| # Configuration file of the OpenVAS Security Scanner |
| |
| # Every line starting with a '#' is a comment |
| |
| [Misc] |
| |
| # Path to the security checks folder: |
| plugins_folder = /var/lib/openvas/plugins |
| |
| # Path to OpenVAS caching folder: |
| cache_folder = /var/cache/openvas |
| |
| # Path to OpenVAS include directories: |
| # (multiple entries are separated with colon ':') |
| include_folders = /var/lib/openvas/plugins |
| |
| # Maximum number of simultaneous hosts tested : |
| max_hosts = 30 |
| |
| # Maximum number of simultaneous checks against each host tested : |
| max_checks = 10 |
| |
| # Niceness. If set to 'yes', openvassd will renice itself to 10. |
| be_nice = no |
| |
| # Log file (or 'syslog') : |
| logfile = /var/log/openvas/openvassd.log |
| |
| # Shall we log every details of the attack ? (disk intensive) |
| log_whole_attack = no |
| |
| # Log the name of the plugins that are loaded by the server ? |
| log_plugins_name_at_load = no |
| |
| # Dump file for debugging output, use `-' for stdout |
| dumpfile = /var/log/openvas/openvassd.dump |
| |
| # Rules file : |
| rules = /etc/openvas/openvassd.rules |
| |
| # CGI paths to check for (cgi-bin:/cgi-aws:/ can do) |
| cgi_path = /cgi-bin:/scripts |
| |
| # Range of the ports the port scanners will scan : |
| # 'default' means that OpenVAS will scan ports found in its |
| # services file. |
| port_range = default |
| |
| # Optimize the test (recommended) : |
| optimize_test = yes |
| |
| # Optimization : |
| # Read timeout for the sockets of the tests : |
| checks_read_timeout = 5 |
| |
| # Ports against which two plugins should not be run simultaneously : |
| # non_simult_ports = Services/www, 139, Services/finger |
| non_simult_ports = 139, 445 |
| |
| # Maximum lifetime of a plugin (in seconds) : |
| plugins_timeout = 320 |
| |
| # Safe checks rely on banner grabbing : |
| safe_checks = yes |
| |
| # Automatically activate the plugins that are depended on |
| auto_enable_dependencies = yes |
| |
| # Do not echo data from plugins which have been automatically enabled |
| silent_dependencies = no |
| |
| # Designate hosts by MAC address, not IP address (useful for DHCP networks) |
| use_mac_addr = no |
| |
| |
| #--- Knowledge base saving (can be configured by the client) : |
| # Save the knowledge base on disk : |
| save_knowledge_base = no |
| |
| # Restore the KB for each test : |
| kb_restore = no |
| |
| # Only test hosts whose KB we do not have : |
| only_test_hosts_whose_kb_we_dont_have = no |
| |
| # Only test hosts whose KB we already have : |
| only_test_hosts_whose_kb_we_have = no |
| |
| # KB test replay : |
| kb_dont_replay_scanners = no |
| kb_dont_replay_info_gathering = no |
| kb_dont_replay_attacks = no |
| kb_dont_replay_denials = no |
| kb_max_age = 864000 |
| #--- end of the KB section |
| |
| |
| # If this option is set, OpenVAS will not scan a network incrementally |
| # (10.0.0.1, then 10.0.0.2, 10.0.0.3 and so on..) but will attempt to |
| # slice the workload throughout the whole network (ie: it will scan |
| # 10.0.0.1, then 10.0.0.127, then 10.0.0.2, then 10.0.0.128 and so on... |
| slice_network_addresses = no |
| |
| # Should consider all the NASL scripts as being signed ? (unsafe if set to 'yes') |
| nasl_no_signature_check = yes |
| |
| #Certificates |
| cert_file=/var/lib/openvas/CA/servercert.pem |
| key_file=/var/lib/openvas/private/CA/serverkey.pem |
| ca_file=/var/lib/openvas/CA/cacert.pem |
| |
| # If you decide to protect your private key with a password, |
| # uncomment and change next line |
| # pem_password=password |
| # If you want to force the use of a client certificate, uncomment next line |
| # force_pubkey_auth = yes |
| |
| #end. |