM bitnami/minideb:bullseye AS build 2 | 3 | COPY --from=securecompliance/gvm-libs:latest /gvm /gvm/ 4 | COPY --from=securecompliance/openvas-smb:latest /gvm /gvm/ 5 | 6 | ENV PYTHONPATH=/gvm/ospd/ 7 | 8 | RUN apt-get update && \ 9 | apt-get install --no-install-recommends --assume-yes rustc cargo python3 python3-dev python3-pip python3-setuptools python3-paramiko python3-lxml python3-defusedxml ca-certificates curl build-essential cmake pkg-config libssh-gcrypt-dev libgnutls28-dev libglib2.0-dev libpcap-dev libgpgme-dev bison libksba-dev libsnmp-dev libgcrypt20-dev libradcli4 libhiredis0.14 libgssapi3-heimdal libpopt0 libheimntlm0-heimdal libkrb5-26-heimdal libhx509-5-heimdal libhcrypto4-heimdal libasn1-8-heimdal libwind0-heimdal libheimbase1-heimdal libroken18-heimdal libhdb9-heimdal libnet1 10 | 11 | RUN mkdir /build && \ 12 | cd /build && \ 13 | curl -L -o openvas.tar.gz https://github.com/greenbone/openvas-scanner/archive/refs/tags/v21.4.2.tar.gz && \ 14 | tar -xvf openvas.tar.gz && \ 15 | cd openvas-* && \ 16 | mkdir build && \ 17 | cd build && \ 18 | export PKG_CONFIG_PATH=/gvm/lib/pkgconfig:$PKG_CONFIG_PATH && \ 19 | cmake -DCMAKE_INSTALL_PREFIX=/gvm .. && \ 20 | make install 21 | 22 | RUN mkdir -p /gvm/ospd 23 | RUN pip3 install --upgrade --target=/gvm/ospd ospd==21.4.3 24 | RUN pip3 install --upgrade --target=/gvm/ospd ospd-openvas==21.4.2 25 | 26 | FROM bitnami/minideb:bullseye 27 | 28 | ENV LD_LIBRARY_PATH=/gvm/lib/ 29 | ENV PYTHONPATH=/gvm/ospd/ 30 | ENV PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/gvm/sbin 31 | 32 | COPY --from=build /gvm /gvm/ 33 | 34 | RUN apt-get update && \ 35 | apt-get install --no-install-recommends --assume-yes python3-paramiko python3-lxml python3-defusedxml libglib2.0-0 libgpgme11 libssh-gcrypt-4 libsnmp40 libnet1 libradcli4 libhiredis0.14 libxml2 libgssapi3-heimdal libpopt0 libhdb9-heimdal libatomic1 \ 36 | nmap python3-impacket ike-scan smbclient autossh openssh-client net-tools \ 37 | ca-certificates curl tar xz-utils rsync && \ 38 | apt-get clean 39 | 40 | COPY start.sh /start.sh 41 | COPY sync.sh /sync.sh 42 | 43 | CMD ["/start.sh"] 44 | -------------------------------------------------------------------------------- /DockerComposer/OpenVAS/start.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | set -e 3 | 4 | /sync.sh & 5 | 6 | /gvm/ospd/bin/ospd-openvas --foreground --socket-mode=0o777 7 | 8 | echo "--- OpenVAS OSPD Started ---" 9 | 10 | tail -f /gvm/var/log/gvm/openvas.log 11 | -------------------------------------------------------------------------------- /DockerComposer/OpenVAS/sync.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | sync () { 4 | echo "--- Sync: Start ---" 5 | 6 | rm /tmp/nvt-feed.tar.xz 7 | rm -r /tmp/nvt-feed 8 | 9 | echo "Downloading data TAR..." 10 | curl -o /tmp/nvt-feed.tar.xz https://vulndata.securecompliance.solutions/file/VulnData/nvt-feed.tar.xz # This file is updated at 0:00 UTC every day 11 | mkdir /tmp/nvt-feed 12 | 13 | echo "Extracting data TAR..." 14 | tar --extract --file=/tmp/nvt-feed.tar.xz --directory=/tmp/nvt-feed 15 | 16 | echo "Fixing Permissions..." 17 | chmod 644 -R /tmp/nvt-feed 18 | 19 | echo "Moving Data..." 20 | rsync -r /tmp/nvt-feed/ /gvm/var/lib/openvas/plugins 21 | 22 | rm /tmp/nvt-feed.tar.xz 23 | rm -r /tmp/nvt-feed 24 | 25 | echo "--- Sync: Done ---" 26 | } 27 | 28 | sync 29 | 30 | while true; do 31 | sleep 12h 32 | sync 33 | done 34 | -------------------------------------------------------------------------------- /DockerComposer/PostgreSQL/Dockerfile: -------------------------------------------------------------------------------- 1 | FROM postgres:12-bullseye 2 | 3 | COPY --from=securecompliance/gvmd:latest /gvm/lib /gvm/lib/ 4 | 5 | COPY gvm-init.sh /docker-entrypoint-initdb.d/gvm-init.sh 6 | 7 | RUN apt-get update && \ 8 | apt-get install --no-install-recommends --assume-yes libglib2.0-0 libical3 libgpgme11 libradcli4 libssh-gcrypt-4 libhiredis0.14 && \ 9 | apt-get clean 10 | 11 | ENV LD_LIBRARY_PATH=/gvm/lib/ 12 | -------------------------------------------------------------------------------- /DockerComposer/PostgreSQL/gvm-init.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | set -e 3 | 4 | psql -v ON_ERROR_STOP=1 --username "$POSTGRES_USER" --dbname "$POSTGRES_DB" <<-EOSQL 5 | create role dba with superuser noinherit; 6 | grant dba to gvm; 7 | create extension "uuid-ossp"; 8 | create extension "pgcrypto"; 9 | EOSQL 10 | -------------------------------------------------------------------------------- /DockerComposer/Redis/Dockerfile: -------------------------------------------------------------------------------- 1 | FROM redis:6-alpine 2 | COPY redis.conf /usr/local/etc/redis/redis.conf 3 | RUN mkdir /run/redis && chown redis:redis -R /run/redis 4 | CMD [ "redis-server", "/usr/local/etc/redis/redis.conf" ] 5 | -------------------------------------------------------------------------------- /DockerComposer/SSHD/Dockerfile: -------------------------------------------------------------------------------- 1 | FROM alpine:3.14 2 | 3 | RUN apk add --no-cache openssh-server 4 | 5 | RUN adduser --disabled-password gvm 6 | 7 | COPY sshd_config /etc/ssh/sshd_config 8 | 9 | COPY start.sh /start.sh 10 | 11 | CMD ["/start.sh"] 12 | -------------------------------------------------------------------------------- /DockerComposer/SSHD/sshd_config: -------------------------------------------------------------------------------- 1 | AllowAgentForwarding no 2 | AllowStreamLocalForwarding remote 3 | AllowUsers gvm 4 | AuthenticationMethods publickey 5 | ChallengeResponseAuthentication no 6 | Ciphers chacha20-poly1305@openssh.com 7 | ClientAliveCountMax 3 8 | ClientAliveInterval 10 9 | ForceCommand /sbin/nologin 10 | HostKey /etc/ssh/ssh_host_ed25519_key 11 | KexAlgorithms curve25519-sha256@libssh.org 12 | MACs hmac-sha2-512-etm@openssh.com 13 | MaxAuthTries 2 14 | MaxSessions 0 15 | PasswordAuthentication no 16 | PermitRootLogin no 17 | PermitTTY no 18 | PrintMotd no 19 | PrintMotd no 20 | StreamLocalBindUnlink yes 21 | X11Forwarding no 22 | -------------------------------------------------------------------------------- /DockerComposer/SSHD/start.sh: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | 3 | ssh-keygen -A 4 | 5 | /usr/sbin/sshd -D -e 6 | -------------------------------------------------------------------------------- /DockerComposer/build.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | docker build -t securecompliance/gvm-libs ./GVM-Libs 4 | docker build -t securecompliance/openvas-smb ./OpenVAS-SMB 5 | docker build -t securecompliance/openvas ./OpenVAS 6 | docker build -t securecompliance/openvas-redis ./Redis 7 | docker build -t securecompliance/gvmd ./GVMD 8 | docker build -t securecompliance/gsa ./GSA 9 | docker build -t securecompliance/gvm-data-sync ./GVM-Data-Sync 10 | docker build -t securecompliance/gvm-sshd ./SSHD 11 | docker build -t securecompliance/gvm-postgres ./PostgreSQL 12 | -------------------------------------------------------------------------------- /DockerComposer/docker-compose.yaml: -------------------------------------------------------------------------------- 1 | version: "3" 2 | services: 3 | database: 4 | image: securecompliance/gvm-postgres 5 | env_file: .env 6 | stop_grace_period: 1m 7 | restart: always 8 | volumes: 9 | - database:/var/lib/postgresql/data 10 | networks: 11 | - gvm 12 | gvm-data-sync: 13 | image: securecompliance/gvm-data-sync 14 | restart: always 15 | volumes: 16 | - gvm:/gvm/var/lib/gvm 17 | gvmd: 18 | image: securecompliance/gvmd 19 | env_file: .env 20 | restart: always 21 | depends_on: 22 | - database 23 | - openvas 24 | volumes: 25 | - gvm:/gvm/var/lib/gvm 26 | - openvas:/gvm/var/lib/openvas/plugins 27 | - gvm-sockets:/gvm/var/run 28 | - openvas-sockets:/var/run/ospd 29 | networks: 30 | - gvm 31 | gsa: 32 | image: securecompliance/gsa 33 | restart: always 34 | depends_on: 35 | - database 36 | - gvmd 37 | volumes: 38 | - gvm:/gvm/var/lib/gvm 39 | - gvm-sockets:/gvm/var/run 40 | ports: 41 | - 9392:9392 42 | networks: 43 | - gvm 44 | openvas: 45 | image: securecompliance/openvas 46 | restart: always 47 | depends_on: 48 | - openvas-redis 49 | network_mode: "host" 50 | volumes: 51 | - openvas:/gvm/var/lib/openvas/plugins 52 | - openvas-sockets:/var/run/ospd 53 | - redis-sockets:/run/redis 54 | openvas-redis: 55 | image: securecompliance/openvas-redis 56 | restart: always 57 | volumes: 58 | - redis-sockets:/run/redis 59 | 60 | networks: 61 | gvm: 62 | 63 | volumes: 64 | database: 65 | gvm: 66 | openvas: 67 | gvm-sockets: 68 | openvas-sockets: 69 | redis-sockets: 70 | -------------------------------------------------------------------------------- /Dockerfiles/build_gsad.debian.Dockerfile: -------------------------------------------------------------------------------- 1 | # syntax=docker/dockerfile:1.4 2 | ARG CACHE_IMAGE=deineagenturug/gvm 3 | ARG CACHE_BUILD_IMAGE=deineagenturug/gvm-build 4 | 5 | ARG POSTGRESQL_VERSION="13" 6 | ARG GSAD_VERSION="21.4.4" 7 | ARG GSA_VERSION="21.4.4" 8 | ARG GVM_LIBS_VERSION="21.4.4" 9 | ARG GVMD_VERSION="21.4.5" 10 | ARG OPENVAS_SCANNER_VERSION="21.4.4" 11 | ARG OPENVAS_SMB_VERSION="21.4.0" 12 | ARG PYTHON_GVM_VERSION="21.11.0" 13 | ARG OSPD_OPENVAS_VERSION="21.4.4" 14 | ARG GVM_TOOLS_VERSION="21.10.0" 15 | 16 | ARG SUPVISD=supervisorctl 17 | ARG GVMD_USER 18 | ARG GVMD_PASSWORD 19 | ARG USERNAME=admin 20 | ARG PASSWORD=adminpassword 21 | ARG PASSWORD_FILE=none 22 | ARG TIMEOUT=15 23 | ARG DEBUG=N 24 | ARG RELAYHOST=smtp 25 | ARG SMTPPORT=25 26 | ARG AUTO_SYNC=YES 27 | ARG AUTO_SYNC_ON_START=YES 28 | ARG CERTIFICATE=none 29 | ARG CERTIFICATE_KEY=none 30 | ARG HTTPS=true 31 | ARG TZ=Etc/UTC 32 | ARG SSHD=false 33 | ARG DB_PASSWORD=none 34 | 35 | ARG INSTALL_PREFIX=/usr 36 | ARG SOURCE_DIR=/source 37 | ARG BUILD_DIR=/build 38 | ARG INSTALL_DIR=/install 39 | ARG DESTDIR=/install 40 | 41 | FROM ${CACHE_BUILD_IMAGE}:build_gsa AS build_gsa 42 | 43 | FROM ${CACHE_BUILD_IMAGE}:build_gvm_libs AS build_gvm_libs 44 | 45 | FROM ${CACHE_BUILD_IMAGE}:build_base AS build 46 | 47 | ARG CACHE_IMAGE 48 | ARG CACHE_BUILD_IMAGE 49 | ARG INSTALL_PREFIX 50 | ARG SOURCE_DIR 51 | ARG BUILD_DIR 52 | ARG INSTALL_DIR 53 | ARG DESTDIR 54 | ENV INSTALL_PREFIX=${INSTALL_PREFIX} \ 55 | SOURCE_DIR=${SOURCE_DIR} \ 56 | BUILD_DIR=${BUILD_DIR} \ 57 | INSTALL_DIR=${INSTALL_DIR} \ 58 | DESTDIR=${DESTDIR} 59 | 60 | ARG GSAD_VERSION 61 | ENV GSAD_VERSION=${GSAD_VERSION} 62 | COPY --from=build_gvm_libs / / 63 | RUN echo "/usr/local/lib" >/etc/ld.so.conf.d/openvas.conf && ldconfig 64 | RUN curl -sSL https://github.com/greenbone/gsad/archive/refs/tags/v${GSAD_VERSION}.tar.gz -o ${SOURCE_DIR}/gsad-${GSAD_VERSION}.tar.gz \ 65 | && curl -sSL https://github.com/greenbone/gsad/releases/download/v${GSAD_VERSION}/gsad-${GSAD_VERSION}.tar.gz.asc -o ${SOURCE_DIR}/gsad-${GSAD_VERSION}.tar.gz.asc \ 66 | &&gpg --verify ${SOURCE_DIR}/gsad-${GSAD_VERSION}.tar.gz.asc ${SOURCE_DIR}/gsad-${GSAD_VERSION}.tar.gz 67 | RUN tar -C ${SOURCE_DIR} -xvzf ${SOURCE_DIR}/gsad-${GSAD_VERSION}.tar.gz \ 68 | && mkdir -p ${BUILD_DIR}/gsad && cd $_ \ 69 | && cmake ${SOURCE_DIR}/gsad-${GSAD_VERSION} \ 70 | -DCMAKE_INSTALL_PREFIX=${INSTALL_PREFIX} \ 71 | -DCMAKE_BUILD_TYPE=Release \ 72 | -DSYSCONFDIR=/etc \ 73 | -DLOCALSTATEDIR=/var \ 74 | -DLOGROTATE_DIR=/etc/logrotate.d \ 75 | -DGVMD_RUN_DIR=/run/gvmd \ 76 | -DGSAD_RUN_DIR=/run/gsad \ 77 | -DGSAD_PID_DIR=/run/gsad \ 78 | && make -j$(nproc) \ 79 | && make DESTDIR=${INSTALL_DIR} install 80 | 81 | 82 | FROM scratch 83 | ARG CACHE_IMAGE 84 | ARG CACHE_BUILD_IMAGE 85 | ARG INSTALL_PREFIX 86 | ARG SOURCE_DIR 87 | ARG BUILD_DIR 88 | ARG INSTALL_DIR 89 | ARG DESTDIR 90 | COPY --from=build_gsa / / 91 | COPY --from=build ${INSTALL_DIR}/ / 92 | -------------------------------------------------------------------------------- /Dockerfiles/build_gvm_libs.debian.Dockerfile: -------------------------------------------------------------------------------- 1 | # syntax=docker/dockerfile:1.4 2 | ARG CACHE_IMAGE=deineagenturug/gvm 3 | ARG CACHE_BUILD_IMAGE=deineagenturug/gvm-build 4 | 5 | ARG POSTGRESQL_VERSION="13" 6 | ARG GSAD_VERSION="21.4.4" 7 | ARG GSA_VERSION="21.4.4" 8 | ARG GVM_LIBS_VERSION="21.4.4" 9 | ARG GVMD_VERSION="21.4.5" 10 | ARG OPENVAS_SCANNER_VERSION="21.4.4" 11 | ARG OPENVAS_SCANNER_VERSION="21.4.4" 12 | ARG OPENVAS_SMB_VERSION="21.4.0" 13 | ARG PYTHON_GVM_VERSION="21.11.0" 14 | ARG OSPD_OPENVAS_VERSION="21.4.4" 15 | ARG GVM_TOOLS_VERSION="21.10.0" 16 | 17 | ARG SUPVISD=supervisorctl 18 | ARG GVMD_USER 19 | ARG GVMD_PASSWORD 20 | ARG USERNAME=admin 21 | ARG PASSWORD=adminpassword 22 | ARG PASSWORD_FILE=none 23 | ARG TIMEOUT=15 24 | ARG DEBUG=N 25 | ARG RELAYHOST=smtp 26 | ARG SMTPPORT=25 27 | ARG AUTO_SYNC=YES 28 | ARG AUTO_SYNC_ON_START=YES 29 | ARG CERTIFICATE=none 30 | ARG CERTIFICATE_KEY=none 31 | ARG HTTPS=true 32 | ARG TZ=Etc/UTC 33 | ARG SSHD=false 34 | ARG DB_PASSWORD=none 35 | 36 | ARG INSTALL_PREFIX=/usr 37 | ARG SOURCE_DIR=/source 38 | ARG BUILD_DIR=/build 39 | ARG INSTALL_DIR=/install 40 | ARG DESTDIR=/install 41 | 42 | FROM ${CACHE_BUILD_IMAGE}:build_base AS build 43 | ARG CACHE_IMAGE 44 | ARG CACHE_BUILD_IMAGE 45 | ARG INSTALL_PREFIX 46 | ARG SOURCE_DIR 47 | ARG BUILD_DIR 48 | ARG INSTALL_DIR 49 | ARG DESTDIR 50 | ENV INSTALL_PREFIX=${INSTALL_PREFIX} \ 51 | SOURCE_DIR=${SOURCE_DIR} \ 52 | BUILD_DIR=${BUILD_DIR} \ 53 | INSTALL_DIR=${INSTALL_DIR} \ 54 | DESTDIR=${DESTDIR} 55 | 56 | ARG GVM_LIBS_VERSION 57 | ENV GVM_LIBS_VERSION=${GVM_LIBS_VERSION} 58 | 59 | # Download and install gvm-libs 60 | RUN curl -sSL "https://github.com/greenbone/gvm-libs/archive/refs/tags/v${GVM_LIBS_VERSION}.tar.gz" -o "${SOURCE_DIR}/gvm-libs-${GVM_LIBS_VERSION}.tar.gz" \ 61 | && curl -sSL "https://github.com/greenbone/gvm-libs/releases/download/v${GVM_LIBS_VERSION}/gvm-libs-${GVM_LIBS_VERSION}.tar.gz.asc" -o "${SOURCE_DIR}/gvm-libs-${GVM_LIBS_VERSION}.tar.gz.asc" \ 62 | && gpg --verify "${SOURCE_DIR}/gvm-libs-${GVM_LIBS_VERSION}.tar.gz.asc" "${SOURCE_DIR}/gvm-libs-${GVM_LIBS_VERSION}.tar.gz" 63 | 64 | # Unpack the gvm-libs tarball 65 | RUN tar -C "${SOURCE_DIR}" -xvzf "${SOURCE_DIR}/gvm-libs-${GVM_LIBS_VERSION}.tar.gz" 66 | 67 | # Build and install gvm-libs 68 | RUN mkdir -p "${BUILD_DIR}/gvm-libs" && cd "${BUILD_DIR}/gvm-libs" 69 | RUN cmake "${SOURCE_DIR}/gvm-libs-${GVM_LIBS_VERSION}" \ 70 | -DCMAKE_INSTALL_PREFIX=${INSTALL_PREFIX} \ 71 | -DCMAKE_BUILD_TYPE=Release \ 72 | -DSYSCONFDIR=/etc \ 73 | -DLOCALSTATEDIR=/var \ 74 | && make "-j$(nproc)"\ 75 | && make DESTDIR="${INSTALL_DIR}" install 76 | 77 | 78 | FROM scratch 79 | ARG CACHE_IMAGE 80 | ARG CACHE_BUILD_IMAGE 81 | ARG INSTALL_PREFIX 82 | ARG SOURCE_DIR 83 | ARG BUILD_DIR 84 | ARG INSTALL_DIR 85 | ARG DESTDIR 86 | 87 | COPY --from=build ${INSTALL_DIR} / 88 | -------------------------------------------------------------------------------- /Dockerfiles/build_openvas_smb.debian.Dockerfile: -------------------------------------------------------------------------------- 1 | # syntax=docker/dockerfile:1.4 2 | ARG CACHE_IMAGE=deineagenturug/gvm 3 | ARG CACHE_BUILD_IMAGE=deineagenturug/gvm-build 4 | 5 | ARG POSTGRESQL_VERSION="13" 6 | ARG GSAD_VERSION="21.4.4" 7 | ARG GSA_VERSION="21.4.4" 8 | ARG GVM_LIBS_VERSION="21.4.4" 9 | ARG GVMD_VERSION="21.4.5" 10 | ARG OPENVAS_SCANNER_VERSION="21.4.4" 11 | ARG OPENVAS_SMB_VERSION="21.4.0" 12 | ARG PYTHON_GVM_VERSION="21.11.0" 13 | ARG OSPD_OPENVAS_VERSION="21.4.4" 14 | ARG GVM_TOOLS_VERSION="21.10.0" 15 | 16 | ARG SUPVISD=supervisorctl 17 | ARG GVMD_USER 18 | ARG GVMD_PASSWORD 19 | ARG USERNAME=admin 20 | ARG PASSWORD=adminpassword 21 | ARG PASSWORD_FILE=none 22 | ARG TIMEOUT=15 23 | ARG DEBUG=N 24 | ARG RELAYHOST=smtp 25 | ARG SMTPPORT=25 26 | ARG AUTO_SYNC=YES 27 | ARG AUTO_SYNC_ON_START=YES 28 | ARG CERTIFICATE=none 29 | ARG CERTIFICATE_KEY=none 30 | ARG HTTPS=true 31 | ARG TZ=Etc/UTC 32 | ARG SSHD=false 33 | ARG DB_PASSWORD=none 34 | 35 | ARG INSTALL_PREFIX=/usr 36 | ARG SOURCE_DIR=/source 37 | ARG BUILD_DIR=/build 38 | ARG INSTALL_DIR=/install 39 | ARG DESTDIR=/install 40 | 41 | FROM ${CACHE_BUILD_IMAGE}:build_gvm_libs AS build_gvm_libs 42 | 43 | FROM ${CACHE_BUILD_IMAGE}:build_base AS build 44 | ARG CACHE_IMAGE 45 | ARG CACHE_BUILD_IMAGE 46 | ARG INSTALL_PREFIX 47 | ARG SOURCE_DIR 48 | ARG BUILD_DIR 49 | ARG INSTALL_DIR 50 | ARG DESTDIR 51 | ENV INSTALL_PREFIX=${INSTALL_PREFIX} \ 52 | SOURCE_DIR=${SOURCE_DIR} \ 53 | BUILD_DIR=${BUILD_DIR} \ 54 | INSTALL_DIR=${INSTALL_DIR} \ 55 | DESTDIR=${DESTDIR} 56 | 57 | ARG OPENVAS_SMB_VERSION 58 | ENV OPENVAS_SMB_VERSION=${OPENVAS_SMB_VERSION} 59 | COPY --from=build_gvm_libs / / 60 | RUN echo "/usr/local/lib" >/etc/ld.so.conf.d/openvas.conf && ldconfig 61 | RUN curl -sSL https://github.com/greenbone/openvas-smb/archive/refs/tags/v${OPENVAS_SMB_VERSION}.tar.gz -o ${SOURCE_DIR}/openvas-smb-${OPENVAS_SMB_VERSION}.tar.gz \ 62 | && curl -sSL https://github.com/greenbone/openvas-smb/releases/download/v${OPENVAS_SMB_VERSION}/openvas-smb-${OPENVAS_SMB_VERSION}.tar.gz.asc -o ${SOURCE_DIR}/openvas-smb-${OPENVAS_SMB_VERSION}.tar.gz.asc \ 63 | && gpg --verify ${SOURCE_DIR}/openvas-smb-${OPENVAS_SMB_VERSION}.tar.gz.asc ${SOURCE_DIR}/openvas-smb-${OPENVAS_SMB_VERSION}.tar.gz 64 | RUN tar -C ${SOURCE_DIR} -xvzf ${SOURCE_DIR}/openvas-smb-${OPENVAS_SMB_VERSION}.tar.gz \ 65 | && mkdir -p ${BUILD_DIR}/openvas-smb && cd ${BUILD_DIR}/openvas-smb \ 66 | && cmake ${SOURCE_DIR}/openvas-smb-${OPENVAS_SMB_VERSION} \ 67 | -DCMAKE_INSTALL_PREFIX=${INSTALL_PREFIX} \ 68 | -DCMAKE_BUILD_TYPE=Release \ 69 | && make -j$(nproc) \ 70 | && make DESTDIR=${INSTALL_DIR} install 71 | 72 | 73 | FROM scratch 74 | ARG CACHE_IMAGE 75 | ARG CACHE_BUILD_IMAGE 76 | ARG INSTALL_PREFIX 77 | ARG SOURCE_DIR 78 | ARG BUILD_DIR 79 | ARG INSTALL_DIR 80 | ARG DESTDIR 81 | 82 | COPY --from=build ${INSTALL_DIR}/ / 83 | -------------------------------------------------------------------------------- /GVMDocker/.dockerignore: -------------------------------------------------------------------------------- 1 | * 2 | !build/ 3 | !config/ 4 | !gvm-sync-data/ 5 | !report_formats/ 6 | !scripts/ 7 | scripts/.github/ 8 | -------------------------------------------------------------------------------- /GVMDocker/Dockerfiles/_release_latest-data-full.debian.Dockerfile: -------------------------------------------------------------------------------- 1 | # syntax=docker/dockerfile:1.4 2 | ARG CACHE_IMAGE=deineagenturug/gvm 3 | ARG CACHE_BUILD_IMAGE=deineagenturug/gvm-build 4 | 5 | FROM ${CACHE_IMAGE}:latest-data AS latest-data-full 6 | ARG CACHE_IMAGE 7 | ARG CACHE_BUILD_IMAGE 8 | ARG SETUP=1 9 | ARG OPT_PDF=1 10 | ENV LANG=en_US.UTF-8 \ 11 | LANGUAGE=en_US.UTF-8 \ 12 | LC_ALL=en_US.UTF-8 \ 13 | SETUP=${SETUP} \ 14 | OPT_PDF=${OPT_PDF} 15 | 16 | RUN sudo apt-get update && \ 17 | sudo apt-get install -y --no-install-recommends \ 18 | texlive-fonts-recommended \ 19 | texlive-latex-extra ; \ 20 | unset OPT_PDF \ 21 | && rm -rfv /var/lib/gvm/CA || true \ 22 | && rm -rfv /var/lib/gvm/private || true \ 23 | && rm /etc/localtime || true\ 24 | && echo "Etc/UTC" >/etc/timezone \ 25 | && rm -rfv /tmp/* /var/cache/apk/* /var/lib/apt/lists/* \ 26 | && echo "!!! FINISH Setup !!!" 27 | 28 | ENV SETUP=0 29 | 30 | FROM ${CACHE_IMAGE}:latest-data 31 | VOLUME [ "/opt/database", "/var/lib/openvas/plugins", "/var/lib/gvm", "/etc/ssh" ] 32 | -------------------------------------------------------------------------------- /GVMDocker/Dockerfiles/_release_latest-data.debian.Dockerfile: -------------------------------------------------------------------------------- 1 | # syntax=docker/dockerfile:1.4 2 | ARG CACHE_IMAGE=deineagenturug/gvm 3 | ARG CACHE_BUILD_IMAGE=deineagenturug/gvm-build 4 | 5 | FROM --platform=linux/amd64 busybox AS data-only 6 | ARG CACHE_IMAGE 7 | ARG CACHE_BUILD_IMAGE 8 | COPY --from=${CACHE_IMAGE}:data-only /data.tar.gz / 9 | RUN mkdir -p /output 10 | RUN tar -xf /data.tar.gz -C /output/ 11 | 12 | FROM ${CACHE_IMAGE}:latest-data AS latest-data 13 | ARG CACHE_IMAGE 14 | ARG CACHE_BUILD_IMAGE 15 | ARG SETUP=1 16 | ARG OPT_PDF=0 17 | COPY --from=data-only /output/ / 18 | ENV LANG=en_US.UTF-8 \ 19 | LANGUAGE=en_US.UTF-8 \ 20 | LC_ALL=en_US.UTF-8 \ 21 | SETUP=${SETUP} \ 22 | OPT_PDF=${OPT_PDF} 23 | 24 | RUN ln -snf "/usr/share/zoneinfo/$TZ" /etc/localtime \ 25 | && echo "$TZ" >/etc/timezone \ 26 | && /opt/setup/scripts/entrypoint.sh /usr/bin/supervisord -c /etc/supervisord.conf \ 27 | && rm -rfv /var/lib/gvm/CA || true \ 28 | && rm -rfv /var/lib/gvm/private || true \ 29 | && rm /etc/localtime || true\ 30 | && echo "Etc/UTC" >/etc/timezone \ 31 | && rm -rfv /tmp/* /var/cache/apk/* /var/lib/apt/lists/* \ 32 | && echo "!!! FINISH Setup !!!" 33 | 34 | ENV SETUP=0 35 | 36 | FROM latest-data 37 | VOLUME [ "/opt/database", "/var/lib/openvas/plugins", "/var/lib/gvm", "/etc/ssh" ] 38 | -------------------------------------------------------------------------------- /GVMDocker/Dockerfiles/release_data-only.debian.Dockerfile: -------------------------------------------------------------------------------- 1 | # syntax=docker/dockerfile:1.4 2 | ARG CACHE_IMAGE=deineagenturug/gvm 3 | ARG CACHE_BUILD_IMAGE=deineagenturug/gvm-build 4 | 5 | FROM deineagenturug/gvm:latest AS data-only 6 | ARG CACHE_IMAGE 7 | ARG CACHE_BUILD_IMAGE 8 | ENV LANG=en_US.UTF-8 \ 9 | LANGUAGE=en_US.UTF-8 \ 10 | LC_ALL=en_US.UTF-8 \ 11 | TZ=Etc/UTC \ 12 | SETUP=1 \ 13 | OPT_PDF=0 14 | 15 | RUN ln -snf "/usr/share/zoneinfo/$TZ" /etc/localtime \ 16 | && echo "$TZ" >/etc/timezone \ 17 | && /opt/setup/scripts/entrypoint.sh /usr/bin/supervisord -c /etc/supervisord.conf \ 18 | && tar -czf /data.tar.gz /opt/database /var/lib/openvas/plugins /var/lib/gvm 19 | 20 | ENV SETUP=0 21 | 22 | 23 | 24 | FROM scratch 25 | COPY --from=data-only /data.tar.gz /data.tar.gz 26 | -------------------------------------------------------------------------------- /GVMDocker/Dockerfiles/release_db_upgrade.debian.Dockerfile: -------------------------------------------------------------------------------- 1 | # syntax=docker/dockerfile:1.4 2 | FROM debian:11-slim AS latest 3 | 4 | CMD ["/opt/setup/scripts/db_upgrade.sh"] 5 | 6 | COPY scripts /opt/setup/scripts/ 7 | 8 | RUN echo "/usr/local/lib" >/etc/ld.so.conf.d/openvas.conf \ 9 | && echo 'export PATH="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/usr/games:/usr/local/games"'>>/etc/environment \ 10 | && sed -i '7c\ \ PATH="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/usr/games:/usr/local/games"' /etc/profile \ 11 | && ldconfig \ 12 | && chmod -R +x /opt/setup/scripts/*.sh \ 13 | && apt-get update \ 14 | && apt-get install -y --no-install-recommends \ 15 | apt-utils \ 16 | coreutils \ 17 | ca-certificates \ 18 | gnupg \ 19 | sudo \ 20 | rsync \ 21 | wget \ 22 | lsb-release \ 23 | curl \ 24 | && echo "Acquire::http::Proxy \"${http_proxy}\";" | tee /etc/apt/apt.conf.d/30proxy \ 25 | && echo "APT::Install-Recommends \"0\" ; APT::Install-Suggests \"0\" ;" | tee /etc/apt/apt.conf.d/10no-recommend-installs \ 26 | && curl https://www.postgresql.org/media/keys/ACCC4CF8.asc | gpg --dearmor | tee /etc/apt/trusted.gpg.d/apt.postgresql.org.gpg >/dev/null \ 27 | && echo "deb http://apt.postgresql.org/pub/repos/apt/ `lsb_release -cs`-pgdg main" | tee /etc/apt/sources.list.d/pgdg.list \ 28 | && echo "deb http://deb.debian.org/debian `lsb_release -cs`-backports main" | tee /etc/apt/sources.list.d/backports.list \ 29 | && apt-get update \ 30 | && apt-get install -y --no-install-recommends \ 31 | dpkg zip nano xz-utils locales \ 32 | "postgresql-common" "libpq-dev"\ 33 | "postgresql-14" "postgresql-client-14" "postgresql-server-dev-14" "postgresql-contrib-14" \ 34 | "postgresql-13" "postgresql-client-13" "postgresql-server-dev-13" "postgresql-contrib-13" \ 35 | "postgresql-12" "postgresql-client-12" "postgresql-server-dev-12" "postgresql-contrib-12" \ 36 | "postgresql-11" "postgresql-client-11" "postgresql-server-dev-11" "postgresql-contrib-11" \ 37 | "postgresql-10" "postgresql-client-10" "postgresql-server-dev-10" "postgresql-contrib-10" \ 38 | && sed -i '/en_US.UTF-8/s/^# //g' /etc/locale.gen \ 39 | && locale-gen \ 40 | && useradd -r -M -d /var/lib/gvm -U -G sudo -s /bin/bash gvm \ 41 | && usermod -aG tty gvm \ 42 | && usermod -aG sudo gvm \ 43 | && echo "gvm ALL = NOPASSWD: /usr/sbin/openvas" > /etc/sudoers.d/gvm \ 44 | && chmod 0440 /etc/sudoers.d/gvm \ 45 | && echo "Etc/UTC" >/etc/timezone \ 46 | && rm -rfv /tmp/* /var/cache/apk/* /var/lib/apt/lists/* 47 | -------------------------------------------------------------------------------- /GVMDocker/Dockerfiles/release_latest-data-full.debian.Dockerfile: -------------------------------------------------------------------------------- 1 | # syntax=docker/dockerfile:1.4 2 | ARG CACHE_IMAGE=deineagenturug/gvm 3 | ARG CACHE_BUILD_IMAGE=deineagenturug/gvm-build 4 | 5 | FROM ${CACHE_IMAGE}:latest-data AS latest-data-full 6 | 7 | ARG CACHE_IMAGE 8 | ARG CACHE_BUILD_IMAGE 9 | 10 | ENV LANG=en_US.UTF-8 \ 11 | LANGUAGE=en_US.UTF-8 \ 12 | LC_ALL=en_US.UTF-8 \ 13 | SETUP=1 \ 14 | OPT_PDF=1 15 | 16 | RUN sudo apt-get update \ 17 | && sudo apt-get install -y --no-install-recommends \ 18 | texlive-fonts-recommended \ 19 | texlive-latex-extra \ 20 | && unset OPT_PDF \ 21 | && (rm -rfv /var/lib/gvm/CA || true) \ 22 | && (rm -rfv /var/lib/gvm/private || true) \ 23 | && (rm /etc/localtime || true )\ 24 | && echo "Etc/UTC" >/etc/timezone \ 25 | && rm -rfv /tmp/* /var/cache/apk/* /var/lib/apt/lists/* \ 26 | && echo "!!! FINISH Setup !!!" 27 | ENV SETUP=0 28 | 29 | -------------------------------------------------------------------------------- /GVMDocker/Dockerfiles/release_latest-data.debian.Dockerfile: -------------------------------------------------------------------------------- 1 | # syntax=docker/dockerfile:1.4 2 | ARG CACHE_IMAGE=deineagenturug/gvm 3 | ARG CACHE_BUILD_IMAGE=deineagenturug/gvm-build 4 | 5 | FROM ${CACHE_IMAGE}:latest AS latest-data 6 | 7 | ARG CACHE_IMAGE 8 | ARG CACHE_BUILD_IMAGE 9 | 10 | ENV LANG=en_US.UTF-8 \ 11 | LANGUAGE=en_US.UTF-8 \ 12 | LC_ALL=en_US.UTF-8 \ 13 | SETUP=1 \ 14 | OPT_PDF=0 15 | 16 | RUN --mount=type=bind,source=./,target=/opt/context/,rw \ 17 | ln -snf "/usr/share/zoneinfo/$TZ" /etc/localtime \ 18 | && echo "$TZ" >/etc/timezone\ 19 | && /opt/setup/scripts/entrypoint.sh /usr/bin/supervisord -c /etc/supervisord.conf \ 20 | && (rm -rfv /var/lib/gvm/CA || true) \ 21 | && (rm -rfv /var/lib/gvm/private || true) \ 22 | && (rm /etc/localtime || true) \ 23 | && echo "Etc/UTC" >/etc/timezone \ 24 | && rm -rfv /tmp/* /var/cache/apk/* /var/lib/apt/lists/* \ 25 | && echo "!!! FINISH Setup !!!" 26 | ENV SETUP=0 27 | -------------------------------------------------------------------------------- /GVMDocker/Dockerfiles/release_latest-full.debian.Dockerfile: -------------------------------------------------------------------------------- 1 | # syntax=docker/dockerfile:1.4 2 | ARG CACHE_IMAGE=deineagenturug/gvm 3 | ARG CACHE_BUILD_IMAGE=deineagenturug/gvm-build 4 | 5 | FROM ${CACHE_IMAGE}:latest AS latest-full 6 | 7 | ARG CACHE_IMAGE 8 | ARG CACHE_BUILD_IMAGE 9 | 10 | ENV LANG=en_US.UTF-8 \ 11 | LANGUAGE=en_US.UTF-8 \ 12 | LC_ALL=en_US.UTF-8 \ 13 | SETUP=0 \ 14 | OPT_PDF=1 15 | 16 | RUN sudo apt-get update \ 17 | && sudo apt-get install -y --no-install-recommends \ 18 | texlive-fonts-recommended \ 19 | texlive-latex-extra \ 20 | && (rm -rfv /var/lib/gvm/CA || true) \ 21 | && (rm -rfv /var/lib/gvm/private || true) \ 22 | && (rm /etc/localtime || true) \ 23 | && echo "Etc/UTC" >/etc/timezone \ 24 | && rm -rfv /tmp/* /var/cache/apk/* /var/lib/apt/lists/* \ 25 | && echo "!!! FINISH Setup !!!" 26 | -------------------------------------------------------------------------------- /GVMDocker/build-args.txt: -------------------------------------------------------------------------------- 1 | GVMD_VERSION=21.4.5 2 | GSA_VERSION=21.4.4 3 | GSAD_VERSION=21.4.4 4 | GVM_LIBS_VERSION=21.4.4 5 | GVM_TOOLS_VERSION=21.10.0 6 | OSPD_OPENVAS_VERSION=21.4.4 7 | OPENVAS_SCANNER_VERSION=21.4.4 8 | OPENVAS_SMB_VERSION=21.4.0 9 | PYTHON_GVM_VERSION=21.11.0 10 | -------------------------------------------------------------------------------- /GVMDocker/build.sh: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env bash 2 | 3 | SCRIPT_DIR=$( cd -- "$( dirname -- "${BASH_SOURCE[0]}" )" &> /dev/null && pwd ) 4 | 5 | export BUILDER="default" 6 | export DL_DATA="YES" 7 | export ADD_OPTIONS=${ADD_OPTIONS:-"--pull --push --progress=plain --no-cache"} 8 | export BUILDX="buildx" 9 | export BUILD_BASE="YES" 10 | export BUILD_RELEASE_BASE="YES" 11 | export PLATFORM="linux/amd64" 12 | exec "${SCRIPT_DIR}/../local_multistep_build_v2.sh" 13 | -------------------------------------------------------------------------------- /GVMDocker/build_release.sh: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env bash 2 | 3 | SCRIPT_DIR=$( cd -- "$( dirname -- "${BASH_SOURCE[0]}" )" &> /dev/null && pwd ) 4 | 5 | export RELEASE="YES" 6 | export BUILDER="default" 7 | export DL_DATA="YES" 8 | export ADD_OPTIONS=${ADD_OPTIONS:-"--pull --push --progress=plain --no-cache"} 9 | export BUILDX="buildx" 10 | export BUILD_BASE="YES" 11 | export BUILD_RELEASE_BASE="YES" 12 | export PLATFORM="linux/amd64" 13 | exec "${SCRIPT_DIR}/../local_multistep_build_v2.sh" 14 | -------------------------------------------------------------------------------- /GVMDocker/config/logrotate-gvm.conf: -------------------------------------------------------------------------------- 1 | /var/log/gvm/*.log { 2 | missingok 3 | notifempty 4 | size 50M 5 | copytruncate 6 | sharedscripts 7 | dateext 8 | rotate 5 9 | compress 10 | } 11 | 12 | #/var/log/supervisor/*.log { 13 | # missingok 14 | # notifempty 15 | # size 50M 16 | # copytruncate 17 | # sharedscripts 18 | # dateext 19 | # rotate 5 20 | # compress 21 | #} -------------------------------------------------------------------------------- /GVMDocker/config/sshd_config: -------------------------------------------------------------------------------- 1 | X11Forwarding no 2 | PrintMotd no 3 | AllowUsers gvm 4 | AuthenticationMethods publickey 5 | Ciphers chacha20-poly1305@openssh.com 6 | KexAlgorithms curve25519-sha256@libssh.org 7 | MACs hmac-sha2-512-etm@openssh.com 8 | PasswordAuthentication no 9 | ChallengeResponseAuthentication no 10 | HostKey /etc/ssh/ssh_host_ed25519_key 11 | PrintMotd no 12 | PrintLastLog no 13 | PermitRootLogin no 14 | AllowAgentForwarding no 15 | MaxAuthTries 2 16 | MaxSessions 0 17 | StreamLocalBindUnlink yes 18 | ClientAliveInterval 10 19 | ClientAliveCountMax 3 20 | -------------------------------------------------------------------------------- /GVMDocker/docker-compose.yml: -------------------------------------------------------------------------------- 1 | version: "3" 2 | services: 3 | gvm: 4 | image: securecompliance/gvm 5 | volumes: 6 | - :/opt/database 7 | - :/var/lib/gvm 8 | - :/var/lib/openvas/plugins 9 | environment: 10 | - USERNAME="admin" 11 | - PASSWORD="admin" 12 | - RELAYHOST="smtp" 13 | - SMTPPORT=25 14 | - AUTO_SYNC=true 15 | - HTTPS=true 16 | - TZ="UTC" 17 | - SSHD=false 18 | - DB_PASSWORD="none" 19 | ports: 20 | - "8080:9392" # Web interface 21 | #- "5432:5432" # Access PostgreSQL database from external tools 22 | #- "2222:22" # SSH for remote sensors 23 | restart: unless-stopped 24 | -------------------------------------------------------------------------------- /GVMDocker/greenbone-feed-sync-patch.txt: -------------------------------------------------------------------------------- 1 | --- ./greenbone-feed-sync.in.old 2020-08-19 15:24:33.401492198 -0500 2 | +++ ./greenbone-feed-sync.in.new 2020-08-19 15:25:37.124175529 -0500 3 | @@ -590,6 +590,7 @@ 4 | fi 5 | 6 | is_feed_current 7 | +sleep 5 8 | if [ $FEED_CURRENT -eq 1 ] 9 | then 10 | log_notice "Feed is already current, skipping synchronization." 11 | -------------------------------------------------------------------------------- /GVMDocker/local_build.sh: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env bash 2 | set -Eeuo pipefail 3 | 4 | PWD="$(pwd)" 5 | DOCKER_ORG="${DOCKER_ORG:-deineagenturug}" 6 | declare -a PLATFORMS 7 | PLATFORMS=("linux/amd64" "linux/arm64") 8 | BUILDX="${BUILDX:-}" 9 | ADD_OPTIONS=${ADD_OPTIONS:-"--squash --cache-from type=local,src=/tmp/docker --cache-to type=local,dest=/tmp/docker --load"} 10 | 11 | cd "${PWD}" || exit 12 | 13 | for PLATFORM in "${PLATFORMS[@]}"; do 14 | docker ${BUILDX} build --platform "${PLATFORM}" ${ADD_OPTIONS} -f Dockerfile.debian $(for i in `cat build-args.txt`; do out+="--build-arg $i " ; done; echo $out;out="") -t "${DOCKER_ORG}"/gvm:debian -t "${DOCKER_ORG}"/gvm:debian-latest . 15 | docker ${BUILDX} build --platform "${PLATFORM}" ${ADD_OPTIONS} -f Dockerfile.debian $(for i in `cat build-args.txt`; do out+="--build-arg $i " ; done; echo $out;out="") --build-arg OPT_PDF=1 -t "${DOCKER_ORG}"/gvm:debian-full . 16 | docker ${BUILDX} build --platform "${PLATFORM}" ${ADD_OPTIONS} -f Dockerfile.debian $(for i in `cat build-args.txt`; do out+="--build-arg $i " ; done; echo $out;out="") --build-arg SETUP=1 -t "${DOCKER_ORG}"/gvm:debian-data . 17 | docker ${BUILDX} build --platform "${PLATFORM}" ${ADD_OPTIONS} -f Dockerfile.debian $(for i in `cat build-args.txt`; do out+="--build-arg $i " ; done; echo $out;out="") --build-arg SETUP=1 --build-arg OPT_PDF=1 -t "${DOCKER_ORG}"/gvm:debian-data-full . 18 | done 19 | -------------------------------------------------------------------------------- /GVMDocker/report_formats/5057e5cc-b825-11e4-9d0e-28d24461215b/generate: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | # Copyright (C) 2015-2018 Greenbone Networks GmbH 3 | # 4 | # SPDX-License-Identifier: GPL-2.0-or-later 5 | # 6 | # This program is free software; you can redistribute it and/or 7 | # modify it under the terms of the GNU General Public License 8 | # as published by the Free Software Foundation; either version 2 9 | # of the License, or (at your option) any later version. 10 | # 11 | # This program is distributed in the hope that it will be useful, 12 | # but WITHOUT ANY WARRANTY; without even the implied warranty of 13 | # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 14 | # GNU General Public License for more details. 15 | # 16 | # You should have received a copy of the GNU General Public License 17 | # along with this program; if not, write to the Free Software 18 | # Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. 19 | 20 | # Report generator script: Anonymous XML. 21 | 22 | xsltproc ./Anonymous_XML.xsl $1 2>/tmp/generate.ERR 23 | -------------------------------------------------------------------------------- /GVMDocker/report_formats/5057e5cc-b825-11e4-9d0e-28d24461215b/report_format.xml: -------------------------------------------------------------------------------- 1 | 2 | Anonymous XML 3 | Anonymous version of the raw XML report 4 | 5 | Complete scan report in GMP XML format. 6 | 7 | xml 8 | text/xml 9 | 10 | -------------------------------------------------------------------------------- /GVMDocker/report_formats/50c9950a-f326-11e4-800c-28d24461215b/generate: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | # Copyright (C) 2011-2018 Greenbone Networks GmbH 3 | # 4 | # SPDX-License-Identifier: GPL-2.0-or-later 5 | # 6 | # This program is free software; you can redistribute it and/or 7 | # modify it under the terms of the GNU General Public License 8 | # as published by the Free Software Foundation; either version 2 9 | # of the License, or (at your option) any later version. 10 | # 11 | # This program is distributed in the hope that it will be useful, 12 | # but WITHOUT ANY WARRANTY; without even the implied warranty of 13 | # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 14 | # GNU General Public License for more details. 15 | # 16 | # You should have received a copy of the GNU General Public License 17 | # along with this program; if not, write to the Free Software 18 | # Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. 19 | 20 | # Report generator script: ISM Verinice interface. 21 | 22 | #xsltproc --stringparam filename $FILENAME ./Verinice_ISM.xsl $XMLFILE | sed -e "s/\ xmlns=\"\"//g" | xmlstarlet fo > output_ism.xml 23 | TMP=`mktemp -d` || exit 1 24 | STARTDIR=`pwd` 25 | XMLFILE=`readlink -f $1` 26 | FILENAME=`basename $1` 27 | 28 | REPORT_ID=`xmlstarlet sel -t -v /report/task/@id $XMLFILE` 29 | 30 | cp $XMLFILE $TMP/$REPORT_ID-report-file\_$FILENAME 31 | xsltproc ./Verinice_ITG.xsl $1 | \ 32 | sed -e "s/\ xmlns=\"\"//g" | \ 33 | xmlstarlet fo > $TMP/verinice.xml && \ 34 | cd $TMP && zip - * 35 | cd $STARTDIR 36 | rm -r $TMP 37 | -------------------------------------------------------------------------------- /GVMDocker/report_formats/50c9950a-f326-11e4-800c-28d24461215b/report_format.xml: -------------------------------------------------------------------------------- 1 | 2 | Verinice ITG 3 | Greenbone Verinice ITG Report, v1.0.1. 4 | 5 | IT-Grundschutz Report for Verinice import, version 1.0.1. 6 | 7 | vna 8 | application/zip 9 | 10 | -------------------------------------------------------------------------------- /GVMDocker/report_formats/5ceff8ba-1f62-11e1-ab9f-406186ea4fc5/CPE.xsl: -------------------------------------------------------------------------------- 1 | 2 | 5 | 6 | 7 | 8 | 27 | 28 | 29 | 30 | 31 | 32 | 33 | 34 | 35 | 36 | 37 | 38 | 39 | | 40 | 41 | 42 | 43 | 44 | 45 | 46 | 47 | 48 | 49 | 50 | 51 | 52 | 53 | -------------------------------------------------------------------------------- /GVMDocker/report_formats/5ceff8ba-1f62-11e1-ab9f-406186ea4fc5/generate: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | # Copyright (C) 2010-2018 Greenbone Networks GmbH 3 | # 4 | # SPDX-License-Identifier: GPL-2.0-or-later 5 | # 6 | # This program is free software; you can redistribute it and/or 7 | # modify it under the terms of the GNU General Public License 8 | # as published by the Free Software Foundation; either version 2 9 | # of the License, or (at your option) any later version. 10 | # 11 | # This program is distributed in the hope that it will be useful, 12 | # but WITHOUT ANY WARRANTY; without even the implied warranty of 13 | # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 14 | # GNU General Public License for more details. 15 | # 16 | # You should have received a copy of the GNU General Public License 17 | # along with this program; if not, write to the Free Software 18 | # Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. 19 | 20 | # Report generator script: CPE. 21 | # 22 | # This report extracts the tables of identified 23 | # Common Platform Enumerations from the given 24 | # XML scan report using a XSL transformation with 25 | # the tool xsltproc. 26 | 27 | xsltproc ./CPE.xsl $1 28 | -------------------------------------------------------------------------------- /GVMDocker/report_formats/5ceff8ba-1f62-11e1-ab9f-406186ea4fc5/report_format.xml: -------------------------------------------------------------------------------- 1 | 2 | CPE 3 | Common Platform Enumeration CSV table. 4 | 5 | CPE stands for Common Platform Enumeration. It is a structured naming scheme for 6 | information technology systems, platforms, and packages. In other words: CPE 7 | provides a unique identifier for virtually any software product that is known for 8 | a vulnerability. 9 | 10 | The CPE dictionary is maintained by MITRE and NIST. MITRE also maintains CVE 11 | (Common Vulnerability Enumeration) and other relevant security standards. 12 | 13 | The report selects all CPE tables from the results and forms a single table 14 | as a comma separated values file. 15 | 16 | csv 17 | text/csv 18 | 19 | -------------------------------------------------------------------------------- /GVMDocker/report_formats/77bd6c4a-1f62-11e1-abf0-406186ea4fc5/ITG.xsl: -------------------------------------------------------------------------------- 1 | 2 | 5 | 6 | 7 | 8 | 27 | 28 | 34 | 35 | 36 | 37 | 38 | 39 | 40 | 41 | 43 | 44 | 45 | 46 | 47 | 48 | 49 | 50 | 51 | 52 | -------------------------------------------------------------------------------- /GVMDocker/report_formats/77bd6c4a-1f62-11e1-abf0-406186ea4fc5/generate: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | # Copyright (C) 2010-2018 Greenbone Networks GmbH 3 | # 4 | # SPDX-License-Identifier: GPL-2.0-or-later 5 | # 6 | # This program is free software; you can redistribute it and/or 7 | # modify it under the terms of the GNU General Public License 8 | # as published by the Free Software Foundation; either version 2 9 | # of the License, or (at your option) any later version. 10 | # 11 | # This program is distributed in the hope that it will be useful, 12 | # but WITHOUT ANY WARRANTY; without even the implied warranty of 13 | # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 14 | # GNU General Public License for more details. 15 | # 16 | # You should have received a copy of the GNU General Public License 17 | # along with this program; if not, write to the Free Software 18 | # Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. 19 | 20 | # Report generator script: ITG. 21 | # 22 | # This report extracts the tables of IT-Grundschutz 23 | # scans from the given XML scan report using a XSL 24 | # transformation with the tool xsltproc. 25 | 26 | xsltproc ./ITG.xsl $1 27 | -------------------------------------------------------------------------------- /GVMDocker/report_formats/77bd6c4a-1f62-11e1-abf0-406186ea4fc5/report_format.xml: -------------------------------------------------------------------------------- 1 | 2 | ITG 3 | German "IT-Grundschutz-Kataloge" report. 4 | 5 | Tabular report on the German "IT-Grundschutz-Kataloge", 6 | as published and maintained by the German Federal Agency for IT-Security. 7 | 8 | csv 9 | text/csv 10 | 11 | -------------------------------------------------------------------------------- /GVMDocker/report_formats/9087b18c-626c-11e3-8892-406186ea4fc5/generate: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | # Copyright (C) 2011-2018 Greenbone Networks GmbH 3 | # 4 | # SPDX-License-Identifier: GPL-2.0-or-later 5 | # 6 | # This program is free software; you can redistribute it and/or 7 | # modify it under the terms of the GNU General Public License 8 | # as published by the Free Software Foundation; either version 2 9 | # of the License, or (at your option) any later version. 10 | # 11 | # This program is distributed in the hope that it will be useful, 12 | # but WITHOUT ANY WARRANTY; without even the implied warranty of 13 | # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 14 | # GNU General Public License for more details. 15 | # 16 | # You should have received a copy of the GNU General Public License 17 | # along with this program; if not, write to the Free Software 18 | # Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. 19 | 20 | # This plugins creates a CSV file. 21 | 22 | xsltproc ./CSV_Hosts.xsl $1 23 | -------------------------------------------------------------------------------- /GVMDocker/report_formats/9087b18c-626c-11e3-8892-406186ea4fc5/report_format.xml: -------------------------------------------------------------------------------- 1 | 2 | CSV Hosts 3 | CSV host summary. 4 | Base host information and result counts as comma separated values. Text fields starting with "=", "@", "+", "-" will have a single quote "'" added so spreadsheet software does not interpret them as formulas. 5 | csv 6 | text/csv 7 | 8 | -------------------------------------------------------------------------------- /GVMDocker/report_formats/910200ca-dc05-11e1-954f-406186ea4fc5/generate: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | # Copyright (C) 2012-2018 Greenbone Networks GmbH 3 | # 4 | # SPDX-License-Identifier: GPL-2.0-or-later 5 | # 6 | # This program is free software; you can redistribute it and/or 7 | # modify it under the terms of the GNU General Public License 8 | # as published by the Free Software Foundation; either version 2 9 | # of the License, or (at your option) any later version. 10 | # 11 | # This program is distributed in the hope that it will be useful, 12 | # but WITHOUT ANY WARRANTY; without even the implied warranty of 13 | # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 14 | # GNU General Public License for more details. 15 | # 16 | # You should have received a copy of the GNU General Public License 17 | # along with this program; if not, write to the Free Software 18 | # Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. 19 | 20 | # Report generator script: ARF 21 | # 22 | # This report generates an Asset Reporting Format compliant document. 23 | 24 | xsltproc ./ARF.xsl $1 25 | -------------------------------------------------------------------------------- /GVMDocker/report_formats/910200ca-dc05-11e1-954f-406186ea4fc5/report_format.xml: -------------------------------------------------------------------------------- 1 | 2 | ARF 3 | Asset Reporting Format v1.0.0. 4 | 5 | NIST Asset Reporting Format 1.1 compliant document. 6 | 7 | xml 8 | text/xml 9 | 10 | -------------------------------------------------------------------------------- /GVMDocker/report_formats/9ca6fe72-1f62-11e1-9e7c-406186ea4fc5/generate: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | # Copyright (C) 2010-2018 Greenbone Networks GmbH 3 | # 4 | # SPDX-License-Identifier: GPL-2.0-or-later 5 | # 6 | # This program is free software; you can redistribute it and/or 7 | # modify it under the terms of the GNU General Public License 8 | # as published by the Free Software Foundation; either version 2 9 | # of the License, or (at your option) any later version. 10 | # 11 | # This program is distributed in the hope that it will be useful, 12 | # but WITHOUT ANY WARRANTY; without even the implied warranty of 13 | # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 14 | # GNU General Public License for more details. 15 | # 16 | # You should have received a copy of the GNU General Public License 17 | # along with this program; if not, write to the Free Software 18 | # Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. 19 | 20 | # Report generator script: NBE. 21 | # 22 | # This report generator creates the old Nessus NBE 23 | # format for reports. The XML report is transformed 24 | # via a XSL script into the line-oriented CSV 25 | # format called NBE. 26 | # 27 | # To run this generator properly, the tool xsltproc 28 | # needs to be accessible. 29 | 30 | #xsltproc ./NBE.xsl $1 31 | xsltproc ./NBE.xsl $1 2>/tmp/err.out 32 | -------------------------------------------------------------------------------- /GVMDocker/report_formats/9ca6fe72-1f62-11e1-9e7c-406186ea4fc5/report_format.xml: -------------------------------------------------------------------------------- 1 | 2 | NBE 3 | Legacy OpenVAS report. 4 | 5 | The traditional OpenVAS Scanner text based format. 6 | 7 | nbe 8 | text/plain 9 | 10 | -------------------------------------------------------------------------------- /GVMDocker/report_formats/9e5e5deb-879e-4ecc-8be6-a71cd0875cdd/generate: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | # Copyright (C) 2010-2018 Greenbone Networks GmbH 3 | # 4 | # SPDX-License-Identifier: GPL-2.0-or-later 5 | # 6 | # This program is free software; you can redistribute it and/or 7 | # modify it under the terms of the GNU General Public License 8 | # as published by the Free Software Foundation; either version 2 9 | # of the License, or (at your option) any later version. 10 | # 11 | # This program is distributed in the hope that it will be useful, 12 | # but WITHOUT ANY WARRANTY; without even the implied warranty of 13 | # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 14 | # GNU General Public License for more details. 15 | # 16 | # You should have received a copy of the GNU General Public License 17 | # along with this program; if not, write to the Free Software 18 | # Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. 19 | 20 | # Report generator script: Topology plot. 21 | # 22 | # This report generates a SVG image showing the 23 | # network topology. In a first step, the GMP report is 24 | # transformed via XSL with the tool xsltproc. 25 | # Next duplicate lines are removed with awk and finally 26 | # twopi of GraphViz creates the SVG file. 27 | 28 | TMP=`mktemp -d` || exit 1 29 | 30 | xsltproc ./hostvisdot-summary.xsl $1 > ${TMP}/summary-rgb.dot 31 | 32 | # remove duplicate lines: 33 | awk '!($0 in a) {a[$0];print}' ${TMP}/summary-rgb.dot > ${TMP}/summary-rgb-nondup.dot 34 | 35 | # Generate an SVG graphic using one of the GraphViz modules. 36 | TYPE=`cat $1 | xmlstarlet sel -t -v "/report/report_format/param[name='Graph Type']/value"` 37 | if [ -z $TYPE ]; then 38 | twopi -Tsvg ${TMP}/summary-rgb-nondup.dot -o ${TMP}/summary-rgb-nondup.svg 39 | else 40 | $TYPE -Tsvg ${TMP}/summary-rgb-nondup.dot -o ${TMP}/summary-rgb-nondup.svg 41 | fi 42 | 43 | cat ${TMP}/summary-rgb-nondup.svg 44 | -------------------------------------------------------------------------------- /GVMDocker/report_formats/9e5e5deb-879e-4ecc-8be6-a71cd0875cdd/report_format.xml: -------------------------------------------------------------------------------- 1 | 2 | Topology SVG 3 | Network topology SVG image. 4 | 5 | Scan results in topologic structure as scalable vector graphics. 6 | 7 | svg 8 | image/svg+xml 9 | 10 | Graph Type 11 | twopi 12 | 13 | selection 14 | 15 | 16 | 17 | 18 | 19 | 20 | twopi 21 | 22 | 23 | Node Distance 24 | 8 25 | 26 | integer 27 | 1 28 | 20 29 | 30 | 8 31 | 32 | 33 | -------------------------------------------------------------------------------- /GVMDocker/report_formats/a3810a62-1f62-11e1-9219-406186ea4fc5/generate: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | # Copyright (C) 2010-2018 Greenbone Networks GmbH 3 | # 4 | # SPDX-License-Identifier: GPL-2.0-or-later 5 | # 6 | # This program is free software; you can redistribute it and/or 7 | # modify it under the terms of the GNU General Public License 8 | # as published by the Free Software Foundation; either version 2 9 | # of the License, or (at your option) any later version. 10 | # 11 | # This program is distributed in the hope that it will be useful, 12 | # but WITHOUT ANY WARRANTY; without even the implied warranty of 13 | # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 14 | # GNU General Public License for more details. 15 | # 16 | # You should have received a copy of the GNU General Public License 17 | # along with this program; if not, write to the Free Software 18 | # Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. 19 | 20 | # Report generator script: TXT. 21 | # 22 | # This report generator creates a single TXT 23 | # file from the XML report using a XSL transformation 24 | # with the tool xsltproc. 25 | 26 | #xsltproc ./TXT.xsl $1 27 | xsltproc ./TXT.xsl $1 2>/tmp/err.out 28 | -------------------------------------------------------------------------------- /GVMDocker/report_formats/a3810a62-1f62-11e1-9219-406186ea4fc5/report_format.xml: -------------------------------------------------------------------------------- 1 | 2 | TXT 3 | Plain text report. 4 | 5 | Plain text report, best viewed with fixed font size. 6 | 7 | txt 8 | text/plain 9 | 10 | -------------------------------------------------------------------------------- /GVMDocker/report_formats/a684c02c-b531-11e1-bdc2-406186ea4fc5/generate: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | # Copyright (C) 2010-2018 Greenbone Networks GmbH 3 | # 4 | # SPDX-License-Identifier: GPL-2.0-or-later 5 | # 6 | # This program is free software; you can redistribute it and/or 7 | # modify it under the terms of the GNU General Public License 8 | # as published by the Free Software Foundation; either version 2 9 | # of the License, or (at your option) any later version. 10 | # 11 | # This program is distributed in the hope that it will be useful, 12 | # but WITHOUT ANY WARRANTY; without even the implied warranty of 13 | # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 14 | # GNU General Public License for more details. 15 | # 16 | # You should have received a copy of the GNU General Public License 17 | # along with this program; if not, write to the Free Software 18 | # Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. 19 | 20 | # Report generator script: LaTeX. 21 | # 22 | # This report generate creates a LaTeX file 23 | # using a XML transformation with the tool xsltproc. 24 | 25 | #xsltproc --profile ./latex.xsl $1 26 | #xsltproc ./latex.xsl $1 27 | xsltproc ./latex.xsl $1 2>/tmp/err.out 28 | -------------------------------------------------------------------------------- /GVMDocker/report_formats/a684c02c-b531-11e1-bdc2-406186ea4fc5/report_format.xml: -------------------------------------------------------------------------------- 1 | 2 | LaTeX 3 | LaTeX source file. 4 | 5 | Report as LaTeX source file for further processing. 6 | 7 | tex 8 | text/plain 9 | 10 | -------------------------------------------------------------------------------- /GVMDocker/report_formats/a994b278-1f62-11e1-96ac-406186ea4fc5/generate: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | # Copyright (C) 2010-2018 Greenbone Networks GmbH 3 | # 4 | # SPDX-License-Identifier: GPL-2.0-or-later 5 | # 6 | # This program is free software; you can redistribute it and/or 7 | # modify it under the terms of the GNU General Public License 8 | # as published by the Free Software Foundation; either version 2 9 | # of the License, or (at your option) any later version. 10 | # 11 | # This program is distributed in the hope that it will be useful, 12 | # but WITHOUT ANY WARRANTY; without even the implied warranty of 13 | # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 14 | # GNU General Public License for more details. 15 | # 16 | # You should have received a copy of the GNU General Public License 17 | # along with this program; if not, write to the Free Software 18 | # Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. 19 | 20 | # Report generator script: XML. 21 | # 22 | # This report generator is the most trivial 23 | # one as it simply passes on the XML report 24 | # without any change. 25 | 26 | cat $1 27 | -------------------------------------------------------------------------------- /GVMDocker/report_formats/a994b278-1f62-11e1-96ac-406186ea4fc5/report_format.xml: -------------------------------------------------------------------------------- 1 | 2 | XML 3 | Raw XML report. 4 | 5 | Anonymized scan report in GMP XML format. 6 | 7 | xml 8 | text/xml 9 | 10 | -------------------------------------------------------------------------------- /GVMDocker/report_formats/c15ad349-bd8d-457a-880a-c7056532ee15/report_format.xml: -------------------------------------------------------------------------------- 1 | 2 | Verinice ISM 3 | Greenbone Verinice ISM Report, v3.2.0. 4 | 5 | Information Security Management Report for Verinice import, version 3.2.0. 6 | 7 | vna 8 | application/zip 9 | 10 | Attached report formats 11 | 12 | 13 | 14 | report_format_list 15 | twopi 16 | 17 | 18 | ISM Control Description 19 | Dear IS Coordinator, 20 | 21 | A new scan has been carried out and the results are now available in Verinice. 22 | If responsible persons are linked to the asset groups, the tasks are already created. 23 | 24 | Please check the results in a timely manner. 25 | 26 | Best regards 27 | CIS 28 | 29 | 30 | text 31 | 0 32 | 100000 33 | 34 | Dear IS Coordinator, 35 | 36 | A new scan has been carried out and the results are now available in Verinice. 37 | If responsible persons are linked to the asset groups, the tasks are already created. 38 | 39 | Please check the results in a timely manner. 40 | 41 | Best regards 42 | CIS 43 | 44 | 45 | 46 | -------------------------------------------------------------------------------- /GVMDocker/report_formats/c1645568-627a-11e3-a660-406186ea4fc5/generate: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | # Copyright (C) 2010-2018 Greenbone Networks GmbH 3 | # 4 | # SPDX-License-Identifier: GPL-2.0-or-later 5 | # 6 | # This program is free software; you can redistribute it and/or 7 | # modify it under the terms of the GNU General Public License 8 | # as published by the Free Software Foundation; either version 2 9 | # of the License, or (at your option) any later version. 10 | # 11 | # This program is distributed in the hope that it will be useful, 12 | # but WITHOUT ANY WARRANTY; without even the implied warranty of 13 | # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 14 | # GNU General Public License for more details. 15 | # 16 | # You should have received a copy of the GNU General Public License 17 | # along with this program; if not, write to the Free Software 18 | # Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. 19 | 20 | # Report generator script: CSV Results. 21 | 22 | xsltproc ./CSV_Results.xsl $1 23 | -------------------------------------------------------------------------------- /GVMDocker/report_formats/c1645568-627a-11e3-a660-406186ea4fc5/report_format.xml: -------------------------------------------------------------------------------- 1 | 2 | CSV Results 3 | CSV result list. 4 | List of results as comma separated values. Text fields starting with "=", "@", "+", "-" will have a single quote "'" added so spreadsheet software does not interpret them as formulas. 