OpenVAS CLI commands

gvm-tools

#1

I know that omp cli is deprecated already, and changed with gvm-cli

Is there a documentation on the list of commands for gvm-cli?

Thanks


#2

This depends on how you want to use gvm-tools. If you want to use gvm-cli you have to issue xml based GMP commands. The Greenbone Management Protocol documentation can be found at

https://docs.greenbone.net/API/GMP/gmp-7.0.html

If you want to write gmp python scripts you can use the python API provided by python-gvm

https://python-gvm.readthedocs.io/en/latest/

Some example scripts can be found https://github.com/greenbone/gvm-tools/tree/master/scripts

Also take a look at the GMP category description for some more hints


#3

Thanks for the prompt reply.

If I want to create a new user should I still go with omp --username, or is there any other way to use the cli commands?

because it does not work whenever I try them

Thanks


#4

You should NOT use omp anymore. It doesn’t support current versions of GMP!

As I wrote you can issue GMP xml commands via gvm-cli or run scripts via gvm-pyshell using the python API. Alternatively you can create admin users via openvasmd --create-user. This heavily depends on your use cases and personal preferences.


#5

Btw. I assume you are using at least OpenVAS/GVM 9


#6

Yes, I am using the OpenVAS/GVM 9.

I have tried some commands in here,

I get this in return,
[root@test openvas]# gvm-cli socket --xml “<get_version/s>”
bash: gvm-cli: command not found…

Do I have to install something with this before I can use gvm-cli commands?

Thanks


#7

Of course you have to install gvm-tools before you can use them.


#8

And please please never run user space commands as root! That’s a bad habit by formerly windows users.

You have to configure openvasmd to listen on a socket with sufficient permissions for the user running gvm-tools.


#9

Just to share a note on this; I agree it’s a bad idea to run user space commands as root, but in case of openvas/gvm this setup is all but simple. This is not documented anywhere, and there is a risk to loose functionalities.

Personally I’ve been trying to do this during the past week and it still doesn’t work. So advocating against root usage would be useful if we had this documented somewhere, or at least, if guidances were given as to how to achieve this.

I’ll continue testing this, and If I can find a solution, I’ll obviously share it here.

Best


#10

I don’t see why gvmd would require to be run as root at all. gsad may use port 80 or 443. Using these ports requires some additional permissions. Either use another http server as proxy or take a look at man capabilities.


#11

It’s not a question of why but a question of how. We all agree it’s best to run those packages as non root users; but once you have said that, if you don’t teach the users how to do it, it’s like screaming in the desert. And I’m not talking about gvmd only, but gvmd + openvassd + gsad + scan operations and make all of this works together without root permissions.

I don’t know how it’s managed in gvm or in the community edition; perhaps this is already setup out of the box; but on linux it just doesn’t work out of the box. And again, the lack of documentation makes it difficult for regular users to set it up.