net-analyzer/openvas-scanner/files/openvassd.conf - platform/external/gentoo/overlays/gentoo - Git at Google

 # Configuration file of the OpenVAS Security Scanner

 # Every line starting with a '#' is a comment

 [Misc]

 # Path to the security checks folder:
 plugins_folder = /var/lib/openvas/plugins

 # Path to OpenVAS caching folder:
 cache_folder = /var/cache/openvas

 # Path to OpenVAS include directories:
 # (multiple entries are separated with colon ':')
 include_folders = /var/lib/openvas/plugins

 # Maximum number of simultaneous hosts tested :
 max_hosts = 30

 # Maximum number of simultaneous checks against each host tested :
 max_checks = 10

 # Niceness. If set to 'yes', openvassd will renice itself to 10.
 be_nice = no

 # Log file (or 'syslog') :
 logfile = /var/log/openvas/openvassd.log

 # Shall we log every details of the attack ? (disk intensive)
 log_whole_attack = no

 # Log the name of the plugins that are loaded by the server ?
 log_plugins_name_at_load = no

 # Dump file for debugging output, use `-' for stdout
 dumpfile = /var/log/openvas/openvassd.dump

 # Rules file :
 rules = /etc/openvas/openvassd.rules

 # CGI paths to check for (cgi-bin:/cgi-aws:/ can do)
 cgi_path = /cgi-bin:/scripts

 # Range of the ports the port scanners will scan :
 # 'default' means that OpenVAS will scan ports found in its
 # services file.
 port_range = default

 # Optimize the test (recommended) :
 optimize_test = yes

 # Optimization :
 # Read timeout for the sockets of the tests :
 checks_read_timeout = 5

 # Ports against which two plugins should not be run simultaneously :
 # non_simult_ports = Services/www, 139, Services/finger
 non_simult_ports = 139, 445

 # Maximum lifetime of a plugin (in seconds) :
 plugins_timeout = 320

 # Safe checks rely on banner grabbing :
 safe_checks = yes

 # Automatically activate the plugins that are depended on
 auto_enable_dependencies = yes

 # Do not echo data from plugins which have been automatically enabled
 silent_dependencies = no

 # Designate hosts by MAC address, not IP address (useful for DHCP networks)
 use_mac_addr = no


 #--- Knowledge base saving (can be configured by the client) :
 # Save the knowledge base on disk :
 save_knowledge_base = no

 # Restore the KB for each test :
 kb_restore = no

 # Only test hosts whose KB we do not have :
 only_test_hosts_whose_kb_we_dont_have = no

 # Only test hosts whose KB we already have :
 only_test_hosts_whose_kb_we_have = no

 # KB test replay :
 kb_dont_replay_scanners = no
 kb_dont_replay_info_gathering = no
 kb_dont_replay_attacks = no
 kb_dont_replay_denials = no
 kb_max_age = 864000
 #--- end of the KB section


 # If this option is set, OpenVAS will not scan a network incrementally
 # (10.0.0.1, then 10.0.0.2, 10.0.0.3 and so on..) but will attempt to
 # slice the workload throughout the whole network (ie: it will scan
 # 10.0.0.1, then 10.0.0.127, then 10.0.0.2, then 10.0.0.128 and so on...
 slice_network_addresses = no

 # Should consider all the NASL scripts as being signed ? (unsafe if set to 'yes')
 nasl_no_signature_check = yes

 #Certificates
 cert_file=/var/lib/openvas/CA/servercert.pem
 key_file=/var/lib/openvas/private/CA/serverkey.pem
 ca_file=/var/lib/openvas/CA/cacert.pem

 # If you decide to protect your private key with a password,
 # uncomment and change next line
 # pem_password=password
 # If you want to force the use of a client certificate, uncomment next line
 # force_pubkey_auth = yes

 #end.
	# Configuration file of the OpenVAS Security Scanner

	# Every line starting with a '#' is a comment

	[Misc]

	# Path to the security checks folder:
	plugins_folder = /var/lib/openvas/plugins

	# Path to OpenVAS caching folder:
	cache_folder = /var/cache/openvas

	# Path to OpenVAS include directories:
	# (multiple entries are separated with colon ':')
	include_folders = /var/lib/openvas/plugins

	# Maximum number of simultaneous hosts tested :
	max_hosts = 30

	# Maximum number of simultaneous checks against each host tested :
	max_checks = 10

	# Niceness. If set to 'yes', openvassd will renice itself to 10.
	be_nice = no

	# Log file (or 'syslog') :
	logfile = /var/log/openvas/openvassd.log

	# Shall we log every details of the attack ? (disk intensive)
	log_whole_attack = no

	# Log the name of the plugins that are loaded by the server ?
	log_plugins_name_at_load = no

	# Dump file for debugging output, use `-' for stdout
	dumpfile = /var/log/openvas/openvassd.dump

	# Rules file :
	rules = /etc/openvas/openvassd.rules

	# CGI paths to check for (cgi-bin:/cgi-aws:/ can do)
	cgi_path = /cgi-bin:/scripts

	# Range of the ports the port scanners will scan :
	# 'default' means that OpenVAS will scan ports found in its
	# services file.
	port_range = default

	# Optimize the test (recommended) :
	optimize_test = yes

	# Optimization :
	# Read timeout for the sockets of the tests :
	checks_read_timeout = 5

	# Ports against which two plugins should not be run simultaneously :
	# non_simult_ports = Services/www, 139, Services/finger
	non_simult_ports = 139, 445

	# Maximum lifetime of a plugin (in seconds) :
	plugins_timeout = 320

	# Safe checks rely on banner grabbing :
	safe_checks = yes

	# Automatically activate the plugins that are depended on
	auto_enable_dependencies = yes

	# Do not echo data from plugins which have been automatically enabled
	silent_dependencies = no

	# Designate hosts by MAC address, not IP address (useful for DHCP networks)
	use_mac_addr = no


	#--- Knowledge base saving (can be configured by the client) :
	# Save the knowledge base on disk :
	save_knowledge_base = no

	# Restore the KB for each test :
	kb_restore = no

	# Only test hosts whose KB we do not have :
	only_test_hosts_whose_kb_we_dont_have = no

	# Only test hosts whose KB we already have :
	only_test_hosts_whose_kb_we_have = no

	# KB test replay :
	kb_dont_replay_scanners = no
	kb_dont_replay_info_gathering = no
	kb_dont_replay_attacks = no
	kb_dont_replay_denials = no
	kb_max_age = 864000
	#--- end of the KB section


	# If this option is set, OpenVAS will not scan a network incrementally
	# (10.0.0.1, then 10.0.0.2, 10.0.0.3 and so on..) but will attempt to
	# slice the workload throughout the whole network (ie: it will scan
	# 10.0.0.1, then 10.0.0.127, then 10.0.0.2, then 10.0.0.128 and so on...
	slice_network_addresses = no

	# Should consider all the NASL scripts as being signed ? (unsafe if set to 'yes')
	nasl_no_signature_check = yes

	#Certificates
	cert_file=/var/lib/openvas/CA/servercert.pem
	key_file=/var/lib/openvas/private/CA/serverkey.pem
	ca_file=/var/lib/openvas/CA/cacert.pem

	# If you decide to protect your private key with a password,
	# uncomment and change next line
	# pem_password=password
	# If you want to force the use of a client certificate, uncomment next line
	# force_pubkey_auth = yes

	#end.