OpenVAS users, Recently Greenbone Dr. Jan-Oliver Wagner announced GVM-Tools which inspired me to rewrite my task scheduler. Which task scheduler? One day I hacked together some bash script which called the OpenVAS omp program and parsed the output. Based on some dirty grep filtering and tricks I managed to make it start tasks which had not run in the current month.
Somehow I cannot find my way with the official scheduler... and I know some of you have built alike or even more elaborate scripts to handle things. I never publicly released the bash script because it was ugly, got slow and had a lot of hard coded constraints which only fitted my own setup. This time around I implemented everything from scratch based on the GVM-Tools gvm-pyshell using the gmp calls to get the tasks information in XML format and start a task. I think this version will work for almost everyone. You can find the new scheduler script here: https://github.com/Thijssss/openvas_scheduler See the wiki part of the github page for a screenshot. It's written to run as part of the GVM-Tools gvm-pyshell, see the run example. The code is for Python 3 and I have used urwid for a console text GUI interface. What I want, and this does, it make sure all tasks run at least once a month. I usually run the scheduler inside a screen and check on occasion. It does not run 24/7/365, It could but I start the last week of the month or whenever I feel like it. So what does it do exactly? In short: * Get tasks information, then loop tasks to determine: o Scanner instance (slave) o If the latest completed run was in the period between now and a month ago o Tasks in total o Tasks that haven't run yet o Which tasks are running and their status * If there is room for a new task on a scanner instance, look for a job that fits. (it pop's the list, so it kind of chooses at random) o If so, tell OpenVAS to start the task (just sends start for a specific task ID) (IF it may start, you can configure on which days and between which hours; I only start jobs during office hours) See the code for more information; for example I have limited the settings by default to two concurrent tasks per slave scanner. This script does not change anything in your OpenVAS setup/database. It just reads the tasks information and requests a task start. My setup: A master instance and 4 slave scanners. Every task is set and configured to run on a specific slave scanner. Any question, feedback, bug report, fork etc' is welcome. Thijs Stuurman Security Operations Center | KPN Internedservices [email protected]<mailto:[email protected]> | [email protected]<mailto:[email protected]> T: +31(0)299476185 | M: +31(0)624366778 PGP Key-ID: 0x16ADC048 (https://pgp.surfnet.nl/) Fingerprint: 2EDB 9B42 D6E8 7D4B 6E02 8BE5 6D46 8007 16AD C048 W: https://www.internedservices.nl<https://www.internedservices.nl/> | L: http://nl.linkedin.com/in/thijsstuurman
_______________________________________________ Openvas-discuss mailing list [email protected] https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss
