feat: initial setup for PVE security scanner VM

Scripts for deploying a hardened internal network security scanner on Proxmox VE: - PVE-level firewall and VM creation - System hardening (sysctl, auditd, AIDE) - nftables firewall with dynamic IP blocking - SSH hardening with fail2ban - Security tools (OpenVAS, Nmap, Nuclei, httpx, Nikto, testssl, NetExec) - Monitoring, logging, and Docker autostart
2026-03-08 20:21:29 +01:00
commit 5e49b977ab
10 changed files with 1511 additions and 0 deletions
--- a/vm/06-docker-autostart.sh
+++ b/vm/06-docker-autostart.sh
@@ -0,0 +1,35 @@
+#!/bin/bash
+# =============================================================================
+# Docker Compose Autostart for Greenbone OpenVAS
+# Creates a systemd service so containers start on boot
+# =============================================================================
+set -euo pipefail
+
+echo "[+] Creating systemd service for Greenbone OpenVAS..."
+
+cat > /etc/systemd/system/greenbone-openvas.service << 'EOF'
+[Unit]
+Description=Greenbone OpenVAS Scanner
+Requires=docker.service
+After=docker.service
+
+[Service]
+Type=oneshot
+RemainAfterExit=yes
+WorkingDirectory=/opt/greenbone
+ExecStart=/usr/bin/docker compose up -d
+ExecStop=/usr/bin/docker compose down
+TimeoutStartSec=300
+
+[Install]
+WantedBy=multi-user.target
+EOF
+
+systemctl daemon-reload
+systemctl enable greenbone-openvas.service
+
+echo "[+] Greenbone OpenVAS will start automatically on boot."
+echo "    Manual control:"
+echo "      systemctl start greenbone-openvas"
+echo "      systemctl stop greenbone-openvas"
+echo "      systemctl status greenbone-openvas"