GVM versions
gsa: 8.0.1
gvm: 8.0.1
openvas-scanner: 6.0.1
gvm-libs: 10.0
Environment
Operating system: Arch Linux
Kernel: 5.2.15-arch2-1-ARCH
Installation method / source: pacman
============================================================
Dear all,
With regards to these 2 threads:
After several attempts and configuration changes I have to say I have not been able to authenticate into an SNMPv3 server.
Find below the steps I have followed
TARGET SERVER (SNMPv3)
I have edited the /etc/snmp/snmpd.conf file and included these lines:
createUser admin SHA 1234567890 AES 0987654321
rouser admin authPriv
I have restarted the server
systemctl restart snmpd
The server is reachable via snmpwalk:
$ snmpwalk -v 3 -u admin -l authPriv [SERVER_IP] -a sha -A 1234567890 -A 0987654321 -x aes -X 0987654321
And I can retrieve all the MIB information
AUDITOR SERVER (This is where OpenVAS is running.)
I am using the python OpenVAS API for all operations with GVM.
How I am creating the credential (via python)
create_credential('my_credential_name', CredentialType('snmp'), login='admin', password='1234567890', auth_algorithm=SnmpAuthAlgorithm('sha1'), privacy_algorithm=SnmpPrivacyAlgorithm('aes'), privacy_password='0987654321'
I believe (please correct me If I am wrong) that the community parameter is not used in version 3.
Steps
- I have created a new port list called mydemo with the following value: ‘U: 160-165’, so when I retrieve the ports list, I can verify my port list is included in the results:
... <port_list id="725fe51c-05a9-4457-b373-5066be7901d2"><owner><name>admin</name></owner><name>mydemo</name><comment /><creation_time>2019-10-02T07:54:12Z</creation_time><modification_time>2019-10-02T07:54:12Z</modification_time><writable>1</writable><in_use>0</in_use><permissions><permission><name>Everything</name></permission></permissions><port_count><all>6</all><tcp>0</tcp><udp>6</udp></port_count></port_list>...
As you can see, it only has 6 UDP ports (160-165, both included).
- I have created a target with the following parameters:
create_target(..., port_list_id="725fe51c-05a9-4457-b373-5066be7901d2", snmp_credential_id=[MY_SNMP_CREDENTIAL_ID])
- The configuration used is Full and fast.
Results
I have tested 2 situations: a) Only SNMPv3, b) All SNMP versions.
In the next lines I briefly summarize the results after the OpenVAS execution in both cases.
a) Only SNMPv3
{'code': u'openvas-1.3.6.1.4.1.25623.1.0.810002', 'risk_level': 'low', 'name': u'CPE Inventory'}
{'code': u'openvas-1.3.6.1.4.1.25623.1.0.108449', 'risk_level': 'low', 'name': u'Hostname Determination Reporting'}
{'code': u'openvas-1.3.6.1.4.1.25623.1.0.103190', 'risk_level': 'low', 'name': u'ICMP Timestamp Detection'}
{'code': u'openvas-1.3.6.1.4.1.25623.1.0.105937', 'risk_level': 'low', 'name': u'OS Detection Consolidation and Reporting}
{'code': u'openvas-1.3.6.1.4.1.25623.1.0.108541', 'risk_level': 'low', 'name': u'SNMP Login Failed For Authenticated Checks'}
b) All SNMP versions
{'code': u'openvas-1.3.6.1.4.1.25623.1.0.10265', 'risk_level': 'low', 'name': u'A SNMP Agent is running}
{'code': u'openvas-1.3.6.1.4.1.25623.1.0.810002', 'risk_level': 'low', 'name': u'CPE Inventory}
{'code': u'openvas-1.3.6.1.4.1.25623.1.0.108449', 'risk_level': 'low', 'name': u'Hostname Determination Reporting'}
{'code': u'openvas-1.3.6.1.4.1.25623.1.0.103190', 'risk_level': 'low', 'name': u'ICMP Timestamp Detection'}
{'code': u'openvas-1.3.6.1.4.1.25623.1.0.105937', 'risk_level': 'low', 'name': u'OS Detection Consolidation and Reporting'}
{'code': u'openvas-1.3.6.1.4.1.25623.1.0.10264', 'risk_level': 'high', 'name': u'Report default community names of the SNMP Agent'}
{'code': u'openvas-1.3.6.1.4.1.25623.1.0.105062', 'risk_level': 'medium', 'name': u'SNMP GETBULK Reflected DRDoS'}
{'code': u'openvas-1.3.6.1.4.1.25623.1.0.108541', 'risk_level': 'low', 'name': u'SNMP Login Failed For Authenticated Checks'}
So it seems OpenVAS detects the SNMP server and whether the different SNMP versions are active or not, but I am always getting the message:
SNMP Login Failed For Authenticated Checks
Does anyone know what I might be missing?
Thanks in advance.
Kind regards.