5e49b977ab
Scripts for deploying a hardened internal network security scanner on Proxmox VE: - PVE-level firewall and VM creation - System hardening (sysctl, auditd, AIDE) - nftables firewall with dynamic IP blocking - SSH hardening with fail2ban - Security tools (OpenVAS, Nmap, Nuclei, httpx, Nikto, testssl, NetExec) - Monitoring, logging, and Docker autostart
36 lines
1.0 KiB
Bash
36 lines
1.0 KiB
Bash
#!/bin/bash
|
|
# =============================================================================
|
|
# Docker Compose Autostart for Greenbone OpenVAS
|
|
# Creates a systemd service so containers start on boot
|
|
# =============================================================================
|
|
set -euo pipefail
|
|
|
|
echo "[+] Creating systemd service for Greenbone OpenVAS..."
|
|
|
|
cat > /etc/systemd/system/greenbone-openvas.service << 'EOF'
|
|
[Unit]
|
|
Description=Greenbone OpenVAS Scanner
|
|
Requires=docker.service
|
|
After=docker.service
|
|
|
|
[Service]
|
|
Type=oneshot
|
|
RemainAfterExit=yes
|
|
WorkingDirectory=/opt/greenbone
|
|
ExecStart=/usr/bin/docker compose up -d
|
|
ExecStop=/usr/bin/docker compose down
|
|
TimeoutStartSec=300
|
|
|
|
[Install]
|
|
WantedBy=multi-user.target
|
|
EOF
|
|
|
|
systemctl daemon-reload
|
|
systemctl enable greenbone-openvas.service
|
|
|
|
echo "[+] Greenbone OpenVAS will start automatically on boot."
|
|
echo " Manual control:"
|
|
echo " systemctl start greenbone-openvas"
|
|
echo " systemctl stop greenbone-openvas"
|
|
echo " systemctl status greenbone-openvas"
|