TLS-Connection Error with Check-MK


i builded the Greenbone Manager with the Sources from Github, after a few problems i got all.

Now i want to connect Check_MK with Greenbone using the gvm-tools, therefor i installed the gvm-tools on a Check-MK Host. Now i try to get the reportdetails from the Greenbone Server using a TLS connection from the Check_MK Server to the Greenbone Server.
I use this comment:

gvm-cli tls --hostname *IP-Adress from Greenbone Server* --port 443 --xml "<commands><authenticate><credentials><username>*USERNAME*</username><password>*PASSWORD*</password></credentials></authenticate><get_reports/></commands>"

and it returns “The read operation timed out”

I already checked the TLS Connection via openssl with follow command:
openssl s_client -connect IP-Adress:443

There i get a normal connection.

I checked also with this command if the Handshake goes right:
curl https://IP-Adress -k -v -q
And all seems legit.

With an older version of the Openvasscanner the connection between Openvas and Check_MK was much easier using check_omp:

check_omp -H IP-Adress of Greenbone -u USERNAME -w Password --status -T IP-Adress of Target --last-report -F Hostadress

Is there a way to use gvm-cli like check_omp? And maybe someone can help me with the “The read operation timed out”-Problem?

Notice: Everytime i talk from Greenbone-Server/IP i mean my local Ubuntu VM where i run the openvassd/gvmd/gsa…

Kind regards,

GVM versions

gsa: 8.0.1
gvm: 8.0.1
openvas-scanner: 6.0.1
gvm-libs: 10.0.1
gvm-tools: 2.0.0.beta1

Environment Check MK Server

**Operating system: Ubuntu Server 18.4
**Kernel: 4.15.0-58-generic
**Installation method / source: Github

Environment Greenbone Server

**Operating system: Ubuntu Server 18.4
**Kernel: 4.15.0-58-generic
**Installation method / source: Github

Please note there are not web services spoken. Only GMP over a socket either a file-socket or network socket. I would suggest to look at the python GMP bindings to build a more easy integration to your check_mk.

What do you mean exactly? I thought after setup the TLS Connection the gvm-cli tls command should work fine…
Is there any guide to connect Greenbone with CheckMK like it was with OMP?

I read something about gvm-pyshell and the script check-gmp.gmp, i try to use the command like that:

gvm-pyshell tls --hostname --port 443 check-gmp.gmp

but get an error, and i saw gvm-script, what should exactly do what i want, but in an post from “brick” he says that gvm-scrip isnt included in the current beta version of gvm-tools

We developed a gmp script check-gmp.gmp as a replacement.

For more details about our gvm-tools please take a look at the documentation

As @Lukas already mentioned you don’t have access to our API - which is called Greenbone Management Protocol (GMP) - via http. GMP is per default only available on the same host via unix domain sockets. If you want remote access you either have to do the setup by yourself or to buy a Greenbone appliance (GSM).

1 Like