diff options
Diffstat (limited to 'net-analyzer/openvas-scanner/files/openvassd.conf')
-rw-r--r-- | net-analyzer/openvas-scanner/files/openvassd.conf | 118 |
1 files changed, 118 insertions, 0 deletions
diff --git a/net-analyzer/openvas-scanner/files/openvassd.conf b/net-analyzer/openvas-scanner/files/openvassd.conf new file mode 100644 index 000000000000..88f83f4bed97 --- /dev/null +++ b/net-analyzer/openvas-scanner/files/openvassd.conf @@ -0,0 +1,118 @@ +# Configuration file of the OpenVAS Security Scanner + +# Every line starting with a '#' is a comment + +[Misc] + +# Path to the security checks folder: +plugins_folder = /var/lib/openvas/plugins + +# Path to OpenVAS caching folder: +cache_folder = /var/cache/openvas + +# Path to OpenVAS include directories: +# (multiple entries are separated with colon ':') +include_folders = /var/lib/openvas/plugins + +# Maximum number of simultaneous hosts tested : +max_hosts = 30 + +# Maximum number of simultaneous checks against each host tested : +max_checks = 10 + +# Niceness. If set to 'yes', openvassd will renice itself to 10. +be_nice = no + +# Log file (or 'syslog') : +logfile = /var/log/openvas/openvassd.log + +# Shall we log every details of the attack ? (disk intensive) +log_whole_attack = no + +# Log the name of the plugins that are loaded by the server ? +log_plugins_name_at_load = no + +# Dump file for debugging output, use `-' for stdout +dumpfile = /var/log/openvas/openvassd.dump + +# Rules file : +rules = /etc/openvas/openvassd.rules + +# CGI paths to check for (cgi-bin:/cgi-aws:/ can do) +cgi_path = /cgi-bin:/scripts + +# Range of the ports the port scanners will scan : +# 'default' means that OpenVAS will scan ports found in its +# services file. +port_range = default + +# Optimize the test (recommended) : +optimize_test = yes + +# Optimization : +# Read timeout for the sockets of the tests : +checks_read_timeout = 5 + +# Ports against which two plugins should not be run simultaneously : +# non_simult_ports = Services/www, 139, Services/finger +non_simult_ports = 139, 445 + +# Maximum lifetime of a plugin (in seconds) : +plugins_timeout = 320 + +# Safe checks rely on banner grabbing : +safe_checks = yes + +# Automatically activate the plugins that are depended on +auto_enable_dependencies = yes + +# Do not echo data from plugins which have been automatically enabled +silent_dependencies = no + +# Designate hosts by MAC address, not IP address (useful for DHCP networks) +use_mac_addr = no + + +#--- Knowledge base saving (can be configured by the client) : +# Save the knowledge base on disk : +save_knowledge_base = no + +# Restore the KB for each test : +kb_restore = no + +# Only test hosts whose KB we do not have : +only_test_hosts_whose_kb_we_dont_have = no + +# Only test hosts whose KB we already have : +only_test_hosts_whose_kb_we_have = no + +# KB test replay : +kb_dont_replay_scanners = no +kb_dont_replay_info_gathering = no +kb_dont_replay_attacks = no +kb_dont_replay_denials = no +kb_max_age = 864000 +#--- end of the KB section + + +# If this option is set, OpenVAS will not scan a network incrementally +# (10.0.0.1, then 10.0.0.2, 10.0.0.3 and so on..) but will attempt to +# slice the workload throughout the whole network (ie: it will scan +# 10.0.0.1, then 10.0.0.127, then 10.0.0.2, then 10.0.0.128 and so on... +slice_network_addresses = no + +# Should consider all the NASL scripts as being signed ? (unsafe if set to 'yes') +nasl_no_signature_check = yes + +#Certificates +cert_file=/var/lib/openvas/CA/servercert.pem +key_file=/var/lib/openvas/private/CA/serverkey.pem +ca_file=/var/lib/openvas/CA/cacert.pem + +# If you decide to protect your private key with a password, +# uncomment and change next line +# pem_password=password +# If you want to force the use of a client certificate, uncomment next line +# force_pubkey_auth = yes + +#end. |