# OpenVAS Security Scanner, Slackware default configuration file # # Empty lines and those starting with '#' are ignored. # Directory where plug-ins are to be found plugins_folder = /usr/lib/openvas/plugins # E-mail address of the admin email = root # Maximum number of hosts max_hosts = 255 # Number of plugins that will run against each host, # i.e. simultaneous tests # Total number of processes will be max_checks x max_hosts max_checks = 15 # File used to log activity. Set it to 'syslog' if you want to use syslogd. logfile = /var/log/openvas/openvasd.messages # Log every detail of the attack in openvasd.messages # If disabled only the beginning and end are logged, and # not the time each plugin takes to execute log_whole_attack = yes # Log the name of the plugins that are loaded by the server log_plugins_name_at_load = no # Dump file for debugging output, use `-' for stdout dumpfile = /var/lib/openvas/openvasd.dump # File that contains rules database that apply to all users rules = /etc/openvas/openvasd.rules # Users database file users = /etc/openvas/openvasd.users # Path where it will find information for all users per_user_base = /var/lib/openvas/users # Cache folder cache_folder = /var/cache/openvas # CGI paths to check for (cgi-bin:/cgi-aws:/ can do) cgi_path = /cgi-bin # Optimize the test optimize_test = yes # Read timeout (in seconds) for the sockets of the tests # Increase this value if running on a slow network link (dialup) checks_read_timeout = 15 # Delay (in seconds) to pass for between two tests against the same port # (to be inetd friendly) delay_between_tests = 1 # Do not run simultaneous ports for these tests. Default value: # non_simul_ports = 139, 445 # Remote file that the plugins will try to read: test_file = /etc/passwd # Range of the ports that nmap will scan port_range = 1-15000 # Ping hosts before scanning them? ping_hosts = yes # Only test the IPs that can be reversely looked up? reverse_lookup = no # Host expansion: # dns: performs and AXFR on the remote name server # and test the host obtained # nfs: test hosts that have the right to mount the # filesystems exported by the remote host # ip: scan the entire subnet host_expansion = dns;ip subnet_class = C # Use the MAC address as host identifier (useful in # local LANs with dynamic addresses, e.g. DHCP) # use_mac_addr = yes # Slice the network IPs into portions and rotate them # between scanning each slice. Instead of the (default) # behaviour of scanning a network incrementally. # slice_network_addresses = yes scan_level = normal outside_firewall = no # Enable plugins that are depended on # auto_enable_dependencies = yes # Enable safe checks (this overrides the client's configuration) # safe_checks = yes # Allow users to upload plugins to the server # Note: This effectively gives administrative permissions # to OpenVAS users and, when using local checks, could grant # them execute permissions in remote systems, so use with care! plugin_upload = no # Filename suffixes that are allowed when uploading # plugin_upload_suffixes = .nasl, .inc # Language to use in plugins. # Current valid options are 'english' and 'french' language = english # Public key client server encryption (crypto options) peks_username = openvasd peks_keylen = 1024 peks_keyfile = /etc/openvas/openvasd.private-keys peks_usrkeys = /etc/openvas/openvasd.user-keys peks_pwdfail = 5 track_iothreads = yes cookie_logpipe = /etc/openvas/openvasd.logpipe cookie_logpipe_suptmo = 2 # Define SSL version, use NONE to disable SSL # ssl_version = 3 # Full path and filename of a trusted certificate authority # see /usr/share/doc/openvas/README_SSL.gz # trusted_ca = # SSL Ciphers to use # The following removes all SSLv3 ciphers except RC4. # This has been implemented to workaround an OpenSSL 0.9.8 # bug, for more information please read # http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=338006 # and # http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=343487 # ssl_cipher_list = SSLv2:-LOW:-EXPORT:RC4+RSA # NASL scripts cryptographic checks of some plugins (trusted # scripts). OpenVAS will refuse to load and execute trusted # scripts that are not signed. Use extreme caution when # setting this to 'yes' #nasl_no_signature_check = no nasl_no_signature_check = yes # Uncomment the following for IO thread debugging #track_iothreads = yes # Set this to 'yes' if you want each child to be nice(2)d # be_nice = yes # End of /etc/openvas/openvasd.conf file. # # Added by openvas-mkcert # cert_file=/var/lib/openvas/CA/servercert.pem key_file=/var/lib/openvas/private/CA/serverkey.pem ca_file=/var/lib/openvas/CA/cacert.pem # If you decide to protect your private key with a password, # uncomment and change next line # pem_password=password # If you want to force the use of a client certificate, uncomment next line # force_pubkey_auth = yes