If you are interested in having the information of your infrastructure monitored and centralized, what better than using GVM or Greenbone Vulnerability Management to look for vulnerabilities and Centreon to have it centralized and controlled.

Today there are various software that allow us to search for vulnerabilities in our systems, free is another thing, historically I have been using OpenVAS what is known today as Greenbone, Here you go a post on how to assemble GVM. One of the reasons I use it is that it can be easily integrated with Centreon.

¿Why? because Centreon considered it as a single point of control of the infrastructure, where I know how the machines are at all times or we monitor any service they offer, don't we? And what less to add to each monitored machine because 1 service that also shows me its vulnerability status. Where we see everything from the same console, an item that will tell us how many vulnerabilities it has.

To do this,, As I said, we will need to mount GVM first and once we have created analysis tasks, where we put one or more machines. Then, obviously we will check from GVM the security status through these tasks the security of our machines and we will be able to view reports where it will give us all the details of bugs, vulnerabilities or details of how to patch. And we can have Centreon read the summary of each Report generated by GVM, A marvel.

Total, What… ¡Started!

On the Greenbone machine we will have to enable the GMP service to listen, We edit the file '/etc/systemd/system/gvmd.service’ and we modify the following line. From:

ExecStart=/opt/gvm/sbin/gvmd --osp-vt-update=/opt/gvm/var/run/ospd.sock

To:

ExecStart=/opt/gvm/sbin/gvmd --osp-vt-update=/opt/gvm/var/run/ospd.sock --listen=0.0.0.0 --port=9390

We will also modify the GSAD service file, editing '/etc/systemd/system/gsad.service'. and we modify the following line, of:

ExecStart=/opt/gvm/sbin/gsad --drop-privileges=gvm

To:

ExecStart=/opt/gvm/sbin/gsad --drop-privileges=gvm --mlisten=127.0.0.1 --mport=9390

And we restarted the GVMD and GSAD services:

systemctl restart gvmd systemctl restart gsad

It is therefore time to finally go to the Centreon machine, as a requirement, we will need to install the GVM Tools first:

python3 -m pip install python-gvm python3 -m pip install gvm-tools

In case the above commands fail you, Maybe you need python3 🙂

yum install -y python3

Or maybe, if the installation of gmv-tools ends with the error No module named 'setuptools_rust', Well, we'll have to update PIP:

pip3 install -U pip

And nothing, Started, ¡cane! We're going to download the script 'check-gmp.gmp.py’ which will allow us to connect and consult the results of the GVM Reports and the output will show it to us in the 'standard' format’ of Nagios which as we know is 100% compatible with Centreon or Open Source monitoring systems. After downloading the script we will log in as the centreon user and we can then do our first test from the Shell:

wget https://raw.githubusercontent.com/greenbone/gvm-tools/master/scripts/check-gmp.gmp.py -O /usr/lib/centreon/plugins/check-gmp.gmp.py su - centreon /usr/local/bin/gvm-script --gmp-username --gmp-password password tls --hostname DIRECCION_IP_GVM /usr/lib/centreon/plugins/check-gmp.gmp.py -F DIRECCION_IP_MAQUINA --last-report --status --task "NOMBRE_DE_LA_TAREA"

And as always, Once we at Shell know how it works, we bring it to Centreon, we will have to define a Command of which we will then create 'n’ Services to know the vulnerabilities of the rest of the machines.

/usr/local/bin/gvm-script --gmp-username USER --gmp-password PASSWORD tls --hostname DIRECCION_IP_GVM $CENTREONPLUGINS$/check-gmp.gmp.py --last-report --status --task $ARG 1$ --overrides -F $ARG 2$

And we define 2 arguments that will be what we will complete when creating the Service:

• ARG1: Task Name
• ARG2: Machine IP

And what I said, once we have the Command created, as we created the 'Vulnerabilities Services'’ of every machine we are interested in. When selecting the Command that we have created we will see that we have to fill in the arguments with what has been said, the name of the Task where the machine to be consulted is located, and the IP of the machine in question (in case in the GVM Task we analyze more than one machine simultaneously).

And once we record the changes (as usual, Export), we will be able to verify that our tasks are checked well and we will receive the information from Greenbone, now from here we govern! We will be able to view the summary of the task and it will paint the machines with critical vulnerabilities in CRITICAL.

A couple of notes before ending, if we have made the mistake of running the checks from Centreon as the root user to go testing…, then when Centreon monitors it will give us a “attempt to write a readonly database” and it's because we should delete the “/TMP/check_gmp/”, Or wow, Give the user CentreOn permissions so they can type there. The same thing will happen if we have a UNKNOW in Centreon or it puts us “No output returned from plugin”; But it looks good by bash from the Centreon user, So in the face of something strange, the best, As I said, put on the directory “/TMP/check_gmp/”.

As usual, I hope you found it interesting, We will try to centralize as much as we can in our monitoring system, avoiding having to enter 20 consoles and enjoying the best of each product.