Passing arguments to gvm-tools

No matter what I do I am unable to pass arguments to the gvm-tools. I am running:
Centos 7.6
gvmd-8.0.0-6928.el7.art.x86_64
greenbone-security-assistant-8.0.0-6932.el7.art.x86_64
greenbone-vulnerability-manager-10.0.0-6947.el7.art.noarch

And via pip gvm-tools 2.0.0b1

I have configured my gvm-tools.conf like so:
[main]
timeout=60
hostname=127.0.0.1
tls_path=/var/lib/gvm/CA
[gmp]
gmp_username=USERME
gmp_password=PASSSSS
[ssh]
username=USERME
password=PASSSSS
port=9392
[unixsocket]
socketpath=/usr/local/var/run/gvmd.sock
[tls]
port=9392
certfile=%(tls_path)s/clientcert.pem
keyfile=%(tls_path)s/servercert.pem
cafile=%(tls_path)s/cacert.pem

And it seems that regardless of the position of the options or what options I give gvm-pyshell or gvm-cli it keeps getting confused over the options.

[USERME@pci-sec02 .config]$ gvm-pyshell --config ssh  --hostname=host.domain.net
usage: gvm-pyshell [-h] [-c [CONFIG]]
                    [--log [{DEBUG,INFO,WARNING,ERROR,CRITICAL}]]
                    [--timeout TIMEOUT] [--gmp-username GMP_USERNAME]
                    [--gmp-password GMP_PASSWORD] [-V] [--protocol {GMP,OSP}]
                   CONNECTION_TYPE ...
gvm-pyshell: error: the following arguments are required: CONNECTION_TYPE
[USERME@pci-sec02 .config]$ gvm-pyshell ssh  --config --hostname=host.domain.net
usage: gvm-pyshell [-h] [-c [CONFIG]]
                   [--log [{DEBUG,INFO,WARNING,ERROR,CRITICAL}]]
                   [--timeout TIMEOUT] [--gmp-username GMP_USERNAME]
                   [--gmp-password GMP_PASSWORD] [-V] [--protocol {GMP,OSP}]
                  CONNECTION_TYPE ...
gvm-pyshell: error: unrecognized arguments: --config
[USERME@pci-sec02 .config]$ gvm-pyshell ssh  --hostname=host.domain.net --config
usage: gvm-pyshell [-h] [-c [CONFIG]]
                    [--log [{DEBUG,INFO,WARNING,ERROR,CRITICAL}]]
                    [--timeout TIMEOUT] [--gmp-username GMP_USERNAME]
                    [--gmp-password GMP_PASSWORD] [-V] [--protocol {GMP,OSP}]
                    CONNECTION_TYPE ...
gvm-pyshell: error: unrecognized arguments: --config
[USERME@pci-sec02 .config]$ gvm-pyshell ssh  --gmp-username=USERME --gmp-password=PASSSSS --hostname=host.domain.net
usage: gvm-pyshell [-h] [-c [CONFIG]]
                   [--log [{DEBUG,INFO,WARNING,ERROR,CRITICAL}]]
                   [--timeout TIMEOUT] [--gmp-username GMP_USERNAME]
                   [--gmp-password GMP_PASSWORD] [-V] [--protocol {GMP,OSP}]
                   CONNECTION_TYPE ...
gvm-pyshell: error: unrecognized arguments: --gmp-username=USERME --gmp-password=PASSSSS
[USERME@pci-sec02 .config]$ gvm-pyshell --gmp-username=USERME --gmp-password=PASSSSS --hostname=host.domain.net ssh
usage: gvm-pyshell ssh [-h] --hostname HOSTNAME [--port PORT]
                       [--ssh-username SSH_USERNAME]
                       [--ssh-password SSH_PASSWORD] [-i]
                       [SCRIPT] [ARG [ARG ...]]
gvm-pyshell ssh: error: the following arguments are required: --hostname
[USERME@pci-sec02 .config]$ gvm-pyshell --ssh-username=USERME --ssh-password=PASSSSS --hostname=host.domain.net ssh
usage: gvm-pyshell ssh [-h] --hostname HOSTNAME [--port PORT]
                       [--ssh-username SSH_USERNAME]
                       [--ssh-password SSH_PASSWORD] [-i]
                       [SCRIPT] [ARG [ARG ...]]
gvm-pyshell ssh: error: the following arguments are required: --hostname
[USERME@pci-sec02 .config]$ gvm-pyshell --ssh-username=USERME --ssh-password=PASSSSS ssh --hostname=host.domain.net
usage: gvm-pyshell [-h] [-c [CONFIG]]
                   [--log [{DEBUG,INFO,WARNING,ERROR,CRITICAL}]]
                   [--timeout TIMEOUT] [--gmp-username GMP_USERNAME]
                   [--gmp-password GMP_PASSWORD] [-V] [--protocol {GMP,OSP}]
                   CONNECTION_TYPE ...
gvm-pyshell: error: unrecognized arguments: --ssh-username=USERME --ssh-password=PASSSSS