5 | csv 6 | text/csv 7 | 8 | -------------------------------------------------------------------------------- /GVMDocker/report_formats/c402cc3e-b531-11e1-9163-406186ea4fc5/generate: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | # Copyright (C) 2010-2018 Greenbone Networks GmbH 3 | # 4 | # SPDX-License-Identifier: GPL-2.0-or-later 5 | # 6 | # This program is free software; you can redistribute it and/or 7 | # modify it under the terms of the GNU General Public License 8 | # as published by the Free Software Foundation; either version 2 9 | # of the License, or (at your option) any later version. 10 | # 11 | # This program is distributed in the hope that it will be useful, 12 | # but WITHOUT ANY WARRANTY; without even the implied warranty of 13 | # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 14 | # GNU General Public License for more details. 15 | # 16 | # You should have received a copy of the GNU General Public License 17 | # along with this program; if not, write to the Free Software 18 | # Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. 19 | 20 | # Report generator script: PDF. 21 | # 22 | # This report generate initially creates a LaTeX file 23 | # using a XML transformation with the tool xsltproc. 24 | # In a second step the latex file is processed with 25 | # the tool pdflatex and results in the final PDF file. 26 | # The intermediate files are stored under /tmp. 27 | 28 | TMP=`mktemp -d` || exit 1 29 | 30 | xsltproc ./latex.xsl $1 > ${TMP}/report.tex 2>/tmp/err.out 31 | 32 | pdflatex -interaction batchmode -output-directory ${TMP} ${TMP}/report.tex > /dev/null 2>&1 33 | 34 | # Run a second time to resolve references and page numbering as assembled 35 | # during first run. 36 | pdflatex -interaction batchmode -output-directory ${TMP} ${TMP}/report.tex > /dev/null 2>&1 & 37 | 38 | wait 39 | 40 | cat ${TMP}/report.pdf && rm -rf ${TMP} 41 | -------------------------------------------------------------------------------- /GVMDocker/report_formats/c402cc3e-b531-11e1-9163-406186ea4fc5/report_format.xml: -------------------------------------------------------------------------------- 1 | 2 | PDF 3 | Portable Document Format report. 4 | 5 | Scan results in Portable Document Format (PDF). 6 | 7 | pdf 8 | application/pdf 9 | 10 | -------------------------------------------------------------------------------- /GVMDocker/scripts/add-scanner.sh: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env bash 2 | set -Eeuo pipefail 3 | mkdir -p /var/lib/gvm/.ssh/ 4 | touch /var/lib/gvm/.ssh/authorized_keys 5 | chmod 600 /var/lib/gvm/.ssh/authorized_keys 6 | 7 | read -p "Scanner Name: " SCANNER_NAME 8 | read -p "Scanner ID: " SCANNER_ID 9 | read -p "Scanner public key: " SCANNER_KEY 10 | 11 | echo "Adding scanner $SCANNER_NAME..." 12 | 13 | su -c "gvmd --create-scanner='$SCANNER_NAME' --scanner-type=OpenVAS --scanner-host='/sockets/$SCANNER_ID.sock'" gvm 14 | 15 | echo "${SCANNER_KEY}" >>/var/lib/gvm/.ssh/authorized_keys 16 | chown gvm:gvm -R /var/lib/gvm/.ssh 17 | -------------------------------------------------------------------------------- /GVMDocker/scripts/entrypoint.sh: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env bash 2 | set -Eeuo pipefail 3 | export HTTP_PROXY="${HTTP_PROXY:-${http_proxy:-}}" 4 | export HTTPS_PROXY="${HTTPS_PROXY:-${https_proxy:-}}" 5 | export RSYNC_PROXY="${RSYNC_PROXY:-${rsync_proxy:-}}" 6 | export FTP_PROXY="${FTP_PROXY:-${ftp_proxy:-}}" 7 | export NO_PROXY="${NO_PROXY:-${no_proxy:-}}" 8 | if [[ -n "${HTTP_PROXY}" ]]; then 9 | touch /etc/apt/apt.conf.d/99proxy 10 | { 11 | echo "Acquire::http::Proxy \"${HTTP_PROXY}\";" 12 | } > /etc/apt/apt.conf.d/99proxy 13 | fi 14 | if [[ -n "${HTTPS_PROXY}" ]]; then 15 | touch /etc/apt/apt.conf.d/99proxy 16 | { 17 | echo "Acquire::https::Proxy \"${HTTP_PROXY}\";" 18 | } >> /etc/apt/apt.conf.d/99proxy 19 | fi 20 | if [[ -n "${FTP_PROXY}" ]]; then 21 | touch /etc/apt/apt.conf.d/99proxy 22 | { 23 | echo "Acquire::ftp::Proxy \"${FTP_PROXY}\";" 24 | } >> /etc/apt/apt.conf.d/99proxy 25 | fi 26 | 27 | touch /opt/setup/.env 28 | set -o allexport 29 | # shellcheck disable=SC1091 30 | source /opt/setup/.env 31 | set +o allexport 32 | export GVMD_USER=${USERNAME:-${GVMD_USER:-admin}} 33 | export GVMD_PASSWORD=${PASSWORD:-${GVMD_PASSWORD:-adminpassword}} 34 | export GVMD_PASSWORD_FILE=${PASSWORD_FILE:-${GVMD_PASSWORD_FILE:-adminpassword}} 35 | export GVMD_HOST=${GVMD_HOST:-localhost} 36 | export USERNAME=${USERNAME:-${GVMD_USER:-admin}} 37 | export PASSWORD=${PASSWORD:-${GVMD_PASSWORD:-adminpassword}} 38 | export PASSWORD_FILE=${PASSWORD_FILE:-${GVMD_PASSWORD_FILE:-none}} 39 | export TIMEOUT=${TIMEOUT:-15} 40 | export RELAYHOST=${RELAYHOST:-smtp} 41 | export SMTPPORT=${SMTPPORT:-25} 42 | export AUTO_SYNC=${AUTO_SYNC:-YES} 43 | export AUTO_SYNC_ON_START=${AUTO_SYNC_ON_START:-YES} 44 | export HTTPS=${HTTPS:-YES} 45 | export CERTIFICATE=${CERTIFICATE:-none} 46 | export CERTIFICATE_KEY=${CERTIFICATE_KEY:-none} 47 | export TZ=${TZ:-Etc/UTC} 48 | export DEBUG=${DEBUG:-N} 49 | export SSHD=${SSHD:-YES} 50 | export DB_PASSWORD=${DB_PASSWORD:-none} 51 | export DB_PASSWORD_FILE=${DB_PASSWORD_FILE:-none} 52 | 53 | if [ "$1" == "/usr/bin/supervisord" ]; then 54 | 55 | cp /opt/setup/config/supervisord.conf /etc/supervisord.conf 56 | cp /opt/setup/config/logrotate-gvm.conf /etc/logrotate.d/gvm 57 | mkdir -p /etc/redis/ 58 | cp /opt/setup/config/redis-openvas.conf /etc/redis/redis-openvas.conf 59 | cp /opt/setup/config/sshd_config /etc/ssh/sshd_config 60 | 61 | echo "Starting Postfix for report delivery by email" 62 | #sed -i "s/^relayhost.*$/relayhost = ${RELAYHOST}:${SMTPPORT}/" /etc/postfix/main.cf 63 | postconf -e "relayhost = ${RELAYHOST}:${SMTPPORT}" 64 | # exec /start.sh 65 | echo "GVM Started but with > supervisor <" 66 | if [ ! -f "/firstrun" ]; then 67 | echo "Running first start configuration..." 68 | 69 | ln -snf "/usr/share/zoneinfo/$TZ" /etc/localtime && echo "$TZ" >/etc/timezone 70 | 71 | touch /firstrun 72 | fi 73 | fi 74 | 75 | exec "$@" 76 | -------------------------------------------------------------------------------- /GVMDocker/scripts/menu.sh: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env bash 2 | -------------------------------------------------------------------------------- /GVMDocker/scripts/migration_v21.4.0_ubuntu_images.sh: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env bash 2 | set -Eeuo pipefail 3 | -------------------------------------------------------------------------------- /GVMDocker/scripts/ospd-openvas-wrapper.sh: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env bash 2 | set -x 3 | 4 | # PreClean up the pid file 5 | if [ -f /var/run/ospd.pid ]; then 6 | rm -f /var/run/ospd.pid 7 | fi 8 | 9 | # SIGTERM-handler 10 | term_handler() { 11 | if [ -f /var/run/ospd.pid ]; then 12 | kill "$(cat /var/run/ospd.pid)" 13 | rm -f /var/run/ospd.pid 14 | fi 15 | exit 143 # 128 + 15 -- SIGTERM 16 | } 17 | 18 | # setup handlers 19 | # on callback, kill the last background process, which is `tail -f /dev/null` and execute the specified handler 20 | trap 'term_handler' SIGTERM SIGINT 21 | 22 | # run application 23 | exec "$@" 24 | -------------------------------------------------------------------------------- /GVMDocker/scripts/reportFix.sh: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env bash 2 | 3 | numCheck='^[0-9]+$' 4 | 5 | abortChange() { 6 | if ! [[ $? -eq 0 ]]; then echo "Aborted, no changes have been made" && exit 1; fi 7 | } 8 | 9 | reportRows() { 10 | reportRPP=$(whiptail --inputbox "How many rows do you need to export your report?" 10 30 3>&1 1>&2 2>&3) 11 | } 12 | 13 | webRows() { 14 | webRPP=$(whiptail --inputbox "How many rows per page would you like to display in the web UI?" 10 30 3>&1 1>&2 2>&3) 15 | } 16 | 17 | whiptail --title "Modify Rows Per Page Setting" --msgbox "This tool allows you to modify the max_rows_per_page setting. A larger number will allow you to export more data, but it will make the web UI load much slower. Any scan with more than 15000 results should be broken into multiple scans. For more details, please view our github README" 15 60 18 | 19 | # patching functions 20 | exportingPatch() { 21 | reportRows 22 | abortChange 23 | while ! [[ $reportRPP =~ $numCheck ]]; do 24 | whiptail --msgbox "Please enter a valid integer" 10 30 25 | reportRows 26 | abortChange 27 | done 28 | su -c "gvmd --modify-setting 76374a7a-0569-11e6-b6da-28d24461215b --value ${reportRPP}" gvm 29 | } 30 | webUIPatch() { 31 | webRows 32 | abortChange 33 | while ! [[ $webRPP =~ $numCheck ]]; do 34 | whiptail --msgbox "Please enter a valid integer" 10 30 35 | webRows 36 | abortChange 37 | done 38 | su -c "gvmd --modify-setting 76374a7a-0569-11e6-b6da-28d24461215b --value ${webRPP}" gvm 39 | } 40 | 41 | fixMenu=$( 42 | whiptail --title "GVM Reporting Fix" --menu "Please select an option:" 15 75 3 \ 43 | '1)' "Exporting Patch - Export more than 1000 lines in reports" \ 44 | '2)' "WebUI Patch - Be able to view report data in the web interface" \ 45 | 'X)' "exit" 3>&2 2>&1 1>&3 46 | ) 47 | abortChange 48 | 49 | case $fixMenu in 50 | "1)") 51 | exportingPatch 52 | ;; 53 | "2)") 54 | webUIPatch 55 | ;; 56 | "X)") 57 | exit 58 | ;; 59 | esac 60 | -------------------------------------------------------------------------------- /GVMDocker/scripts/reset-gvmd-admin-password.sh: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env bash 2 | set -Eeuo pipefail 3 | 4 | RESET_USERNAME=${USERNAME:-${GVMD_USER:-admin}} 5 | 6 | read -rp "Reset to new password: " RESET_PASSWORD 7 | read -rp "Repeate new password: " RESET_PASSWORD2 8 | 9 | if [ "${RESET_PASSWORD}" == "${RESET_PASSWORD2}" ]; then 10 | 11 | su -c "gvmd --user=\"${RESET_USERNAME}\" --new-password=\"${RESET_PASSWORD}\"" gvm 12 | 13 | else 14 | 15 | echo "Password did not match - aborted." 16 | 17 | fi 18 | -------------------------------------------------------------------------------- /GVMDocker/scripts/start_crond.sh: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env bash 2 | if [ "${SYSTEM_DIST}" == "alpine" ]; then 3 | exec /usr/sbin/crond -f -l 8 -c /etc/crontabs 4 | elif [ "${SYSTEM_DIST}" == "debian" ]; then 5 | exec /usr/sbin/cron -f -l -L 8 6 | fi 7 | -------------------------------------------------------------------------------- /GVMDocker/scripts/start_gsad.sh: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env bash 2 | if [ "${SYSTEM_DIST}" == "alpine" ]; then 3 | exec /usr/bin/gsad "$@" 4 | elif [ "${SYSTEM_DIST}" == "debian" ]; then 5 | exec /usr/sbin/gsad "$@" 6 | fi 7 | -------------------------------------------------------------------------------- /GVMDocker/scripts/start_gvmd.sh: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env bash 2 | if [ "${SYSTEM_DIST}" == "alpine" ]; then 3 | exec /usr/bin/gvmd "$@" 4 | elif [ "${SYSTEM_DIST}" == "debian" ]; then 5 | exec /usr/sbin/gvmd "$@" 6 | fi 7 | -------------------------------------------------------------------------------- /GVMDocker/scripts/start_rsyslogd.sh: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env bash 2 | 3 | PID_FILE="/var/run/rsyslogd.pid" 4 | 5 | # PreClean up the pid file 6 | if [ -f "${PID_FILE}" ]; then 7 | rm -f "${PID_FILE}" 8 | fi 9 | 10 | # SIGTERM-handler 11 | term_handler() { 12 | if [ -f "${PID_FILE}" ]; then 13 | kill -9 "$(cat "${PID_FILE}")" 14 | rm -f "${PID_FILE}" 15 | fi 16 | exit 143 # 128 + 15 -- SIGTERM 17 | } 18 | 19 | # setup handlers 20 | # on callback, kill the last background process, which is `tail -f /dev/null` and execute the specified handler 21 | trap 'term_handler' SIGTERM SIGINT 22 | 23 | #if [ "${SYSTEM_DIST}" == "alpine" ]; then 24 | #exec /usr/sbin/crond -f -l 8 -c /etc/crontabs 25 | #el 26 | if [ "${SYSTEM_DIST}" == "debian" ]; then 27 | exec /usr/sbin/rsyslogd -dn 28 | fi 29 | -------------------------------------------------------------------------------- /GVMDocker/scripts/sync-all.sh: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env bash 2 | set -Eeo pipefail 3 | if [[ ! "${AUTO_SYNC}" =~ ^(yes|y|YES|Y|true|TRUE)$ ]]; then 4 | exit 0 5 | fi 6 | 7 | exec_as_gvm(){ 8 | # if root 9 | if [ "$EUID" -eq 0 ]; then 10 | su -c "$1" gvm 11 | return 12 | elif [ "$(whoami)" = "gvm" ]; then 13 | eval "$1" 14 | return 15 | else 16 | echo "Run this script either as root or as gvm user" 17 | fi 18 | 19 | false 20 | } 21 | 22 | if [ ! -f "/var/lib/gvm/.firstsync" ]; then 23 | 24 | mkdir -p /var/lib/gvm/data-objects/gvmd 25 | chown gvm:gvm /var/lib/gvm 26 | find /var/lib/gvm \( ! -user gvm -o ! -group gvm \) -exec chown gvm:gvm {} + 27 | 28 | mkdir -p /var/lib/openvas/plugins 29 | chown gvm:gvm /var/lib/openvas 30 | find /var/lib/openvas \( ! -user gvm -o ! -group gvm \) -exec chown gvm:gvm {} + 31 | 32 | mkdir -p /var/log/gvm 33 | chown gvm:gvm /var/log/gvm 34 | find /var/log/gvm \( ! -user gvm -o ! -group gvm \) -exec chown gvm:gvm {} + 35 | 36 | find /var/lib/openvas/ -type d -exec chmod 755 {} + 37 | find /var/lib/gvm/ -type d -exec chmod 755 {} + 38 | find /var/lib/openvas/ -type f -exec chmod 644 {} + 39 | find /var/lib/gvm/ -type f -exec chmod 644 {} + 40 | find /var/lib/gvm/gvmd/report_formats -type f -name "generate" -exec chmod +x {} \; 41 | 42 | 43 | fi 44 | 45 | set +Eeuo pipefail 46 | echo "Updating NVTs..." 47 | #su -c "rsync --compress-level=9 --links --times --omit-dir-times --recursive --partial --quiet rsync://feed.community.greenbone.net:/nvt-feed /var/lib/openvas/plugins" gvm 48 | exec_as_gvm "greenbone-nvt-sync" 49 | sleep 5 50 | 51 | echo "Updating GVMd data..." 52 | exec_as_gvm "greenbone-feed-sync --type GVMD_DATA" 53 | sleep 5 54 | 55 | echo "Updating SCAP data..." 56 | exec_as_gvm "greenbone-feed-sync --type SCAP" 57 | sleep 5 58 | 59 | echo "Updating CERT data..." 60 | exec_as_gvm "greenbone-feed-sync --type CERT" 61 | 62 | sleep 5 63 | true 64 | -------------------------------------------------------------------------------- /GVMDocker/scripts/sync-initial.sh: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env bash 2 | set -Eeuo pipefail 3 | 4 | mkdir -p /var/lib/gvm/data-objects/gvmd 5 | mkdir -p /var/lib/openvas/plugins 6 | mkdir -p /var/log/gvm 7 | 8 | if [ ! -f "/var/lib/gvm/.firstsync" ] && [ -f "/opt/context/gvm-sync-data/gvm-sync-data.tar.xz" ]; then 9 | mkdir /tmp/data 10 | 11 | echo "Extracting internal data TAR..." 12 | tar --extract --file=/opt/context/gvm-sync-data/gvm-sync-data.tar.xz --directory=/tmp/data 13 | 14 | chown gvm:gvm -R /tmp/data 15 | 16 | # ls -lahR /tmp/data 17 | 18 | cp -a /tmp/data/nvt-feed/* /var/lib/openvas/plugins/ 19 | cp -a /tmp/data/gvmd-data/* /var/lib/gvm/data-objects/gvmd 20 | cp -a /tmp/data/scap-data/* /var/lib/gvm/scap-data/ 21 | cp -a /tmp/data/cert-data/* /var/lib/gvm/cert-data/ 22 | 23 | chown gvm:gvm -R /var/lib/gvm 24 | chown gvm:gvm -R /var/lib/openvas 25 | chown gvm:gvm -R /var/log/gvm 26 | 27 | find /var/lib/openvas/ -type d -exec chmod 755 {} + 28 | find /var/lib/gvm/ -type d -exec chmod 755 {} + 29 | find /var/lib/openvas/ -type f -exec chmod 644 {} + 30 | find /var/lib/gvm/ -type f -exec chmod 644 {} + 31 | find /var/lib/gvm/gvmd/report_formats -type f -name "generate" -exec chmod +x {} \; 32 | 33 | rm -r /tmp/data 34 | fi 35 | 36 | # Sync NVTs, CERT data, and SCAP data on container start 37 | /opt/setup/scripts/sync-all.sh 38 | touch /var/lib/gvm/.firstsync 39 | 40 | true 41 | -------------------------------------------------------------------------------- /GVMLogstash/.github/workflows/docker-publish.yml: -------------------------------------------------------------------------------- 1 | name: Docker 2 | 3 | on: 4 | push: 5 | # Publish `master` as Docker `master` image. 6 | branches: 7 | - master 8 | 9 | # Publish `v1.2.3` tags as releases. 10 | tags: 11 | - v* 12 | 13 | # Run tests for any PRs. 14 | pull_request: 15 | 16 | env: 17 | # TODO: Change variable to your image's name. 18 | IMAGE_NAME: gvm-logstash 19 | 20 | jobs: 21 | # Run tests. 22 | # See also https://docs.docker.com/docker-hub/builds/automated-testing/ 23 | test: 24 | runs-on: ubuntu-latest 25 | 26 | steps: 27 | - uses: actions/checkout@v2 28 | 29 | - name: Run tests 30 | run: | 31 | if [ -f docker-compose.test.yml ]; then 32 | docker-compose --file docker-compose.test.yml build 33 | docker-compose --file docker-compose.test.yml run sut 34 | else 35 | docker build . --file Dockerfile 36 | fi 37 | 38 | # Push image to GitHub Packages. 39 | # See also https://docs.docker.com/docker-hub/builds/ 40 | push: 41 | # Ensure test job passes before pushing image. 42 | needs: test 43 | 44 | runs-on: ubuntu-latest 45 | if: github.event_name == 'push' 46 | 47 | steps: 48 | - uses: actions/checkout@v2 49 | 50 | - name: Build image 51 | run: docker build . --file Dockerfile --tag $IMAGE_NAME 52 | 53 | - name: Log into GitHub Container Registry 54 | run: echo "${{ secrets.CR_PAT }}" | docker login https://ghcr.io -u dexus --password-stdin 55 | 56 | - name: Push image to GitHub Container Registry 57 | run: | 58 | IMAGE_ID=ghcr.io/${{ github.repository }}/$IMAGE_NAME 59 | 60 | # Change all uppercase to lowercase 61 | IMAGE_ID=$(echo $IMAGE_ID | tr '[A-Z]' '[a-z]') 62 | 63 | # Strip git ref prefix from version 64 | VERSION=$(echo "${{ github.ref }}" | sed -e 's,.*/\(.*\),\1,') 65 | 66 | # Strip "v" prefix from tag name 67 | [[ "${{ github.ref }}" == "refs/tags/"* ]] && VERSION=$(echo $VERSION | sed -e 's/^v//') 68 | 69 | echo IMAGE_ID=$IMAGE_ID 70 | echo VERSION=$VERSION 71 | 72 | docker tag $IMAGE_NAME $IMAGE_ID:$VERSION 73 | docker push $IMAGE_ID:$VERSION 74 | -------------------------------------------------------------------------------- /GVMLogstash/Dockerfile: -------------------------------------------------------------------------------- 1 | FROM docker.elastic.co/logstash/logstash:7.9.1 2 | RUN rm -f /usr/share/logstash/pipeline/logstash.conf 3 | ADD https://jdbc.postgresql.org/download/postgresql-42.2.16.jar /usr/share/logstash/postgresql.jar 4 | ADD config/ /usr/share/logstash/config/ 5 | ADD pipeline/ /usr/share/logstash/pipeline/ 6 | ADD get-results.sql /usr/share/logstash/ 7 | USER root 8 | RUN chown logstash:root -R /usr/share/logstash 9 | USER logstash 10 | -------------------------------------------------------------------------------- /GVMLogstash/README.md: -------------------------------------------------------------------------------- 1 | ![GVM Logstash Logo](https://github.com/SCS-Labs/Images/raw/main/GVM%20Logstash.png) 2 | 3 | This docker image contains logstash configured to pull data from a Greenbone Vulnerability Manager instance. 4 | 5 | Must login first using 6 | 7 | ```docker login docker.pkg.github.com``` 8 | 9 | Example command: 10 | 11 | ```sh 12 | docker run -d \ 13 | -e DB_PASSWORD= \ 14 | -e DB_USER=gvm \ 15 | -e DB_HOST= \ 16 | -e ES_HOST= \ 17 | -e ES_USER= \ 18 | -e ES_PASSWORD= \ 19 | --name gvm-logstash \ 20 | docker.pkg.github.com/secure-compliance-solutions-llc/gvm-logstash/gvm-logstash:master 21 | ``` 22 | 23 | 24 | 25 | | Environment Variable Name | Default Value | 26 | | ------------------------- | ----------------------- | 27 | | `DB_HOST` | `gvm` | 28 | | `DB_USER` | `gvm` | 29 | | `DB_PASSWORD` | | 30 | | `ES_HOST` | `https://example.com:443` | 31 | | `ES_USER` | `gvm-logstash ` | 32 | | `ES_PASSWORD` | | 33 | -------------------------------------------------------------------------------- /GVMLogstash/config/logstash.yml: -------------------------------------------------------------------------------- 1 | path: 2 | config: /usr/share/logstash/pipeline/ 3 | -------------------------------------------------------------------------------- /GVMLogstash/debian.Dockerfile: -------------------------------------------------------------------------------- 1 | # syntax=docker/dockerfile:1.4 2 | FROM docker.elastic.co/logstash/logstash:7.9.1 3 | RUN rm -f /usr/share/logstash/pipeline/logstash.conf 4 | ADD https://jdbc.postgresql.org/download/postgresql-42.2.16.jar /usr/share/logstash/postgresql.jar 5 | ADD config/ /usr/share/logstash/config/ 6 | ADD pipeline/ /usr/share/logstash/pipeline/ 7 | ADD get-results.sql /usr/share/logstash/ 8 | USER root 9 | RUN chown logstash:root -R /usr/share/logstash 10 | USER logstash 11 | -------------------------------------------------------------------------------- /GVMLogstash/pipeline/gvm.conf: -------------------------------------------------------------------------------- 1 | # Author: Joshua Schmitt 2 | # Last Update: 2020-09-16 3 | # Version 0.1 4 | # Description: Take in scan reports from the GVM PostgreSQL Database and dump into Elasticsearch 5 | 6 | input { 7 | jdbc { 8 | jdbc_driver_library => "/usr/share/logstash/postgresql.jar" 9 | jdbc_driver_class => "org.postgresql.Driver" 10 | jdbc_connection_string => "jdbc:postgresql://${DB_HOST:gvm}/gvmd?ssl=false¤tSchema=public" 11 | jdbc_user => "${DB_USER:gvm}" 12 | jdbc_password => "${DB_PASSWORD}" 13 | use_column_value => true 14 | tracking_column_type => "numeric" 15 | tracking_column => "result_id" 16 | schedule => "/5 * * * *" 17 | statement_filepath => "/usr/share/logstash/get-results.sql" 18 | last_run_metadata_path => "/usr/share/logstash/.logstash_openvas_scan_jdbc_last_run" 19 | } 20 | } 21 | 22 | filter { 23 | fingerprint { 24 | method => "SHA256" 25 | source => ["hostname", "port", "port_protocol", "nvt_oid", "ip", "scan_id", "summary"] 26 | target => "[@metadata][generated_id]" 27 | concatenate_sources => true 28 | } 29 | } 30 | 31 | filter { 32 | mutate { 33 | add_field => { "[event][module]" => [ "gvm" ] } 34 | add_field => { "[event][dataset]" => [ "gvm.scan" ] } 35 | } 36 | } 37 | 38 | output { 39 | elasticsearch { 40 | index => "${INDEX_NAME:security-vulnerabilities}-%{+YYYY.MM}" 41 | ilm_enabled => false 42 | ssl_certificate_verification => "${SSL_VERIFICATION:true}" 43 | document_id => "%{[@metadata][generated_id]}" 44 | hosts => ["${ES_HOST:https://example.com:443}"] 45 | user => "${ES_USER:gvm-logstash}" 46 | password => "${ES_PASSWORD}" 47 | } 48 | } 49 | -------------------------------------------------------------------------------- /LICENSE: -------------------------------------------------------------------------------- 1 | MIT License 2 | 3 | Copyright (c) 2020 Secure Compliance Solutions LLC 4 | Copyright (c) 2022 DeineAgentur UG 5 | 6 | Permission is hereby granted, free of charge, to any person obtaining a copy 7 | of this software and associated documentation files (the "Software"), to deal 8 | in the Software without restriction, including without limitation the rights 9 | to use, copy, modify, merge, publish, distribute, sublicense, and/or sell 10 | copies of the Software, and to permit persons to whom the Software is 11 | furnished to do so, subject to the following conditions: 12 | 13 | The above copyright notice and this permission notice shall be included in all 14 | copies or substantial portions of the Software. 15 | 16 | THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR 17 | IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 18 | FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE 19 | AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER 20 | LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, 21 | OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE 22 | SOFTWARE. 23 | -------------------------------------------------------------------------------- /OpenVASDocker/.dockerignore: -------------------------------------------------------------------------------- 1 | * 2 | !apk-build/target/ 3 | !apk-build/user.abuild/*.pub 4 | !config/ 5 | !gvm-sync-data/ 6 | !report_formats/ 7 | !scripts/*.sh 8 | !build.sh 9 | !/build.sh 10 | -------------------------------------------------------------------------------- /OpenVASDocker/.github/ISSUE_TEMPLATE/bug_report.md: -------------------------------------------------------------------------------- 1 | --- 2 | name: Bug report 3 | about: Create a report to help us improve 4 | title: "[Bug]" 5 | labels: bug 6 | assignees: Dexus, pixelsquared 7 | 8 | --- 9 | 10 | **** Before you open a bug issue, please read the documentation. If you do not find an answer to your problem there, please look in the issues that have already been closed. Only if you still have not found an answer to your problem should you open a new issue. **** 11 | ** https://securecompliance.gitbook.io/projects/openvas-greenbone-deployment-full-guide ** 12 | 13 | **Describe the bug** 14 | A clear and concise description of what the bug is. 15 | 16 | **To Reproduce** 17 | Steps to reproduce the behavior: 18 | 1. Go to '...' 19 | 2. Click on '....' 20 | 3. Scroll down to '....' 21 | 4. See error 22 | 23 | **Expected behavior** 24 | A clear and concise description of what you expected to happen. 25 | 26 | **Screenshots** 27 | If applicable, add screenshots to help explain your problem. 28 | 29 | **Host Device:** 30 | - OS: 31 | - Version: 32 | 33 | **Image in use:** 34 | - Self build? 35 | - Output from `docker image inspect ` : 36 | ``` 37 | # docker image inspect 38 | ``` 39 | 40 | **Additional context** 41 | Add any other context about the problem here. 42 | -------------------------------------------------------------------------------- /OpenVASDocker/.github/ISSUE_TEMPLATE/feature_request.md: -------------------------------------------------------------------------------- 1 | --- 2 | name: Feature request 3 | about: Suggest an idea for this project 4 | title: "[Enhancement]" 5 | labels: '' 6 | assignees: austinsonger, Dexus 7 | 8 | --- 9 | 10 | **Is your feature request related to a problem? Please describe.** 11 | A clear and concise description of what the problem is. Ex. I'm always frustrated when [...] 12 | 13 | **Describe the solution you'd like** 14 | A clear and concise description of what you want to happen. 15 | 16 | **Describe alternatives you've considered** 17 | A clear and concise description of any alternative solutions or features you've considered. 18 | 19 | **Additional context** 20 | Add any other context or screenshots about the feature request here. 21 | -------------------------------------------------------------------------------- /OpenVASDocker/.github/PULL_REQUEST_TEMPLATE.md: -------------------------------------------------------------------------------- 1 | ## Summary 2 | 3 | Summarize your PR. If it involves visual changes, include a screenshot or GIF. 4 | 5 | 6 | ### Checklist 7 | 8 | Delete any items that are not applicable to this PR. 9 | 10 | - [ ] [Update Documentation](https://github.com/Secure-Compliance-Solutions-LLC/gitbook) was added for features that require explanation or tutorials 11 | 12 | ### Enhancements: 13 | 14 | 15 | ### Fixed Bug/Issues solved: 16 | 17 | 18 | ### Breaking Changes: 19 | 20 | -------------------------------------------------------------------------------- /OpenVASDocker/.gitignore: -------------------------------------------------------------------------------- 1 | apk-build/ 2 | storage/ 3 | -------------------------------------------------------------------------------- /OpenVASDocker/Dockerfile: -------------------------------------------------------------------------------- 1 | FROM alpine:3 2 | 3 | ENTRYPOINT [ "/entrypoint.sh" ] 4 | CMD ["/usr/bin/supervisord", "-n", "-c", "/etc/supervisord.conf"] 5 | 6 | ARG SUPVISD=supervisorctl 7 | ARG DEBUG=N 8 | ARG AUTOSSH_DEBUG=${AUTOSSH_DEBUG:-0} 9 | ARG TZ=UTC 10 | ARG SETUP=0 11 | 12 | RUN mkdir -p /repo/main \ 13 | && mkdir -p /repo/community 14 | 15 | COPY apk-build/target/ /repo/ 16 | COPY apk-build/user.abuild/*.pub /etc/apk/keys/ 17 | 18 | ENV SUPVISD=${SUPVISD:-supervisorctl} \ 19 | DEBUG=${DEBUG:-N} \ 20 | AUTOSSH_DEBUG=${AUTOSSH_DEBUG:-0} \ 21 | TZ=${TZ:-UTC} \ 22 | SETUP=${SETUP:-0} 23 | 24 | RUN { \ 25 | echo '@custcom /repo/community/'; \ 26 | echo 'https://dl-5.alpinelinux.org/alpine/v3.14/main/' ; \ 27 | echo 'https://dl-5.alpinelinux.org/alpine/v3.14/community/' ;\ 28 | echo 'https://dl-4.alpinelinux.org/alpine/v3.14/main/' ; \ 29 | echo 'https://dl-4.alpinelinux.org/alpine/v3.14/community/' ;\ 30 | echo 'https://dl-cdn.alpinelinux.org/alpine/v3.14/main/' ; \ 31 | echo 'https://dl-cdn.alpinelinux.org/alpine/v3.14/community/' ; \ 32 | } >/etc/apk/repositories \ 33 | && cat /etc/apk/repositories \ 34 | && sleep 5 \ 35 | && apk upgrade --no-cache --available \ 36 | && sleep 5 \ 37 | && apk add --no-cache --allow-untrusted curl wget rsync autossh su-exec tzdata bash openssh supervisor openvas@custcom openvas-smb@custcom openvas-config@custcom gvm-libs@custcom ospd-openvas@custcom \ 38 | && mkdir -p /var/log/supervisor/ \ 39 | && sync 40 | 41 | COPY gvm-sync-data/gvm-sync-data.tar.xz /opt/gvm-sync-data.tar.xz 42 | COPY scripts/* / 43 | COPY config/supervisord.conf /etc/supervisord.conf 44 | COPY config/redis-openvas.conf /etc/redis.conf 45 | 46 | VOLUME [ "/var/lib/openvas/plugins", "/var/lib/gvm" ] 47 | 48 | RUN if [ "${SETUP}" == "1" ]; then \ 49 | ln -snf "/usr/share/zoneinfo/$TZ" /etc/localtime && echo "$TZ" >/etc/timezone \ 50 | && /usr/bin/supervisord -c /etc/supervisord.conf || true ; \ 51 | unset SETUP ;\ 52 | fi \ 53 | && apk upgrade --no-cache --available \ 54 | && chmod +x /*.sh \ 55 | && rm /etc/localtime || true\ 56 | && echo "UTC" >/etc/timezone \ 57 | && rm -rf /tmp/* /var/cache/apk/* \ 58 | && echo "!!! FINISH Setup !!!" 59 | 60 | # 61 | # Owned by User gvm 62 | # 63 | # /run/ospd 64 | # /var/lib/openvas/plugins 65 | # /var/lib/gvm 66 | # /var/lib/gvm/gvmd 67 | # /var/lib/gvm/gvmd/gnupg 68 | # /var/log/gvm 69 | # 70 | # Owned by Group gvm 71 | # 72 | # /run/ospd 73 | # /var/lib/gvm 74 | # /var/lib/gvm/gvmd 75 | # /var/lib/gvm/gvmd/gnupg 76 | # -------------------------------------------------------------------------------- /OpenVASDocker/Dockerfiles/release_latest-data.debian.Dockerfile: -------------------------------------------------------------------------------- 1 | # syntax=docker/dockerfile:1.4 2 | ARG CACHE_IMAGE=deineagenturug/openvas-scanner 3 | ARG CACHE_BUILD_IMAGE=deineagenturug/gvm-build 4 | 5 | ARG POSTGRESQL_VERSION="13" 6 | ARG GSAD_VERSION="21.4.4" 7 | ARG GSA_VERSION="21.4.4" 8 | ARG GVM_LIBS_VERSION="21.4.4" 9 | ARG GVMD_VERSION="21.4.5" 10 | ARG OPENVAS_SCANNER_VERSION="21.4.4" 11 | ARG OPENVAS_SMB_VERSION="21.4.0" 12 | ARG PYTHON_GVM_VERSION="21.11.0" 13 | ARG OSPD_OPENVAS_VERSION="21.4.4" 14 | ARG GVM_TOOLS_VERSION="21.10.0" 15 | 16 | FROM ${CACHE_BUILD_IMAGE}:build_gvm_libs AS build_gvm_libs 17 | FROM ${CACHE_BUILD_IMAGE}:build_openvas_smb AS build_openvas_smb 18 | FROM ${CACHE_BUILD_IMAGE}:build_openvas_scanner AS build_openvas_scanner 19 | 20 | FROM debian:11-slim 21 | ARG CACHE_IMAGE 22 | ARG CACHE_BUILD_IMAGE 23 | ARG POSTGRESQL_VERSION 24 | ARG GSAD_VERSION 25 | ARG GSA_VERSION 26 | ARG GVM_LIBS_VERSION 27 | ARG GVMD_VERSION 28 | ARG OPENVAS_SCANNER_VERSION 29 | ARG OPENVAS_SMB_VERSION 30 | ARG PYTHON_GVM_VERSION 31 | ARG OSPD_OPENVAS_VERSION 32 | ARG GVM_TOOLS_VERSION 33 | 34 | ENV POSTGRESQL_VERSION=${POSTGRESQL_VERSION} \ 35 | GSAD_VERSION=${GSAD_VERSION} \ 36 | GSA_VERSION=${GSA_VERSION} \ 37 | GVM_LIBS_VERSION=${GVM_LIBS_VERSION} \ 38 | GVMD_VERSION=${GVMD_VERSION} \ 39 | OPENVAS_SCANNER_VERSION=${OPENVAS_SCANNER_VERSION} \ 40 | OPENVAS_SMB_VERSION=${OPENVAS_SMB_VERSION} \ 41 | PYTHON_GVM_VERSION=${PYTHON_GVM_VERSION} \ 42 | OSPD_OPENVAS_VERSION=${OSPD_OPENVAS_VERSION} \ 43 | GVM_TOOLS_VERSION=${GVM_TOOLS_VERSION} \ 44 | DEBIAN_FRONTEND=noninteractive \ 45 | LANG=C.UTF-8 46 | 47 | COPY --from=build_gvm_libs / / 48 | COPY --from=build_openvas_smb / / 49 | COPY --from=build_openvas_scanner / / 50 | 51 | COPY build.sh /build.sh 52 | 53 | RUN bash /build.sh 54 | 55 | 56 | 57 | RUN ldconfig && cd / && rm -rf /build 58 | 59 | COPY scripts/* / 60 | 61 | ENTRYPOINT ["/start.sh"] 62 | -------------------------------------------------------------------------------- /OpenVASDocker/Dockerfiles/release_latest.debian.Dockerfile: -------------------------------------------------------------------------------- 1 | # syntax=docker/dockerfile:1.4 2 | ARG CACHE_IMAGE=deineagenturug/openvas-scanner 3 | ARG CACHE_BUILD_IMAGE=deineagenturug/gvm-build 4 | 5 | ARG POSTGRESQL_VERSION="13" 6 | ARG GSAD_VERSION="21.4.4" 7 | ARG GSA_VERSION="21.4.4" 8 | ARG GVM_LIBS_VERSION="21.4.4" 9 | ARG GVMD_VERSION="21.4.5" 10 | ARG OPENVAS_SCANNER_VERSION="21.4.4" 11 | ARG OPENVAS_SMB_VERSION="21.4.0" 12 | ARG PYTHON_GVM_VERSION="21.11.0" 13 | ARG OSPD_OPENVAS_VERSION="21.4.4" 14 | ARG GVM_TOOLS_VERSION="21.10.0" 15 | 16 | FROM ${CACHE_BUILD_IMAGE}:build_gvm_libs AS build_gvm_libs 17 | #FROM ${CACHE_BUILD_IMAGE}:build_openvas_smb AS build_openvas_smb 18 | FROM ${CACHE_BUILD_IMAGE}:build_openvas_scanner AS build_openvas_scanner 19 | 20 | FROM debian:11-slim 21 | ARG CACHE_IMAGE 22 | ARG CACHE_BUILD_IMAGE 23 | ARG POSTGRESQL_VERSION 24 | ARG GSAD_VERSION 25 | ARG GSA_VERSION 26 | ARG GVM_LIBS_VERSION 27 | ARG GVMD_VERSION 28 | ARG OPENVAS_SCANNER_VERSION 29 | ARG OPENVAS_SMB_VERSION 30 | ARG PYTHON_GVM_VERSION 31 | ARG OSPD_OPENVAS_VERSION 32 | ARG GVM_TOOLS_VERSION 33 | 34 | ENV POSTGRESQL_VERSION=${POSTGRESQL_VERSION} \ 35 | GSAD_VERSION=${GSAD_VERSION} \ 36 | GSA_VERSION=${GSA_VERSION} \ 37 | GVM_LIBS_VERSION=${GVM_LIBS_VERSION} \ 38 | GVMD_VERSION=${GVMD_VERSION} \ 39 | OPENVAS_SCANNER_VERSION=${OPENVAS_SCANNER_VERSION} \ 40 | OPENVAS_SMB_VERSION=${OPENVAS_SMB_VERSION} \ 41 | PYTHON_GVM_VERSION=${PYTHON_GVM_VERSION} \ 42 | OSPD_OPENVAS_VERSION=${OSPD_OPENVAS_VERSION} \ 43 | GVM_TOOLS_VERSION=${GVM_TOOLS_VERSION} \ 44 | DEBIAN_FRONTEND=noninteractive \ 45 | LANG=C.UTF-8 46 | 47 | COPY --from=build_gvm_libs / / 48 | #COPY --from=build_openvas_smb / / 49 | COPY --from=build_openvas_scanner / / 50 | 51 | RUN rm -f /etc/apt/apt.conf.d/docker-clean 52 | RUN --mount=type=bind,source=./,target=/opt/context/,rw \ 53 | --mount=type=cache,mode=0755,sharing=locked,target=/var/cache/apt \ 54 | --mount=type=cache,mode=0755,sharing=locked,target=/root/.cache/pip \ 55 | /opt/context/build.sh 56 | 57 | 58 | ENTRYPOINT ["/opt/setup/scripts/entrypoint.sh"] 59 | CMD ["/usr/bin/supervisord", "-n", "-c", "/etc/supervisord.conf"] 60 | -------------------------------------------------------------------------------- /OpenVASDocker/LICENSE: -------------------------------------------------------------------------------- 1 | MIT License 2 | 3 | Copyright (c) 2020 Secure Compliance Solutions LLC 4 | Copyright (c) 2022 DeineAgentur UG 5 | 6 | Permission is hereby granted, free of charge, to any person obtaining a copy 7 | of this software and associated documentation files (the "Software"), to deal 8 | in the Software without restriction, including without limitation the rights 9 | to use, copy, modify, merge, publish, distribute, sublicense, and/or sell 10 | copies of the Software, and to permit persons to whom the Software is 11 | furnished to do so, subject to the following conditions: 12 | 13 | The above copyright notice and this permission notice shall be included in all 14 | copies or substantial portions of the Software. 15 | 16 | THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR 17 | IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 18 | FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE 19 | AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER 20 | LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, 21 | OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE 22 | SOFTWARE. 23 | -------------------------------------------------------------------------------- /OpenVASDocker/Makefile: -------------------------------------------------------------------------------- 1 | PWD ?= $(PWD) 2 | .DEFAULT_GOAL := all 3 | 4 | all: build 5 | 6 | 7 | .PHONY: build 8 | build: 9 | cd ${PWD} ; \ 10 | docker build \ 11 | -t securecompliance/openvas \ 12 | . 13 | 14 | .PHONY: build-debug 15 | build-debug: 16 | cd ${PWD} ; \ 17 | docker build \ 18 | --build-arg AUTOSSH_DEBUG=1 \ 19 | -t securecompliance/openvas \ 20 | . 21 | 22 | .PHONY: run 23 | run: 24 | cd ${PWD} ; \ 25 | docker run --name openvas --rm \ 26 | -e MASTER_ADDRESS=192.168.178.29 \ 27 | -e MASTER_PORT=2222 \ 28 | --volume "${PWD}/storage/openvas-plugins:/var/lib/openvas/plugins" \ 29 | --volume "${PWD}/storage/gvm:/var/lib/gvm" \ 30 | securecompliance/openvas 31 | 32 | .PHONY: run-exec 33 | run-exec: 34 | cd ${PWD} ; \ 35 | docker run -ti --name openvas --rm \ 36 | -e MASTER_ADDRESS=192.168.178.29 \ 37 | -e MASTER_PORT=2222 \ 38 | --volume "${PWD}/storage/openvas-plugins:/var/lib/openvas/plugins" \ 39 | --volume "${PWD}/storage/gvm:/var/lib/gvm" \ 40 | securecompliance/openvas bash -------------------------------------------------------------------------------- /OpenVASDocker/Readme.md: -------------------------------------------------------------------------------- 1 | # OpenVAS with OSPd Docker Image 2 | 3 | This image is designed for use with our GVM image located here: [GVM-Docker](https://github.com/Secure-Compliance-Solutions-LLC/GVM-Docker) 4 | 5 | ### Latest Version: 21.4.0 6 | 7 | ## Tags 8 | 9 | | Tag | Description | 10 | | --------- | ------------------------ | 11 | | latest | Latest stable version | 12 | | {version} | Specific stable version | 13 | | master | Latest development build | 14 | -------------------------------------------------------------------------------- /OpenVASDocker/build.sh.old: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | apt-get update 4 | 5 | { cat < /etc/ld.so.conf.d/openvas.conf && ldconfig && cd / && rm -rf /build 92 | 93 | COPY scripts/* / 94 | 95 | ENTRYPOINT ["/start.sh"] 96 | -------------------------------------------------------------------------------- /OpenVASDocker/scripts/entrypoint.sh: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env bash 2 | set -Eeuo pipefail 3 | 4 | export SUPVISD=${SUPVISD:-supervisorctl} 5 | export TZ=${TZ:-UTC} 6 | export MASTER_PORT=${MASTER_PORT:-22} 7 | export MASTER_ADDRESS=${MASTER_ADDRESS} 8 | export AUTOSSH_DEBUG=${AUTOSSH_DEBUG:-0} 9 | export AUTOSSH_LOGLEVEL=${AUTOSSH_DEBUG:-7} 10 | export AUTOSSH_LOGFILE=/var/log/gvm/ssh-connection.log 11 | export SCANNER_ID 12 | 13 | if [ -z "${MASTER_ADDRESS}" ]; then 14 | echo "ERROR: The environment variable \"MASTER_ADDRESS\" is not set" 15 | exit 1 16 | fi 17 | 18 | if [ ! -d /var/lib/gvm/.ssh ]; then 19 | mkdir -p /var/lib/gvm/.ssh 20 | fi 21 | 22 | if [ ! -f "/var/lib/gvm/.scannerid" ]; then 23 | echo "Generating scanner id..." 24 | set +e 25 | cat /dev/urandom | tr -dc 'a-z0-9' | fold -w 10 | head -n 1 >/var/lib/gvm/.scannerid 26 | set -e 27 | fi 28 | 29 | SCANNER_ID=$(cat /var/lib/gvm/.scannerid) 30 | 31 | echo "GVM Started but with > supervisor <" 32 | if [ ! -f "/firstrun" ]; then 33 | echo "Running first start configuration..." 34 | 35 | ln -snf "/usr/share/zoneinfo/$TZ" /etc/localtime && echo "$TZ" >/etc/timezone 36 | 37 | touch /firstrun 38 | touch /var/log/gvm/ssh-connection.log 39 | fi 40 | if [ -f "/var/lib/gvm/.firststart" ]; then 41 | rm /var/lib/gvm/.firststart 42 | touch /var/lib/gvm/.secondstart 43 | fi 44 | 45 | exec "$@" 46 | -------------------------------------------------------------------------------- /OpenVASDocker/scripts/ospd-openvas-wrapper.sh: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env bash 2 | set -x 3 | 4 | # PreClean up the pid file 5 | if [ -f /var/run/ospd.pid ]; then 6 | rm -f /var/run/ospd.pid 7 | fi 8 | 9 | # SIGTERM-handler 10 | term_handler() { 11 | if [ -f /var/run/ospd.pid ]; then 12 | kill "$(cat /var/run/ospd.pid)" 13 | rm -f /var/run/ospd.pid 14 | fi 15 | exit 143 # 128 + 15 -- SIGTERM 16 | } 17 | 18 | # setup handlers 19 | # on callback, kill the last background process, which is `tail -f /dev/null` and execute the specified handler 20 | trap 'term_handler' SIGTERM SIGINT 21 | 22 | # run application 23 | exec "$@" 24 | -------------------------------------------------------------------------------- /OpenVASDocker/scripts/update-nvts.sh: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env bash 2 | # This script update the NVTs in the background every 12 hours. 3 | set -Eeuo pipefail 4 | 5 | if [ ! -f "/var/lib/gvm/.firstsync" ]; then 6 | echo "Downloading data TAR to speed up first sync..." 7 | mkdir -p /tmp/data 8 | 9 | echo "Extracting internal data TAR..." 10 | tar --extract --file=/opt/setup/nvt-feed.tar.xz --directory=/tmp/data 11 | 12 | chown gvm:gvm -R /tmp/data 13 | cp -a /tmp/data/. /var/lib/openvas/plugins/ 14 | chown gvm:gvm -R /var/lib/openvas 15 | 16 | find /var/lib/openvas/ -type d -exec chmod 755 {} + 17 | find /var/lib/openvas/ -type f -exec chmod 644 {} + 18 | 19 | set +e 20 | rm -r /tmp/data || true 21 | set -e 22 | touch /var/lib/gvm/.firstsync 23 | fi 24 | 25 | while true; do 26 | echo "Running Automatic NVT update..." 27 | su gvm -c "rsync --compress-level=9 --links --times --omit-dir-times --recursive --partial --quiet rsync://feed.community.greenbone.net:/nvt-feed /var/lib/openvas/plugins" 28 | sleep 43200 29 | done 30 | -------------------------------------------------------------------------------- /PULL-REQUEST-POLICY.md: -------------------------------------------------------------------------------- 1 | # Pull Request Policy 2 | 3 | - When making pull requests, please make pull requests to the `dev` branch, instead of straight to master. @Dexus or myself will be merging them. 4 | - If you do have a change, please view the `dev` branch first to see if your fix is still going to be relevant or not. 5 | 6 | 7 | -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | # Greenbone GVM & OpenVAS for Docker 2 | 3 | We provide the best solution for the Greenbone Vulnerability Management. 4 | 5 | In our Repo we (I) collect all GVM Stuff under one roof, so we can handel all the needs in a single repository. 