How to use omp inside when OpenVAS is running inside Docker container?


#1

Hello,

I am running OpenVAS using Docker image. Performing tests using Greenbone Gui works perfectly by running the container on whichever port is available. Now I would like to run a script which for example can get the tasks which I already created using the GUI. I suppose I have to use omp. Is that true? Furthermore, should I use it inside the container, where OpenVAS is running?

It is also possible that I am misunderstanding the concept and performing tests with the interface is not the same as doing it with the terminal.
Could you please, give me an inside on what the best way doing it is?

Thank you!


#2

Yes and no. If you mean the protocol omp which got renamed to gmp then yes. If you mean the omp client tool than no. This tool got replaced by gvm-tools. For a full API access please take a look at python-gvm which just got its first release

Depends. python-gvm supports several connection types the simplest one is unix sockets which of course must be on the same machine/container for both connection ends.


#3

The problem is that I am using atomicorp/openvas Docker image. I did not build my installation from source code. In this case, could I just install the python library and the tool and connect them to the existing manager and scanner? In my instalation they are openvasmd and openvass.

It is a prerequisite for m to use Docker container, but do not feel okay with installing from the source code.


#4

Of course you can. Just go into your container install pip (the python package installer) and run pip install gvm-tools. Afterwards you can use gvm-cli or gvm-pyshell to connect to openvasmd. openvasmd will be named gvmd in future. Maybe that’s a bit confusing a the moment. I am not sure if openvasmd is already using unix sockets as gvmd will do. Otherwise you have to use tls for the communication with the daemon.


#5

I got the right version of pip and Python. Now I am trying to connect doing the following:

gvm-cli tls --hostname 127.0.0.1 --gmp-username user --gmp-password pass

I got errors:

traceback (most recent call last):
File “/usr/bin/gvm-cli”, line 11, in
sys.exit(main())
File “/usr/lib/python3.4/site-packages/gvmtools/cli.py”, line 251, in main
gvm.authenticate(args.gmp_username, args.gmp_password)
File “/usr/lib/python3.4/site-packages/gvm/protocols/gmpv7.py”, line 197, in authenticate
self._send(cmd.to_string())
File “/usr/lib/python3.4/site-packages/gvm/protocols/base.py”, line 62, in _send
self.connect()
File “/usr/lib/python3.4/site-packages/gvm/protocols/base.py”, line 98, in connect
self._connection.connect()
File “/usr/lib/python3.4/site-packages/gvm/connections.py”, line 282, in connect
self._socket.connect((self.hostname, int(self.port)))
File “/usr/lib64/python3.4/ssl.py”, line 849, in connect
self._real_connect(addr, False)
File “/usr/lib64/python3.4/ssl.py”, line 836, in _real_connect
socket.connect(self, addr)
ConnectionRefusedError: [Errno 111] Connection refused

What could be the reason for that?


#6

I use the atomicorp/openvas docker image and I had a tool on another server that talks through omp with openvas. I had to change how the programs inside the container were started.
I overwrite the default run.sh inside the container with a customized one on the docker host /path/to/run.sh. Under “Restarting services” I have edited two lines:

/usr/sbin/openvasmd --listen=0.0.0.0 --port=9390
/usr/sbin/gsad --mlisten=127.0.0.1 --mport=9390

Then I start the container with something like:
docker create -p 9390:9390 -p 9443:443 -v /path/to/run.sh:/run.sh atomicorp/openvas
And after this I was able to connect over TCP with dockerhost-ip and port 9390.


#7

There are several possible problems:

  • openvasmd/gvmd isn’t listening on the port
  • openvasmd/gvmd isn’t listening on localhost
  • openvasmd/gvmd isn’t using TLS