diff --git a/src/22.4/source-build/index.md b/src/22.4/source-build/index.md index 7ae3625e..e8c6feac 100644 --- a/src/22.4/source-build/index.md +++ b/src/22.4/source-build/index.md @@ -142,7 +142,7 @@ export GSAD_VERSION=22.9.0 ```{code-block} :caption: Setting the openvas-scanner version to use -export OPENVAS_SCANNER_VERSION=22.7.9 +export OPENVAS_SCANNER_VERSION=23.0.1 ``` ```{include} /22.4/source-build/openvas-scanner/dependencies.md @@ -174,24 +174,24 @@ export OSPD_OPENVAS_VERSION=22.6.2 ```{include} /22.4/source-build/ospd-openvas/build.md ``` -### notus-scanner +### openvasd -```{include} /22.4/source-build/notus-scanner/description.md +```{include} /22.4/source-build/openvasd/description.md ``` ```{code-block} -:caption: Setting the notus version to use +:caption: Setting the openvas versions to use -export NOTUS_VERSION=22.6.2 +export OPENVAS_DAEMON=23.0.1 ``` -```{include} /22.4/source-build/notus-scanner/dependencies.md +```{include} /22.4/source-build/openvasd/dependencies.md ``` -```{include} /22.4/source-build/notus-scanner/download.md +```{include} /22.4/source-build/openvasd/download.md ``` -```{include} /22.4/source-build/notus-scanner/build.md +```{include} /22.4/source-build/openvasd/build.md ``` ### greenbone-feed-sync @@ -221,9 +221,6 @@ export NOTUS_VERSION=22.6.2 ```{include} /22.4/source-build/redis.md ``` -```{include} /22.4/source-build/mqtt-broker.md -``` - ```{include} /22.4/source-build/directory-permissions.md ``` diff --git a/src/22.4/source-build/mqtt-broker.md b/src/22.4/source-build/mqtt-broker.md deleted file mode 100644 index f738f4ec..00000000 --- a/src/22.4/source-build/mqtt-broker.md +++ /dev/null @@ -1,30 +0,0 @@ -### Setting up the Mosquitto MQTT Broker - -The Mosquitto MQTT broker is used for communication between -*ospd-openvas*, *openvas-scanner* and *notus-scanner*. - -```{eval-rst} -.. tabs:: - .. tab:: Debian/Ubuntu - .. code-block:: - :caption: Installing the Mosquitto broker - - sudo apt install -y mosquitto - - .. tab:: Fedora/CentOS - .. code-block:: - :caption: Installing the Mosquitto broker - - sudo dnf install -y mosquitto -``` - -After installing the Mosquitto broker package, the broker must be started -and the server uri must be added to the *openvas-scanner* configuration. - -```{code-block} -:caption: Starting the broker and adding the server uri to the openvas-scanner configuration - -sudo systemctl start mosquitto.service -sudo systemctl enable mosquitto.service -echo -e "mqtt_server_uri = localhost:1883\ntable_driven_lsc = yes" | sudo tee -a /etc/openvas/openvas.conf -``` diff --git a/src/22.4/source-build/notus-scanner/build.md b/src/22.4/source-build/notus-scanner/build.md deleted file mode 100644 index bbefd1f3..00000000 --- a/src/22.4/source-build/notus-scanner/build.md +++ /dev/null @@ -1,26 +0,0 @@ -```{eval-rst} -.. tabs:: - .. tab:: Debian/Ubuntu - .. code-block:: - :caption: Installing notus-scanner - - cd $SOURCE_DIR/notus-scanner-$NOTUS_VERSION - - mkdir -p $INSTALL_DIR/notus-scanner - - python3 -m pip install --root=$INSTALL_DIR/notus-scanner --no-warn-script-location . - - sudo cp -rv $INSTALL_DIR/notus-scanner/* / - - .. tab:: Fedora/CentOS - .. code-block:: - :caption: Installing notus-scanner - - cd $SOURCE_DIR/notus-scanner-$NOTUS_VERSION - - mkdir -p $INSTALL_DIR/notus-scanner - - python3 -m pip install --prefix=$INSTALL_PREFIX --root=$INSTALL_DIR/notus-scanner --no-warn-script-location . - - sudo cp -rv $INSTALL_DIR/notus-scanner/* / -``` diff --git a/src/22.4/source-build/notus-scanner/dependencies.md b/src/22.4/source-build/notus-scanner/dependencies.md deleted file mode 100644 index 71b97901..00000000 --- a/src/22.4/source-build/notus-scanner/dependencies.md +++ /dev/null @@ -1,37 +0,0 @@ -```{eval-rst} -.. tabs:: - .. tab:: Debian/Ubuntu - .. code-block:: - :caption: Required dependencies for notus-scanner - - sudo apt install -y \ - python3 \ - python3-pip \ - python3-setuptools \ - python3-paho-mqtt \ - python3-psutil \ - python3-gnupg - - .. tab:: Fedora - .. code-block:: - :caption: Required dependencies for notus-scanner - - sudo dnf install -y \ - python3 \ - python3-pip \ - python3-setuptools \ - python3-paho-mqtt \ - python3-psutil \ - python3-gnupg - - .. tab:: CentOS - .. code-block:: - :caption: Required dependencies for notus-scanner - - sudo dnf install -y \ - python3 \ - python3-pip \ - python3-setuptools \ - python3-wheel \ - python3-psutil -``` diff --git a/src/22.4/source-build/notus-scanner/description.md b/src/22.4/source-build/notus-scanner/description.md deleted file mode 100644 index 3f61db3e..00000000 --- a/src/22.4/source-build/notus-scanner/description.md +++ /dev/null @@ -1,4 +0,0 @@ -*notus-scanner* is used for detecting vulnerable products by evaluating -internal system information gathered by *openvas-scanner*. -It communicates with *openvas-scanner* and *ospd-openvas* via -[MQTT](https://en.wikipedia.org/wiki/MQTT). It is running as a daemon. diff --git a/src/22.4/source-build/notus-scanner/download.md b/src/22.4/source-build/notus-scanner/download.md deleted file mode 100644 index fd0ce122..00000000 --- a/src/22.4/source-build/notus-scanner/download.md +++ /dev/null @@ -1,23 +0,0 @@ -```{code-block} -:caption: Downloading the notus-scanner sources - -curl -f -L https://github.com/greenbone/notus-scanner/archive/refs/tags/v$NOTUS_VERSION.tar.gz -o $SOURCE_DIR/notus-scanner-$NOTUS_VERSION.tar.gz -curl -f -L https://github.com/greenbone/notus-scanner/releases/download/v$NOTUS_VERSION/notus-scanner-v$NOTUS_VERSION.tar.gz.asc -o $SOURCE_DIR/notus-scanner-$NOTUS_VERSION.tar.gz.asc -``` - -```{code-block} -:caption: Verifying the source files - -gpg --verify $SOURCE_DIR/notus-scanner-$NOTUS_VERSION.tar.gz.asc $SOURCE_DIR/notus-scanner-$NOTUS_VERSION.tar.gz -``` - -The output of the last command should be similar to: - -```{include} /22.4/source-build/verify.md -``` - -If the signatures are valid, the tarballs can be extracted. - -``` -tar -C $SOURCE_DIR -xvzf $SOURCE_DIR/notus-scanner-$NOTUS_VERSION.tar.gz -``` diff --git a/src/22.4/source-build/openvasd/build.md b/src/22.4/source-build/openvasd/build.md new file mode 100644 index 00000000..5387e73f --- /dev/null +++ b/src/22.4/source-build/openvasd/build.md @@ -0,0 +1,23 @@ +```{eval-rst} +.. tabs:: + .. tab:: Debian/Ubuntu + .. code-block:: + :caption: Installing openvas-scanner + + cd $SOURCE_DIR/openvas-scanner-$NOTUS_VERSION/rust/openvasd + + cargo build --release + + sudo cp -v ../target/release/openvasd /usr/local/bin/ + + .. tab:: Fedora/CentOS + .. code-block:: + :caption: Installing openvas-scanner + + + cd $SOURCE_DIR/openvas-scanner-$NOTUS_VERSION/rust/openvasd + + cargo build --release + + sudo cp -v ../target/release/openvasd /usr/local/bin/ +``` diff --git a/src/22.4/source-build/openvasd/dependencies.md b/src/22.4/source-build/openvasd/dependencies.md new file mode 100644 index 00000000..0722fd4b --- /dev/null +++ b/src/22.4/source-build/openvasd/dependencies.md @@ -0,0 +1,29 @@ +```{eval-rst} +.. tabs:: + .. tab:: Debian/Ubuntu + .. code-block:: + :caption: Required dependencies for openvasd + + sudo apt install -y \ + cargo \ + pkg-config \ + libssl-dev + + .. tab:: Fedora + .. code-block:: + :caption: Required dependencies for openvasd + + sudo dnf install -y \ + cargo \ + pkg-config \ + openssl-devel + + .. tab:: CentOS + .. code-block:: + :caption: Required dependencies for openvasd + + sudo dnf install -y \ + cargo \ + pkg-config \ + openssl-devel +``` diff --git a/src/22.4/source-build/openvasd/description.md b/src/22.4/source-build/openvasd/description.md new file mode 100644 index 00000000..0a378c5c --- /dev/null +++ b/src/22.4/source-build/openvasd/description.md @@ -0,0 +1,7 @@ +*OpenVASD* is used for detecting vulnerable products. + +It controls `openvas-scanner` for scanning and is used to get the results. + +For more information see: +- https://greenbone.github.io/scanner-api/ +- https://github.com/greenbone/openvas-scanner/tree/main/rust/openvasd diff --git a/src/22.4/source-build/openvasd/download.md b/src/22.4/source-build/openvasd/download.md new file mode 100644 index 00000000..27cb228a --- /dev/null +++ b/src/22.4/source-build/openvasd/download.md @@ -0,0 +1,23 @@ +```{code-block} +:caption: Downloading the openvas-scanner sources + +curl -f -L