This role will deploy a GVM (Greenbone Vulnerability Management) docker image with a persistent volume. The docker image is hosted on docker hub. The docker container uses the host's mta (exim4) to relay mail alerts.
| variable | description |
|---|---|
| openvas_domain_name | openvas fqdn |
| openvas_admin_password | password for the local superadmin user |
| variable | default | description |
|---|---|---|
| openvas_feed_refresh_hour | 6 | The container will restart everyday at specified hour to refresh all feeds (Vulnerabilities, NVTs...) |
| openvas_version | latest | Specific version (Docker Hub tag) |
Docker sets its own iptables rules when starting. This has no impact for custom iptables rules on boot, docker.service starts after filtering.service. However, if you restart filtering.service, you must restart docker.service
You need to set a custom iptables rule if you want openvas container to be able to send emails:
firewall_iptables_config: |
...
-A INPUT -i docker0 -p tcp -m tcp --dport 25 -j ACCEPT
...