What am I doing wrong here???
Louis

Hi,

first of all I am wondering why a beta version got packaged for end users. Beta version are likely to have bugs and are mostly intended for early adopters.

I’ve re-written the parser of gvm-tools in master since the this last release. So you could try to use the master branch instead.

1 Like

Not sure how I got a beta release but I did with pip install. I will un-install it and try to re-install it again.

Thank you.

I just download the master branch via GIT and when I ran a pip install . It told me that it was installing:
Successfully built gvm-tools
Installing collected packages: gvm-tools
Found existing installation: gvm-tools 2.0.0b1
Uninstalling gvm-tools-2.0.0b1:
Successfully uninstalled gvm-tools-2.0.0b1
Successfully installed gvm-tools-2.0.0b1

This is what I used to download the tools: git clone https://github.com/greenbone/gvm-tools.git

Louis

Sorry I did miss these lines. I thought you were using some gvm-tools packages for centos.

Did using gvm-tools from master fix your issue? If not could you please create a ticket at https://github.com/greenbone/gvm-tools/issues/new ? Thanks in advance!

I tried re-cloning from master (which is what I always do anyway) but it was the same version. On the github page it says:
Latest commit 1d558cd on Apr 23

So I am not sure where you updated too.

I can open a ticket if you still want me to. Or I can try the version in the repo:
gvm-tools.noarch 1.4.1-6952.el7.art

However, the reason I uninstalled the version in the repo was because gvm-cli and gvm-pyshell were not found as a normal user but only as root. And this was not a path problem in the shell since my user could see /usr/bin/gvm-cli. The python scripts in gvm-tools could not find things.

Louis

Yes it seems I did not change the version number after the beta1 release. My fault. Should have been incremented.

Nevertheless you should be able to install the correct version via pip install --user https://github.com/greenbone/gvm-tools from the master branch.

Not sure how but I am game to try…

Since I have it cloned I did a git pull to try to pull any updates. Said it was up to date.

A git log -1 master shows me this:
[user@pci-sec02 gvm-tools]$ git log -1 master
commit 1d558cdc190ac0e8282b1f01862f8744b8ef5ae5
Merge: 025b6f0 8a21bd0
Author: Juan José Nicola jjnicola@gmail.com
Date: Tue Apr 23 10:50:58 2019 +0200

    Merge pull request #190 from bjoernricks/update-dependencies

    Update dependencies

So I do not think your commits have been pushed to master branch yet. But anyway. A pip install . --user gives me this:

Successfully built gvm-tools
Installing collected packages: gvm-tools
Successfully installed gvm-tools-2.0.0b1

I am happy to test again but I do not think its been updated.

Sorry I guess we both misunderstood each other.

I did assume you did use pip install gvm-tools for the installation. Using this command will install the version from pypi.org which is the same as https://github.com/greenbone/gvm-tools/tree/v2.0.0.beta1

Since this release/tag I’ve changed the code in the master branch regarding parsing the console line arguments. This code still has some small issue I would like to fix before the final 2.0.0 release but may already have fixed your issues hopefully. If not please create a new ticket via https://github.com/greenbone/gvm-tools/issues/new

The last commit in the master branch is https://github.com/greenbone/gvm-tools/commit/1d558cdc190ac0e8282b1f01862f8744b8ef5ae5 .

So that I fully understand what you are asking do you want me to install with:
pip install gvm-tools --user (so it installs from pypi.org)
Or do you want me to do:
git clone https://github.com/greenbone/gvm-tools.git
cd gvm-tools
pip install . --user

Louis

You should try to use gvm-tools from git at the master branch.

This should work. Maybe also add the -e flag like pip install -e --user .

Regardless if I do:
git clone https://github.com/greenbone/gvm-tools.git
cd gvm-tools
pip install . --user
or
pip install gvm-tools #(to install from pypi.org)
I end up with the same version of gvm-tools-2.0.0b1. Is there another place I can down load it? Or is there a branch I can down load???

