FreeBSD Manual Pages
gvmd(8) System Manager's Manual gvmd(8) NAME gvmd - Greenbone Vulnerability Manager daemon SYNOPSIS gvmd OPTIONS DESCRIPTION The Greenbone Vulnerability Manager is the central management service between security scanners and the user clients. It manages the storage of any vulnerability management configurations and of the scan results. Access to data, control commands and workflows is offered via the XML-based Greenbone Management Protocol (GMP). The primary scanner 'OpenVAS Scanner' is controlled directly via protocol OTP while any other remote scanner is coupled with the Open Scanner Protocol (OSP). OPTIONS -h, --help Show help options. --broker-address=ADDRESS Sets the address for the publish-subscribe message (MQTT) bro- ker. Defaults to localhost:9138. Set to empty to disable. --check-alerts Check SecInfo alerts. --client-watch-interval=NUMBER Check if client connection was closed every NUMBER seconds. 0 to disable. Defaults to 1 second. --create-encryption-key Create a new credential encryption key, set it as the new de- fault and exit. With no other options given, a 4096 bit RSA key is created. --create-scanner=SCANNER Create global scanner SCANNER and exit. --create-user=USERNAME Create admin user USERNAME and exit. -d, --database=NAME Use NAME as database for PostgreSQL. --db-host=HOST Use HOST as database host or socket directory for PostgreSQL. --db-port=PORT Use PORT as database port or socket extension for PostgreSQL. --delete-scanner=SCANNER-UUID Delete scanner SCANNER-UUID and exit. --delete-user=USERNAME Delete user USERNAME and exit. --dh-params=FILE Diffie-Hellman parameters file --disable-cmds=COMMANDS Disable comma-separated COMMANDS. --disable-encrypted-credentials Do not encrypt or decrypt credentials. --disable-password-policy Do not restrict passwords to the policy. --disable-scheduling Disable task scheduling. --encryption-key-length=LENGTH Set key length to LENGTH bits when creating a new RSA credential encryption key. Defaults to 4096. --encryption-key-type=TYPE Use the key type TYPE when creating a new credential encryption key. Currently only RSA is supported. --encrypt-all-credentials (Re-)Encrypt all credentials. --feed-lock-path=PATH Sets the path to the feed lock file. --feed-lock-timeout=TIMEOUT Sets the number of seconds to retry for if the feed is locked in contexts (like migration or rebuilds) that do not retry on their own (like automatic syncs). Defaults to 0 (no retry). -f, --foreground Run in foreground. --get-scanners List scanners and exit. --get-users List users and exit. --gnutls-priorities=PRIORITIES-STRING Sets the GnuTLS priorities for the Manager socket. --inheritor=USERNAME Have USERNAME inherit from deleted user. -a, --listen=ADDRESS Listen on ADDRESS. --ldap-debug Enable debugging of LDAP authentication. --listen2=ADDRESS Listen also on ADDRESS. --listen-group=STRING Group of the unix socket --listen-mode=STRING File mode of the unix socket --listen-owner=STRING Owner of the unix socket --max-concurrent-scan-updates=NUMBER Maximum number of scan updates that can run at the same time. Default: 0 (unlimited). --max-email-attachment-size=NUMBER Maximum size of alert email attachments, in bytes. --max-email-include-size=NUMBER Maximum size of inlined content in alert emails, in bytes. --max-email-message-size=NUMBER Maximum size of user-defined message text in alert emails, in bytes. --max-ips-per-target=NUMBER Maximum number of IPs per target. --mem-wait-retries=NUMBER How often to try waiting for available memory. Default: 30. Each retry will wait for 10 seconds. -m, --migrate Migrate the database and exit. --min-mem-feed-update=NUMBER Minimum memory in MiB for feed updates. Default: 0. Feed updates are skipped if less physical memory is available. --modify-scanner=SCANNER-UUID Modify scanner SCANNER-UUID and exit. --modify-setting=UUID Modify setting UUID and exit. --new-password=PASSWORD Modify user's password and exit. --new-password=PASSWORD Modify user's password and exit. --optimize=NAME Run an optimization: vacuum, add-feed-permissions, analyze, cleanup-config-prefs, cleanup-feed-permissions, cleanup-port- names, cleanup-report-formats, cleanup-result-nvts, cleanup-re- sult-severities, cleanup-schedule-times, cleanup-sequences, cleanup-tls-certificate-encoding, migrate-relay-sensors, re- build-report-cache or update-report-cache. --osp-vt-update=SCANNER-SOCKET Unix socket for OSP NVT update. Defaults to the path of the 'OpenVAS Default' scanner if it is an absolute path. --password=PASSWORD Password, for --create-user. -p, --port=NUMBER Use port number NUMBER. --port2=NUMBER Use port number NUMBER for address 2. --rebuild-gvmd-data=TYPES Reload all gvmd data objects of a given types from feed. The types must be "all" or a comma-separated of the following: "configs", "port_lists" and "report_formats". --rebuild-scap Rebuild all SCAP data. --relay-mapper=FILE Executable for mapping scanner hosts to relays. Use an empty string to explicitly disable. If the option is not given, $PATH is checked for gvm-relay-mapper. --role=ROLE Role for --create-user and --get-users. --scanner-ca-pub=SCANNER-CA-PUB Scanner CA Certificate path for --[create|modify]-scanner. --scanner-credential=SCANNER-CREDENTIAL Scanner credential for --create-scanner and --modify-scanner. Can be blank to unset or a credential UUID. If omitted, a new credential can be created instead. --scanner-host=SCANNER-HOST Scanner host or socket for --create-scanner and --modify-scan- ner. --scanner-key-priv=SCANNER-KEY-PRIVATE Scanner private key path for --[create|modify]-scanner if --scanner-credential is not given. --scanner-key-pub=SCANNER-KEY-PUBLIC Scanner Certificate path for --[create|modify]-scanner if --scanner-credential is not given. --scanner-name=NAME Name for --modify-scanner. --scanner-port=SCANNER-PORT Scanner port for --create-scanner and --modify-scanner. --scanner-type=SCANNER-TYPE Scanner type for --create-scanner and --modify-scanner. Either 'OpenVAS', 'GMP', 'OSP-Sensor' or a number as used in GMP. --scanner-connection-retry=NUMBER Number of auto retries if scanner connection is lost in a run- ning task. --schedule-timeout=TIME Time out tasks that are more than TIME minutes overdue. -1 to disable, 0 for minimum time. --secinfo-commit-size=NUMBER During CERT and SCAP sync, commit updates to the database every NUMBER items, 0 for unlimited. -c, --unix-socket=FILENAME Listen on UNIX socket at FILENAME. --user=USERNAME User for --new-password. --value=VALUE Value for --modify-setting. --verbose Has no effect. See INSTALL.md for logging config. --verify-scanner=SCANNER-UUID Verify scanner SCANNER-UUID and exit. --version Print version and exit. --vt-verification-collation=COLLATION Set collation for VT verification to COLLATION, omit or leave empty to choose automatically. Should be 'ucs_default' if DB uses UTF-8 or 'C' for single-byte encodings. SIGNALS SIGHUP causes gvmd to rebuild the database with information from the Scanner (openvas). EXAMPLES gvmd --port 1241 Serve GMP clients on port 1241 and connect to an OpenVAS scanner via the default OTP file socket. SEE ALSO openvas(8), gsad(8), ospd-openvas(8), greenbone-certdata-sync(8), greenbone-scapdata-sync(8), MORE INFORMATION The canonical places where you will find more information about the Greenbone Vulnerability Manager are: https://community.greenbone.net (Community Portal) https://github.com/greenbone (Development Platform) https://www.greenbone.net (Greenbone Website) COPYRIGHT The Greenbone Vulnerability Manager is released under the GNU GPL, ver- sion 2, or, at your option, any later version. Manuals User gvmd(8)
NAME | SYNOPSIS | DESCRIPTION | OPTIONS | SIGNALS | EXAMPLES | SEE ALSO | MORE INFORMATION | COPYRIGHT
Want to link to this manual page? Use this URL:
<https://man.freebsd.org/cgi/man.cgi?query=gvmd&sektion=8&manpath=FreeBSD+Ports+14.3.quarterly>