trusty (8) openvas-adduser.8.gz

Provided by: openvas-server_2.0.3-6_amd64 bug

NAME
       openvas-adduser - add a user in the openvasd userbase


SYNOPSIS
       openvas-adduser


DESCRIPTION
       The  OpenVAS  Security  Scanner  comes  with its own user base which contains the list of who can use the
       services of openvasd, and what restriction (or rules) each user has.

       openvas-adduser is a simple program which will add a user to the openvasd userbase.

       The program is straightforward and asks for the following items:

       • Login
              the login name of the openvasd user to add

       • Password
              the password that the user will use to connect to openvasd

       • Rules
              the set of rules to apply to the user. See below.


RULES
       Each user has his own set of rules. Rules are here to restrict the rights of the users. For instance, you
       can  add  user  “joe”  so that he can only test the host “192.168.1.1”, whereas you can add user “bob” so
       that he can test whatever IP address he wishes.

       Each rule fits on one line. A user can have an unlimited amount of rules (and can even have  no  rule  at
       all).

       The syntax is:
              accept|deny ip/mask
       and
              default accept|deny

       Where mask is the CIDR netmask of the rule.

       The default statement must be the last rule and defines the policy of the user.

       The  following rule set will allow the user to test 192.168.1.0/24, 192.168.3.0/24 and 172.22.0.0/16, but
       nothing else:
              accept 192.168.1.0/24
              accept 192.168.3.0/24
              accept 172.22.0.0/16
              default deny

       The following rule set will allow the user to test whatever he wants, except the network 192.168.1.0/24:
              deny 192.168.1.0/24
              default accept

       The keyword client_ip has been defined, and is replaced at run time by the IP  address  of  the  openvasd
       user.  For instance, if you want your users to be able to only be able to scan the system they come from,
       then you want them to have the following ruleset:
              accept client_ip
              default deny


SEE ALSO
       openvas-rmuser(8), openvasd(8)


MORE INFORMATION ABOUT THE OpenVAS PROJECT
       The canonical places where you will find more information about the OpenVAS project are:
              http://www.openvas.org/ ⟨⟩ (Official site)


AUTHOR
       openvas-adduser was quickly written by Renaud Deraison <deraison@cvs.nessus.org>


BUGS
       openvas-adduser creates temporary files in $TMPDIR/.  If this variable is  not  set,  then  it  will  use
       /var/tmp which may be a security risk depending of your configuration.

       If you set your TMPDIR variable to /tmp, then you are in trouble.