aboutsummaryrefslogtreecommitdiffstats
path: root/community/openvas-scanner/openvassd.conf
blob: 88f83f4bed979a51337dbdeb604652b82a5fdbd1 (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
# Configuration file of the OpenVAS Security Scanner

# Every line starting with a '#' is a comment

[Misc]

# Path to the security checks folder:
plugins_folder = /var/lib/openvas/plugins

# Path to OpenVAS caching folder:
cache_folder = /var/cache/openvas

# Path to OpenVAS include directories:
# (multiple entries are separated with colon ':')
include_folders = /var/lib/openvas/plugins

# Maximum number of simultaneous hosts tested :
max_hosts = 30

# Maximum number of simultaneous checks against each host tested :
max_checks = 10

# Niceness. If set to 'yes', openvassd will renice itself to 10.
be_nice = no

# Log file (or 'syslog') :
logfile = /var/log/openvas/openvassd.log

# Shall we log every details of the attack ? (disk intensive)
log_whole_attack = no

# Log the name of the plugins that are loaded by the server ?
log_plugins_name_at_load = no

# Dump file for debugging output, use `-' for stdout
dumpfile = /var/log/openvas/openvassd.dump

# Rules file :
rules = /etc/openvas/openvassd.rules

# CGI paths to check for (cgi-bin:/cgi-aws:/ can do)
cgi_path = /cgi-bin:/scripts

# Range of the ports the port scanners will scan :
# 'default' means that OpenVAS will scan ports found in its
# services file.
port_range = default

# Optimize the test (recommended) :
optimize_test = yes

# Optimization :
# Read timeout for the sockets of the tests :
checks_read_timeout = 5

# Ports against which two plugins should not be run simultaneously :
# non_simult_ports = Services/www, 139, Services/finger
non_simult_ports = 139, 445

# Maximum lifetime of a plugin (in seconds) :
plugins_timeout = 320

# Safe checks rely on banner grabbing :
safe_checks = yes

# Automatically activate the plugins that are depended on
auto_enable_dependencies = yes

# Do not echo data from plugins which have been automatically enabled
silent_dependencies = no

# Designate hosts by MAC address, not IP address (useful for DHCP networks)
use_mac_addr = no


#--- Knowledge base saving (can be configured by the client) :
# Save the knowledge base on disk :
save_knowledge_base = no

# Restore the KB for each test :
kb_restore = no

# Only test hosts whose KB we do not have :
only_test_hosts_whose_kb_we_dont_have = no

# Only test hosts whose KB we already have :
only_test_hosts_whose_kb_we_have = no

# KB test replay :
kb_dont_replay_scanners = no
kb_dont_replay_info_gathering = no
kb_dont_replay_attacks = no
kb_dont_replay_denials = no
kb_max_age = 864000
#--- end of the KB section


# If this option is set, OpenVAS will not scan a network incrementally
# (10.0.0.1, then 10.0.0.2, 10.0.0.3 and so on..) but will attempt to
# slice the workload throughout the whole network (ie: it will scan
# 10.0.0.1, then 10.0.0.127, then 10.0.0.2, then 10.0.0.128 and so on...
slice_network_addresses = no

# Should consider all the NASL scripts as being signed ? (unsafe if set to 'yes')
nasl_no_signature_check = yes

#Certificates
cert_file=/var/lib/openvas/CA/servercert.pem
key_file=/var/lib/openvas/private/CA/serverkey.pem
ca_file=/var/lib/openvas/CA/cacert.pem

# If you decide to protect your private key with a password,
# uncomment and change next line
# pem_password=password
# If you want to force the use of a client certificate, uncomment next line
# force_pubkey_auth = yes

#end.