Provided by: gvmd_23.1.0-1ubuntu3_amd64 bug

NAME

       gvmd - Greenbone Vulnerability Manager daemon

SYNOPSIS

       gvmd OPTIONS

DESCRIPTION

       The  Greenbone  Vulnerability  Manager  is the central management service between security
       scanners and the user clients.

       It manages the storage of any vulnerability management  configurations  and  of  the  scan
       results.  Access  to  data,  control  commands  and workflows is offered via the XML-based
       Greenbone Management Protocol (GMP). The primary scanner 'OpenVAS Scanner'  is  controlled
       directly  via protocol OTP while any other remote scanner is coupled with the Open Scanner
       Protocol (OSP).

OPTIONS

       -h, --help
              Show help options.

       --broker-address=ADDRESS
              Sets the address for the  publish-subscribe  message  (MQTT)  broker.  Defaults  to
              localhost:9138. Set to empty to disable.

       --check-alerts
              Check SecInfo alerts.

       --client-watch-interval=NUMBER
              Check  if client connection was closed every NUMBER seconds. 0 to disable. Defaults
              to 1 second.

       --create-encryption-key
              Create a new credential encryption key, set it as the new default and exit. With no
              other options given, a 4096 bit RSA key is created.

       --create-scanner=SCANNER
              Create global scanner SCANNER and exit.

       --create-user=USERNAME
              Create admin user USERNAME and exit.

       -d, --database=NAME
              Use NAME as database for PostgreSQL.

       --db-host=HOST
              Use HOST as database host or socket directory for PostgreSQL.

       --db-port=PORT
              Use PORT as database port or socket extension for PostgreSQL.

       --delete-scanner=SCANNER-UUID
              Delete scanner SCANNER-UUID and exit.

       --delete-user=USERNAME
              Delete user USERNAME and exit.

       --dh-params=FILE
              Diffie-Hellman parameters file

       --disable-cmds=COMMANDS
              Disable comma-separated COMMANDS.

       --disable-encrypted-credentials
              Do not encrypt or decrypt credentials.

       --disable-password-policy
              Do not restrict passwords to the policy.

       --disable-scheduling
              Disable task scheduling.

       --encryption-key-length=LENGTH
              Set  key  length  to LENGTH bits when creating a new RSA credential encryption key.
              Defaults to 4096.

       --encryption-key-type=TYPE
              Use the key type TYPE when creating a new credential encryption key. Currently only
              RSA is supported.

       --encrypt-all-credentials
              (Re-)Encrypt all credentials.

       --feed-lock-path=PATH
              Sets the path to the feed lock file.

       --feed-lock-timeout=TIMEOUT
              Sets  the  number  of  seconds to retry for if the feed is locked in contexts (like
              migration or rebuilds) that do not retry  on  their  own  (like  automatic  syncs).
              Defaults to 0 (no retry).

       -f, --foreground
              Run in foreground.

       --get-scanners
              List scanners and exit.

       --get-users
              List users and exit.

       --gnutls-priorities=PRIORITIES-STRING
              Sets the GnuTLS priorities for the Manager socket.

       --inheritor=USERNAME
              Have USERNAME inherit from deleted user.

       -a, --listen=ADDRESS
              Listen on ADDRESS.

       --ldap-debug
              Enable debugging of LDAP authentication.

       --listen2=ADDRESS
              Listen also on ADDRESS.

       --listen-group=STRING
              Group of the unix socket

       --listen-mode=STRING
              File mode of the unix socket

       --listen-owner=STRING
              Owner of the unix socket

       --max-email-attachment-size=NUMBER
              Maximum size of alert email attachments, in bytes.

       --max-email-include-size=NUMBER
              Maximum size of inlined content in alert emails, in bytes.

       --max-email-message-size=NUMBER
              Maximum size of user-defined message text in alert emails, in bytes.

       --max-ips-per-target=NUMBER
              Maximum number of IPs per target.

       -m, --migrate
              Migrate the database and exit.

       --modify-scanner=SCANNER-UUID
              Modify scanner SCANNER-UUID and exit.

       --modify-setting=UUID
              Modify setting UUID and exit.

       --new-password=PASSWORD
              Modify user's password and exit.

       --new-password=PASSWORD
              Modify user's password and exit.

