66471934af
Knowledge base of ~80+ markdown files across 14 domains (00-13), Logseq graph, hardware design files (KiCAD), infrastructure configs, and talas-wiki static site. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com> |
||
|---|---|---|
| .. | ||
| defaults | ||
| handlers | ||
| meta | ||
| tasks | ||
| templates | ||
| readme.md | ||
Openvas role
This role will deploy a GVM (Greenbone Vulnerability Management) docker image with a persistent volume. The docker image is hosted on docker hub. The docker container uses the host's mta (exim4) to relay mail alerts.
Prerequisites
- exim4 mta must be installed and configured on the docker server
- The default docker bridge network interface name must be docker0
Mandatory variables
| variable | description |
|---|---|
| openvas_domain_name | openvas fqdn |
| openvas_admin_password | password for the local superadmin user |
Optional variables
| variable | default | description |
|---|---|---|
| openvas_feed_refresh_hour | 6 | The container will restart everyday at specified hour to refresh all feeds (Vulnerabilities, NVTs...) |
| openvas_version | latest | Specific version (Docker Hub tag) |
iptables
Docker internal rules
Docker sets its own iptables rules when starting. This has no impact for custom iptables rules on boot, docker.service starts after filtering.service. However, if you restart filtering.service, you must restart docker.service
Custom rule for mta
You need to set a custom iptables rule if you want openvas container to be able to send emails:
firewall_iptables_config: |
...
-A INPUT -i docker0 -p tcp -m tcp --dport 25 -j ACCEPT
...