A Docker container for OpenVAS on Debian.
| Openvas Version | Tag | Web UI Port |
|---|---|---|
| 9 | latest | 443 |
Simply run:
# latest
docker run -d -p 443:443 --name openvas ctdc/openvas
This will grab the container from the docker registry and start it up.
Openvas startup can take some time (4-5 minutes while NVT's are scanned and databases rebuilt), so be patient.
Once you see a It seems like your OpenVAS-9 installation is OK. process in the logs, the web ui is good to go. Goto https://<machinename>
Username: admin
Password: admin
To check the status of the process, run:
docker top openvas
In the output, look for the process scanning cert data. It contains a percentage.
To run bash inside the container run:
docker exec -it openvas bash
To use OpenVAS Manager, add port 9390 to you docker run command:
docker run -d -p 443:443 -p 9390:9390 --name openvas ctdc/openvas
We now support volumes. Simply mount your data directory to /var/lib/openvas/mgr/:
mkdir data
docker run -d -p 443:443 -v $(pwd)/data:/var/lib/openvas/mgr/ --name openvas ctdc/openvas
Note, your local directory must exist prior to running.
The admin password can be changed by specifying a password at runtime using the env variable OV_PASSWORD:
docker run -d -p 443:443 -e OV_PASSWORD=securepassword41 --name openvas ctdc/openvas
Occasionally you'll need to update NVTs. We update the container about once a week but you can update your container by execing into the container and running a few commands:
## inside container
/usr/local/bin/greenbone-sync.sh
For simplicity a docker-compose.yml file is provided, as well as configuration for Nginx as a reverse proxy, with the following features:
- Nginx as a reverse proxy
- Redirect from port 80 (http) to port 433 (https)
- Automatic SSL certificates from Let's Encrypt
- A cron that updates daily the NVTs
To run:
- Change "example.com" in the following files:
- Change the "OV_PASSWORD" enviromental variable in docker-compose.yml
- Install the latest docker-compose
- run
docker-compose up -d
Openvas do not support full ldap integration but only per-user authentication. A workaround is in place here by syncing ldap admin user(defined by LDAP_ADMIN_FILTER ) with openvas admin users everytime the app start up. To use this, just need to specify the required ldap env variables:
docker run -d -p 80:80 -p 9390:9390 --name openvas -e LDAP_HOST=your.ldap.host -e LDAP_BIND_DN=uid=binduid,dc=company,dc=com -e LDAP_BASE_DN=cn=accounts,dc=company,dc=com -e LDAP_AUTH_DN=uid=%s,cn=users,cn=accounts,dc=company,dc=com -e LDAP_ADMIN_FILTER=memberOf=cn=admins,cn=groups,cn=accounts,dc=company,dc=com -e LDAP_PASSWORD=password -e OV_PASSWORD=admin ctdc/openvas
To configure the postfix server, provide the following env variables at runtime: OV_SMTP_HOSTNAME, OV_SMTP_PORT, OV_SMTP_USERNAME, OV_SMTP_KEY
docker run -d -p 80:80 -e OV_SMTP_HOSTNAME=smtp.example.com -e OV_SMTP_PORT=587 -e OV_SMTP_USERNAME=username@example.com -e OV_SMTP_KEY=g0bBl3de3Go0k --name openvas ctdc/openvas
I'm always happy to accept pull requests or issues.
Thanks to mikesplain from where we forked the openvas-docker : https://github.com/mikesplain/openvas-docker/ Thanks to Darshana for the great tutorial: https://www.fosslinux.com/7320/how-to-install-and-configure-openvas-9-on-ubuntu.htm