Merge pull request #213 from Secure-Compliance-Solutions-LLC/dev

Move to Alpine Image

.dockerignore

@@ -0,0 +1,7 @@
+*
+!apk-build/target/
+!apk-build/user.abuild/*.pub
+!config/
+!gvm-sync-data/
+!report_formats/
+!scripts/*.sh

.gitmodules

@@ -0,0 +1,4 @@
+[submodule "apk-build"]
+	path = apk-build
+	url = [email protected]:Secure-Compliance-Solutions-LLC/GVM-APK-build
+	branch = master

Dockerfile

@@ -1,161 +1,126 @@
-FROM ubuntu:20.10
-
-ENV DEBIAN_FRONTEND=noninteractive
-ENV LANG=C.UTF-8
-
-COPY install-pkgs.sh /install-pkgs.sh
-
-RUN bash /install-pkgs.sh
-
-ENV gvm_libs_version="v21.4.0" \
-    openvas_scanner_version="v21.4.0" \
-    #pggvm_version="fa973261bee877590e0d0096eb0f9213a38a7965" \
-    gvmd_version="v21.4.0" \
-    gsa_version="v21.4.0" \
-    gvm_tools_version="21.1.0" \
-    openvas_smb="v21.4.0" \
-    open_scanner_protocol_daemon="v21.4.0" \
-    ospd_openvas="v21.4.0" \
-    python_gvm_version="21.1.3"
-
-    #
-    # install libraries module for the Greenbone Vulnerability Management Solution
-    #
-
-RUN mkdir /build && \
-    cd /build && \
-    wget --no-verbose https://github.com/greenbone/gvm-libs/archive/$gvm_libs_version.tar.gz && \
-    tar -zxf $gvm_libs_version.tar.gz && \
-    cd /build/*/ && \
-    mkdir build && \
-    cd build && \
-    cmake -DCMAKE_BUILD_TYPE=Release .. && \
-    make && \
-    make install && \
-    cd / && \
-    rm -rf /build
-
-    #
-    # install smb module for the OpenVAS Scanner
-    #
-
-RUN mkdir /build && \
-    cd /build && \
-    wget --no-verbose https://github.com/greenbone/openvas-smb/archive/$openvas_smb.tar.gz && \
-    tar -zxf $openvas_smb.tar.gz && \
-    cd /build/*/ && \
-    mkdir build && \
-    cd build && \
-    cmake -DCMAKE_BUILD_TYPE=Release .. && \
-    make && \
-    make install && \
-    cd / && \
-    rm -rf /build
-
-    #
-    # Install Greenbone Vulnerability Manager (GVMD)
-    #
-
-RUN mkdir /build && \
-    cd /build && \
-    wget --no-verbose https://github.com/greenbone/gvmd/archive/$gvmd_version.tar.gz && \
-    tar -zxf $gvmd_version.tar.gz && \
-    cd /build/*/ && \
-    mkdir build && \
-    cd build && \
-    cmake -DCMAKE_BUILD_TYPE=Release .. && \
-    make && \
-    make install && \
-    cd / && \
-    rm -rf /build
-
-    #
-    # Install Open Vulnerability Assessment System (OpenVAS) Scanner of the Greenbone Vulnerability Management (GVM) Solution
-    #
-
-RUN mkdir /build && \
-    cd /build && \
-    wget --no-verbose https://github.com/greenbone/openvas-scanner/archive/$openvas_scanner_version.tar.gz && \
-    tar -zxf $openvas_scanner_version.tar.gz && \
-    cd /build/*/ && \
-    mkdir build && \
-    cd build && \
-    cmake -DCMAKE_BUILD_TYPE=Release .. && \
-    make && \
-    make install && \
-    cd / && \
-    rm -rf /build
-
-    #
-    # Install Greenbone Security Assistant (GSA)
-    #
-
-RUN mkdir /build && \
-    cd /build && \
-    wget --no-verbose https://github.com/greenbone/gsa/archive/$gsa_version.tar.gz && \
-    tar -zxf $gsa_version.tar.gz && \
-    # https://github.com/Secure-Compliance-Solutions-LLC/GVM-Docker/issues/115
-    sed -i 's/300000/90000000/g' /build/*/gsa/src/gmp/gmpsettings.js && \
-    find /build/ -type f -exec sed -i 's/timeout: 30000/timeout: 9000000/g' {} \; && \
-    find /build/ -type f -exec sed -i 's/expect(settings.timeout).toEqual(30000)/expect(settings.timeout).toEqual(9000000)/g' {} \; && \
-    cd /build/*/ && \
-    mkdir build && \
-    cd build && \
-    cmake -DCMAKE_BUILD_TYPE=Release .. && \
-    make && \
-    make install && \
-    cd / && \
-    rm -rf /build
-
-    #
-    # Install Greenbone Vulnerability Management Python Library
-    #
-
-RUN pip3 install python-gvm==$python_gvm_version
-
-    #
-    # Install Open Scanner Protocol daemon (OSPd)
-    #
-
-RUN mkdir /build && \
-    cd /build && \
-    wget --no-verbose https://github.com/greenbone/ospd/archive/$open_scanner_protocol_daemon.tar.gz && \
-    tar -zxf $open_scanner_protocol_daemon.tar.gz && \
-    cd /build/*/ && \
-    python3 setup.py install && \
-    cd / && \
-    rm -rf /build
-
-    #
-    # Install Open Scanner Protocol for OpenVAS
-    #
-
-RUN mkdir /build && \
-    cd /build && \
-    wget --no-verbose https://github.com/greenbone/ospd-openvas/archive/$ospd_openvas.tar.gz && \
-    tar -zxf $ospd_openvas.tar.gz && \
-    cd /build/*/ && \
-    python3 setup.py install && \
-    cd / && \
-    rm -rf /build
-
-    #
-    # Install GVM-Tools
-    #
-
-RUN pip3 install gvm-tools==$gvm_tools_version && \
-    echo "/usr/local/lib" > /etc/ld.so.conf.d/openvas.conf && ldconfig && cd / && rm -rf /build
+FROM alpine:3
 
