pcap_next: Could not get a bpf

[picasso566]

This issue really concerns a plugin and not this docker image project and this is a near dupe of #103 and someone else's container here: Secure-Compliance-Solutions-LLC/OpenVAS-Docker#15

Then a more thorough answer here: https://forum.greenbone.net/t/ospd-openvas-dont-have-permission-to-capture-on-that-device/4564
Although I do NOT get the error "Could not capture on that device" so my issue may be completely unrelated.

It could be an issue with a specific plugin and I will check on that, but other's are saying it's a possible permission issue ?

My Actual Question (Which is actually regarding this Docker container project and not the plugin):
What flags can I set for things such as hostname, domain, permissions on specific processes in this docker image?

There are a number of images used in the container and I don't know what applies to which. Some are docker flags and some are specific to the images. I will also try different network modes.

I have not found a definitive answer on this. If anyone has any other clue why this plugin is angry please let me know.

[immauss]

This has been on my mental todo since I read through the greenbone community container docs.

I’m going to assume you are starting from command line, so try adding:

—cap-add NET_ADMIN

[picasso566]

Tried --cap-add NET_ADMIN and it made no difference.
I then tried "--cap-add NET_ADMIN --cap-add NET_RAW" just in case and still have the same issue.

[immauss]

I should have asked ...
Are you using the multi-container setup or single?

[picasso566]

I'm using the single container image

[immauss]

Do you get the same error if you start the container with the "--privileged" option ?

[amiantos]

The official community docker changelog has this line in it now:

Add hostname to ospd-openvas container, to avoid error Could not get a bpf, ethernet address used in non-ether expression

And sure enough in their compose example they have hostname: ospd-openvas.local in it.

I couldn't get the --hostname parameter to work running the container from the CLI, so I downloaded one of the compose files and added hostname to it, and it appears so far to have fixed the issue. It's easy to tell: with the issue, a scan report only ever found port 80 and did nothing essentially. Without the issue, it detects the SSL port. So you know very early on whether or not it worked.

My full compose file after adding hostname:

version: "3"
services:
  openvas:
    ports:
      - "8080:9392"
    environment:
      - "PASSWORD=admin"
      - "USERNAME=admin"
      - "RELAYHOST=172.17.0.1"
      - "SMTPPORT=25"
      - "REDISDBS=512" # number of Redis DBs to use
      - "QUIET=false"  # dump feed sync noise to /dev/null
      - "NEWDB=false"  # only use this for creating a blank DB 
      - "SKIPSYNC=true" # Skips the feed sync on startup.
      - "RESTORE=false"  # This probably not be used from compose... see docs.
      - "DEBUG=false"  # This will cause the container to stop and not actually start gvmd
      - "HTTPS=false"  # wether to use HTTPS or not
      - "GMP=9390"    # to enable see docs
    volumes:
      - "openvas:/data"
    container_name: openvas
    image: immauss/openvas
    hostname: openvas.local
  scannable:
    image: immauss/scannable
    container_name: scannable
volumes:
  openvas:

P.S. Thanks for this project, I used it back in May and it was very easy to get going. Today I tried the community version of docker support and I ran into a lot of issues with it. Then I remembered this project, and despite this little hiccup (which was not the fault of this project) it essentially worked right out of the box again. So, thanks for making this easy!

[righter83]

Is there any attend to implement the hostname in that Image?
i have this error since 6 months. Every time I load the new image and have to reconfigure the hostname:

docker run --detach --publish 8443:9392 -e PASSWORD="XXXX" -e HTTPS=true --volume openvas:/data --name openvas immauss/openvas


nano /var/lib/docker/containers/*/config.v2.json
nano /var/lib/docker/containers/*/hostname

[amiantos]

Is there any attend to implement the hostname in that Image? i have this error since 6 months. Every time I load the new image and have to reconfigure the hostname:

No offense to the owner of this repo, but the other day I discovered that Greenbone Community's official docker-compose is pretty good, if that could be an option for you.

https://greenbone.github.io/docs/latest/22.4/container/index.html

Spoilers:

curl -f -L https://greenbone.github.io/docs/latest/_static/docker-compose-22.4.yml -o docker-compose.yml
docker-compose pull
docker-compose up

That's it, it'll show up at http://127.0.0.1:9392 eventually.

[ciclonite]

Hi, i'm facing with ethernet address used in non-ether expression and Could not get a bpf, but this is related with the hostname? Because i've see that in the latest build the hostname was specified.
Thanks.

[righter83]

Yeah I think that was fixed in docker compose with:
hostname: openvas.local

[ciclonite]

penvas.local

Thank you! I'll a try.