Scroll to navigation

OSPD-OpenVAS(8) User Manuals OSPD-OpenVAS(8)

NAME

ospd-openvas - The OpenVAS Wrapper of the Greenbone Vulnerability Management

SYNOPSIS

ospd-openvas [-v] [-h] [-c config-file] [--log-file log-file]

DESCRIPTION

Greenbone Vulnerability Management (GVM) is a vulnerability auditing and management framework made up of several modules. The OSPD OpenVAS Wrapper, ospd-openvas is in charge of the communication between the scanner OpenVAS and the clients (GVMd and gvm-tools).

ospd-openvas inspects the remote hosts to list all the vulnerabilities and common misconfigurations that affects them.

It is a command line tool with parameters to start a daemon which keeps waiting for instructions to update the feed of vulnerability tests and
to start a scan. The second part of the interface is the redis store where the parameters about a scan task need to be placed and from where the results can be retrieved, being the unique communication channel between OSPD-OpenVAS and OpenVAS.

OPTIONS

Use the alternate configuration file instead of ~/.config/ospd.conf

Print the version number and exit

Show a summary of the commands

TCP Port to listen on. Default: 0

Address to listen on. Default: 0.0.0.0

Unix file socket to listen on. Default: /var/run/ospd/ospd.sock

Unix file socket mode. Default: 0o700

Location of the file for the process ID. Default: /var/run/ospd.pid

Directory where the feed lock file is placed. Default: /var/run/ospd

Server key file. Default: /usr/var/lib/gvm/private/CA/serverkey.pem

Server cert file. Default: /usr/var/lib/gvm/CA/servercert.pem

CA cert file. Default: /usr/var/lib/gvm/CA/cacert.pem

Desired level of logging. Default: WARNING

Run in foreground and logs all messages to console.

Path to the logging file.

Set a timeout on socket operations. Default 10 seconds

--niceness NICENESS
Start the scan with the given niceness. Default 10

Time in hours a scan is stored before being considered forgotten and being delete from the scan table. Default 0, disabled.

Max. amount of parallel task that can be started. Default 0, disabled.

Minimum free memory in MB required to run the scan. If no enough free memory is available, the scan is queued. Default 0, disabled.

Maximum number allowed of queued scans before starting to reject new scans. Default 0, disabled.

THE CONFIGURATION FILE

The default ospd-openvas configuration file, ~/.config/ospd.conf contains these options under the section [OSPD - openvas]:

Wished level of logging.

This option defines the permissions on a socket. It must be set in octal format. E.g. socket_mode = 0o770

This option specifies the socket path.

Location of the file for the process ID.

Path to the log file. If no log file is given, the system log facility is used by default.

If this option is set to yes, the daemon logs to the standard output instead of logging to a file or syslog.

Start the scan with the given niceness. Default 10

Set a timeout on socket operations. Default 10 seconds

Time in hours a scan is stored before being considered forgotten and being delete from the scan table. Default 0, disabled.

Max. amount of parallel task that can be started. Default 0, disabled.

Minimum free memory in MB required to run the scan. If no enough free memory is available, the scan is queued. Default 0, disabled.

Maximum number allowed of queued scans before starting to reject new scans. Default 0, disabled.

SEE ALSO

openvas(8), gsad(8), gvmd(8), greenbone-nvt-sync(8),

MORE INFORMATION

The canonical places where you will find more information about OSPD-OpenVAS are:

Community Portal
Development Platform
Traditional home site

AUTHORS

ospd-openvas code is developed by Greenbone AG.

August 2019 Greenbone Vulnerability Management