gvmd man page

gvmd ā€” Greenbone Vulnerability Manager daemon

Synopsis

gvmd Options

Description

The Greenbone Vulnerability Manager is the central management service between security scanners and the user clients.

It manages the storage of any vulnerability management configurations and of the scan results. Access to data, control commands and workflows is offered via the XML-based Greenbone Management Protocol (GMP). The primary scanner 'OpenVAS Scanner' is controlled directly via protocol OTP while any other remote scanner is coupled with the Open Scanner Protocol (OSP).

Options

-h, --help

Show help options.

--check-alerts

Check SecInfo alerts.

--client-watch-interval=NUMBER

Check if client connection was closed every NUMBER seconds. 0 to disable. Defaults to 1 second.

--create-scanner=SCANNER

Create global scanner SCANNER and exit.

--create-user=USERNAME

Create admin user USERNAME and exit.

-d, --database=NAME

Use NAME as database for PostgreSQL.

--delete-scanner=SCANNER-UUID

Delete scanner SCANNER-UUID and exit.

--delete-user=USERNAME

Delete user USERNAME and exit.

--dh-params=FILE

Diffie-Hellman parameters file

--disable-cmds=COMMANDS

Disable comma-separated COMMANDS.

--disable-encrypted-credentials

Do not encrypt or decrypt credentials.

--disable-password-policy

Do not restrict passwords to the policy.

--disable-scheduling

Disable task scheduling.

--encrypt-all-credentials

(Re-)Encrypt all credentials.

-f, --foreground

Run in foreground.

--get-scanners

List scanners and exit.

--get-users

List users and exit.

--gnutls-priorities=PRIORITIES-STRING

Sets the GnuTLS priorities for the Manager socket.

--inheritor=USERNAME

Have USERNAME inherit from deleted user.

-a, --listen=ADDRESS

Listen on ADDRESS.

--listen2=ADDRESS

Listen also on ADDRESS.

--listen-group=STRING

Group of the unix socket

--listen-mode=STRING

File mode of the unix socket

--listen-owner=STRING

Owner of the unix socket

--max-email-attachment-size=NUMBER

Maximum size of alert email attachments, in bytes.

--max-email-include-size=NUMBER

Maximum size of inlined content in alert emails, in bytes.

--max-email-message-size=NUMBER

Maximum size of user-defined message text in alert emails, in bytes.

--max-ips-per-target=NUMBER

Maximum number of IPs per target.

-m, --migrate

Migrate the database and exit.

--modify-scanner=SCANNER-UUID

Modify scanner SCANNER-UUID and exit.

--modify-setting=UUID

Modify setting UUID and exit.

--new-password=PASSWORD

Modify user's password and exit.

--new-password=PASSWORD

Modify user's password and exit.

--optimize=NAME

Run an optimization: vacuum, analyze, cleanup-config-prefs, cleanup-port-names, cleanup-report-formats, cleanup-result-severities, cleanup-schedule-times, rebuild-report-cache or update-report-cache.

--osp-vt-update=SCANNER-SOCKET

Unix socket for OSP NVT update. Defaults to the path of the 'OpenVAS Default' scanner if it is an absolute path.

--password=PASSWORD

Password, for --create-user.

-p, --port=NUMBER

Use port number NUMBER.

--port2=NUMBER

Use port number NUMBER for address 2.

--relay-mapper=FILE

Executable for mapping scanner hosts to relays. Use an empty string to explicitly disable. If the option is not given, $PATH is checked for gvm-relay-mapper.

--role=ROLE

Role for --create-user and --get-users.

--scanner-ca-pub=SCANNER-CA-PUB

Scanner CA Certificate path for --[create|modify]-scanner.

--scanner-host=SCANNER-HOST

Scanner host for --create-scanner and --modify-scanner.

--scanner-key-priv=SCANNER-KEY-PRIVATE

Scanner private key path for --[create|modify]-scanner.

--scanner-key-pub=SCANNER-KEY-PUBLIC

Scanner Certificate path for --[create|modify]-scanner.

--scanner-name=NAME

Name for --modify-scanner.

--scanner-port=SCANNER-PORT

Scanner port for --create-scanner and --modify-scanner.

--scanner-type=SCANNER-TYPE

Scanner type for --create-scanner and --modify-scanner.

--schedule-timeout=TIME

Time out tasks that are more than TIME minutes overdue. -1 to disable, 0 for minimum time.

--secinfo-commit-size=NUMBER

During CERT and SCAP sync, commit updates to the database every NUMBER items, 0 for unlimited.

--slave-commit-size=NUMBER

During slave updates, commit after every NUMBER updated results and hosts, 0 for unlimited.

-c, --unix-socket=FILENAME

Listen on UNIX socket at FILENAME.

--user=USERNAME

User for --new-password.

--value=VALUE

User for --new-password.

--verbose

Has no effect. See INSTALL.md for logging config.

--verify-scanner=SCANNER-UUID

Verify scanner SCANNER-UUID and exit.

--version

Print version and exit.

Signals

SIGHUP causes gvmd to rebuild the database with information from the Scanner (openvassd).

Examples

gvmd --port 1241

Serve GMP clients on port 1241 and connect to an OpenVAS scanner via the default OTP file socket.

See Also

openvassd(8), gsad(8), gvm-cli(8),

More Information About Greenbone Vulnerability Management

The canonical places where you will find more information about the Greenbone Vulnerability Manager are:

https://community.greenbone.net (Community portal)

https://github.com/greenbone (Development Platform)

https://greenbone.net (Greenbone website)

Referenced By

greenbone-certdata-sync(8), greenbone-scapdata-sync(8), gvm-manage-certs(1), gvm-migrate-to-postgres(8), gvm-portnames-update(8).

User Manuals