SnmpAuthAlgorithm (python-gvm)

Building from Source and Advanced Topics
1

I am attempting to build out the scripted creation of credentials. I initially tried using gvm-tool (gvm-cli), but if there are special characters in the password it breaks the submitted xml. If you escape the special characters, an escaped password is written to the database and used (vs the actual characters/correct password).

In order to get around this, I’m using python-gvm. It seems to work fine for pw only and user+pw but I’m having issues getting python-gvm to work for SNMP v1/2 and SNMP v3.

Code example:

#!/usr/bin/env python3
#
import gvm
from gvm.protocols.latest import Gmp
from gvm.connections import UnixSocketConnection
path = '/var/run/gvmd/gvmd.sock'
connection = UnixSocketConnection(path=path)
gmp = Gmp(connection)

# authenticate
authent = gmp.authenticate('admin', 'admin')
print(authent)

# snmpv1/2
creds = gmp.create_credential(
        name='snmp_community',
        credential_type=gmp.types.CredentialType.SNMP,
        community='community',
        );
print(creds)

# snmpv3
creds = gmp.create_credential(
        name='snmp_community',
        credential_type=gmp.types.CredentialType.SNMP,
        login='username',
        password='password',
        auth_algorithm='MD5',
        community='community',
        privacy_algorithm='AES',
        privacy_password='privpass',
        );
print(creds)

SNMPv1/2 results:

  File "/usr/lib/python3/dist-packages/gvm/protocols/gmpv208/entities/credentials.py", line 324, in create_credential
    raise RequiredArgument(
gvm.errors.RequiredArgument: create_credential requires a login argument

For SNMPv1/2, if you add a login+pw, it starts asking for SNMPv3 related items (auth algo, privacy algo, etc). It seems that the gmp.types.CredentialType.SNMP is only compatible with SNMPv3?

SNMPv3 Results:

  File "/usr/lib/python3/dist-packages/gvm/protocols/gmpv208/entities/credentials.py", line 361, in create_credential
    raise InvalidArgumentType(
gvm.errors.InvalidArgumentType: In create_credential the argument auth_algorithm must be of type SnmpAuthAlgorithm.

I have attempted using “MD5” and “md5” as outlined in the docs (same result either way):
https://python-gvm.readthedocs.io/en/latest/api/gmpv224.html#gvm.protocols.gmpv224.SnmpAuthAlgorithm

Any ideas, or is there some example of the use of create_credential for both SNMPv1/2 and SNMPv3 that can be provided?

Thanks,
Rob

2

Hi,

currently SNMP credential is implemented to

  1. require the login argument
  2. require the auth_algorithm argument

Nothing else should be required.

The auth_algorithm needs to be either gmp.types.SnmpAuthAlgorithm.MD5 or gmp.types.SnmpAuthAlgorithm.SHA1. Passing strings md5 or sha1 is not valid.

1 Like