File: base.yaml

package info (click to toggle)
openvas-scanner 23.38.1-1
  • links: PTS, VCS
  • area: main
  • in suites: sid
  • size: 22,468 kB
  • sloc: ansic: 41,621; xml: 6,251; pascal: 3,723; yacc: 1,250; sh: 1,068; makefile: 333; sql: 282; javascript: 12
file content (148 lines) | stat: -rw-r--r-- 4,426 bytes parent folder | download 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
 
name: greenbone-community-edition

services:
  vulnerability-tests:
    image: registry.community.greenbone.net/community/vulnerability-tests
    environment:
      FEED_RELEASE: "24.10"
    volumes:
      - vt_data_vol:/mnt

  notus-data:
    image: registry.community.greenbone.net/community/notus-data
    volumes:
      - notus_data_vol:/mnt

  gpg-data:
    image: registry.community.greenbone.net/community/gpg-data
    volumes:
      - gpg_data_vol:/mnt

  redis-server:
    image: registry.community.greenbone.net/community/redis-server
    deploy:
      resources:
        limits:
          memory: ${OPENVAS_REDIS_MEMORY_LIMIT:-0}
        reservations:
          memory: ${OPENVAS_REDIS_MEMORY_RESERVATION:-0}
      restart_policy:
        condition: ${OPENVAS_REDIS_RESTART_CONDITION:-on-failure}
        delay: '3s'
    volumes:
      - redis_socket_vol:/run/redis/

  # Sets log level of openvas to the set LOG_LEVEL within the env
  # and changes log output to /var/log/openvas instead /var/log/gvm
  # to reduce likelyhood of unwanted log interferences
  configure-openvas-log:
    image: registry.community.greenbone.net/community/openvas-scanner:stable
    volumes:
      - openvas_data_vol:/mnt
      - openvas_log_data_vol:/var/log/openvas
    environment:
      # ERROR -> 4
      # CRITICAL -> 8
      # WARNING -> 16
      # MESSAGE -> 32
      # INFO -> 64
      # DEBUG -> 128
      OPENVAS_LOG_LEVEL: ${OPENVAS_LOG_LEVEL:-64}
    command:
      - /bin/sh
      - -c
      - |
        sed "s/127/$OPENVAS_LOG_LEVEL/" /etc/openvas/openvas_log.conf | sed 's/gvm/openvas/' > /mnt/openvas_log.conf
        chmod 644 /mnt/openvas_log.conf
        touch /var/log/openvas/openvas.log
        chmod 666 /var/log/openvas/openvas.log

  configure-openvas:
    image: registry.community.greenbone.net/community/openvas-scanner:stable
    volumes:
      - openvas_data_vol:/mnt
    environment:
      OPENVASD_PROTOCOL: http
      OPENVASD_PORT: 3000
    command:
      - /bin/sh
      - -c
      - |
        printf "table_driven_lsc = yes\nopenvasd_server = $OPENVASD_PROTOCOL://openvasd:$OPENVASD_PORT\n" > /mnt/openvas.conf
        chmod 644 /mnt/openvas.conf


  # shows logs of openvas
  openvas:
    image: registry.community.greenbone.net/community/openvas-scanner:stable
    restart: on-failure
    volumes:
      - openvas_data_vol:/etc/openvas
      - openvas_log_data_vol:/var/log/openvas
    command:
      - /bin/sh
      - -c
      - |
        cat /etc/openvas/openvas.conf
        tail -f /var/log/openvas/openvas.log
    depends_on:
      configure-openvas-log:
        condition: service_completed_successfully
      configure-openvas:
        condition: service_completed_successfully

  openvasd:
    image: registry.community.greenbone.net/community/openvas-scanner:stable
    # we need privileged because of:
    # setcap cap_net_raw,cap_net_admin+eip /usr/local/sbin/openvas
    privileged: true 
    deploy:
      resources:
        limits:
          memory: ${OPENVASD_MEMORY_LIMIT:-0}
        reservations:
          memory: ${OPENVASD_RESERVATION:-0}
      restart_policy:
        condition: ${OPENVASD_RESTART_CONDITION:-on-failure}
        delay: '3s'
    environment:
      SCANNER_TYPE: openvas
      GNUPGHOME: /etc/openvas/gnupg
      XDG_CACHE_HOME: /var/cache/
      STORAGE_TYPE: ${OPENVAS_SCANNER_STORAGE_TYPE:-fs}
      LISTENING: 0.0.0.0:3000
    volumes:
      - openvas_data_vol:/etc/openvas
      - openvas_log_data_vol:/var/log/openvas
      - gpg_data_vol:/etc/openvas/gnupg
      - notus_data_vol:/var/lib/notus
      - vt_data_vol:/var/lib/openvas/plugins
      - redis_socket_vol:/run/redis/
      - openvasd_cache_vol:/var/cache/
    # enable port forwarding when you want to use the http api from your host machine
    # TODO: configurable
    ports:
      - ${OPENVASD_EXTERNAL_BIND_ADDRESS:-127.0.0.1:3000}:3000
    depends_on:
      vulnerability-tests:
        condition: service_completed_successfully
      configure-openvas-log:
        condition: service_completed_successfully
      configure-openvas:
        condition: service_completed_successfully
      gpg-data:
        condition: service_completed_successfully
    networks:
      default:
        aliases:
          - openvasd

volumes:
  gpg_data_vol:
  vt_data_vol:
  notus_data_vol:
  ospd_openvas_socket_vol:
  redis_socket_vol:
  openvas_data_vol:
  openvas_log_data_vol:
  openvasd_cache_vol: