# Configuration file of the OpenVAS Security Scanner # Every line starting with a '#' is a comment [Misc] # Path to the security checks folder: plugins_folder = /var/lib/openvas/plugins # Path to OpenVAS caching folder: cache_folder = /var/cache/openvas # Path to OpenVAS include directories: # (multiple entries are separated with colon ':') include_folders = /var/lib/openvas/plugins # Maximum number of simultaneous hosts tested : max_hosts = 30 # Maximum number of simultaneous checks against each host tested : max_checks = 10 # Niceness. If set to 'yes', openvassd will renice itself to 10. be_nice = no # Log file (or 'syslog') : logfile = /var/log/openvas/openvassd.log # Shall we log every details of the attack ? (disk intensive) log_whole_attack = no # Log the name of the plugins that are loaded by the server ? log_plugins_name_at_load = no # Dump file for debugging output, use `-' for stdout dumpfile = /var/log/openvas/openvassd.dump # Rules file : rules = /etc/openvas/openvassd.rules # CGI paths to check for (cgi-bin:/cgi-aws:/ can do) cgi_path = /cgi-bin:/scripts # Range of the ports the port scanners will scan : # 'default' means that OpenVAS will scan ports found in its # services file. port_range = default # Optimize the test (recommended) : optimize_test = yes # Optimization : # Read timeout for the sockets of the tests : checks_read_timeout = 5 # Ports against which two plugins should not be run simultaneously : # non_simult_ports = Services/www, 139, Services/finger non_simult_ports = 139, 445 # Maximum lifetime of a plugin (in seconds) : plugins_timeout = 320 # Safe checks rely on banner grabbing : safe_checks = yes # Automatically activate the plugins that are depended on auto_enable_dependencies = yes # Do not echo data from plugins which have been automatically enabled silent_dependencies = no # Designate hosts by MAC address, not IP address (useful for DHCP networks) use_mac_addr = no #--- Knowledge base saving (can be configured by the client) : # Save the knowledge base on disk : save_knowledge_base = no # Restore the KB for each test : kb_restore = no # Only test hosts whose KB we do not have : only_test_hosts_whose_kb_we_dont_have = no # Only test hosts whose KB we already have : only_test_hosts_whose_kb_we_have = no # KB test replay : kb_dont_replay_scanners = no kb_dont_replay_info_gathering = no kb_dont_replay_attacks = no kb_dont_replay_denials = no kb_max_age = 864000 #--- end of the KB section # Redis socket default setting # db_address = /tmp/redis.sock # If this option is set, OpenVAS will not scan a network incrementally # (10.0.0.1, then 10.0.0.2, 10.0.0.3 and so on..) but will attempt to # slice the workload throughout the whole network (ie: it will scan # 10.0.0.1, then 10.0.0.127, then 10.0.0.2, then 10.0.0.128 and so on... slice_network_addresses = no # Should consider all the NASL scripts as being signed ? (unsafe if set to 'yes') nasl_no_signature_check = yes #Certificates cert_file=/var/lib/gvm/CA/servercert.pem key_file=/var/lib/gvm/private/CA/serverkey.pem ca_file=/var/lib/gvm/CA/cacert.pem # If you decide to protect your private key with a password, # uncomment and change next line # pem_password=password # If you want to force the use of a client certificate, uncomment next line # force_pubkey_auth = yes #end.