OpenVAS plugin for GLPi
Clone or download
Pull request Compare This branch is 11 commits behind pluginsGLPI:master.
Fetching latest commit…
Cannot retrieve the latest commit at this time.
Permalink
Failed to load latest commit information.
.tx
front
inc
locales
misc
pics
tools
.gitignore
.travis.yml
LICENSE
README.md
RoboFile.php
RoboFilePlugin.php
composer.json
composer.lock
hook.php
openvas.xml
setup.php

README.md

OpenVAS GLPi plugin for GLPi

This plugin integrates OpenVAS with GLPI.

Features

  • Retrieve OpenVAS informations for GLPi assets
  • Get severity & threat for assets
  • Import vulnerabities (results)
  • Create tickets based on vulnerabities data
  • Create tasks, request start and stop

Installation

Prerequisites

The plugin has only been tested on Linux.

You need the followings components:

  • GLPI (at least 9.1.1 version)
  • OpenVAS manager 8 up and running
  • PHP >= 5.5
  • openvas-cli package installed to provide omp executable

OpenVAS configuration

You need to create a user able to connect and administrate OpenVAS. The use should be able to see all data, and create tasks/request task start & stop

Glpi Configuration

Copy the plugin folder into your glpi/plugins directory. The folder must be named 'openvas' otherwise GLPI framework will fail to initialize the plugin.

Next, go to glpi interface, navigate to the Administatrion > Plugins page. Find the openvas line, click on Install button, and after refresh, click on Enable button.

Once the plugin enabled, you may click on this name or go into Setup > General menu to display the plugin configuration.

You will see this page:

Prelude plugin empty configuration

Fill the configuration fields in order to perform the OpenVAS connection :

  • Host: IP or hostname of OpenVAS manager
  • Manager port: OpenVAS management port (by default 9390)
  • Console port: OpenVAS management console port (by default 9392)
  • User: user to connect to OpenVAS
  • Password: user's password
  • Target retention delay: number of days after which target & vulnerabities infos are deleted
  • Number of days for searches: value to use for time restriction during OpenVAS queries
  • Request source: the request source to use when creating tickets from vulnerabities
  • Color palette: colors to represent OpenVAS threat levels

The test button is used to test the connection to OpenVAS manager.

Usage

Automatic actions

3 automatic actions are added by the plugin:

  • openvasSynchronize: used to perform hosts to asset matching and informations retrieval
  • openvasSynchronizeVulnerabilities: import vulnerabities (results) from OpenVAS in GLPi. Can also create tickets
  • openvasClean : clean not accurate data, based on the creation date

You must start by launching openvasSynchronize, then openvasSynchronizeVulnerabilities.

OpenVAS vulnerabities menu

Vulnerabities can be found at Tools > OpenVAS menu. A small green icon allows user to switch from vulnerabities view to tasks view.

vulnerabity display

A vulnerabity can be linked to several hosts. If a host is linked to an asset in GLPi, you can access the host directly from the vulnerabity.

OpenVAS asset tab

If a GLPi asset is linked to an OpenVAS host, a new OpenVAS tab is diplayed. The tab lists:

  • general informations (name, comment, severity & threat)
  • the list of tasks for this host
  • vulnerabities linked to the host

OpenVAS vulnerabities rules

A rules engine is available at Administration > Rules. It has 2 actions :

  • ignore vulnerabity import
  • create a ticket based on a template

vulnerabity display

To use threat as a criteria, here are the possible values:

  • Error
  • Log
  • Low
  • Medium
  • High

To match vulnerabilities having a threat at least equals to Low, you must use a regex: Threat regex checks /Low|Medium|High/

Contributing

  • Open a ticket for each bug/feature so it can be discussed
  • Follow development guidelines
  • Refer to GitFlow process for branching
  • Work on a new branch on your own fork
  • Open a PR that will be reviewed by a developer