As I already wrote that’s ok and expected. I did forgot to increment the version in master branch after the 2.0.0beta1 release. Therefore both will show 2.0.0b1 as version but contain different code.

Ok tried that. Now getting this error:
[lbohm@pci-sec02 ~]$ gvm-cli ssh --hostname=127.0.0.1 --xml="<get_version/>"
ERROR:paramiko.transport:Exception: Error reading SSH protocol banner
ERROR:paramiko.transport:Traceback (most recent call last):
ERROR:paramiko.transport: File “/usr/lib/python3.6/site-packages/paramiko/transport.py”, line 1930, in _check_banner
ERROR:paramiko.transport: buf = self.packetizer.readline(timeout)
ERROR:paramiko.transport: File “/usr/lib/python3.6/site-packages/paramiko/packet.py”, line 331, in readline
ERROR:paramiko.transport: buf += self._read_timeout(timeout)
ERROR:paramiko.transport: File “/usr/lib/python3.6/site-packages/paramiko/packet.py”, line 487, in _read_timeout
ERROR:paramiko.transport: raise EOFError()
ERROR:paramiko.transport:EOFError
ERROR:paramiko.transport:
ERROR:paramiko.transport:During handling of the above exception, another exception occurred:
ERROR:paramiko.transport:
ERROR:paramiko.transport:Traceback (most recent call last):
ERROR:paramiko.transport: File “/usr/lib/python3.6/site-packages/paramiko/transport.py”, line 1782, in run
ERROR:paramiko.transport: self._check_banner()
ERROR:paramiko.transport: File “/usr/lib/python3.6/site-packages/paramiko/transport.py”, line 1934, in _check_banner
ERROR:paramiko.transport: raise SSHException(‘Error reading SSH protocol banner’ + str(e))
ERROR:paramiko.transport:paramiko.ssh_exception.SSHException: Error reading SSH protocol banner
ERROR:paramiko.transport:
(‘SSH Connection failed’, SSHException(‘Error reading SSH protocol banner’,))

Googling that it seems related to this issue: https://github.com/paramiko/paramiko/issues/673. But I am running:
[lbohm@pci-sec02 ~]$ pip list
Package Version
------------ -------
asn1crypto 0.24.0
cffi 1.9.1
cryptography 2.3
defusedxml 0.6.0
gvm-tools 2.0.0b1
idna 2.7
lxml 4.3.3
paramiko 2.1.1
pip 19.1.1
ply 3.9
pyasn1 0.1.9
pycparser 2.14
python-gvm 1.0.0b2
setuptools 41.0.1
six 1.11.0
wheel 0.33.4
And from what I can see the problem is not really in paramiko but with the code used to called it. Specifically the time out.

SSH is NOT provided out of the box. You need to setup SSH by yourself to work with openvasmd/gvmd.

Please take a look at the gmv-tools docs for the different connection types

https://gvm-tools.readthedocs.io/en/latest/connectiontypes.html

Also you should take a look at the GVM architecture to understand the daemons and their communication

Can you please explain to me why this does not work:
[lbohm@pci-sec02 ~]$ gvm-cli socket --gmp-username=admin --gmp-password=8gUtP*zeUhefmpT --xml="<get_tasks/>"
usage: gvm-cli [-h] [-c [CONFIG]]
[–log [{DEBUG,INFO,WARNING,ERROR,CRITICAL}]]
[–timeout TIMEOUT] [–gmp-username GMP_USERNAME]
[–gmp-password GMP_PASSWORD] [-V] [–protocol {GMP,OSP}]
CONNECTION_TYPE …
gvm-cli: error: unrecognized arguments: --gmp-username=admin --gmp-password=8gUtP*zeUhefmpT

But this does work;
gvm-cli socket --xml "<commands><authenticate><credentials><username>admin</username><password>8gUtP*zeUhefmpT</password></credentials></authenticate> <get_tasks/> </commands>"

The documentation at: https://gvm-tools.readthedocs.io/en/latest/connectiontypes.html and gvm-cli -h clearly show that --gmp-username and --gmp-password should work.

Could you try moving the --gmp arguments before socket like

gvm-cli --gmp-username=admin --gmp-password=foo socket ...

This should be a bug in the current argument parser code. It’s still in beta state.

That worked. Thank you.