1
# OpenVAS Security Scanner, Debian default configuration file
3
# Empty lines and those starting with '#' are ignored.
5
# Directory where plug-ins are to be found
6
plugins_folder = /var/lib/openvas/plugins
8
# Path to OpenVAS caching folder:
9
cache_folder = /var/cache/openvas
11
# Path to OpenVAS include directories:
12
# (multiple entries are separated with colon ':')
13
include_folders = /var/lib/openvas/plugins
15
# E-mail address of the admin
18
# Maximum number of hosts
21
# Number of plugins that will run against each host,
22
# i.e. simultaneous tests
23
# Total number of processes will be max_checks x max_hosts
26
# File used to log activity. Set it to 'syslog' if you want to use syslogd.
27
logfile = /var/log/openvas/openvasd.messages
29
# Log every detail of the attack in openvasd.messages
30
# If disabled only the beginning and end are logged, and
31
# not the time each plugin takes to execute
32
log_whole_attack = yes
34
# Log the name of the plugins that are loaded by the server
35
log_plugins_name_at_load = no
37
# Dump file for debugging output, use `-' for stdout
38
dumpfile = /var/log/openvas/openvasd.dump
40
# File that contains rules database that apply to all users
41
rules = /etc/openvas/openvasd.rules
44
users = /etc/openvas/openvasd.users
46
# Path where it will find information for all users
47
per_user_base = /var/lib/openvas/users
49
# CGI paths to check for (cgi-bin:/cgi-aws:/ can do)
55
# Read timeout (in seconds) for the sockets of the tests
56
# Increase this value if running on a slow network link (dialup)
57
checks_read_timeout = 15
59
# Delay (in seconds) to pass for between two tests against the same port
60
# (to be inetd friendly)
61
delay_between_tests = 1
63
# Do not run simultaneous ports for these tests. Default value:
64
# non_simul_ports = 139, 445
66
# Remote file that the plugins will try to read:
67
test_file = /etc/passwd
69
# Range of the ports that nmap will scan
72
# Ping hosts before scanning them?
75
# Only test the IPs that can be reversely looked up?
79
# dns: performs and AXFR on the remote name server
80
# and test the host obtained
81
# nfs: test hosts that have the right to mount the
82
# filesystems exported by the remote host
83
# ip: scan the entire subnet
84
host_expansion = dns;ip
88
# Use the MAC address as host identifier (useful in
89
# local LANs with dynamic addresses, e.g. DHCP)
92
# Slice the network IPs into portions and rotate them
93
# between scanning each slice. Instead of the (default)
94
# behaviour of scanning a network incrementally.
95
# slice_network_addresses = yes
100
# Enable plugins that are depended on
101
# auto_enable_dependencies = yes
103
# Enable safe checks (this overrides the client's configuration)
106
# Allow users to upload plugins to the server
107
# Note: This effectively gives administrative permissions
108
# to OpenVAS users and, when using local checks, could grant
109
# them execute permissions in remote systems, so use with care!
112
# Filename suffixes that are allowed when uploading
113
# plugin_upload_suffixes = .nasl, .inc
115
# Language to use in plugins.
116
# Current valid options are 'english' and 'french'
119
# Public key client server encryption (crypto options)
120
peks_username = openvasd
122
peks_keyfile = /etc/openvas/openvasd.private-keys
123
peks_usrkeys = /etc/openvas/openvasd.user-keys
125
track_iothreads = yes
126
cookie_logpipe = /etc/openvas/openvasd.logpipe
127
cookie_logpipe_suptmo = 2
128
force_pubkey_auth = yes
129
# Define SSL version, use NONE to disable SSL
131
# Full path and filename of a trusted certificate authority
132
# see /usr/share/doc/openvas/README_SSL.gz
136
# The following removes all SSLv3 ciphers except RC4.
137
# This has been implemented to workaround an OpenSSL 0.9.8
138
# bug, for more information please read
139
# http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=338006
141
# http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=343487
142
# ssl_cipher_list = SSLv2:-LOW:-EXPORT:RC4+RSA
144
# NASL scripts cryptographic checks of some plugins (trusted
145
# scripts). OpenVAS will refuse to load and execute trusted
146
# scripts that are not signed. Use extreme caution when
147
# setting this to 'yes'
148
#nasl_no_signature_check = no
149
nasl_no_signature_check = yes
151
# Uncomment the following for IO thread debugging
152
#track_iothreads = yes
154
# Set this to 'yes' if you want each child to be nice(2)d
157
# End of /etc/openvas/openvasd.conf file.