.TH gvmd 8 User Manuals
.SH NAME
gvmd \- Greenbone Vulnerability Manager daemon
.SH SYNOPSIS
\fBgvmd OPTIONS
\f1
.SH DESCRIPTION
The Greenbone Vulnerability Manager is the central management service between security scanners and the user clients. 

It manages the storage of any vulnerability management configurations and of the scan results. Access to data, control commands and workflows is offered via the XML-based Greenbone Management Protocol (GMP). The primary scanner 'OpenVAS Scanner' is controlled directly via protocol OTP while any other remote scanner is coupled with the Open Scanner Protocol (OSP). 
.SH OPTIONS
.TP
\fB-h, --help\f1
Show help options.
.TP
\fB--check-alerts\f1
Check SecInfo alerts.
.TP
\fB--client-watch-interval=\fINUMBER\fB\f1
Check if client connection was closed every NUMBER seconds. 0 to disable. Defaults to 1 second.
.TP
\fB--create-scanner=\fISCANNER\fB\f1
Create global scanner SCANNER and exit.
.TP
\fB--create-user=\fIUSERNAME\fB\f1
Create admin user USERNAME and exit.
.TP
\fB-d, --database=\fINAME\fB\f1
Use NAME as database for PostgreSQL.
.TP
\fB--delete-scanner=\fISCANNER-UUID\fB\f1
Delete scanner SCANNER-UUID and exit.
.TP
\fB--delete-user=\fIUSERNAME\fB\f1
Delete user USERNAME and exit.
.TP
\fB--dh-params=\fIFILE\fB\f1
Diffie-Hellman parameters file
.TP
\fB--disable-cmds=\fICOMMANDS\fB\f1
Disable comma-separated COMMANDS.
.TP
\fB--disable-encrypted-credentials\f1
Do not encrypt or decrypt credentials.
.TP
\fB--disable-password-policy\f1
Do not restrict passwords to the policy.
.TP
\fB--disable-scheduling\f1
Disable task scheduling.
.TP
\fB--encrypt-all-credentials\f1
(Re-)Encrypt all credentials.
.TP
\fB-f, --foreground\f1
Run in foreground.
.TP
\fB--get-scanners\f1
List scanners and exit.
.TP
\fB--get-users\f1
List users and exit.
.TP
\fB--gnutls-priorities=\fIPRIORITIES-STRING\fB\f1
Sets the GnuTLS priorities for the Manager socket.
.TP
\fB--inheritor=\fIUSERNAME\fB\f1
Have USERNAME inherit from deleted user.
.TP
\fB-a, --listen=\fIADDRESS\fB\f1
Listen on ADDRESS.
.TP
\fB--listen2=\fIADDRESS\fB\f1
Listen also on ADDRESS.
.TP
\fB--listen-group=\fISTRING\fB\f1
Group of the unix socket
.TP
\fB--listen-mode=\fISTRING\fB\f1
File mode of the unix socket
.TP
\fB--listen-owner=\fISTRING\fB\f1
Owner of the unix socket
.TP
\fB--max-email-attachment-size=\fINUMBER\fB\f1
Maximum size of alert email attachments, in bytes.
.TP
\fB--max-email-include-size=\fINUMBER\fB\f1
Maximum size of inlined content in alert emails, in bytes.
.TP
\fB--max-email-message-size=\fINUMBER\fB\f1
Maximum size of user-defined message text in alert emails, in bytes.
.TP
\fB--max-ips-per-target=\fINUMBER\fB\f1
Maximum number of IPs per target.
.TP
\fB-m, --migrate\f1
Migrate the database and exit.
.TP
\fB--modify-scanner=\fISCANNER-UUID\fB\f1
Modify scanner SCANNER-UUID and exit.
.TP
\fB--modify-setting=\fIUUID\fB\f1
Modify setting UUID and exit.
.TP
\fB--new-password=\fIPASSWORD\fB\f1
Modify user's password and exit.
.TP
\fB--new-password=\fIPASSWORD\fB\f1
Modify user's password and exit.
.TP
\fB--optimize=\fINAME\fB\f1
Run an optimization: vacuum, analyze, cleanup-config-prefs, cleanup-port-names, cleanup-report-formats, cleanup-result-nvts, cleanup-result-severities, cleanup-schedule-times, migrate-relay-sensors, rebuild-report-cache or update-report-cache.
.TP
\fB--osp-vt-update=\fISCANNER-SOCKET\fB\f1
Unix socket for OSP NVT update. Defaults to the path of the 'OpenVAS Default' scanner if it is an absolute path.
.TP
\fB--password=\fIPASSWORD\fB\f1
Password, for --create-user.
.TP
\fB-p, --port=\fINUMBER\fB\f1
Use port number NUMBER.
.TP
\fB--port2=\fINUMBER\fB\f1
Use port number NUMBER for address 2.
.TP
\fB--rebuild-scap=\fITYPE\fB\f1
Rebuild SCAP data of type \fITYPE\f1 (currently only supports 'ovaldefs'). 
.TP
\fB--relay-mapper=\fIFILE\fB\f1
Executable for mapping scanner hosts to relays. Use an empty string to explicitly disable. If the option is not given, $PATH is checked for gvm-relay-mapper. 
.TP
\fB--role=\fIROLE\fB\f1
Role for --create-user and --get-users.
.TP
\fB--scanner-ca-pub=\fISCANNER-CA-PUB\fB\f1
Scanner CA Certificate path for --[create|modify]-scanner.
.TP
\fB--scanner-credential=\fISCANNER-CREDENTIAL\fB\f1
Scanner credential for --create-scanner and --modify-scanner.

Can be blank to unset or a credential UUID. If omitted, a new credential can be created instead.
.TP
\fB--scanner-host=\fISCANNER-HOST\fB\f1
Scanner host for --create-scanner and --modify-scanner.
.TP
\fB--scanner-key-priv=\fISCANNER-KEY-PRIVATE\fB\f1
Scanner private key path for --[create|modify]-scanner if --scanner-credential is not given.
.TP
\fB--scanner-key-pub=\fISCANNER-KEY-PUBLIC\fB\f1
Scanner Certificate path for --[create|modify]-scanner if --scanner-credential is not given.
.TP
\fB--scanner-name=\fINAME\fB\f1
Name for --modify-scanner.
.TP
\fB--scanner-port=\fISCANNER-PORT\fB\f1
Scanner port for --create-scanner and --modify-scanner.
.TP
\fB--scanner-type=\fISCANNER-TYPE\fB\f1
Scanner type for --create-scanner and --modify-scanner.

Either 'OpenVAS', 'OSP', 'GMP', 'OSP-Sensor' or a number as used in GMP.
.TP
\fB--schedule-timeout=\fITIME\fB\f1
Time out tasks that are more than TIME minutes overdue. -1 to disable, 0 for minimum time.
.TP
\fB--secinfo-commit-size=\fINUMBER\fB\f1
During CERT and SCAP sync, commit updates to the database every NUMBER items, 0 for unlimited.
.TP
\fB--slave-commit-size=\fINUMBER\fB\f1
During slave updates, commit after every NUMBER updated results and hosts, 0 for unlimited.
.TP
\fB-c, --unix-socket=\fIFILENAME\fB\f1
Listen on UNIX socket at FILENAME.
.TP
\fB--user=\fIUSERNAME\fB\f1
User for --new-password.
.TP
\fB--value=\fIVALUE\fB\f1
User for --new-password.
.TP
\fB--verbose\f1
Has no effect. See INSTALL.md for logging config.
.TP
\fB--verify-scanner=\fISCANNER-UUID\fB\f1
Verify scanner SCANNER-UUID and exit.
.TP
\fB--version\f1
Print version and exit.
.SH SIGNALS
SIGHUP causes gvmd to rebuild the database with information from the Scanner (openvassd).
.SH EXAMPLES
gvmd --port 1241

Serve GMP clients on port 1241 and connect to an OpenVAS scanner via the default OTP file socket.
.SH SEE ALSO
\fBopenvassd(8)\f1, \fBgsad(8)\f1, \fBgvm-cli(8)\f1, 
.SH MORE INFORMATION ABOUT GREENBONE VULNERABILITY MANAGEMENT
The canonical places where you will find more information about the Greenbone Vulnerability Manager are: 

\fBhttps://community.greenbone.net\f1 (Community portal) 

\fBhttps://github.com/greenbone\f1 (Development Platform) 

\fBhttps://greenbone.net\f1 (Greenbone website) 
.SH COPYRIGHT
The Greenbone Vulnerability Manager is released under the GNU GPL, version 2, or, at your option, any later version.