/etc/openvas/openvasd.conf is in openvas-server 2.0.3-6.
This file is owned by root:root, with mode 0o644.
The actual contents of the file can be viewed below.
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139 140 141 142 143 144 145 146 147 148 149 150 151 152 153 154 155 156 157 158 159 160 161 162 163 | # OpenVAS Security Scanner, Debian default configuration file
#
# Empty lines and those starting with '#' are ignored.
# Directory where plug-ins are to be found
plugins_folder = /var/lib/openvas/plugins
# Path to OpenVAS caching folder:
cache_folder = /var/cache/openvas
# Path to OpenVAS include directories:
# (multiple entries are separated with colon ':')
include_folders = /var/lib/openvas/plugins
# E-mail address of the admin
email = root
# Maximum number of hosts
max_hosts = 255
# Number of plugins that will run against each host,
# i.e. simultaneous tests
# Total number of processes will be max_checks x max_hosts
max_checks = 15
# File used to log activity. Set it to 'syslog' if you want to use syslogd.
logfile = /var/log/openvas/openvasd.messages
# Log every detail of the attack in openvasd.messages
# If disabled only the beginning and end are logged, and
# not the time each plugin takes to execute
log_whole_attack = yes
# Log the name of the plugins that are loaded by the server
log_plugins_name_at_load = no
# Dump file for debugging output, use `-' for stdout
dumpfile = /var/log/openvas/openvasd.dump
# File that contains rules database that apply to all users
rules = /etc/openvas/openvasd.rules
# User that can upload plugins
# admin_user =
# Users database file
users = /etc/openvas/openvasd.users
# Path where it will find information for all users
per_user_base = /var/lib/openvas/users
# CGI paths to check for (cgi-bin:/cgi-aws:/ can do)
cgi_path = /cgi-bin
# Optimize the test
optimize_test = yes
# Read timeout (in seconds) for the sockets of the tests
# Increase this value if running on a slow network link (dialup)
checks_read_timeout = 15
# Delay (in seconds) to pass for between two tests against the same port
# (to be inetd friendly)
delay_between_tests = 1
# Maximum time to wait for a plugin to execute
# plugins_timeout = 320
# Do not run simultaneous ports for these tests. Default value:
# non_simul_ports = 139, 445
# Remote file that the plugins will try to read:
test_file = /etc/passwd
# Range of the ports that nmap will scan
port_range = 1-15000
# Ping hosts before scanning them?
ping_hosts = yes
# Only test the IPs that can be reversely looked up?
reverse_lookup = no
# Host expansion:
# dns: performs and AXFR on the remote name server
# and test the host obtained
# nfs: test hosts that have the right to mount the
# filesystems exported by the remote host
# ip: scan the entire subnet
host_expansion = dns;ip
subnet_class = C
# Use the MAC address as host identifier (useful in
# local LANs with dynamic addresses, e.g. DHCP)
# use_mac_addr = yes
# Slice the network IPs into portions and rotate them
# between scanning each slice. Instead of the (default)
# behaviour of scanning a network incrementally.
# slice_network_addresses = yes
scan_level = normal
outside_firewall = no
# Enable plugins that are depended on
# auto_enable_dependencies = yes
# Enable safe checks (this overrides the client's configuration)
# safe_checks = yes
# Allow users to upload plugins to the server
# Note: This effectively gives administrative permissions
# to OpenVAS users and, when using local checks, could grant
# them execute permissions in remote systems, so use with care!
plugin_upload = no
# Filename suffixes that are allowed when uploading
# plugin_upload_suffixes = .nasl, .inc
# Language to use in plugins.
# Current valid options are 'english' and 'french'
language = english
# Public key client server encryption (crypto options)
peks_username = openvasd
peks_keylen = 1024
peks_keyfile = /etc/openvas/openvasd.private-keys
peks_usrkeys = /etc/openvas/openvasd.user-keys
peks_pwdfail = 5
track_iothreads = yes
cookie_logpipe = /etc/openvas/openvasd.logpipe
cookie_logpipe_suptmo = 2
force_pubkey_auth = yes
# Define SSL version, use NONE to disable SSL
# ssl_version = 3
# Full path and filename of a trusted certificate authority
# see /usr/share/doc/openvas/README_SSL.gz
# trusted_ca =
# SSL Ciphers to use
# The following removes all SSLv3 ciphers except RC4.
# This has been implemented to workaround an OpenSSL 0.9.8
# bug, for more information please read
# http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=338006
# and
# http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=343487
# ssl_cipher_list = SSLv2:-LOW:-EXPORT:RC4+RSA
# NASL scripts cryptographic checks of some plugins (trusted
# scripts). OpenVAS will refuse to load and execute trusted
# scripts that are not signed. Use extreme caution when
# setting this to 'yes'
#nasl_no_signature_check = no
nasl_no_signature_check = yes
# Uncomment the following for IO thread debugging
#track_iothreads = yes
# Set this to 'yes' if you want each child to be nice(2)d
# be_nice = yes
# End of /etc/openvas/openvasd.conf file.
|