Provided by: gvmd_23.1.0-1ubuntu3_amd64 
NAME
gvmd - Greenbone Vulnerability Manager daemon
SYNOPSIS
gvmd OPTIONS
DESCRIPTION
The Greenbone Vulnerability Manager is the central management service between security
scanners and the user clients.
It manages the storage of any vulnerability management configurations and of the scan
results. Access to data, control commands and workflows is offered via the XML-based
Greenbone Management Protocol (GMP). The primary scanner 'OpenVAS Scanner' is controlled
directly via protocol OTP while any other remote scanner is coupled with the Open Scanner
Protocol (OSP).
OPTIONS
-h, --help
Show help options.
--broker-address=ADDRESS
Sets the address for the publish-subscribe message (MQTT) broker. Defaults to
localhost:9138. Set to empty to disable.
--check-alerts
Check SecInfo alerts.
--client-watch-interval=NUMBER
Check if client connection was closed every NUMBER seconds. 0 to disable. Defaults
to 1 second.
--create-encryption-key
Create a new credential encryption key, set it as the new default and exit. With no
other options given, a 4096 bit RSA key is created.
--create-scanner=SCANNER
Create global scanner SCANNER and exit.
--create-user=USERNAME
Create admin user USERNAME and exit.
-d, --database=NAME
Use NAME as database for PostgreSQL.
--db-host=HOST
Use HOST as database host or socket directory for PostgreSQL.
--db-port=PORT
Use PORT as database port or socket extension for PostgreSQL.
--delete-scanner=SCANNER-UUID
Delete scanner SCANNER-UUID and exit.
--delete-user=USERNAME
Delete user USERNAME and exit.
--dh-params=FILE
Diffie-Hellman parameters file
--disable-cmds=COMMANDS
Disable comma-separated COMMANDS.
--disable-encrypted-credentials
Do not encrypt or decrypt credentials.
--disable-password-policy
Do not restrict passwords to the policy.
--disable-scheduling
Disable task scheduling.
--encryption-key-length=LENGTH
Set key length to LENGTH bits when creating a new RSA credential encryption key.
Defaults to 4096.
--encryption-key-type=TYPE
Use the key type TYPE when creating a new credential encryption key. Currently only
RSA is supported.
--encrypt-all-credentials
(Re-)Encrypt all credentials.
--feed-lock-path=PATH
Sets the path to the feed lock file.
--feed-lock-timeout=TIMEOUT
Sets the number of seconds to retry for if the feed is locked in contexts (like
migration or rebuilds) that do not retry on their own (like automatic syncs).
Defaults to 0 (no retry).
-f, --foreground
Run in foreground.
--get-scanners
List scanners and exit.
--get-users
List users and exit.
--gnutls-priorities=PRIORITIES-STRING
Sets the GnuTLS priorities for the Manager socket.
--inheritor=USERNAME
Have USERNAME inherit from deleted user.
-a, --listen=ADDRESS
Listen on ADDRESS.
--ldap-debug
Enable debugging of LDAP authentication.
--listen2=ADDRESS
Listen also on ADDRESS.
--listen-group=STRING
Group of the unix socket
--listen-mode=STRING
File mode of the unix socket
--listen-owner=STRING
Owner of the unix socket
--max-email-attachment-size=NUMBER
Maximum size of alert email attachments, in bytes.
--max-email-include-size=NUMBER
Maximum size of inlined content in alert emails, in bytes.
--max-email-message-size=NUMBER
Maximum size of user-defined message text in alert emails, in bytes.
--max-ips-per-target=NUMBER
Maximum number of IPs per target.
-m, --migrate
Migrate the database and exit.
--modify-scanner=SCANNER-UUID
Modify scanner SCANNER-UUID and exit.
--modify-setting=UUID
Modify setting UUID and exit.
--new-password=PASSWORD
Modify user's password and exit.
--new-password=PASSWORD
Modify user's password and exit.
--optimize=NAME
Run an optimization: vacuum, add-feed-permissions, analyze, cleanup-config-prefs,
cleanup-feed-permissions, cleanup-port-names, cleanup-report-formats, cleanup-
result-nvts, cleanup-result-severities, cleanup-schedule-times, cleanup-sequences,
cleanup-tls-certificate-encoding, migrate-relay-sensors, rebuild-report-cache or
update-report-cache.
--osp-vt-update=SCANNER-SOCKET
Unix socket for OSP NVT update. Defaults to the path of the 'OpenVAS Default'
scanner if it is an absolute path.
--password=PASSWORD
Password, for --create-user.
-p, --port=NUMBER
Use port number NUMBER.
--port2=NUMBER
Use port number NUMBER for address 2.
--rebuild-gvmd-data=TYPES
Reload all gvmd data objects of a given types from feed.
The types must be "all" or a comma-separated of the following: "configs",
"port_lists" and "report_formats".
--rebuild-scap
Rebuild all SCAP data.
--relay-mapper=FILE
Executable for mapping scanner hosts to relays. Use an empty string to explicitly
disable. If the option is not given, $PATH is checked for gvm-relay-mapper.
--role=ROLE
Role for --create-user and --get-users.
--scanner-ca-pub=SCANNER-CA-PUB
Scanner CA Certificate path for --[create|modify]-scanner.
--scanner-credential=SCANNER-CREDENTIAL
Scanner credential for --create-scanner and --modify-scanner.
Can be blank to unset or a credential UUID. If omitted, a new credential can be
created instead.
--scanner-host=SCANNER-HOST
Scanner host or socket for --create-scanner and --modify-scanner.
--scanner-key-priv=SCANNER-KEY-PRIVATE
Scanner private key path for --[create|modify]-scanner if --scanner-credential is
not given.
--scanner-key-pub=SCANNER-KEY-PUBLIC
Scanner Certificate path for --[create|modify]-scanner if --scanner-credential is
not given.
--scanner-name=NAME
Name for --modify-scanner.
--scanner-port=SCANNER-PORT
Scanner port for --create-scanner and --modify-scanner.
--scanner-type=SCANNER-TYPE
Scanner type for --create-scanner and --modify-scanner.
Either 'OpenVAS', 'GMP', 'OSP-Sensor' or a number as used in GMP.
--scanner-connection-retry=NUMBER
Number of auto retries if scanner connection is lost in a running task.
--schedule-timeout=TIME
Time out tasks that are more than TIME minutes overdue. -1 to disable, 0 for
minimum time.
--secinfo-commit-size=NUMBER
During CERT and SCAP sync, commit updates to the database every NUMBER items, 0 for
unlimited.
-c, --unix-socket=FILENAME
Listen on UNIX socket at FILENAME.
--user=USERNAME
User for --new-password.
--value=VALUE
User for --new-password.
--verbose
Has no effect. See INSTALL.md for logging config.
--verify-scanner=SCANNER-UUID
Verify scanner SCANNER-UUID and exit.
--version
Print version and exit.
--vt-verification-collation=COLLATION
Set collation for VT verification to COLLATION, omit or leave empty to choose
automatically. Should be 'ucs_default' if DB uses UTF-8 or 'C' for single-byte
encodings.
SIGNALS
SIGHUP causes gvmd to rebuild the database with information from the Scanner (openvas).
EXAMPLES
gvmd --port 1241
Serve GMP clients on port 1241 and connect to an OpenVAS scanner via the default OTP file
socket.
SEE ALSO
openvas(8), gsad(8), ospd-openvas(8), greenbone-certdata-sync(8), greenbone-scapdata-
sync(8),
MORE INFORMATION
The canonical places where you will find more information about the Greenbone
Vulnerability Manager are:
https://community.greenbone.net (Community Portal)
https://github.com/greenbone (Development Platform)
https://www.greenbone.net (Greenbone Website)
COPYRIGHT
The Greenbone Vulnerability Manager is released under the GNU GPL, version 2, or, at your
option, any later version.