NAME
gvmd - Greenbone Vulnerability Manager daemon
SYNOPSIS
gvmd OPTIONS
DESCRIPTION
The Greenbone Vulnerability Manager is the central management service between security scanners and the user clients.
It manages the storage of any vulnerability management configurations and of the scan results. Access to data, control commands and workflows is offered via the XML-based Greenbone Management Protocol (GMP). The primary scanner ’OpenVAS Scanner’ is controlled directly via protocol OTP while any other remote scanner is coupled with the Open Scanner Protocol (OSP).
OPTIONS
-h, --help
Show help options.
--check-alerts
Check SecInfo alerts.
--client-watch-interval=NUMBER
Check if client connection was closed every NUMBER seconds. 0 to disable. Defaults to 1 second.
--create-scanner=SCANNER
Create global scanner SCANNER and exit.
--create-user=USERNAME
Create admin user USERNAME and exit.
-d, --database=NAME
Use NAME as database for PostgreSQL.
--delete-scanner=SCANNER-UUID
Delete scanner SCANNER-UUID and exit.
--delete-user=USERNAME
Delete user USERNAME and exit.
--dh-params=FILE
Diffie-Hellman parameters file
--disable-cmds=COMMANDS
Disable comma-separated COMMANDS.
--disable-encrypted-credentials
Do not encrypt or decrypt credentials.
--disable-password-policy
Do not restrict passwords to the policy.
--disable-scheduling
Disable task scheduling.
--encrypt-all-credentials
(Re-)Encrypt all credentials.
--feed-lock-path=PATH
Sets the path to the feed lock file.
-f, --foreground
Run in foreground.
--get-scanners
List scanners and exit.
--get-users
List users and exit.
--gnutls-priorities=PRIORITIES-STRING
Sets the GnuTLS priorities for the Manager socket.
--inheritor=USERNAME
Have USERNAME inherit from deleted user.
-a, --listen=ADDRESS
Listen on ADDRESS.
--listen2=ADDRESS
Listen also on ADDRESS.
--listen-group=STRING
Group of the unix socket
--listen-mode=STRING
File mode of the unix socket
--listen-owner=STRING
Owner of the unix socket
--max-email-attachment-size=NUMBER
Maximum size of alert email attachments, in bytes.
--max-email-include-size=NUMBER
Maximum size of inlined content in alert emails, in bytes.
--max-email-message-size=NUMBER
Maximum size of user-defined message text in alert emails, in bytes.
--max-ips-per-target=NUMBER
Maximum number of IPs per target.
-m, --migrate
Migrate the database and exit.
--modify-scanner=SCANNER-UUID
Modify scanner SCANNER-UUID and exit.
--modify-setting=UUID
Modify setting UUID and exit.
--new-password=PASSWORD
Modify user’s password and exit.
--new-password=PASSWORD
Modify user’s password and exit.
--optimize=NAME
Run an optimization: vacuum, analyze, cleanup-config-prefs, cleanup-port-names, cleanup-report-formats, cleanup-result-nvts, cleanup-result-severities, cleanup-schedule-times, migrate-relay-sensors, rebuild-report-cache or update-report-cache.
--osp-vt-update=SCANNER-SOCKET
Unix socket for OSP NVT update. Defaults to the path of the ’OpenVAS Default’ scanner if it is an absolute path.
--password=PASSWORD
Password, for --create-user.
-p, --port=NUMBER
Use port number NUMBER.
--port2=NUMBER
Use port number NUMBER for address 2.
--rebuild-scap=TYPE
Rebuild SCAP data of type TYPE (currently only supports ’ovaldefs’).
--relay-mapper=FILE
Executable for mapping scanner hosts to relays. Use an empty string to explicitly disable. If the option is not given, $PATH is checked for gvm-relay-mapper.
--role=ROLE
Role for --create-user and --get-users.
--scanner-ca-pub=SCANNER-CA-PUB
Scanner CA Certificate path for --[create|modify]-scanner.
--scanner-credential=SCANNER-CREDENTIAL
Scanner credential for --create-scanner and --modify-scanner.
Can be blank to unset or a credential UUID. If omitted, a new credential can be created instead.
--scanner-host=SCANNER-HOST
Scanner host for --create-scanner and --modify-scanner.
--scanner-key-priv=SCANNER-KEY-PRIVATE
Scanner private key path for --[create|modify]-scanner if --scanner-credential is not given.
--scanner-key-pub=SCANNER-KEY-PUBLIC
Scanner Certificate path for --[create|modify]-scanner if --scanner-credential is not given.
--scanner-name=NAME
Name for --modify-scanner.
--scanner-port=SCANNER-PORT
Scanner port for --create-scanner and --modify-scanner.
--scanner-type=SCANNER-TYPE
Scanner type for --create-scanner and --modify-scanner.
Either ’OpenVAS’, ’OSP’, ’GMP’, ’OSP-Sensor’ or a number as used in GMP.
--schedule-timeout=TIME
Time out tasks that are more than TIME minutes overdue. -1 to disable, 0 for minimum time.
--secinfo-commit-size=NUMBER
During CERT and SCAP sync, commit updates to the database every NUMBER items, 0 for unlimited.
--slave-commit-size=NUMBER
During slave updates, commit after every NUMBER updated results and hosts, 0 for unlimited.
-c, --unix-socket=FILENAME
Listen on UNIX socket at FILENAME.
--user=USERNAME
User for --new-password.
--value=VALUE
User for --new-password.
--verbose
Has no effect. See INSTALL.md for logging config.
--verify-scanner=SCANNER-UUID
Verify scanner SCANNER-UUID and exit.
--version
Print version and exit.
SIGNALS
SIGHUP causes gvmd to rebuild the database with information from the Scanner (openvas).
EXAMPLES
gvmd --port 1241
Serve GMP clients on port 1241 and connect to an OpenVAS scanner via the default OTP file socket.
SEE ALSO
openvas(8), gsad(8), ospd-openvas(8), greenbone-certdata-sync(8), greenbone-scapdata-sync(8),
MORE INFORMATION
The canonical places where you will find more information about the Greenbone Vulnerability Manager are:
https://community.greenbone.net">Community
Portal
https://github.com/greenbone">Development
Platform
https://www.greenbone.net">Greenbone
Website
COPYRIGHT
The Greenbone Vulnerability Manager is released under the GNU GPL, version 2, or, at your option, any later version.