- unstable 22.7.1-2
| OSPD-OpenVAS(8) | User Manuals | OSPD-OpenVAS(8) |
NAME¶
ospd-openvas - The OpenVAS Wrapper of the Greenbone Vulnerability Management
SYNOPSIS¶
ospd-openvas [-v] [-h] [-c config-file] [--log-file log-file]
DESCRIPTION¶
Greenbone Vulnerability Management (GVM) is a vulnerability auditing and management framework made up of several modules. The OSPD OpenVAS Wrapper, ospd-openvas is in charge of the communication between the scanner OpenVAS and the clients (GVMd and gvm-tools).
ospd-openvas inspects the remote hosts to list all the vulnerabilities and common misconfigurations that affects them.
It is a command line tool with parameters to start a daemon which
keeps waiting for instructions to update the feed of vulnerability tests and
to start a scan. The second part of the interface is the redis store where
the parameters about a scan task need to be placed and from where the
results can be retrieved, being the unique communication channel between
OSPD-OpenVAS and OpenVAS.
OPTIONS¶
- -s <config-file>, --config-file<config-file>
- Use the alternate configuration file instead of ~/.config/ospd.conf
- --version
- Print the version number and exit
- -h, --help
- Show a summary of the commands
- -p PORT, --port PORT
- TCP Port to listen on. Default: 0
- -b ADDRESS, --bind-address ADDRESS
- Address to listen on. Default: 0.0.0.0
- -u UNIX_SOCKET, --unix-socket UNIX_SOCKET
- Unix file socket to listen on. Default: /var/run/ospd/ospd.sock
- -m SOCKET_MODE, --socket-mode SOCKET_MODE
- Unix file socket mode. Default: 0o700
- --pid-file PID_FILE
- Location of the file for the process ID. Default: /var/run/ospd.pid
- --lock-file-dir LOCK_FILE_DIR
- Directory where the feed lock file is placed. Default: /var/run/ospd
- -k KEY_FILE, --key-file KEY_FILE
- Server key file. Default: /usr/var/lib/gvm/private/CA/serverkey.pem
- -c CERT_FILE, --cert-file CERT_FILE
- Server cert file. Default: /usr/var/lib/gvm/CA/servercert.pem
- --ca-file CA_FILE
- CA cert file. Default: /usr/var/lib/gvm/CA/cacert.pem
- -L LOG_LEVEL, --log-level LOG_LEVEL
- Desired level of logging. Default: WARNING
- -f, --foreground
- Run in foreground and logs all messages to console.
- -l LOG_FILE, --log-file LOG_FILE
- Path to the logging file.
- --stream-timeout TIMEOUT
- Set a timeout on socket operations. Default 10 seconds
- --niceness NICENESS
- Start the scan with the given niceness. Default 10
- --scaninfo-store-time TIME
- Time in hours a scan is stored before being considered forgotten and being delete from the scan table. Default 0, disabled.
THE CONFIGURATION FILE¶
The default ospd-openvas configuration file, ~/.config/ospd.conf contains these options under the section [OSPD - openvas]:
- log_level
- Wished level of logging.
- socket_mode
- This option defines the permissions on a socket. It must be set in octal format. E.g. socket_mode = 0o770
- unix_socket
- This option specifies the socket path.
- pid_file
- Location of the file for the process ID.
- log_file
- Path to the log file. If no log file is given, the system log facility is used by default.
- foreground
- If this option is set to yes, the daemon logs to the standard output instead of logging to a file or syslog.
- niceness
- Start the scan with the given niceness. Default 10
- stream_timeout
- Set a timeout on socket operations. Default 10 seconds
- scaninfo_store_time
- Time in hours a scan is stored before being considered forgotten and being delete from the scan table. Default 0, disabled.
MORE INFORMATION ABOUT Greenbone Vulnerability Management¶
The canonical places where you will find more information about OSPD-OpenVAS are:
https://github.com/greenbone/ (Development site)
https://www.openvas.org/ (Traditional home site)
AUTHORS¶
ospd-openvas code is developed by Greenbone Networks GmbH.
| August 2019 | Greenbone Vulnerability Management |