Linux Manpages Online - man.cx manual pages

NAME

ospd-openvas - The OpenVAS Wrapper of the Greenbone Vulnerability Management

SYNOPSIS

ospd-openvas [-v] [-h] [-c config-file] [--log-file log-file]

Greenbone Vulnerability Management (GVM) is a vulnerability auditing and management framework made up of several modules. The OSPD OpenVAS Wrapper, ospd-openvas is in charge of the communication between the scanner OpenVAS and the clients (GVMd and gvm-tools).

ospd-openvas inspects the remote hosts to list all the vulnerabilities and common misconfigurations that affects them.

It is a command line tool with parameters to start a daemon which keeps waiting for instructions to update the feed of vulnerability tests and
to start a scan. The second part of the interface is the redis store where the parameters about a scan task need to be placed and from where the results can be retrieved, being the unique communication channel between OSPD-OpenVAS and OpenVAS.

OPTIONS

-s <config-file>, --config-file<config-file>

Use the alternate configuration file instead of ~/.config/ospd.conf

--version

Print the version number and exit

-h, --help

Show a summary of the commands

-p PORT, --port PORT

TCP Port to listen on. Default: 0

-b ADDRESS, --bind-address ADDRESS

Address to listen on. Default: 0.0.0.0

-u UNIX_SOCKET, --unix-socket UNIX_SOCKET

Unix file socket to listen on. Default: /var/run/ospd/ospd.sock

-m SOCKET_MODE, --socket-mode SOCKET_MODE

Unix file socket mode. Default: 0o700

--pid-file PID_FILE

Location of the file for the process ID. Default: /var/run/ospd.pid

--lock-file-dir LOCK_FILE_DIR

Directory where the feed lock file is placed. Default: /var/run/ospd

-k KEY_FILE, --key-file KEY_FILE

Server key file. Default: /usr/var/lib/gvm/private/CA/serverkey.pem

-c CERT_FILE, --cert-file CERT_FILE

Server cert file. Default: /usr/var/lib/gvm/CA/servercert.pem

--ca-file CA_FILE

CA cert file. Default: /usr/var/lib/gvm/CA/cacert.pem

-L LOG_LEVEL, --log-level LOG_LEVEL

Desired level of logging. Default: WARNING

-f, --foreground

Run in foreground and logs all messages to console.

-l LOG_FILE, --log-file LOG_FILE

Path to the logging file.

--stream-timeout TIMEOUT

Set a timeout on socket operations. Default 10 seconds

--niceness NICENESS

Start the scan with the given niceness. Default 10

--scaninfo-store-time TIME

Time in hours a scan is stored before being considered forgotten and being delete from the scan table. Default 0, disabled.

THE CONFIGURATION FILE

The default ospd-openvas configuration file, ~/.config/ospd.conf contains these options under the section [OSPD - openvas]:
log_level

Wished level of logging.

socket_mode

This option defines the permissions on a socket. It must be set in octal format. E.g. socket_mode = 0o770

unix_socket

This option specifies the socket path.

pid_file

Location of the file for the process ID.

log_file

Path to the log file. If no log file is given, the system log facility is used by default.

foreground

If this option is set to yes, the daemon logs to the standard output instead of logging to a file or syslog.

niceness

Start the scan with the given niceness. Default 10

stream_timeout

Set a timeout on socket operations. Default 10 seconds

scaninfo_store_time

Time in hours a scan is stored before being considered forgotten and being delete from the scan table. Default 0, disabled.

MORE INFORMATION ABOUT Greenbone Vulnerability Management

The canonical places where you will find more information about OSPD-OpenVAS are:

https://community.greenbone.net (Community site)
https://github.com/greenbone/ (Development site)
https://www.openvas.org/ (Traditional home site)

AUTHORS

ospd-openvas code is developed by Greenbone Networks GmbH.