greenbone / python-gvm

Greenbone Vulnerability Management Python Library
https://greenbone.github.io/python-gvm/
GNU General Public License v3.0
107 stars 60 forks source link

An error occurred Remote manager daemon uses an unsupported version of GMP. The GMP version was 22.5 #1121

Closed montjoie closed 9 months ago

montjoie commented 9 months ago

With up to date python-gvm (python_gvm-24.1.0-py3-none-any.whl), I have: An error occurred Remote manager daemon uses an unsupported version of GMP. The GMP version was 22.5 when doing with Gmp(connection=connection, transform=transform) as gmp: gmp.authenticate(username, password)

The running openvas is up to date using the official docker-compose.yml

bjoernricks commented 9 months ago

Hi,

I am sorry but I am not able to reproduce your issue

mkdir -p /tmp/python-gvm-test
cd /tmp/python-gvm-test
python3 -m venv .venv
source .venv/bin/activate
python3 -m pip install python-gvm
pip list

Package      Version
------------ -------
bcrypt       4.1.2
cffi         1.16.0
cryptography 42.0.2
defusedxml   0.7.1
lxml         5.1.0
paramiko     3.4.0
pip          23.2
pycparser    2.21
PyNaCl       1.5.0
python-gvm   24.1.0
setuptools   68.1.2
import sys

from gvm.connections import UnixSocketConnection
from gvm.protocols.gmp import Gmp
from gvm.transforms import EtreeTransform
from gvm.xml import pretty_print

connection = UnixSocketConnection(path=sys.argv[1])
transform = EtreeTransform()

with Gmp(connection, transform=transform) as gmp:
    # Retrieve GMP version supported by the remote daemon
    version = gmp.get_version()

    # Prints the XML in beautiful form
    pretty_print(version)
python3 main.py /path/to/gvmd.sock
<get_version_response status="200" status_text="OK">
  <version>22.5</version>
</get_version_response>

If GMP 22.5 isn't supported the same error message would have been raised. Remote manager daemon uses an unsupported version of GMP. The GMP version was 22.5. See https://github.com/greenbone/python-gvm/blob/main/gvm/protocols/gmp.py#L95-L101 for the code.

montjoie commented 9 months ago

If I understand correctly the code, the error is that the remote is 22.5

bjoernricks commented 9 months ago

The error is, the remote GMP version of gvmd is at 22.5 and your imported python-gvm version doesn't support 22.5.

But the current release of python-gvm (24.1.0) supports GMP 22.5 as my code example shows. Thus I suspect your python environment doesn't contain the latest release of python-gvm.

bjoernricks commented 9 months ago

To print the version of python-gvm in your current environment you can use the following snippet.

python3 -c "import gvm;print(gvm.get_version())"
montjoie commented 9 months ago

I got 23.5.1, but I dont understand why, it is a fresh docker and the pip install show: Successfully installed aiohttp-3.9.3 aiosignal-1.3.1 attrs-23.2.0 bcrypt-4.1.2 cffi-1.16.0 cryptography-42.0.2 defusedxml-0.7.1 frozenlist-1.4.1 idna-3.6 lxml-5.1.0 multidict-6.0.5 paramiko-3.4.0 pycparser-2.21 pynacl-1.5.0 python-gvm-24.1.0 slackclient-2.9.4 yarl-1.9.4

montjoie commented 9 months ago

I found why, a docker volume was masking the install directory. Sorry

YgorAlberto commented 7 months ago

I am with the same error here:

Traceback (most recent call last): File "/usr/lib/python3/dist-packages/gvmtools/script.py", line 87, in main with protocol_class(connection, transform=transform) as protocol: File "/usr/lib/python3/dist-packages/gvm/protocols/gmp.py", line 119, in enter self._gmp = self.determine_supported_gmp() ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ File "/usr/lib/python3/dist-packages/gvm/protocols/gmp.py", line 111, in determine_supported_gmp raise GvmError( gvm.errors.GvmError: Remote manager daemon uses an unsupported version of GMP. The GMP version was 22.5

My GVM are up-to-date (GVM-23.11.0) and my python-gvm are 24.3.0 Still getting this error :(

Im not using docker BTW

bjoernricks commented 7 months ago

If you have python-gvm >= 23.12.0 installed in the correct Python environment you have support for GMP 22.5

https://github.com/greenbone/python-gvm/releases/tag/v23.12.0 https://github.com/greenbone/python-gvm/pull/1097 https://github.com/greenbone/python-gvm/blob/main/gvm/protocols/gmp.py#L95-L96

YgorAlberto commented 7 months ago

Thanks for the reply So how do I see if my python-gvm are installed in the correct python environment?

So, i created the gmp.py file with the code you provided, and tried run the command again, and i got this other error.

Traceback (most recent call last): File "/usr/bin/gvm-script", line 5, in from gvmtools.script import main File "/usr/lib/python3/dist-packages/gvmtools/script.py", line 25, in from gvm.protocols.gmp import Gmp File "/usr/lib/python3/dist-packages/gvm/protocols/gmp.py", line 17, in from gvm.protocols.gmpv225 import Gmp as Gmpv225 ModuleNotFoundError: No module named 'gvm.protocols.gmpv225'

I dont think just changing the code will fix the problem, do you have any other solution?

BTW... I updated it for version 24.3.0 latest on, using normal user and root user, both are showing that my python-gvm are 24.3.0

My environment are the following I have Kali Linux running GVM installed on it, not in container, and everything are updated.

KALI

PRETTY_NAME="Kali GNU/Linux Rolling" NAME="Kali GNU/Linux" VERSION_ID="2024.1" VERSION="2024.1"

GVM

gvm-check-setup 23.11.0 Test completeness and readiness of GVM-23.11.0 Step 1: Checking OpenVAS (Scanner)... OK: OpenVAS Scanner is present in version 22.7.9. OK: Notus Scanner is present in version 22.6.2. OK: Server CA Certificate is present as /var/lib/gvm/CA/servercert.pem. Checking permissions of /var/lib/openvas/gnupg/* OK: _gvm owns all files in /var/lib/openvas/gnupg OK: redis-server is present. OK: scanner (db_address setting) is configured properly using the redis-server socket: /var/run/redis-openvas/redis-server.sock OK: the mqtt_server_uri is defined in /etc/openvas/openvas.conf OK: _gvm owns all files in /var/lib/openvas/plugins OK: NVT collection in /var/lib/openvas/plugins contains 89001 NVTs. OK: The notus directory /var/lib/notus/products contains 456 NVTs. Checking that the obsolete redis database has been removed OK: No old Redis DB OK: ospd-openvas service is active. OK: ospd-OpenVAS is present in version 22.6.2. Step 2: Checking GVMD Manager ... OK: GVM Manager (gvmd) is present in version 23.3.0. Step 3: Checking Certificates ... OK: GVM client certificate is valid and present as /var/lib/gvm/CA/clientcert.pem. OK: Your GVM certificate infrastructure passed validation. Step 4: Checking data ... OK: SCAP data found in /var/lib/gvm/scap-data. OK: CERT data found in /var/lib/gvm/cert-data. Step 5: Checking Postgresql DB and user ... OK: Postgresql version and default port are OK. gvmd | _gvm | UTF8 | libc | en_US.UTF-8 | en_US.UTF-8 | | | 18151|pg-gvm|10|2200|f|22.6|| OK: At least one user exists. Step 6: Checking Greenbone Security Assistant (GSA) ... OK: Greenbone Security Assistant is present in version 22.9.1~git. Step 7: Checking if GVM services are up and running ... OK: gvmd service is active. OK: gsad service is active. Step 8: Checking few other requirements... OK: nmap is present. OK: ssh-keygen found, LSC credential generation for GNU/Linux targets is likely to work. OK: nsis found, LSC credential package generation for Microsoft Windows targets is likely to work. OK: xsltproc found. WARNING: Your password policy is empty. SUGGEST: Edit the /etc/gvm/pwpolicy.conf file to set a password policy. Step 9: Checking greenbone-security-assistant... OK: greenbone-security-assistant is installed

It seems like your GVM-23.11.0 installation is OK.

GVM-TOOLS

Requirement already satisfied: gvm-tools==24.3.0 in /home/suporte/.local/lib/python3.11/site-packages (24.3.0) Requirement already satisfied: python-gvm>=23.4.2 in /home/suporte/.local/lib/python3.11/site-packages (from gvm-tools==24.3.0) (24.3.0) Requirement already satisfied: defusedxml>=0.6 in /usr/lib/python3/dist-packages (from python-gvm>=23.4.2->gvm-tools==24.3.0) (0.7.1) Requirement already satisfied: lxml>=4.5.0 in /usr/lib/python3/dist-packages (from python-gvm>=23.4.2->gvm-tools==24.3.0) (5.1.0) Requirement already satisfied: paramiko>=2.7.1 in /usr/lib/python3/dist-packages (from python-gvm>=23.4.2->gvm-tools==24.3.0) (2.12.0) Requirement already satisfied: typing-extensions>=4.9.0 in /usr/lib/python3/dist-packages (from python-gvm>=23.4.2->gvm-tools==24.3.0) (4.10.0)

THE PROBLEM

I have the scan finished and ready to make the report. So, for that, I use a script using a command like the following:

sudo -u _gvm gvm-script --gmp-username user --gmp-password "P@ss" socket --socketpath /var/run/gvmd/gvmd.sock /tmp/gen_report.py 15ce5f51-431f-445a-a4d3-b65dd1d0d61f /tmp/report.xml

This command will generate a XML that later I can use openvasreporting to generate the xlsx