Quick answer (out of time for today) - the OpenVAS Scanner on a single VM or in a single container
Sure, I run 'm on single VM's - the OpenVAS CLI & Manager would need to share a container (unless I'm reading the diagram wrong and the CLI also uses port 9390 to execute commands on the Manager?) 9390 can be used, the greenbone security assistant does that as well - the Greenbone Security Assistant also in a single container Ok - an optional nginx reverse-proxy VM or container to upstream the Greenbone Security Assistant and terminate TLS No need for a reverse proxy, the latest GSA can do TLS etc' just fine with security headers. Example: gsad -p 443 --listen=0.0.0.0 --mlisten=127.0.0.1 --mport=9390 --ssl-private-key=/etc/ssl/priv.key --ssl-certificate=/etc/ssl/cert.crt --http-sts --gnutls-priorities="NORMAL:-VER S-TLS-ALL:+VERS-TLS1.2:-CIPHER-ALL:+AES-256-CBC" mlisten and mport point towards the manager. Thijs Stuurman Security Operations Center | KPN Internedservices B.V. [email protected] | [email protected] T: +31(0)299476185 | M: +31(0)624366778 PGP Key-ID: 0x16ADC048 (https://pgp.surfnet.nl/) Fingerprint: 2EDB 9B42 D6E8 7D4B 6E02 8BE5 6D46 8007 16AD C048 W: https://www.internedservices.nl | L: https://nl.linkedin.com/in/thijsstuurman -----Oorspronkelijk bericht----- Van: Openvas-discuss [mailto:[email protected]] Namens [email protected] Verzonden: donderdag 18 januari 2018 16:51 Aan: [email protected] Onderwerp: [Openvas-discuss] Decentralization/containerization of OpenVAS components Hello! I'm currently experimenting with running the OpenVAS 'stack' within a Docker container. However, after spotting this diagram: http://www.openvas.org/software.html it seems that a few of the OpenVAS components communicate via TCP/IP, meaning that in theory one might be able to run them in a distrubuted way across different VMs or within different Docker containers? My brief assessment lead me to believe that the following setup might be possible: - the OpenVAS Scanner on a single VM or in a single container - the OpenVAS CLI & Manager would need to share a container (unless I'm reading the diagram wrong and the CLI also uses port 9390 to execute commands on the Manager?) - the Greenbone Security Assistant also in a single container - an optional nginx reverse-proxy VM or container to upstream the Greenbone Security Assistant and terminate TLS Has anyone experimented with this in the past? Are my assumptions correct? Thanks, Kane Valentine _______________________________________________ Openvas-discuss mailing list [email protected] https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss _______________________________________________ Openvas-discuss mailing list [email protected] https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss
