NAME

SYNOPSIS

DESCRIPTION

It manages the storage of any vulnerability management configurations and of the scan results. Access to data, control commands and workflows is offered via the XML-based Greenbone Management Protocol (GMP). The primary scanner 'OpenVAS Scanner' is controlled directly via protocol OTP while any other remote scanner is coupled with the Open Scanner Protocol (OSP).

OPTIONS

-h, --help

Show help options.

--check-alerts

Check SecInfo alerts.

--client-watch-interval=NUMBER

Check if client connection was closed every NUMBER seconds. 0 to disable. Defaults to 1 second.

--create-scanner=SCANNER

Create global scanner SCANNER and exit.

--create-user=USERNAME

Create admin user USERNAME and exit.

-d, --database=NAME

Use NAME as database for PostgreSQL.

--db-host=HOST

Use HOST as database host or socket directory for PostgreSQL.

--db-port=PORT

Use PORT as database port or socket extension for PostgreSQL.

--delete-scanner=SCANNER-UUID

Delete scanner SCANNER-UUID and exit.

--delete-user=USERNAME

Delete user USERNAME and exit.

--dh-params=FILE

Diffie-Hellman parameters file

--disable-cmds=COMMANDS

Disable comma-separated COMMANDS.

--disable-encrypted-credentials

Do not encrypt or decrypt credentials.

--disable-password-policy

Do not restrict passwords to the policy.

--disable-scheduling

Disable task scheduling.

--encrypt-all-credentials

(Re-)Encrypt all credentials.

--feed-lock-path=PATH

Sets the path to the feed lock file.

--feed-lock-timeout=TIMEOUT

Sets the number of seconds to retry for if the feed is locked in contexts (like migration or rebuilds) that do not retry on their own (like automatic syncs). Defaults to 0 (no retry).

-f, --foreground

Run in foreground.

--get-scanners

List scanners and exit.

--get-users

List users and exit.

--gnutls-priorities=PRIORITIES-STRING

Sets the GnuTLS priorities for the Manager socket.

--inheritor=USERNAME

Have USERNAME inherit from deleted user.

-a, --listen=ADDRESS

Listen on ADDRESS.

--ldap-debug

Enable debugging of LDAP authentication.

--listen2=ADDRESS

Listen also on ADDRESS.

--listen-group=STRING

Group of the unix socket

--listen-mode=STRING

File mode of the unix socket

--listen-owner=STRING

Owner of the unix socket

--max-email-attachment-size=NUMBER

Maximum size of alert email attachments, in bytes.

--max-email-include-size=NUMBER

Maximum size of inlined content in alert emails, in bytes.

--max-email-message-size=NUMBER

Maximum size of user-defined message text in alert emails, in bytes.

--max-ips-per-target=NUMBER

Maximum number of IPs per target.

-m, --migrate

Migrate the database and exit.

--modify-scanner=SCANNER-UUID

Modify scanner SCANNER-UUID and exit.

--modify-setting=UUID

Modify setting UUID and exit.

--new-password=PASSWORD

Modify user's password and exit.

--new-password=PASSWORD

Modify user's password and exit.

--optimize=NAME

Run an optimization: vacuum, add-feed-permissions, analyze, cleanup-config-prefs, cleanup-feed-permissions, cleanup-port-names, cleanup-report-formats, cleanup-result-nvts, cleanup-result-severities, cleanup-schedule-times, migrate-relay-sensors, rebuild-report-cache or update-report-cache.

--osp-vt-update=SCANNER-SOCKET

Unix socket for OSP NVT update. Defaults to the path of the 'OpenVAS Default' scanner if it is an absolute path.

--password=PASSWORD

Password, for --create-user.

-p, --port=NUMBER

Use port number NUMBER.

--port2=NUMBER

Use port number NUMBER for address 2.

--rebuild-gvmd-data=TYPES

Reload all gvmd data objects of a given types from feed.

The types must be "all" or a comma-separated of the following: "configs", "port_lists" and "report_formats".

--rebuild-scap=TYPE

Rebuild SCAP data of type TYPE (currently only supports 'ovaldefs').

--relay-mapper=FILE

Executable for mapping scanner hosts to relays. Use an empty string to explicitly disable. If the option is not given, $PATH is checked for gvm-relay-mapper.

--role=ROLE

Role for --create-user and --get-users.

--scanner-ca-pub=SCANNER-CA-PUB

Scanner CA Certificate path for --[create|modify]-scanner.

--scanner-credential=SCANNER-CREDENTIAL

Scanner credential for --create-scanner and --modify-scanner.

Can be blank to unset or a credential UUID. If omitted, a new credential can be created instead.

--scanner-host=SCANNER-HOST

Scanner host or socket for --create-scanner and --modify-scanner.

--scanner-key-priv=SCANNER-KEY-PRIVATE

Scanner private key path for --[create|modify]-scanner if --scanner-credential is not given.

--scanner-key-pub=SCANNER-KEY-PUBLIC

Scanner Certificate path for --[create|modify]-scanner if --scanner-credential is not given.

--scanner-name=NAME

Name for --modify-scanner.

--scanner-port=SCANNER-PORT

Scanner port for --create-scanner and --modify-scanner.

--scanner-type=SCANNER-TYPE

Scanner type for --create-scanner and --modify-scanner.

Either 'OpenVAS', 'OSP', 'GMP', 'OSP-Sensor' or a number as used in GMP.

--scanner-connection-retry=NUMBER

Number of auto retries if scanner connection is lost in a running task.

--schedule-timeout=TIME

Time out tasks that are more than TIME minutes overdue. -1 to disable, 0 for minimum time.

--secinfo-commit-size=NUMBER

During CERT and SCAP sync, commit updates to the database every NUMBER items, 0 for unlimited.

-c, --unix-socket=FILENAME

Listen on UNIX socket at FILENAME.

--user=USERNAME

User for --new-password.

--value=VALUE

User for --new-password.

--verbose

Has no effect. See INSTALL.md for logging config.

--verify-scanner=SCANNER-UUID

Verify scanner SCANNER-UUID and exit.

--version

Print version and exit.

--vt-verification-collation=COLLATION

Set collation for VT verification to COLLATION, omit or leave empty to choose automatically. Should be 'ucs_default' if DB uses UTF-8 or 'C' for single-byte encodings.

SIGNALS

EXAMPLES

Serve GMP clients on port 1241 and connect to an OpenVAS scanner via the default OTP file socket.

SEE ALSO

MORE INFORMATION

https://community.greenbone.net (Community Portal)

https://github.com/greenbone (Development Platform)

https://www.greenbone.net (Greenbone Website)

COPYRIGHT