summaryrefslogtreecommitdiff
path: root/network/openvas-server/openvasd.conf
blob: 305b04536475986d39c2986a9d0937d18ba906ff (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
# OpenVAS Security Scanner, Slackware default configuration file
#
# Empty lines and those starting with '#' are ignored.

# Directory where plug-ins are to be found
plugins_folder = /usr/lib/openvas/plugins

# E-mail address of the admin
email = root

# Maximum number of hosts
max_hosts = 255

# Number of plugins that will run against each host,
# i.e. simultaneous tests
# Total number of processes will be max_checks x max_hosts
max_checks = 15

# File used to log activity. Set it to 'syslog' if you want to use syslogd.
logfile = /var/log/openvas/openvasd.messages

# Log every detail of the attack in openvasd.messages
# If disabled only the beginning and end are logged, and
# not the time each plugin takes to execute
log_whole_attack = yes

# Log the name of the plugins that are loaded by the server
log_plugins_name_at_load = no

# Dump file for debugging output, use `-' for stdout
dumpfile = /var/lib/openvas/openvasd.dump

# File that contains rules database that apply to all users
rules = /etc/openvas/openvasd.rules

# Users database file
users = /etc/openvas/openvasd.users

# Path where it will find information for all users
per_user_base = /var/lib/openvas/users

# Cache folder
cache_folder = /var/cache/openvas

# CGI paths to check for (cgi-bin:/cgi-aws:/ can do)
cgi_path = /cgi-bin

# Optimize the test
optimize_test = yes

# Read timeout (in seconds) for the sockets of the tests
# Increase this value if running on a slow network link (dialup)
checks_read_timeout = 15

# Delay (in seconds) to pass for between two tests against the same port
# (to be inetd friendly)
delay_between_tests = 1

# Do not run simultaneous ports for these tests. Default value:
# non_simul_ports = 139, 445

# Remote file that the plugins will try to read:
test_file = /etc/passwd

# Range of the ports that nmap will scan
port_range = 1-15000

# Ping hosts before scanning them?
ping_hosts = yes

# Only test the IPs that can be reversely looked up?
reverse_lookup = no

# Host expansion:
# dns:  performs and AXFR on the remote name server
#       and test the host obtained
# nfs:  test hosts that have the right to mount the
#       filesystems exported by the remote host
# ip:   scan the entire subnet
host_expansion = dns;ip

subnet_class = C

# Use the MAC address as host identifier (useful in 
# local LANs with dynamic addresses, e.g. DHCP)
# use_mac_addr = yes

# Slice the network IPs into portions and rotate them
# between scanning each slice. Instead of the (default)
# behaviour of scanning a network incrementally.
# slice_network_addresses = yes

scan_level = normal
outside_firewall = no

# Enable plugins that are depended on
# auto_enable_dependencies = yes

# Enable safe checks (this overrides the client's configuration)
# safe_checks = yes

# Allow users to upload plugins to the server
# Note: This effectively gives administrative permissions
# to OpenVAS users and, when using local checks, could grant
# them execute permissions in remote systems, so use with care!
plugin_upload = no

# Filename suffixes that are allowed when uploading
# plugin_upload_suffixes = .nasl, .inc

# Language to use in plugins.
# Current valid options are 'english' and 'french'
language = english

# Public key client server encryption (crypto options)
peks_username = openvasd
peks_keylen = 1024
peks_keyfile = /etc/openvas/openvasd.private-keys
peks_usrkeys = /etc/openvas/openvasd.user-keys
peks_pwdfail = 5
track_iothreads = yes
cookie_logpipe = /etc/openvas/openvasd.logpipe
cookie_logpipe_suptmo = 2
# Define SSL version, use NONE to disable SSL
# ssl_version = 3
# Full path and filename of a trusted certificate authority
# see /usr/share/doc/openvas/README_SSL.gz
# trusted_ca = 

# SSL Ciphers to use
# The following removes all SSLv3 ciphers except RC4.
# This has been implemented to workaround an OpenSSL 0.9.8
# bug, for more information please read
# http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=338006
# and
# http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=343487
# ssl_cipher_list = SSLv2:-LOW:-EXPORT:RC4+RSA

# NASL scripts cryptographic checks of some plugins (trusted
# scripts). OpenVAS will refuse to load and execute trusted
# scripts that are not signed. Use extreme caution when
# setting this to 'yes'
#nasl_no_signature_check = no
nasl_no_signature_check = yes

# Uncomment the following for IO thread debugging
#track_iothreads = yes

# Set this to 'yes' if you want each child to be nice(2)d
# be_nice = yes

# End of /etc/openvas/openvasd.conf file.
#
# Added by openvas-mkcert
#
cert_file=/var/lib/openvas/CA/servercert.pem
key_file=/var/lib/openvas/private/CA/serverkey.pem
ca_file=/var/lib/openvas/CA/cacert.pem
# If you decide to protect your private key with a password, 
# uncomment and change next line
# pem_password=password
# If you want to force the use of a client certificate, uncomment next line
# force_pubkey_auth = yes