table of contents
- unstable 22.10.1-1
| OSPD-OpenVAS(8) | User Manuals | OSPD-OpenVAS(8) |
NAME¶
ospd-openvas - The OpenVAS Wrapper of the Greenbone Vulnerability Management
SYNOPSIS¶
ospd-openvas [-v] [-h] [-c config-file] [--log-file log-file]
DESCRIPTION¶
Greenbone Vulnerability Management (GVM) is a vulnerability auditing and management framework made up of several modules. The OSPD OpenVAS Wrapper, ospd-openvas is in charge of the communication between the scanner OpenVAS and the clients (GVMd and gvm-tools).
ospd-openvas inspects the remote hosts to list all the vulnerabilities and common misconfigurations that affects them.
It is a command line tool with parameters to start a daemon which
keeps waiting for instructions to update the feed of vulnerability tests and
to start a scan. The second part of the interface is the redis store where
the parameters about a scan task need to be placed and from where the
results can be retrieved, being the unique communication channel between
OSPD-OpenVAS and OpenVAS.
OPTIONS¶
- -s <config-file>, --config-file <config-file>
- Use the alternate configuration file instead of ~/.config/ospd.conf
- --log-config <log-config-path>
- Log configuration file path. Default: ~/.config/ospd-logging.conf
- --version
- Print the version number and exit
- -h, --help
- Show a summary of the commands
- -p PORT, --port PORT
- TCP Port to listen on. Default: 0
- -b ADDRESS, --bind-address ADDRESS
- Address to listen on. Default: 0.0.0.0
- -u UNIX_SOCKET, --unix-socket UNIX_SOCKET
- Unix file socket to listen on. Default: /var/run/ospd/ospd.sock
- -m SOCKET_MODE, --socket-mode SOCKET_MODE
- Unix file socket mode. Default: 0o770
- --pid-file PID_FILE
- Location of the file for the process ID. Default: /var/run/ospd.pid
- --lock-file-dir LOCK_FILE_DIR
- Directory where the feed lock file is placed. Default: /var/run/ospd
- -k KEY_FILE, --key-file KEY_FILE
- Server key file. Default: /usr/var/lib/gvm/private/CA/serverkey.pem
- -c CERT_FILE, --cert-file CERT_FILE
- Server cert file. Default: /usr/var/lib/gvm/CA/servercert.pem
- --ca-file CA_FILE
- CA cert file. Default: /usr/var/lib/gvm/CA/cacert.pem
- -L LOG_LEVEL, --log-level LOG_LEVEL
- Desired level of logging. Default: WARNING
- -f, --foreground
- Run in foreground and log all messages to console.
- -l LOG_FILE, --log-file LOG_FILE
- Path to the logging file.
- -t TIMEOUT, --stream-timeout TIMEOUT
- Set a timeout on socket operations. Default 10 seconds
- --niceness NICENESS
- Start the scan with the given niceness. Default 10
- --mqtt-broker-address ADDRESS
- Broker address to connect to for MQTT communication. Neccessary to get results from Notus-Scanner. Default: localhost
- --mqtt-broker-port PORT
- Broker port to connect to for MQTT communication. Neccessary to get results from Notus-Scanner. Default: 1883
- --mqtt-broker-username USERNAME
- Username to connect to MQTT broker for MQTT communication.
- --mqtt-broker-password PASSWORD
- Password to connect to MQTT broker for MQTT communication.
- --scaninfo-store-time TIME
- Time in hours a scan is stored before being considered forgotten and being delete from the scan table. Default 0, disabled.
- --max-scans VALUE
- Max. amount of parallel task that can be started. Default 0, disabled.
- --min-free-mem-scan-queue MB
- Minimum free memory in MB required to run the scan. If no enough free memory is available, the scan is queued. Default 0, disabled.
- --max-queued-scans VALUE
- Maximum number allowed of queued scans before starting to reject new scans. Default 0, disabled.
- --feed-updater METHOD
- Sets the method of updating the feed. Can either be openvas or nasl-cli. Default: openvas
- -x, --signature-check
- Enable feed signature check.
- --notus-feed-dir DIRECTORY
- Directory where notus feed is placed. Default: /var/lib/notus/advisories
- --disable-notus-hashsum-verification BOOLEAN
- Disable hashsum verification for notus advisories. Default: false
- --list-commands
- Display all protocol commands.
THE CONFIGURATION FILE¶
The default ospd-openvas configuration file, ~/.config/ospd.conf contains these options under the section [OSPD - openvas]:
- log_config
- Log configuration file path.
- port
- TCP port to listen on.
- address
- Address to listen on (this corresponds to --bind-address).
- unix_socket
- This option specifies the socket path.
- socket_mode
- This option defines the permissions on a socket. It must be set in octal format. E.g. socket_mode = 0o770
- pid_file
- Location of the file for the process ID.
- lock_file_dir
- Directory where the feed lock file is placed.
- key_file
- Server key file.
- cert_file
- Server cert file.
- ca_file
- CA cert file.
- log_level
- Desired level of logging.
- foreground
- Set to true to run in foreground and log all messages to console.
- log_file
- Path to the log file. If no log file is given, the system log facility is used by default.
- stream_timeout
- Set a timeout on socket operations. Default 10 seconds
- niceness
- Start the scan with the given niceness. Default 10
- scaninfo_store_time
- Time in hours a scan is stored before being considered forgotten and being delete from the scan table. Default 0, disabled.
- max_scans
- Maximum amount of parallel task that can be started. Default 0, disabled.
- max_queued_scans
- Maximum number allowed of queued scans before starting to reject new scans. Default 0, disabled.
- min_free_mem_scan_queue
- Minimum free memory in MB required to run the scan. If insufficient free memory is available, the scan is queued. Default 0, disabled.
- mqtt_broker_address
- Broker address to connect to for MQTT communication.
- mqtt_broker_port
- Broker port to connect to for MQTT communication.
- mqtt_broker_username
- Username to connect to MQTT broker for MQTT communication.
- mqtt_broker_password
- Password to connect to MQTT broker for MQTT communication.
- feed_updater
- Sets the method of updating the feed.
- signature_check
- Set to true to enable feed signature check.
- notus_feed_dir
- Directory where notus feed is placed.
- disable_notus_hashsum_verification
- Set to true to disable hashsum verification for notus advisories.
SEE ALSO¶
openvas(8), gsad(8), gvmd(8), greenbone-nvt-sync(8),
MORE INFORMATION¶
The canonical places where you will find more information about OSPD-OpenVAS are:
AUTHORS¶
ospd-openvas code is developed by Greenbone AG.
| August 2019 | Greenbone Vulnerability Management |