Scroll to navigation

gvmd(8) System Manager's Manual gvmd(8)

NAME

gvmd - Greenbone Vulnerability Manager daemon

SYNOPSIS

gvmd OPTIONS

DESCRIPTION

The Greenbone Vulnerability Manager is the central management service between security scanners and the user clients.

It manages the storage of any vulnerability management configurations and of the scan results. Access to data, control commands and workflows is offered via the XML-based Greenbone Management Protocol (GMP). The primary scanner 'OpenVAS Scanner' is controlled directly via protocol OTP while any other remote scanner is coupled with the Open Scanner Protocol (OSP).

OPTIONS

Show help options.
Sets the address for the publish-subscribe message (MQTT) broker. Defaults to localhost:9138. Set to empty to disable.
Check SecInfo alerts.
Check if client connection was closed every NUMBER seconds. 0 to disable. Defaults to 1 second.
Create a new credential encryption key, set it as the new default and exit. With no other options given, a 4096 bit RSA key is created.
Create global scanner SCANNER and exit.
Create admin user USERNAME and exit.
Use NAME as database for PostgreSQL.
Use HOST as database host or socket directory for PostgreSQL.
Use PORT as database port or socket extension for PostgreSQL.
Delete scanner SCANNER-UUID and exit.
Delete user USERNAME and exit.
Diffie-Hellman parameters file
Disable comma-separated COMMANDS.
Do not encrypt or decrypt credentials.
Do not restrict passwords to the policy.
Disable task scheduling.
Set key length to LENGTH bits when creating a new RSA credential encryption key. Defaults to 4096.
Use the key type TYPE when creating a new credential encryption key. Currently only RSA is supported.
(Re-)Encrypt all credentials.
Sets the path to the feed lock file.
Sets the number of seconds to retry for if the feed is locked in contexts (like migration or rebuilds) that do not retry on their own (like automatic syncs). Defaults to 0 (no retry).
Run in foreground.
List scanners and exit.
List users and exit.
Sets the GnuTLS priorities for the Manager socket.
Have USERNAME inherit from deleted user.
Listen on ADDRESS.
Enable debugging of LDAP authentication.
Listen also on ADDRESS.
Group of the unix socket
File mode of the unix socket
Owner of the unix socket
Maximum size of alert email attachments, in bytes.
Maximum size of inlined content in alert emails, in bytes.
Maximum size of user-defined message text in alert emails, in bytes.
Maximum number of IPs per target.
Migrate the database and exit.
Modify scanner SCANNER-UUID and exit.
Modify setting UUID and exit.
Modify user's password and exit.
Modify user's password and exit.
Run an optimization: vacuum, add-feed-permissions, analyze, cleanup-config-prefs, cleanup-feed-permissions, cleanup-port-names, cleanup-report-formats, cleanup-result-nvts, cleanup-result-severities, cleanup-schedule-times, cleanup-sequences, cleanup-tls-certificate-encoding, migrate-relay-sensors, rebuild-report-cache or update-report-cache.
Unix socket for OSP NVT update. Defaults to the path of the 'OpenVAS Default' scanner if it is an absolute path.
Password, for --create-user.
Use port number NUMBER.
Use port number NUMBER for address 2.
Reload all gvmd data objects of a given types from feed.

The types must be "all" or a comma-separated of the following: "configs", "port_lists" and "report_formats".

Rebuild all SCAP data.
Executable for mapping scanner hosts to relays. Use an empty string to explicitly disable. If the option is not given, $PATH is checked for gvm-relay-mapper.
Role for --create-user and --get-users.
Scanner CA Certificate path for --[create|modify]-scanner.
Scanner credential for --create-scanner and --modify-scanner.

Can be blank to unset or a credential UUID. If omitted, a new credential can be created instead.

Scanner host or socket for --create-scanner and --modify-scanner.
Scanner private key path for --[create|modify]-scanner if --scanner-credential is not given.
Scanner Certificate path for --[create|modify]-scanner if --scanner-credential is not given.
Name for --modify-scanner.
Scanner port for --create-scanner and --modify-scanner.
Scanner type for --create-scanner and --modify-scanner.

Either 'OpenVAS', 'GMP', 'OSP-Sensor' or a number as used in GMP.

Number of auto retries if scanner connection is lost in a running task.
Time out tasks that are more than TIME minutes overdue. -1 to disable, 0 for minimum time.
During CERT and SCAP sync, commit updates to the database every NUMBER items, 0 for unlimited.
Listen on UNIX socket at FILENAME.
User for --new-password.
Value for --modify-setting.
Has no effect. See INSTALL.md for logging config.
Verify scanner SCANNER-UUID and exit.
Print version and exit.
Set collation for VT verification to COLLATION, omit or leave empty to choose automatically. Should be 'ucs_default' if DB uses UTF-8 or 'C' for single-byte encodings.

SIGNALS

SIGHUP causes gvmd to rebuild the database with information from the Scanner (openvas).

EXAMPLES

gvmd --port 1241

Serve GMP clients on port 1241 and connect to an OpenVAS scanner via the default OTP file socket.

SEE ALSO

openvas(8), gsad(8), ospd-openvas(8), greenbone-certdata-sync(8), greenbone-scapdata-sync(8),

MORE INFORMATION

The canonical places where you will find more information about the Greenbone Vulnerability Manager are:

https://community.greenbone.net (Community Portal)

https://github.com/greenbone (Development Platform)

https://www.greenbone.net (Greenbone Website)

COPYRIGHT

The Greenbone Vulnerability Manager is released under the GNU GPL, version 2, or, at your option, any later version.

User Manuals