falkowich/gvm10-docker

[question] arachni: is it really necessary

Closed this issue · 9 comments

kmahyyg commented

So sorry, is the scanner going to use arachni or not? why you all trying to install it?

kmahyyg commented

I see this from mikesplain/openvas-docker and checked arachni doesn't have any new release, maybe you could just include this into your dockerfile:

RUN wget -q https://github.com/Arachni/arachni/releases/download/v1.5.1/arachni-1.5.1-0.5.12-linux-x86_64.tar.gz && \
    tar -zxf arachni-1.5.1-0.5.12-linux-x86_64.tar.gz && \
    mv arachni-1.5.1-0.5.12 /opt/arachni && \
    ln -s /opt/arachni/bin/* /usr/local/bin/ && \
    rm -rf arachni*
falkowich commented

So sorry, is the scanner going to use arachni or not? why you all trying to install it?

Hi, I had it on my old "setting" with a non docker installation, that's why is stand in the "todo" segment still :)

I haven't really decided yet if it is needed. Or any other 3rd party integration is better for pure web vuln/config scanning.

All thoughts are welcome here.

kmahyyg commented

I don't know too much about how did it integrate with GVM and didn't know too much about GVM. That's why I ask this question.
If the web vul. scanner inside OpenVAS scanner is enough, why we need it?

Thanks for your patience.

kmahyyg commented

I created a fork, and trying to build it directly using docker hub public CI machine. I REALLY think you should check the quality of your code. It even doesn't have the dependencies for build the docker image(even doesn't have curl and wget?! EXCUSE ME?!). By the way, the pgsql doesn't initialized correctly and you never write error recovery handler for pgsql after docker container restart.

Also docker is no-daemon design. Please stop using init.d/systemd even it is working....

What I see is a green passed automated building in your repo's readme and cannot be reproduced. It's irresponsible open-source.

falkowich commented

I created a fork, and trying to build it directly using docker hub public CI machine. I REALLY think you should check the quality of your code. It even doesn't have the dependencies for build the docker image(even doesn't have curl and wget?! EXCUSE ME?!). By the way, the pgsql doesn't initialized correctly and you never write error recovery handler for pgsql after docker container restart.

Hi,

I didn't see any use for curl and wget in the container, but perhaps I was wrong?
What did you want to use it for, if I may ask?

Also docker is no-daemon design. Please stop using init.d/systemd even it is working....

There I'm guilty with a "no best practice". But as you said, it works, but this should be fixed :)
Is you want it would be really nice with a PR that makes it compliant with docker best practices.

What I see is a green passed automated building in your repo's readme and cannot be reproduced. It's irresponsible open-source.

I'll started an build from docker hub now. Perhaps I've committed something that broke the psql image.
Only the "edge" tag is on autobuild on every commit.

I'm really sorry that you feel so offended by my work, but I'll do my best to fix it :)
If you want it would be great with a PR so that we can make it better for everyone.

--
Regards Falk

kmahyyg commented

curl used here:

gvm10-docker/psql/Dockerfile

Line 71 in 309a910

RUN curl --silent --show-error https://dl.yarnpkg.com/debian/pubkey.gpg | apt-key add - ;\

wget used here:

gvm10-docker/psql/Dockerfile

Line 79 in 309a910

wget -O gvm-libs-10.0.0.tar.gz https://github.com/greenbone/gvm-libs/archive/v10.0.0.tar.gz ;\

I'll open a PR when I'm not that busy.

falkowich commented

curl used here:

gvm10-docker/psql/Dockerfile

Line 71 in 309a910

RUN curl --silent --show-error https://dl.yarnpkg.com/debian/pubkey.gpg | apt-key add - ;\

wget used here:

gvm10-docker/psql/Dockerfile

Line 79 in 309a910

wget -O gvm-libs-10.0.0.tar.gz https://github.com/greenbone/gvm-libs/archive/v10.0.0.tar.gz ;\

I'll open a PR when I'm not that busy.

Ah, sorry I was writing before I was thinking.
Both curl and wget is installed in the Dockerfiles?

And the builds worked on Dockerhub. So I'm really sorry that it didn't work for you.

image

But I'll create two new issues.
One about Postgresql and daemons and the other on codecleanup.
Perhaps one where we can select 3rd party tools to include?

I close this issue, and continue in the new ones. I hope that this is ok for you

--
Regards Falk

kmahyyg commented

curl used here:

gvm10-docker/psql/Dockerfile

Line 71 in 309a910

RUN curl --silent --show-error https://dl.yarnpkg.com/debian/pubkey.gpg | apt-key add - ;\

wget used here:

gvm10-docker/psql/Dockerfile

Line 79 in 309a910

wget -O gvm-libs-10.0.0.tar.gz https://github.com/greenbone/gvm-libs/archive/v10.0.0.tar.gz ;\

I'll open a PR when I'm not that busy.

Ah, sorry I was writing before I was thinking.
Both curl and wget is installed in the Dockerfiles?

And the builds worked on Dockerhub. So I'm really sorry that it didn't work for you.

image

But I'll create two new issues.
One about Postgresql and daemons and the other on codecleanup.
Perhaps one where we can select 3rd party tools to include?

I close this issue, and continue in the new ones. I hope that this is ok for you

Regards Falk

83B995AA-FE8D-4356-BF8A-A08B1FD5DF95
74D8E081-4361-4485-BB2F-12C2B4615F12

falkowich commented

Aah,
Did you pull an "old" branch?
I have everything in master, so now I removed the old dev branches so that problem "should" be solved.

As I write in the readme, I haven't found a good workflow yet.
Does it work when you fork the master branch?

[edit]
I created the new issues and then I work from there.
[/edit]

--
Regards Falk