Hello,
Running scans find two vulnerabilities from general family that I would like to ignore as they pose very little risk in my case. Is there a way to disable TCP/ICMP timestamps checks?
When I do it via Web UI and open the scan config to edit the general family doesn’t load. It keeps loading until my session expires.
I know it is possible to do it via scripting as well, but it seems to be more complicated. I’m using containerized release 22.04, anyone knows how to solve it?
Okay, for anyone looking to solve similar issue - just ignore the UI.
Following script toggles on/off given NVT:
import argparse
from gvm.protocols.gmp import Gmp
from gvmtools.helper import Table
def main(gmp: Gmp, args: argparse.Namespace) -> None:
parser = argparse.ArgumentParser(prog='modify_config.py', description='Modify scan config to exclude/include a vulnerability (NVT)')
parser.add_argument('--config_id', dest='config_id', required=True)
parser.add_argument('--nvt_id', dest='nvt_id', required=True)
args, unknown = parser.parse_known_args()
# Get the family of NVT to be removed
nvt_family = gmp.get_nvt(nvt_id=args.nvt_id).xpath('//info/nvt/family/text()')[0]
# List of NVTs in given family that is currently enabled for the config to be modified
config_family_enabled = gmp.get_scan_config_nvts(config_id=f'{args.config_id}', family=f'{nvt_family}').xpath('//nvt/@oid')
# Toggle the NVT selection - enable if disabled, disable if enabled
if args.nvt_id in config_family_enabled:
config_family_enabled.remove(args.nvt_id)
else:
config_family_enabled.append(args.nvt_id)
# Modify the config
response = gmp.modify_scan_config(
config_id=f'{args.config_id}',
selection='nvt_selection',
nvt_oids=config_family_enabled,
family=nvt_family
)
print(response.get('status_text'))
if __name__ == "__gmp__":
main(gmp, args)
Just pass the config id and nvt id.
The “Edit Scan Config” dialog can be slow to load, but it should appear eventually. Using the enterprise appliance product I am unable to reproduce the problem right now, but if it keeps happening to you (or anyone else), feel free to raise an issue here: https://github.com/greenbone/gsa/issues
It may also be possible to increase the session timeout, but I’d have to check how to do this for the community containers.
Nice solution via GMP in any case!
Using the API looks a little bit overkill to me, if a result should be ignored an override could be defined:
https://docs.greenbone.net/GSM-Manual/gos-22.04/en/reports.html#overrides
This is interesting concept, I wasn’t aware of overrides before. It might be helpful for dealing with other vulnerability that is detected as false positive.
Thanks!
If these are “real” false positives and not an accepted risk (e.g. unused log4j.jar, …) then creating a report about these in the following category could be an alternative as well: