oracular (8) ospd-openvas.8.gz

Provided by: ospd-openvas_22.7.1-2_all bug

NAME

       ospd-openvas - The OpenVAS Wrapper of the Greenbone Vulnerability Management

SYNOPSIS

       ospd-openvas [-v] [-h]  [-c config-file] [--log-file log-file]

DESCRIPTION

       Greenbone  Vulnerability  Management  (GVM)  is  a  vulnerability  auditing and management
       framework made up of several modules.  The OSPD OpenVAS Wrapper, ospd-openvas is in charge
       of the communication between the scanner OpenVAS and the clients (GVMd and gvm-tools).

       ospd-openvas  inspects  the  remote  hosts  to  list  all  the  vulnerabilities and common
       misconfigurations that affects them.

       It is a command line tool with parameters to  start  a  daemon  which  keeps  waiting  for
       instructions to update the feed of vulnerability tests and
        to  start  a  scan.   The  second  part  of  the  interface  is the redis store where the
       parameters about a scan task need  to  be  placed  and  from  where  the  results  can  be
       retrieved, being the unique communication channel between OSPD-OpenVAS and OpenVAS.

OPTIONS

       -s <config-file>, --config-file<config-file>
              Use the alternate configuration file instead of ~/.config/ospd.conf

       --version
              Print the version number and exit

       -h, --help
              Show a summary of the commands

       -p PORT, --port PORT
              TCP Port to listen on. Default: 0

       -b ADDRESS, --bind-address ADDRESS
              Address to listen on. Default: 0.0.0.0

       -u UNIX_SOCKET, --unix-socket UNIX_SOCKET
              Unix file socket to listen on. Default: /var/run/ospd/ospd.sock

       -m SOCKET_MODE, --socket-mode SOCKET_MODE
              Unix file socket mode. Default: 0o700

       --pid-file PID_FILE
              Location of the file for the process ID. Default: /var/run/ospd.pid

       --lock-file-dir LOCK_FILE_DIR
              Directory where the feed lock file is placed. Default: /var/run/ospd

       -k KEY_FILE, --key-file KEY_FILE
              Server key file. Default: /usr/var/lib/gvm/private/CA/serverkey.pem

       -c CERT_FILE, --cert-file CERT_FILE
              Server cert file. Default: /usr/var/lib/gvm/CA/servercert.pem

       --ca-file CA_FILE
              CA cert file. Default: /usr/var/lib/gvm/CA/cacert.pem

       -L LOG_LEVEL, --log-level LOG_LEVEL
              Desired level of logging. Default: WARNING

       -f, --foreground
              Run in foreground and logs all messages to console.

       -l LOG_FILE, --log-file LOG_FILE
              Path to the logging file.

       --stream-timeout TIMEOUT
              Set a timeout on socket operations. Default 10 seconds

       --niceness NICENESS
              Start the scan with the given niceness. Default 10

       --scaninfo-store-time TIME
              Time  in  hours a scan is stored before being considered forgotten and being delete
              from the scan table. Default 0, disabled.

       --max-scans VALUE
              Max. amount of parallel task that can be started. Default 0, disabled.

       --min-free-mem-scan-queue MB
              Minimum free memory in MB required to run the scan. If no  enough  free  memory  is
              available, the scan is queued. Default 0, disabled.

       --max-queued-scans VALUE
              Maximum  number  allowed  of  queued  scans  before  starting  to reject new scans.
              Default 0, disabled.

THE CONFIGURATION FILE

       The default ospd-openvas configuration file, ~/.config/ospd.conf  contains  these  options
       under the section [OSPD - openvas]:

       log_level
              Wished level of logging.

       socket_mode
              This  option  defines the permissions on a socket.  It must be set in octal format.
              E.g. socket_mode = 0o770

       unix_socket
              This option specifies the socket path.

       pid_file
              Location of the file for the process ID.

       log_file
              Path to the log file. If no log file is given, the system log facility is  used  by
              default.

       foreground
              If  this  option  is  set to yes, the daemon logs to the standard output instead of
              logging to a file or syslog.

       niceness
              Start the scan with the given niceness. Default 10

       stream_timeout
              Set a timeout on socket operations. Default 10 seconds

       scaninfo_store_time
              Time in hours a scan is stored before being considered forgotten and  being  delete
              from the scan table. Default 0, disabled.

       max_scans
              Max. amount of parallel task that can be started. Default 0, disabled.

       min_free_mem_scan_queue
              Minimum  free  memory  in  MB required to run the scan. If no enough free memory is
              available, the scan is queued. Default 0, disabled.

       max_queued_scans
              Maximum number allowed of  queued  scans  before  starting  to  reject  new  scans.
              Default 0, disabled.

SEE ALSO

       openvas(8), gsad(8), gvmd(8), greenbone-nvt-sync(8),

MORE INFORMATION

       The canonical places where you will find more information about OSPD-OpenVAS are:

              Community Portal ⟨https://community.greenbone.net⟩
              Development Platform ⟨https://github.com/greenbone⟩
              Traditional home site ⟨https://www.openvas.org⟩

AUTHORS

       ospd-openvas code is developed by Greenbone AG.