Modify scan configuration

brom99 · August 1, 2024, 4:39pm

Hello everyone,
I am trying to create a scan config for a specific cve or CERT-Bund-Advisory.

I found an example script on github which sounds close to what I need:

greenbone/gvm-tools/blob/main/scripts/cfg-gen-for-certs.gmp.py

# SPDX-FileCopyrightText: 2017-2021 Greenbone AG
#
# SPDX-License-Identifier: GPL-3.0-or-later

import sys
from argparse import Namespace

from gvm.errors import GvmError
from gvm.protocols.gmp import Gmp


def check_args(args):
    len_args = len(args.script) - 1
    if len_args != 1:
        message = """
        This script creates a new scan config with nvts from a given CERT-Bund!
        It needs one parameter after the script name.

        1. <cert>   -- Name or ID of the CERT-Bund

This file has been truncated. show original

Sadly, this script doesn´t work for my setup.
It creates a new scan config and sets the two required nvts (Port scanners). However, any other nvt-oid failed.

The error messages always state:
gvmerr=<GvmResponseError status="400" message="Attempt to modify NVT in whole-only family [place any NVT-famlily here] Amazon Linux Local Security Checks">

Does anybody know a workaround?

python-gvm 24.7.0
gvm-tools 24.7.0
gmp 22.5
appliance GSM 650
current feeds from yesterday

Kind regards.

cfi · August 2, 2024, 9:56am

Hello,

and welcome to this community forums.

Looks like this is one version behind the most recent 24.7.0 and this new release seems to exactly include a relevant improvement for this script:

github.com/greenbone/gvm-tools

Fix: Fix scan config creation from CERT-Bunds.

greenbone:main ← greenbone:fix-cfg-gen-for-certs

opened 09:47AM - 23 Jul 24 UTC

a-h-abdelsalam

+7 -4

Replace the deprecated method `modify_scan_config` ## What Replace `modify_s…can_config` with `modify_scan_config_set_nvt_selection` and improve error handling ## Why The method `modify_scan_config` is now deprecated. Improved error handling allows the script to skip "whole-only" families and continue instead of crashing. ## References GEA-653

brom99 · August 2, 2024, 12:06pm

Thank you cfi by pointing me to the newest version of gvm-tools.
I updated the version.

However, it does not fix my problem. The script already used modify_scan_config_set_nvt_selection i receive the same error

cfi · August 2, 2024, 12:42pm

If there are additional issues / problems with the script i would suggest to raise a follow-up issue over there: