I have also shared this over at Marius Hosting
First ensure that python3 pip3 is installed on your synology appliance by connecting to your device via ssh and running
sudo python3 -m ensurepip.
Next create the following directories on your synology:
- /volume1/docker/gsm/gpg_data_vol
- /volume1/docker/gsm/scap_data_vol
- /volume1/docker/gsm/cert_data_vol
- /volume1/docker/gsm/data_objects_vol
- /volume1/docker/gsm/gvmd_data_vol
- /volume1/docker/gsm/psql_data_vol
- /volume1/docker/gsm/vt_data_vol
- /volume1/docker/gsm/notus_data_vol
- /volume1/docker/gsm/psql_socket_vol
- /volume1/docker/gsm/gvmd_socket_vol
- /volume1/docker/gsm/ospd_openvas_socket_vol
- /volume1/docker/gsm/redis_socket_vol
Finally create a stack in portainer using the following docker compose after startup you can access at http://YOURIP:9392 using default un/pw: admin/admin
After first startup, it may take 1-2 hours to download the initial vulnerability feed.
services:
vulnerability-tests:
image: greenbone/vulnerability-tests
environment:
STORAGE_PATH: /var/lib/openvas/22.04/vt-data/nasl
volumes:
- vt_data_vol:/mnt
notus-data:
image: greenbone/notus-data
volumes:
- notus_data_vol:/mnt
scap-data:
image: greenbone/scap-data
volumes:
- scap_data_vol:/mnt
cert-bund-data:
image: greenbone/cert-bund-data
volumes:
- cert_data_vol:/mnt
dfn-cert-data:
image: greenbone/dfn-cert-data
volumes:
- cert_data_vol:/mnt
depends_on:
- cert-bund-data
data-objects:
image: greenbone/data-objects
volumes:
- data_objects_vol:/mnt
report-formats:
image: greenbone/report-formats
volumes:
- data_objects_vol:/mnt
depends_on:
- data-objects
gpg-data:
image: greenbone/gpg-data
volumes:
- gpg_data_vol:/mnt
redis-server:
image: greenbone/redis-server
restart: on-failure
volumes:
- redis_socket_vol:/run/redis/
pg-gvm:
image: greenbone/pg-gvm:stable
restart: on-failure
volumes:
- psql_data_vol:/var/lib/postgresql
- psql_socket_vol:/var/run/postgresql
gvmd:
image: greenbone/gvmd:stable
restart: on-failure
volumes:
- gvmd_data_vol:/var/lib/gvm
- scap_data_vol:/var/lib/gvm/scap-data/
- cert_data_vol:/var/lib/gvm/cert-data
- data_objects_vol:/var/lib/gvm/data-objects/gvmd
- vt_data_vol:/var/lib/openvas/plugins
- psql_data_vol:/var/lib/postgresql
- gvmd_socket_vol:/run/gvmd
- ospd_openvas_socket_vol:/run/ospd
- psql_socket_vol:/var/run/postgresql
depends_on:
pg-gvm:
condition: service_started
scap-data:
condition: service_completed_successfully
cert-bund-data:
condition: service_completed_successfully
dfn-cert-data:
condition: service_completed_successfully
data-objects:
condition: service_completed_successfully
report-formats:
condition: service_completed_successfully
gsa:
image: greenbone/gsa:stable
restart: on-failure
ports:
- 9392:9392
volumes:
- gvmd_socket_vol:/run/gvmd
depends_on:
- gvmd
ospd-openvas:
image: greenbone/ospd-openvas:stable
restart: on-failure
init: true
hostname: ospd-openvas.local
cap_add:
- NET_ADMIN # for capturing packages in promiscuous mode
- NET_RAW # for raw sockets e.g. used for the boreas alive detection
security_opt:
- seccomp=unconfined
- apparmor=unconfined
command:
[
"ospd-openvas",
"-f",
"--config",
"/etc/gvm/ospd-openvas.conf",
"--mqtt-broker-address",
"mqtt-broker",
"--notus-feed-dir",
"/var/lib/notus/advisories",
"-m",
"666"
]
volumes:
- gpg_data_vol:/etc/openvas/gnupg
- vt_data_vol:/var/lib/openvas/plugins
- notus_data_vol:/var/lib/notus
- ospd_openvas_socket_vol:/run/ospd
- redis_socket_vol:/run/redis/
depends_on:
redis-server:
condition: service_started
gpg-data:
condition: service_completed_successfully
vulnerability-tests:
condition: service_completed_successfully
mqtt-broker:
restart: on-failure
image: greenbone/mqtt-broker
# ports:
# - 1883:1883
networks:
default:
aliases:
- mqtt-broker
- broker
notus-scanner:
restart: on-failure
image: greenbone/notus-scanner:stable
volumes:
- notus_data_vol:/var/lib/notus
- gpg_data_vol:/etc/openvas/gnupg
environment:
NOTUS_SCANNER_MQTT_BROKER_ADDRESS: mqtt-broker
NOTUS_SCANNER_PRODUCTS_DIRECTORY: /var/lib/notus/products
depends_on:
- mqtt-broker
- gpg-data
- vulnerability-tests
gvm-tools:
image: greenbone/gvm-tools
volumes:
- gvmd_socket_vol:/run/gvmd
- ospd_openvas_socket_vol:/run/ospd
depends_on:
- gvmd
- ospd-openvas
volumes:
gpg_data_vol:
driver: local
driver_opts:
type: 'none'
o: 'bind'
device: '/volume1/docker/gsm/gpg_data_vol'
scap_data_vol:
driver: local
driver_opts:
type: 'none'
o: 'bind'
device: '/volume1/docker/gsm/scap_data_vol'
cert_data_vol:
driver: local
driver_opts:
type: 'none'
o: 'bind'
device: '/volume1/docker/gsm/cert_data_vol'
data_objects_vol:
driver: local
driver_opts:
type: 'none'
o: 'bind'
device: '/volume1/docker/gsm/data_objects_vol'
gvmd_data_vol:
driver: local
driver_opts:
type: 'none'
o: 'bind'
device: '/volume1/docker/gsm/gvmd_data_vol'
psql_data_vol:
driver: local
driver_opts:
type: 'none'
o: 'bind'
device: '/volume1/docker/gsm/psql_data_vol'
vt_data_vol:
driver: local
driver_opts:
type: 'none'
o: 'bind'
device: '/volume1/docker/gsm/vt_data_vol'
notus_data_vol:
driver: local
driver_opts:
type: 'none'
o: 'bind'
device: '/volume1/docker/gsm/notus_data_vol'
psql_socket_vol:
driver: local
driver_opts:
type: 'none'
o: 'bind'
device: '/volume1/docker/gsm/psql_socket_vol'
gvmd_socket_vol:
driver: local
driver_opts:
type: 'none'
o: 'bind'
device: '/volume1/docker/gsm/gvmd_socket_vol'
ospd_openvas_socket_vol:
driver: local
driver_opts:
type: 'none'
o: 'bind'
device: '/volume1/docker/gsm/ospd_openvas_socket_vol'
redis_socket_vol:
driver: local
driver_opts:
type: 'none'
o: 'bind'
device: '/volume1/docker/gsm/redis_socket_vol'
Nicholas Saraniti 