From 5bb35afd202adde894c95b418b1ea360b61d4c0a Mon Sep 17 00:00:00 2001 From: Charles Wyble Date: Sat, 12 Oct 2024 11:33:35 -0400 Subject: [PATCH] bits and bobs --- cosmos/openvas/docker-compose.yml | 227 +++++++++++++++++++++++++++++- cosmos/signoz/docker-compose.yml | 1 + 2 files changed, 227 insertions(+), 1 deletion(-) create mode 100644 cosmos/signoz/docker-compose.yml diff --git a/cosmos/openvas/docker-compose.yml b/cosmos/openvas/docker-compose.yml index ff386e2..b85e40a 100644 --- a/cosmos/openvas/docker-compose.yml +++ b/cosmos/openvas/docker-compose.yml @@ -8,4 +8,229 @@ # securecompliance/gvm:debian-master-data-full \ # securecompliance/gvm:debian-master-data \ # securecompliance/gvm:debian-master-full \ -# securecompliance/gvm:debian-master \ \ No newline at end of file +# securecompliance/gvm:debian-master \ + +services: + vulnerability-tests: + image: registry.community.greenbone.net/community/vulnerability-tests + environment: + STORAGE_PATH: /var/lib/openvas/22.04/vt-data/nasl + volumes: + - vt_data_vol:/mnt + + notus-data: + image: registry.community.greenbone.net/community/notus-data + volumes: + - notus_data_vol:/mnt + + scap-data: + image: registry.community.greenbone.net/community/scap-data + volumes: + - scap_data_vol:/mnt + + cert-bund-data: + image: registry.community.greenbone.net/community/cert-bund-data + volumes: + - cert_data_vol:/mnt + + dfn-cert-data: + image: registry.community.greenbone.net/community/dfn-cert-data + volumes: + - cert_data_vol:/mnt + depends_on: + - cert-bund-data + + data-objects: + image: registry.community.greenbone.net/community/data-objects + volumes: + - data_objects_vol:/mnt + + report-formats: + image: registry.community.greenbone.net/community/report-formats + volumes: + - data_objects_vol:/mnt + depends_on: + - data-objects + + gpg-data: + image: registry.community.greenbone.net/community/gpg-data + volumes: + - gpg_data_vol:/mnt + + redis-server: + image: registry.community.greenbone.net/community/redis-server + restart: on-failure + volumes: + - redis_socket_vol:/run/redis/ + + pg-gvm: + image: registry.community.greenbone.net/community/pg-gvm:stable + restart: on-failure + volumes: + - psql_data_vol:/var/lib/postgresql + - psql_socket_vol:/var/run/postgresql + + gvmd: + image: registry.community.greenbone.net/community/gvmd:stable + restart: on-failure + volumes: + - gvmd_data_vol:/var/lib/gvm + - scap_data_vol:/var/lib/gvm/scap-data/ + - cert_data_vol:/var/lib/gvm/cert-data + - data_objects_vol:/var/lib/gvm/data-objects/gvmd + - vt_data_vol:/var/lib/openvas/plugins + - psql_data_vol:/var/lib/postgresql + - gvmd_socket_vol:/run/gvmd + - ospd_openvas_socket_vol:/run/ospd + - psql_socket_vol:/var/run/postgresql + depends_on: + pg-gvm: + condition: service_started + scap-data: + condition: service_completed_successfully + cert-bund-data: + condition: service_completed_successfully + dfn-cert-data: + condition: service_completed_successfully + data-objects: + condition: service_completed_successfully + report-formats: + condition: service_completed_successfully + + gsa: + image: registry.community.greenbone.net/community/gsa:stable + restart: on-failure + ports: + - 127.0.0.1:9392:80 + volumes: + - gvmd_socket_vol:/run/gvmd + depends_on: + - gvmd + # Sets log level of openvas to the set LOG_LEVEL within the env + # and changes log output to /var/log/openvas instead /var/log/gvm + # to reduce likelyhood of unwanted log interferences + configure-openvas: + image: registry.community.greenbone.net/community/openvas-scanner:stable + volumes: + - openvas_data_vol:/mnt + - openvas_log_data_vol:/var/log/openvas + command: + - /bin/sh + - -c + - | + printf "table_driven_lsc = yes\nopenvasd_server = http://openvasd:80\n" > /mnt/openvas.conf + sed "s/127/128/" /etc/openvas/openvas_log.conf | sed 's/gvm/openvas/' > /mnt/openvas_log.conf + chmod 644 /mnt/openvas.conf + chmod 644 /mnt/openvas_log.conf + touch /var/log/openvas/openvas.log + chmod 666 /var/log/openvas/openvas.log + + # shows logs of openvas + openvas: + image: registry.community.greenbone.net/community/openvas-scanner:stable + restart: on-failure + volumes: + - openvas_data_vol:/etc/openvas + - openvas_log_data_vol:/var/log/openvas + command: + - /bin/sh + - -c + - | + cat /etc/openvas/openvas.conf + tail -f /var/log/openvas/openvas.log + depends_on: + configure-openvas: + condition: service_completed_successfully + + openvasd: + image: registry.community.greenbone.net/community/openvas-scanner:stable + restart: on-failure + environment: + # `service_notus` is set to disable everything but notus, + # if you want to utilize openvasd directly removed `OPENVASD_MODE` + OPENVASD_MODE: service_notus + GNUPGHOME: /etc/openvas/gnupg + LISTENING: 0.0.0.0:80 + volumes: + - openvas_data_vol:/etc/openvas + - openvas_log_data_vol:/var/log/openvas + - gpg_data_vol:/etc/openvas/gnupg + - notus_data_vol:/var/lib/notus + # enable port forwarding when you want to use the http api from your host machine + # ports: + # - 127.0.0.1:3000:80 + depends_on: + vulnerability-tests: + condition: service_completed_successfully + configure-openvas: + condition: service_completed_successfully + gpg-data: + condition: service_completed_successfully + networks: + default: + aliases: + - openvasd + + ospd-openvas: + image: registry.community.greenbone.net/community/ospd-openvas:stable + restart: on-failure + hostname: ospd-openvas.local + cap_add: + - NET_ADMIN # for capturing packages in promiscuous mode + - NET_RAW # for raw sockets e.g. used for the boreas alive detection + security_opt: + - seccomp=unconfined + - apparmor=unconfined + command: + [ + "ospd-openvas", + "-f", + "--config", + "/etc/gvm/ospd-openvas.conf", + "--notus-feed-dir", + "/var/lib/notus/advisories", + "-m", + "666" + ] + volumes: + - gpg_data_vol:/etc/openvas/gnupg + - vt_data_vol:/var/lib/openvas/plugins + - notus_data_vol:/var/lib/notus + - ospd_openvas_socket_vol:/run/ospd + - redis_socket_vol:/run/redis/ + - openvas_data_vol:/etc/openvas/ + - openvas_log_data_vol:/var/log/openvas + depends_on: + redis-server: + condition: service_started + gpg-data: + condition: service_completed_successfully + vulnerability-tests: + condition: service_completed_successfully + configure-openvas: + condition: service_completed_successfully + + gvm-tools: + image: registry.community.greenbone.net/community/gvm-tools + volumes: + - gvmd_socket_vol:/run/gvmd + - ospd_openvas_socket_vol:/run/ospd + depends_on: + - gvmd + - ospd-openvas + +volumes: + gpg_data_vol: + scap_data_vol: + cert_data_vol: + data_objects_vol: + gvmd_data_vol: + psql_data_vol: + vt_data_vol: + notus_data_vol: + psql_socket_vol: + gvmd_socket_vol: + ospd_openvas_socket_vol: + redis_socket_vol: + openvas_data_vol: + openvas_log_data_vol: \ No newline at end of file diff --git a/cosmos/signoz/docker-compose.yml b/cosmos/signoz/docker-compose.yml new file mode 100644 index 0000000..65300e8 --- /dev/null +++ b/cosmos/signoz/docker-compose.yml @@ -0,0 +1 @@ +#signoz docker compose for tsys \ No newline at end of file