/greenbone-openvas-makejail

Greenbone OpenVAS AppJail-makejail container

Primary LanguageShellBSD 3-Clause "New" or "Revised" LicenseBSD-3-Clause

greenbone-openvas-makejail

Greenbone-OpenVAS-MakeJail is a AppJail file (AppJail-makejail) used by deploy a testing Greenbone OpenVAS All-in-one infrastructure on FreeBSD. The principal goals are helps us to fast way install, configure and run Greenbone OpenVAS components. Take on mind this container as is must be used by testing/learning purpose and it is not recommended for production because it has a minimal configuration for run Greenbone Suite.

image

image

Requirements

Before you can install greenbone-openvas using this makejail you need some initial configurations

Enable Packet filter

We need add somes lines to /etc/rc.conf

# sysrc pf_enable="YES"
# sysrc pflog_enable="YES"

# cat << "EOF" >> /etc/pf.conf
nat-anchor 'appjail-nat/jail/*'
nat-anchor "appjail-nat/network/*"
rdr-anchor "appjail-rdr/*"
EOF
# service pf reload
# service pf restart
# service pflog restart

rdr-anchor section is necessary for use dynamic redirect from jails

Enable forwarding

# sysrc gateway_enable="YES"
# sysctl net.inet.ip.forwarding=1

Add devfs rules

Some openvas scanner tasks need access to /dev/bpf device. Add the following lines to /etc/devfs.rules

[devfsrules_jail=10]
add include $devfsrules_hide_all
add include $devfsrules_unhide_basic
add include $devfsrules_unhide_login
add path 'bpf' unhide mode 0660 group 272 unhide

Bootstrap a FreeBSD version

Before you can begin creating containers, AppJail needs fetch and extract components for create jails. If you are creating FreeBSD jails it must be a version equal or lesser than your host version. In this example we will create a 13.2-RELEASE bootstrap

# appjail fetch

Create a virtualnet

Create a virtualnet for add greenbone jail to it from greenbone-openvas-makejail

# appjail network add greenbone-net 10.0.0.0/24

it will create a bridge named greenbone-net in where greenbone jail epair interfaces will be attached. By default greenbone-openvas-makejail will use NAT for internet outbound. Do not forget added a pass rule to /etc/pf.conf because greenbone-openvas-makefile will try to download and install packages and some another resources for configuration of greenbone services

pass out quick on greenbone-net inet proto { tcp udp } from 10.0.0.2 to any

Create a lightweight container system

Create a container named greenbone with a private IP address 10.0.0.2. Take on mind IP address must be part of greenbone-net network

# appjail makejail -f gh+alonsobsd/greenbone-openvas-makejail -j greenbone -- --network greenbone-net --greenbone_ip 10.0.0.2

When it is done you will see credentials info for connect to gsad/gsa via web browser.

################################################ 
 Greenbone OpenVAS admin credential                
 Hostname : https://jail-host-ip   
 Username : admin                                 
 Password : @hkXudpIp93xbIOvD                     
################################################

Keep it to another secure place

License

This project is licensed under the BSD-3-Clause license.