       --optimize=NAME
              Run  an  optimization: vacuum, add-feed-permissions, analyze, cleanup-config-prefs,
              cleanup-feed-permissions,  cleanup-port-names,   cleanup-report-formats,   cleanup-
              result-nvts,  cleanup-result-severities, cleanup-schedule-times, cleanup-sequences,
              cleanup-tls-certificate-encoding,  migrate-relay-sensors,  rebuild-report-cache  or
              update-report-cache.

       --osp-vt-update=SCANNER-SOCKET
              Unix  socket  for  OSP  NVT  update.  Defaults to the path of the 'OpenVAS Default'
              scanner if it is an absolute path.

       --password=PASSWORD
              Password, for --create-user.

       -p, --port=NUMBER
              Use port number NUMBER.

       --port2=NUMBER
              Use port number NUMBER for address 2.

       --rebuild-gvmd-data=TYPES
              Reload all gvmd data objects of a given types from feed.

              The types  must  be  "all"  or  a  comma-separated  of  the  following:  "configs",
              "port_lists" and "report_formats".

       --rebuild-scap
              Rebuild all SCAP data.

       --relay-mapper=FILE
              Executable  for  mapping scanner hosts to relays. Use an empty string to explicitly
              disable. If the option is not given, $PATH is checked for gvm-relay-mapper.

       --role=ROLE
              Role for --create-user and --get-users.

       --scanner-ca-pub=SCANNER-CA-PUB
              Scanner CA Certificate path for --[create|modify]-scanner.

       --scanner-credential=SCANNER-CREDENTIAL
              Scanner credential for --create-scanner and --modify-scanner.

              Can be blank to unset or a credential UUID. If omitted, a  new  credential  can  be
              created instead.

       --scanner-host=SCANNER-HOST
              Scanner host or socket for --create-scanner and --modify-scanner.

       --scanner-key-priv=SCANNER-KEY-PRIVATE
              Scanner  private  key path for --[create|modify]-scanner if --scanner-credential is
              not given.

       --scanner-key-pub=SCANNER-KEY-PUBLIC
              Scanner Certificate path for --[create|modify]-scanner if  --scanner-credential  is
              not given.

       --scanner-name=NAME
              Name for --modify-scanner.

       --scanner-port=SCANNER-PORT
              Scanner port for --create-scanner and --modify-scanner.

       --scanner-type=SCANNER-TYPE
              Scanner type for --create-scanner and --modify-scanner.

              Either 'OpenVAS', 'GMP', 'OSP-Sensor' or a number as used in GMP.

       --scanner-connection-retry=NUMBER
              Number of auto retries if scanner connection is lost in a running task.

       --schedule-timeout=TIME
              Time  out  tasks  that  are  more  than  TIME minutes overdue. -1 to disable, 0 for
              minimum time.

       --secinfo-commit-size=NUMBER
              During CERT and SCAP sync, commit updates to the database every NUMBER items, 0 for
              unlimited.

       -c, --unix-socket=FILENAME
              Listen on UNIX socket at FILENAME.

       --user=USERNAME
              User for --new-password.

       --value=VALUE
              User for --new-password.

       --verbose
              Has no effect. See INSTALL.md for logging config.

       --verify-scanner=SCANNER-UUID
              Verify scanner SCANNER-UUID and exit.

       --version
              Print version and exit.

       --vt-verification-collation=COLLATION
              Set  collation  for  VT  verification  to  COLLATION, omit or leave empty to choose
              automatically. Should be 'ucs_default' if DB uses  UTF-8  or  'C'  for  single-byte
              encodings.

SIGNALS

       SIGHUP causes gvmd to rebuild the database with information from the Scanner (openvas).

EXAMPLES

       gvmd --port 1241

       Serve  GMP clients on port 1241 and connect to an OpenVAS scanner via the default OTP file
       socket.

SEE ALSO

       openvas(8),  gsad(8),  ospd-openvas(8),  greenbone-certdata-sync(8),   greenbone-scapdata-
       sync(8),

MORE INFORMATION

       The   canonical   places  where  you  will  find  more  information  about  the  Greenbone
       Vulnerability Manager are:

       https://community.greenbone.net (Community Portal)

       https://github.com/greenbone (Development Platform)

       https://www.greenbone.net (Greenbone Website)

COPYRIGHT

       The Greenbone Vulnerability Manager is released under the GNU GPL, version 2, or, at  your
       option, any later version.