-COPY report_formats/* /report_formats/
+EXPOSE 22 5432 8081 9392
+
+ENTRYPOINT [ "/entrypoint.sh" ]
+CMD ["/usr/bin/supervisord", "-n", "-c", "/etc/supervisord.conf"]
+
+ARG SUPVISD=supervisorctl
+ARG GVMD_USER
+ARG GVMD_PASSWORD
+ARG USERNAME=admin
+ARG PASSWORD=adminpassword
+ARG TIMEOUT=15
+ARG DEBUG=N
+ARG RELAYHOST=smtp
+ARG SMTPPORT=25
+ARG AUTO_SYNC=true
+ARG HTTPS=true
+ARG TZ=Etc/UTC
+ARG SSHD=false
+ARG DB_PASSWORD=none
+
+
+RUN mkdir -p /repo/main \
+    && mkdir -p /repo/community
+
+COPY apk-build/target/ /repo/
+COPY apk-build/user.abuild/*.pub /etc/apk/keys/
+
+ENV SUPVISD=${SUPVISD:-supervisorctl} \
+    USERNAME=${GVMD_USER:-${USERNAME:-admin}} \
+    PASSWORD=${GVMD_PASSWORD:-${PASSWORD:-admin}} \
+    TIMEOUT=${TIMEOUT:-15} \
+    DEBUG=${DEBUG:-N} \
+    RELAYHOST=${RELAYHOST:-smtp} \
+    SMTPPORT=${SMTPPORT:-25} \
+    AUTO_SYNC=${AUTO_SYNC:-true} \
+    HTTPS=${HTTPS:-true} \
+    TZ=${TZ:-Etc/UTC} \
+    SSHD=${SSHD:-false} \
+    DB_PASSWORD=${DB_PASSWORD:-none} \
+    LANG=en_US.UTF-8 \
+    LANGUAGE=en_US.UTF-8 \
+    LC_ALL=en_US.UTF-8
 
-COPY greenbone-feed-sync-patch.txt /greenbone-feed-sync-patch.txt
 
-RUN patch /usr/local/sbin/greenbone-feed-sync /greenbone-feed-sync-patch.txt
+ENV MUSL_LOCPATH="/usr/share/i18n/locales/musl"
 
-COPY sshd_config /sshd_config
 
+RUN { \
+    echo '@custcom /repo/community/'; \
+    echo 'https://dl-5.alpinelinux.org/alpine/v3.14/main/' ; \
+    echo 'https://dl-5.alpinelinux.org/alpine/v3.14/community/' ;\
+    echo 'https://dl-4.alpinelinux.org/alpine/v3.14/main/' ; \
+    echo 'https://dl-4.alpinelinux.org/alpine/v3.14/community/' ;\
+    echo 'https://dl-cdn.alpinelinux.org/alpine/v3.14/main/' ; \
+    echo 'https://dl-cdn.alpinelinux.org/alpine/v3.14/community/' ; \
+    } >/etc/apk/repositories \
+    && cat /etc/apk/repositories \
+    && apk upgrade --no-cache --available \
+    # install libintl
+    # then install dev dependencies for musl-locales
+    # clone the sources
+    # build and install musl-locales
+    # remove sources and compile artifacts
+    # lastly remove dev dependencies again
+    && apk --no-cache add libintl \
+    && apk --no-cache --virtual .locale_build add cmake make musl-dev gcc gettext-dev git \
+    && git clone https://gitlab.com/rilian-la-te/musl-locales \
+    && cd musl-locales && cmake -DLOCALE_PROFILE=OFF -DCMAKE_INSTALL_PREFIX:PATH=/usr . && make && make install \
+    && cd .. && rm -r musl-locales \
+    && apk del --no-cache .locale_build \
+    && sleep 10 \
+    && apk add --no-cache --allow-untrusted logrotate curl wget su-exec tzdata postfix mailx bash openssh supervisor openssh-client-common libxslt xmlstarlet zip sshpass socat net-snmp-tools samba-client py3-lxml py3-gvm@custcom openvas@custcom openvas-smb@custcom openvas-config@custcom gvmd@custcom gvm-libs@custcom greenbone-security-assistant@custcom ospd-openvas@custcom \
+    && mkdir -p /var/log/supervisor/ \
+    && su -c "mkdir /var/lib/gvm/.ssh/ && chmod 700 /var/lib/gvm/.ssh/ && touch /var/lib/gvm/.ssh/authorized_keys && chmod 644 /var/lib/gvm/.ssh/authorized_keys" gvm 
+
+COPY gvm-sync-data/gvm-sync-data.tar.xz /opt/gvm-sync-data.tar.xz
 COPY scripts/* /
+COPY report_formats/* /report_formats/
+COPY config/supervisord.conf /etc/supervisord.conf
+COPY config/logrotate-gvm.conf /etc/logrotate.d/gvm
+COPY config/redis-openvas.conf /etc/redis.conf
+
+
+ARG SETUP=0
+ARG OPT_PDF=0
+ENV SETUP=${SETUP:-0} \
+    OPT_PDF=${OPT_PDF:-0}
+
+RUN env \
+    && if [ "${SETUP}" == "1" ]; then \
+    ln -snf "/usr/share/zoneinfo/$TZ" /etc/localtime && echo "$TZ" >/etc/timezone \
+    && /usr/bin/supervisord -c /etc/supervisord.conf || true ; \
+    unset SETUP ;\
+    fi \
+    && rm -rfv /var/lib/gvm/CA || true \
+    && rm -rfv /var/lib/gvm/private || true \
+    && rm /etc/localtime || true\
+    && echo "Etc/UTC" >/etc/timezone \
+    && rm -rfv /tmp/* /var/cache/apk/* \
+    && echo "!!! FINISH Setup !!!"
+ENV SETUP=0
+
+# Addons
+RUN if [ "${OPT_PDF}" == "1" ]; then apk add --no-cache --allow-untrusted texlive texmf-dist-latexextra texmf-dist-fontsextra ; fi 
 
-RUN chmod +x /*.sh
+VOLUME [ "/opt/database", "/var/lib/openvas/plugins", "/var/lib/gvm", "/etc/ssh" ]
 
-CMD '/start.sh'
+#
+#   Owned by User gvm
+#
+#       /run/ospd
+#       /var/lib/openvas/plugins
+#       /var/lib/gvm
+#       /var/lib/gvm/gvmd
+#       /var/lib/gvm/gvmd/gnupg
+#       /var/log/gvm
+#
+#   Owned by Group gvm
+#
+#       /run/ospd
+#       /var/lib/gvm
+#       /var/lib/gvm/gvmd
+#       /var/lib/gvm/gvmd/gnupg
+#

Makefile

@@ -0,0 +1,19 @@
+SHELL:=/bin/bash
+PWD ?= $(PWD)
+
+.DEFAULT_GOAL := all
+
+all: apkbuild build
+
+.PHONY: apkbuild
+apkbuild:
+	cd ${PWD}/apk-build ; \
+	make build
+
+.PHONY: build
+build: 
+	cd ${PWD} ; \
+	docker build -t securecompliance/gvm:no-data -t securecompliance/gvm:latest . ; \
+	docker build --build-arg OPT_PDF=1 -t securecompliance/gvm:no-data-full . ; \
+	docker build --build-arg SETUP=1 -t securecompliance/gvm:data . ; 
+	docker build --build-arg SETUP=1 --build-arg OPT_PDF=1 -t securecompliance/gvm:data-full . ; 

config/logrotate-gvm.conf

@@ -0,0 +1,21 @@
+/var/log/gvm/*.log {
+    missingok
+    notifempty
+    size 50M
+    copytruncate
+    sharedscripts
+    dateext
+    rotate 5
+    compress
+}
+
+#/var/log/supervisor/*.log {
+#    missingok
+#    notifempty
+#    size 50M
+#    copytruncate
+#    sharedscripts
+#    dateext
+#    rotate 5
+#    compress
+#}