6 | 7 | You can find our Docker builds on docker: https://hub.docker.com/u/deineagenturug 8 | 9 | Currently we provide this Images: 10 | 11 | #### GVMD, OpenVAS Scanner, WebUI GSA/D 12 | ```text 13 | docker pull deineagenturug/gvm:latest # no pre initialisation, no PDF Report support - normal used with volumes 14 | docker pull deineagenturug/gvm:latest-full # no pre initialisation, with PDF Report support - normal used with volumes 15 | docker pull deineagenturug/gvm:latest-data # pre initialisation, no PDF Report support - normal NOT used with volumes 16 | docker pull deineagenturug/gvm:latest-data-full # pre initialisation, with PDF Report support - normal NOT used with volumes 17 | ``` 18 | 19 | 20 | #### OpenVAS Scanner only as sensor for i.e. DMZ usage 21 | ```text 22 | docker pull deineagenturug/openvas-scanner:latest 23 | ``` 24 | 25 | I know we have right now, not documented all the things that have changed, and will change in the next month, but I think we can already start with a solid base. 26 | 27 | If you like to support our work you can do it via https://github.josef-froehle.de. Thank You! 28 | -------------------------------------------------------------------------------- /SECURITY.md: -------------------------------------------------------------------------------- 1 | # Security 2 | 3 | Any security issue with the code of Greenbone modules and OpenVAs should be brought to the attention of the code maintainers 4 | 5 | https://community.greenbone.net 6 | 7 | 8 | -------------------------------------------------------------------------------- /TODO.md: -------------------------------------------------------------------------------- 1 | # To-Do 2 | 3 | - [ ] Restructure Directory 4 | 5 | 6 | 7 | 8 | -------------------------------------------------------------------------------- /bah_postgres.sh: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env bash 2 | set -Eeuo pipefail 3 | 4 | START_DATE=$(date "+%Y-%m-%d %H:%M:%S") 5 | echo $START_DATE 6 | 7 | buildah containers --format "{{.ContainerID}}" | xargs --no-run-if-empty buildah rm 8 | echo y | podman system prune -a -f --volumes 9 | 10 | # Set the required variables 11 | export BUILD_PATH="./" 12 | export REGISTRY="docker.io" 13 | export USER="deineagentur" 14 | export IMAGE_NAME="gvm-build" 15 | export IMAGE_TAG="postgres" 16 | export STORAGE_PATH="${STORAGE_PATH:-/github/greenbone-storage}" 17 | 18 | # Set your manifest name 19 | export MANIFEST_NAME="${REGISTRY}-${USER}-${IMAGE_NAME}-${IMAGE_TAG}" 20 | 21 | # Create a multi-architecture manifest 22 | buildah manifest create "${MANIFEST_NAME}" >/dev/null 2>&1 || true 23 | 24 | buildah build -f "${BUILD_PATH}Dockerfiles/bah_postgres.debian.Dockerfile" \ 25 | --manifest ${MANIFEST_NAME} \ 26 | --jobs 3 \ 27 | --all-platforms \ 28 | --cap-add NET_ADMIN --cap-add NET_RAW \ 29 | --uts private --pull \ 30 | --userns container --isolation oci \ 31 | --network private \ 32 | -v "${STORAGE_PATH}/_apt:/aptrepo:rw" \ 33 | --tag "${REGISTRY}/${USER}/${IMAGE_NAME}:${IMAGE_TAG}" ${BUILD_PATH} 34 | 35 | #buildah build -f "${BUILD_PATH}Dockerfiles/bah_postgres.debian.Dockerfile" \ 36 | # --manifest ${MANIFEST_NAME} \ 37 | # --jobs 3 \ 38 | # --platform=linux/arm/v5,linux/386 \ 39 | # --cap-add NET_ADMIN --cap-add NET_RAW \ 40 | # --uts private --pull \ 41 | # --userns container --isolation oci \ 42 | # --network private \ 43 | # -v "${STORAGE_PATH}/_apt:/aptrepo:rw" \ 44 | # --tag "${REGISTRY}/${USER}/${IMAGE_NAME}:${IMAGE_TAG}" ${BUILD_PATH} 45 | # 46 | 47 | echo "START: $START_DATE" 48 | END_DATE=$(date "+%Y-%m-%d %H:%M:%S") 49 | echo "=> END: $END_DATE" 50 | -------------------------------------------------------------------------------- /build-args.txt: -------------------------------------------------------------------------------- 1 | GVMD_VERSION=21.4.5 2 | GSA_VERSION=21.4.4 3 | GSAD_VERSION=21.4.4 4 | GVM_LIBS_VERSION=21.4.4 5 | GVM_TOOLS_VERSION=21.10.0 6 | OSPD_OPENVAS_VERSION=21.4.4 7 | OPENVAS_SCANNER_VERSION=21.4.4 8 | OPENVAS_SMB_VERSION=21.4.0 9 | PYTHON_GVM_VERSION=21.11.0 10 | -------------------------------------------------------------------------------- /docker_test_compose.yml: -------------------------------------------------------------------------------- 1 | version: '3.1' 2 | services: 3 | gvm: 4 | image: deineagentur/gvm-develop:latest-full 5 | ports: 6 | - "127.0.0.2:2222:22" 7 | - "127.0.0.2:5432:5432" 8 | - "127.0.0.2:9080:9392" 9 | environment: 10 | - USERNAME="admin" 11 | - PASSWORD="passwordhere" 12 | - DB_PASSWORD="passwordhere" 13 | - AUTO_SYNC=true 14 | - HTTPS=false 15 | - TZ="Etc/UTC" 16 | - SSHD=false 17 | - DB_PASSWORD="none" 18 | volumes: 19 | - "/home/jfroehle/Documents/github/DeineAgenturUG/greenbone-gvm-openvas-for-docker/storage/ssh:/etc/ssh" 20 | - "/home/jfroehle/Documents/github/DeineAgenturUG/greenbone-gvm-openvas-for-docker/storage/database:/opt/database" 21 | - "/home/jfroehle/Documents/github/DeineAgenturUG/greenbone-gvm-openvas-for-docker/storage/plugins:/var/lib/openvas/plugins" 22 | - "/home/jfroehle/Documents/github/DeineAgenturUG/greenbone-gvm-openvas-for-docker/storage/gvm:/var/lib/gvm" 23 | restart: unless-stopped 24 | -------------------------------------------------------------------------------- /helper/BuildKit.Dockerfile: -------------------------------------------------------------------------------- 1 | # syntax=docker/dockerfile:1.4 2 | 3 | # To work around the problem about the already used PORTS in parallel builds, it needs a CNI in the buildx driver 4 | # SEE: https://github.com/docker/buildx/issues/678 5 | # > docker run --privileged --rm tonistiigi/binfmt --install all 6 | # > docker buildx create --use 7 | # > docker build -f BuildKit.Dockerfile -t deineagenturug/buildkit:latest . 8 | # > docker buildx create --name "GVM_CNI_BUILDER" --driver-opt image=deineagenturug/buildkit:latest --buildkitd-flags '--oci-worker-net=cni --oci-worker-gc-keepstorage 200000' --use 9 | # > docker buildx create --name "GVM_CNI_BUILDER" --append --node 10 | # > docker buildx create --name "GVM_CNI_BUILDER2" --leave --node 11 | # 12 | # on remote systems you should run: 13 | # 14 | # > sudo groupadd docker 15 | # > sudo usermod -aG docker $USER 16 | # > newgrp docker 17 | # > sudo chown "$USER":"$USER" /home/"$USER"/.docker -R 18 | # > sudo chmod g+rwx "$HOME/.docker" -R 19 | # > sudo apt install net-tools 20 | # > docker run --privileged --rm tonistiigi/binfmt --install all 21 | # > docker buildx create --use 22 | # > docker buildx build --platform "linux/arm64,linux/arm/v7" -f buildkit.Dockerfile -t deineagenturug/buildkit:latest . 23 | ARG BUILDKIT_TAG=latest 24 | ARG CNI_VERSION=v1.1.1 25 | FROM moby/buildkit:${BUILDKIT_TAG} AS buildkit_upstream_tag 26 | 27 | FROM buildkit_upstream_tag 28 | ARG CNI_VERSION 29 | ARG TARGETOS 30 | ARG TARGETARCH 31 | ARG BUILDKIT_TAG 32 | ENV BUILDKIT_TAG="${BUILDKIT_TAG}" 33 | ENV CNI_VERSION="${CNI_VERSION}" 34 | 35 | RUN echo "BUILDKIT_TAG=[${BUILDKIT_TAG}], CNI_VERSION=[${CNI_VERSION}]" 36 | RUN apk add --no-cache curl iptables 37 | 38 | WORKDIR /opt/cni/bin 39 | RUN curl -Ls https://github.com/containernetworking/plugins/releases/download/$CNI_VERSION/cni-plugins-${TARGETOS}-${TARGETARCH}-${CNI_VERSION}.tgz | tar xzv 40 | ADD https://raw.githubusercontent.com/moby/buildkit/master/hack/fixtures/cni.json /etc/buildkit/cni.json 41 | RUN ls -al /etc/buildkit && buildkitd --version 42 | -------------------------------------------------------------------------------- /helper/LICENSE: -------------------------------------------------------------------------------- 1 | MIT License 2 | 3 | Copyright (c) 2022 DeineAgentur UG 4 | 5 | Permission is hereby granted, free of charge, to any person obtaining a copy 6 | of this software and associated documentation files (the "Software"), to deal 7 | in the Software without restriction, including without limitation the rights 8 | to use, copy, modify, merge, publish, distribute, sublicense, and/or sell 9 | copies of the Software, and to permit persons to whom the Software is 10 | furnished to do so, subject to the following conditions: 11 | 12 | The above copyright notice and this permission notice shall be included in all 13 | copies or substantial portions of the Software. 14 | 15 | THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR 16 | IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 17 | FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE 18 | AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER 19 | LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, 20 | OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE 21 | SOFTWARE. 22 | -------------------------------------------------------------------------------- /helper/scripts/build_matrix.js: -------------------------------------------------------------------------------- 1 | const fs = require('fs'); 2 | 3 | let matrix_prepared = { 4 | BUILD_NAME: ["DEFAULT", "PDF Included", "With Data", "With Data With PDF Included"], 5 | BUILD_SUFFIX: ["", "-full", "-data", "-data-full"], 6 | BUILD_ARGS: ["SETUP=0\n", "SETUP=0\nOPT_PDF=1\n", "SETUP=1\n", "SETUP=1\nOPT_PDF=1\n"] 7 | } 8 | let matrix_output = {include:[]} 9 | let latest_version 10 | 11 | 12 | try { 13 | latest_version = fs.readFileSync('./.checkupdates/latest_version', 'utf8'); 14 | latest_version = latest_version.replaceAll("=v","=") 15 | } catch (e) { 16 | process.exit(1) 17 | } 18 | 19 | matrix_prepared.BUILD_ARGS.forEach((value, index) => { 20 | matrix_output.include[index] = { 21 | BUILD_NAME:matrix_prepared.BUILD_NAME[index], 22 | BUILD_SUFFIX:matrix_prepared.BUILD_SUFFIX[index], 23 | BUILD_ARGS:latest_version + value, 24 | } 25 | }) 26 | 27 | console.log(JSON.stringify(matrix_output)) 28 | -------------------------------------------------------------------------------- /helper/scripts/build_matrix2.js: -------------------------------------------------------------------------------- 1 | const fs = require('fs'); 2 | 3 | const PLATFORMS = ["linux/amd64", "linux/arm64"] 4 | 5 | let matrix_prepared = { 6 | BUILD_NAME: ["DEFAULT", "PDF Included", "With Data", "With Data With PDF Included"], 7 | BUILD_SUFFIX: ["", "-full", "-data", "-data-full"], 8 | BUILD_ARGS: ["SETUP=0\n", "SETUP=0\nOPT_PDF=1\n", "SETUP=1\n", "SETUP=1\nOPT_PDF=1\n"] 9 | } 10 | let matrix_output = {include: []} 11 | let latest_version 12 | 13 | 14 | try { 15 | latest_version = fs.readFileSync('./.checkupdates/latest_version', 'utf8'); 16 | latest_version = latest_version.replaceAll("=v", "=") 17 | } catch (e) { 18 | process.exit(1) 19 | } 20 | 21 | for (const PF in PLATFORMS) { 22 | matrix_prepared.BUILD_ARGS.forEach((value, index) => { 23 | matrix_output.include[index] = { 24 | BUILD_PLATFORM: PF, 25 | BUILD_NAME: matrix_prepared.BUILD_NAME[index], 26 | BUILD_SUFFIX: matrix_prepared.BUILD_SUFFIX[index], 27 | BUILD_ARGS: latest_version + value, 28 | } 29 | }) 30 | } 31 | 32 | 33 | console.log(JSON.stringify(matrix_output)) 34 | -------------------------------------------------------------------------------- /helper/scripts/get_releases.sh: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env bash 2 | 3 | listeq=": " 4 | if [[ "${CI}" == "true" ]]; then 5 | listeq="=" 6 | fi 7 | 8 | for name in gvmd gsa gsad gvm-libs gvm-tools ospd-openvas openvas-scanner openvas-smb python-gvm; do 9 | package_name="${name^^}" 10 | echo "${package_name//-/_}_VERSION${listeq}$(gh api "repos/greenbone/${name}/releases" -q '.[].tag_name' | grep -E '^v[0-9]*\.[0-9]*\.[0-9]*$' -m1)" 11 | sleep $(( $RANDOM % 3 + 1 ))s 12 | done 13 | -------------------------------------------------------------------------------- /helper/scripts/get_releases_files.sh: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env bash 2 | GH_TOKEN=$(cat ~/.github_token) 3 | MYDIR=$( 4 | cd $(dirname $0) 5 | pwd 6 | ) 7 | 8 | declare -A TOOLMATCHES 9 | TOOLMATCHES["gsa"]="greenbone-security-assistant" 10 | TOOLMATCHES["gvmd"]="gvmd" 11 | TOOLMATCHES["gvm-libs"]="gvm-libs" 12 | TOOLMATCHES["gvm-tools"]="gvm-tools" 13 | TOOLMATCHES["openvas-scanner"]="openvas" 14 | TOOLMATCHES["openvas-smb"]="openvas-smb" 15 | TOOLMATCHES["ospd"]="ospd" 16 | TOOLMATCHES["ospd-openvas"]="ospd-openvas" 17 | TOOLMATCHES["python-gvm"]="py3-gvm" 18 | 19 | for name in gvmd gsa gvm-libs gvm-tools ospd ospd-openvas openvas-scanner openvas-smb python-gvm; do 20 | echo "> ${name}" 21 | jsonData=$(curl --silent \ 22 | -H "Authorization: token ${GH_TOKEN}" \ 23 | -H "Accept: application/vnd.github.v3+json" \ 24 | https://api.github.com/repos/greenbone/${name}/releases) 25 | #echo "${jsonData}" >"jq_${name}.json" 26 | #jsonData=$(cat "jq_${name}.json") 27 | version=$(echo "${jsonData}" | jq -r .[].tag_name | grep '21\.[0-9]*\.[0-9]*$' -m1) 28 | #version=$(jq -r .[].tag_name <"jq_${name}.json" | grep '21\.[0-9]*\.[0-9]*$' -m1) 29 | 30 | echo ">>> ${name}: ${version}" 31 | 32 | LOCALDIR="${MYDIR}/aports2/community/${TOOLMATCHES[$name]}/" 33 | #rm -rf "${LOCALDIR}src/" 34 | LOCALREPO="${MYDIR}/src/${TOOLMATCHES[$name]}" 35 | #rm -rf "$LOCALREPO" 36 | git clone https://github.com/greenbone/${name}.git "${LOCALREPO}" 2>/dev/null || git -C "${LOCALREPO}" pull 37 | git -C "${LOCALREPO}" fetch --all --tags 38 | git -C "${LOCALREPO}" checkout -qf "tags/${version}" 39 | git -C "${LOCALREPO}" reset --hard HEAD 40 | #echo "${jsonData}" | jq --arg PVERSION "${version}" -r '.[] | select(.tag_name | startswith($PVERSION)).tarball_url' <"jq_${name}.json" | xargs curl -L -o "./${name}_${version}.tar.gz" 41 | #jq --arg PVERSION "${version}" -r '.[] | select(.tag_name | startswith($PVERSION)).tarball_url' <"jq_${name}.json" | xargs curl -L -o "./${name}_${version}.tar.gz" 42 | done 43 | -------------------------------------------------------------------------------- /helper/scripts/git_diff_packages.sh: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env bash 2 | 3 | for name in gvmd greenbone-security-assistant gvm-libs gvm-tools ospd ospd-openvas openvas openvas-smb py3-gvm; do 4 | 5 | #git diff -- "aports2/community/${name}" "aports/community/${name}" 6 | #diff -ruN "aports2/community/${name}" "aports/community/${name}" >./patches/"${name}".patch 7 | cp -a "aports/community/${name}" "aports2/community/" 8 | done 9 | -------------------------------------------------------------------------------- /local_db_upgrade_image_build.sh: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env bash 2 | set -Eeuo pipefail 3 | 4 | TIMESTART="$(date '+%Y%m%d%H%M%S')" 5 | 6 | DIST="${DIST:-debian}" 7 | DIST_FILE="${DIST}." 8 | 9 | RELEASE="${RELEASE:-NO}" 10 | 11 | BUILD_BASE="${BUILD_BASE:-NO}" 12 | BUILD_RELEASE_BASE="${BUILD_RELEASE_BASE:-NO}" 13 | 14 | PWD="$(pwd)" 15 | DOCKER_ORG="${DOCKER_ORG:-deineagenturug}" 16 | CACHE_IMAGE="${DOCKER_ORG}/pgdb-upgrade" 17 | if [ "x${RELEASE}" != "xYES" ]; then 18 | CACHE_IMAGE="${CACHE_IMAGE}-develop" 19 | fi 20 | declare -a PLATFORMS 21 | PLATFORMS=("linux/amd64" "linux/arm64") 22 | PLATFORM="${PLATFORM:-linux/amd64}" 23 | BUILDX="${BUILDX:-buildx}" 24 | ADD_OPTIONS=${ADD_OPTIONS:-"--pull --push --progress=plain"} 25 | 26 | cd "${PWD}" || exit 27 | 28 | TARGET="latest" 29 | # shellcheck disable=SC2046,SC2086,SC2013,SC2031 30 | docker ${BUILDX} build --platform "${PLATFORM}" ${ADD_OPTIONS} -f ./GVMDocker/Dockerfiles/release_db_upgrade.debian.Dockerfile \ 31 | $( 32 | # shellcheck disable=SC2030 33 | for i in $(cat build-args.txt); do out+="--build-arg $i "; done 34 | echo $out 35 | out="" 36 | ) \ 37 | --build-arg BUILDKIT_INLINE_CACHE=1 \ 38 | --cache-from "${CACHE_IMAGE}:${TARGET}" \ 39 | -t "${CACHE_IMAGE}:${TARGET}" ./GVMDocker/ 40 | 41 | #done 42 | echo y | docker buildx prune --all 43 | 44 | TIMEEND="$(date '+%Y%m%d%H%M%S')" 45 | echo "START: ${TIMESTART}" 46 | echo "END: ${TIMEEND}" 47 | --------------------------------------------------------------------------------