https://github.com/greenbone/openvas-scanner/archive/refs/tags/v$OPENVAS_DAEMON.tar.gz -o $SOURCE_DIR/openvas-scanner-$OPENVAS_DAEMON.tar.gz +curl -f -L https://github.com/greenbone/openvas-scanner/releases/download/v$OPENVAS_DAEMON/openvas-scanner-v$OPENVAS_DAEMON.tar.gz.asc -o $SOURCE_DIR/openvas-scanner-$OPENVAS_DAEMON.tar.gz.asc +``` + +```{code-block} +:caption: Verifying the source file + +gpg --verify $SOURCE_DIR/openvas-scanner-$OPENVAS_DAEMON.tar.gz.asc $SOURCE_DIR/openvas-scanner-$OPENVAS_DAEMON.tar.gz +``` + +The output of the last command should be similar to: + +```{include} /22.4/source-build/verify.md +``` + +If the signature is valid, the tarball can be extracted. + +``` +tar -C $SOURCE_DIR -xvzf $SOURCE_DIR/openvas-scanner-$OPENVAS_DAEMON.tar.gz +``` diff --git a/src/_static/docker-compose-22.4.yml b/src/_static/docker-compose-22.4.yml index 85742836..f6d8c00a 100644 --- a/src/_static/docker-compose-22.4.yml +++ b/src/_static/docker-compose-22.4.yml @@ -94,6 +94,66 @@ services: - gvmd_socket_vol:/run/gvmd depends_on: - gvmd + # Sets log level of openvas to the set LOG_LEVEL within the env + # and changes log output to /var/log/openvas instead /var/log/gvm + # to reduce likelyhood of unwanted log interferences + configure-openvas: + image: greenbone/openvas-scanner:stable + volumes: + - openvas_data_vol:/mnt + command: + - /bin/sh + - -c + - | + printf "table_driven_lsc = yes\nopenvasd_server = http://openvasd:80\n" > /mnt/openvas.conf + sed "s/127/128/" /etc/openvas/openvas_log.conf | sed 's/gvm/openvas/' > /mnt/openvas_log.conf + chmod 644 /mnt/openvas.conf + chmod 644 /mnt/openvas_log.conf + # shows logs of openvas + openvas: + image: greenbone/openvas-scanner:stable + restart: on-failure + volumes: + - openvas_data_vol:/etc/openvas + - openvas_log_data_vol:/var/log/openvas + command: + - /bin/sh + - -c + - | + cat /etc/openvas/openvas.conf + tail -f /var/log/openvas/openvas.log + depends_on: + configure-openvas: + condition: service_completed_successfully + + openvasd: + image: greenbone/openvas-scanner:stable + restart: on-failure + environment: + # `service_notus` is set to disable everything but notus, + # if you want to utilize openvasd directly removed `OPENVAS_MOD` + OPENVASD_MOD: service_notus + GNUPGHOME: /etc/openvas/gnupg + LISTENING: 0.0.0.0:80 + volumes: + - openvas_data_vol:/etc/openvas + - openvas_log_data_vol:/var/log/openvas + - gpg_data_vol:/etc/openvas/gnupg + - notus_data_vol:/var/lib/notus + # enable port forwarding when you want to use the http api from your host machine + # ports: + # - 127.0.0.1:3000:80 + depends_on: + vulnerability-tests: + condition: service_completed_successfully + configure-openvas: + condition: service_completed_successfully + gpg-data: + condition: service_completed_successfully + networks: + default: + aliases: + - openvasd ospd-openvas: image: greenbone/ospd-openvas:stable @@ -111,8 +171,6 @@ services: "-f", "--config", "/etc/gvm/ospd-openvas.conf", - "--mqtt-broker-address", - "mqtt-broker", "--notus-feed-dir", "/var/lib/notus/advisories", "-m", @@ -124,6 +182,8 @@ services: - notus_data_vol:/var/lib/notus - ospd_openvas_socket_vol:/run/ospd - redis_socket_vol:/run/redis/ + - openvas_data_vol:/etc/openvas + - openvas_log_data_vol:/var/log/openvas depends_on: redis-server: condition: service_started @@ -131,29 +191,8 @@ services: condition: service_completed_successfully vulnerability-tests: condition: service_completed_successfully - - mqtt-broker: - restart: on-failure - image: greenbone/mqtt-broker - networks: - default: - aliases: - - mqtt-broker - - broker - - notus-scanner: - restart: on-failure - image: greenbone/notus-scanner:stable - volumes: - - notus_data_vol:/var/lib/notus - - gpg_data_vol:/etc/openvas/gnupg - environment: - NOTUS_SCANNER_MQTT_BROKER_ADDRESS: mqtt-broker - NOTUS_SCANNER_PRODUCTS_DIRECTORY: /var/lib/notus/products - depends_on: - - mqtt-broker - - gpg-data - - vulnerability-tests + configure-openvas: + condition: service_completed_successfully gvm-tools: image: greenbone/gvm-tools @@ -177,3 +216,5 @@ volumes: gvmd_socket_vol: ospd_openvas_socket_vol: redis_socket_vol: + openvas_data_vol: + openvas_log_data_vol: