I am attempting to build out the scripted creation of credentials. I initially tried using gvm-tool (gvm-cli), but if there are special characters in the password it breaks the submitted xml. If you escape the special characters, an escaped password is written to the database and used (vs the actual characters/correct password).
In order to get around this, I’m using python-gvm. It seems to work fine for pw only and user+pw but I’m having issues getting python-gvm to work for SNMP v1/2 and SNMP v3.
Code example:
#!/usr/bin/env python3
#
import gvm
from gvm.protocols.latest import Gmp
from gvm.connections import UnixSocketConnection
path = '/var/run/gvmd/gvmd.sock'
connection = UnixSocketConnection(path=path)
gmp = Gmp(connection)
# authenticate
authent = gmp.authenticate('admin', 'admin')
print(authent)
# snmpv1/2
creds = gmp.create_credential(
name='snmp_community',
credential_type=gmp.types.CredentialType.SNMP,
community='community',
);
print(creds)
# snmpv3
creds = gmp.create_credential(
name='snmp_community',
credential_type=gmp.types.CredentialType.SNMP,
login='username',
password='password',
auth_algorithm='MD5',
community='community',
privacy_algorithm='AES',
privacy_password='privpass',
);
print(creds)
SNMPv1/2 results:
File "/usr/lib/python3/dist-packages/gvm/protocols/gmpv208/entities/credentials.py", line 324, in create_credential
raise RequiredArgument(
gvm.errors.RequiredArgument: create_credential requires a login argument
For SNMPv1/2, if you add a login+pw, it starts asking for SNMPv3 related items (auth algo, privacy algo, etc). It seems that the gmp.types.CredentialType.SNMP is only compatible with SNMPv3?
SNMPv3 Results:
File "/usr/lib/python3/dist-packages/gvm/protocols/gmpv208/entities/credentials.py", line 361, in create_credential
raise InvalidArgumentType(
gvm.errors.InvalidArgumentType: In create_credential the argument auth_algorithm must be of type SnmpAuthAlgorithm.
I have attempted using “MD5” and “md5” as outlined in the docs (same result either way):
https://python-gvm.readthedocs.io/en/latest/api/gmpv224.html#gvm.protocols.gmpv224.SnmpAuthAlgorithm
Any ideas, or is there some example of the use of create_credential for both SNMPv1/2 and SNMPv3 that can be provided?
Thanks,
Rob