Well, Well! Another of the wonders that we can do with Nagios or Centreon is… the possibility of monitoring vulnerabilities in our computers! How great, truth?? We will rely on OpenVAS, We will use the checks we have to centralize them from a single console. We will be able to know how many vulnerabilities our servers put at risk and analyze their evolution with the graphs and of course receive alerts!

It will be important to have our OpenVAS already set up, If you don't already have it, Reviewed This document! We will use a tool that comes with openvas-cli, called 'check_omp’ which will help us to read the result of the Checking Tasks that we have defined in OpenVAS and spits it out in Nagios format to be able to be processed. Therefore, we must install the remote plugin execution server or NRPE on the machine with OpenVAS to run it remotely from Nagios or Centreon and read its output. And after that, we proceed to configure the command file as usual and thus we can work from Centreon to create as many vulnerability monitoring services as we need! If you haven't installed check_nrpe on your Nagios or Centreon server, Check out This Previous Document.

On the machine where we have OpenVAS, we install NRPE and some base plugins with:

[SourceCode]apt-get install nagios-nrpe-server nagios-plugins-basic[/SourceCode]

Create the Command configuration file, it will be here where we define the alias that we will call later from Centreon and what it will execute. We create the file with 'vim /etc/nagios/nrpe.d/op5_commands.cfg’ and we put the configuration we need, I leave you with a couple of examples (an ESXi host that we created a Task in the previous document and a Router):

[SourceCode]################################
#
# OP5-NRPE Command Configuration File
#
# COMMAND DEFINITIONS
# Syntax:
# command[<command_name>]=<command_line>
#
command[OS-ESXi-01]=check_omp -u admin -w XXXXXXX -p 9391 –status -T 'Task OS-ESXi-01’ –Last report
command[ROUTER]=check_omp -u admin -w XXXXXXX -p 9391 –status -T' Task Remainder’ –Last report -F 192.168.1.1[/SourceCode]

We modify the NRPE configuration file and add the IP address from which Nagios or Centreon will query it with 'vim /etc/nagios/nrpe.cfg’ and we modify the following line:

[SourceCode]allowed_hosts=127.0.0.1,192.168.1.102[/SourceCode]

We restart NRPE so that it reloads the configuration we just made, therefore, Remember that every time you add an alias/command in the Command configuration file you will have to restart to reread the config, with:

[SourceCode]/etc/init.d/nagios-nrpe-server restart[/SourceCode]

Now we can go to our Centreon and register the Services, But we have 2 options, or register the OpenVAS host in Nagios and link the Services of the results of the OpenVAS Tasks that we have to it; or duplicate the check_nrpe Command in our Centreon so that instead of using the $HOSTADDRESS$ variable it uses the IP to the OpenVAS pinion and thus get a Service with the results of the monitoring and assign each one to its HOST, for having it better organized, and this second is what we will do in the document.

From Cetreon, we cloned the 'check_nrpe Command’ to modify the new one that generates, for this “Configuration” > “Services”, We filter by typing 'NRPE’ in the filter field, Select the indicated check and from the “More actions…” Select “Duplicate”,

The Command that creates us we edit it and put the following configuration:

• Command Name: We indicate, for example, check_nrpe_openvas, which will be used by the Services we create from now on to check for vulnerabilities.
• Command Type: Check
• Command Line: As I indicated before, We'll change what you'll run, replacing the variable that takes the IP of the monitored host by the IP bareback of the machine with OpenVAS, since the consultations have to be made to her! It will look something like this

[SourceCode]$USER$1/check_nrpe -H DIRECCION_IP_OPENVAULT -c $ARG$1[/SourceCode]

We record with “Save”,

And now all that remains is to create the Services that will periodically monitor the vulnerabilities of our servers! We will create as many Services as Targets we will have analyzed in OpenVAS Tasks, It would be as follows:

• Description: It will be something that is associated with what is being monitored with this service, something like 'Vulnerabilities’ I think he leaves him clarinet.
• Linked with Hosts: We will link the Service to the analyzed Host.
• Template: We indicate the base template we use if we have one.
• Check Command: Select from the combo the newly created Command in the previous step called 'check_nrpe_openvas'.
• Args: It will be here where we will indicate the alias that we define in '/etc/nagios/nrpe.d/op5_commands.cfg’ to associate it with the check you have to do.

Normally, This type of check-up does not need to be done with the usual periodicity, and that is why we may need to define a period of checks in “Check Period” and establish a higher execution period in “Normal Check Interval”. We record with “Save”,

And nothing, after recording and exporting the Centreon configuration, We can now go to the main monitoring view, filter and search for our new services that we will have associated with each Host and force their execution, and after a few seconds… Whammy! We have in each Host its Service that reads the latest OpenVAS Report! Olé, olé and olé Rigodón!

Eye! And let's not forget to set OpenVAS tasks on a schedule! We will edit each Task and associate the “Schedule” that interests us! Thank you for reading the blog and for sharing!