mirror of
https://github.com/Ponce/slackbuilds
synced 2024-10-13 08:43:42 +02:00
163 lines
4.8 KiB
Text
163 lines
4.8 KiB
Text
# OpenVAS Security Scanner, Slackware default configuration file
|
|
#
|
|
# Empty lines and those starting with '#' are ignored.
|
|
|
|
# Directory where plug-ins are to be found
|
|
plugins_folder = /usr/lib/openvas/plugins
|
|
|
|
# E-mail address of the admin
|
|
email = root
|
|
|
|
# Maximum number of hosts
|
|
max_hosts = 255
|
|
|
|
# Number of plugins that will run against each host,
|
|
# i.e. simultaneous tests
|
|
# Total number of processes will be max_checks x max_hosts
|
|
max_checks = 15
|
|
|
|
# File used to log activity. Set it to 'syslog' if you want to use syslogd.
|
|
logfile = /var/log/openvas/openvasd.messages
|
|
|
|
# Log every detail of the attack in openvasd.messages
|
|
# If disabled only the beginning and end are logged, and
|
|
# not the time each plugin takes to execute
|
|
log_whole_attack = yes
|
|
|
|
# Log the name of the plugins that are loaded by the server
|
|
log_plugins_name_at_load = no
|
|
|
|
# Dump file for debugging output, use `-' for stdout
|
|
dumpfile = /var/lib/openvas/openvasd.dump
|
|
|
|
# File that contains rules database that apply to all users
|
|
rules = /etc/openvas/openvasd.rules
|
|
|
|
# Users database file
|
|
users = /etc/openvas/openvasd.users
|
|
|
|
# Path where it will find information for all users
|
|
per_user_base = /var/lib/openvas/users
|
|
|
|
# Cache folder
|
|
cache_folder = /var/cache/openvas
|
|
|
|
# CGI paths to check for (cgi-bin:/cgi-aws:/ can do)
|
|
cgi_path = /cgi-bin
|
|
|
|
# Optimize the test
|
|
optimize_test = yes
|
|
|
|
# Read timeout (in seconds) for the sockets of the tests
|
|
# Increase this value if running on a slow network link (dialup)
|
|
checks_read_timeout = 15
|
|
|
|
# Delay (in seconds) to pass for between two tests against the same port
|
|
# (to be inetd friendly)
|
|
delay_between_tests = 1
|
|
|
|
# Do not run simultaneous ports for these tests. Default value:
|
|
# non_simul_ports = 139, 445
|
|
|
|
# Remote file that the plugins will try to read:
|
|
test_file = /etc/passwd
|
|
|
|
# Range of the ports that nmap will scan
|
|
port_range = 1-15000
|
|
|
|
# Ping hosts before scanning them?
|
|
ping_hosts = yes
|
|
|
|
# Only test the IPs that can be reversely looked up?
|
|
reverse_lookup = no
|
|
|
|
# Host expansion:
|
|
# dns: performs and AXFR on the remote name server
|
|
# and test the host obtained
|
|
# nfs: test hosts that have the right to mount the
|
|
# filesystems exported by the remote host
|
|
# ip: scan the entire subnet
|
|
host_expansion = dns;ip
|
|
|
|
subnet_class = C
|
|
|
|
# Use the MAC address as host identifier (useful in
|
|
# local LANs with dynamic addresses, e.g. DHCP)
|
|
# use_mac_addr = yes
|
|
|
|
# Slice the network IPs into portions and rotate them
|
|
# between scanning each slice. Instead of the (default)
|
|
# behaviour of scanning a network incrementally.
|
|
# slice_network_addresses = yes
|
|
|
|
scan_level = normal
|
|
outside_firewall = no
|
|
|
|
# Enable plugins that are depended on
|
|
# auto_enable_dependencies = yes
|
|
|
|
# Enable safe checks (this overrides the client's configuration)
|
|
# safe_checks = yes
|
|
|
|
# Allow users to upload plugins to the server
|
|
# Note: This effectively gives administrative permissions
|
|
# to OpenVAS users and, when using local checks, could grant
|
|
# them execute permissions in remote systems, so use with care!
|
|
plugin_upload = no
|
|
|
|
# Filename suffixes that are allowed when uploading
|
|
# plugin_upload_suffixes = .nasl, .inc
|
|
|
|
# Language to use in plugins.
|
|
# Current valid options are 'english' and 'french'
|
|
language = english
|
|
|
|
# Public key client server encryption (crypto options)
|
|
peks_username = openvasd
|
|
peks_keylen = 1024
|
|
peks_keyfile = /etc/openvas/openvasd.private-keys
|
|
peks_usrkeys = /etc/openvas/openvasd.user-keys
|
|
peks_pwdfail = 5
|
|
track_iothreads = yes
|
|
cookie_logpipe = /etc/openvas/openvasd.logpipe
|
|
cookie_logpipe_suptmo = 2
|
|
# Define SSL version, use NONE to disable SSL
|
|
# ssl_version = 3
|
|
# Full path and filename of a trusted certificate authority
|
|
# see /usr/share/doc/openvas/README_SSL.gz
|
|
# trusted_ca =
|
|
|
|
# SSL Ciphers to use
|
|
# The following removes all SSLv3 ciphers except RC4.
|
|
# This has been implemented to workaround an OpenSSL 0.9.8
|
|
# bug, for more information please read
|
|
# http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=338006
|
|
# and
|
|
# http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=343487
|
|
# ssl_cipher_list = SSLv2:-LOW:-EXPORT:RC4+RSA
|
|
|
|
# NASL scripts cryptographic checks of some plugins (trusted
|
|
# scripts). OpenVAS will refuse to load and execute trusted
|
|
# scripts that are not signed. Use extreme caution when
|
|
# setting this to 'yes'
|
|
#nasl_no_signature_check = no
|
|
nasl_no_signature_check = yes
|
|
|
|
# Uncomment the following for IO thread debugging
|
|
#track_iothreads = yes
|
|
|
|
# Set this to 'yes' if you want each child to be nice(2)d
|
|
# be_nice = yes
|
|
|
|
# End of /etc/openvas/openvasd.conf file.
|
|
#
|
|
# Added by openvas-mkcert
|
|
#
|
|
cert_file=/var/lib/openvas/CA/servercert.pem
|
|
key_file=/var/lib/openvas/private/CA/serverkey.pem
|
|
ca_file=/var/lib/openvas/CA/cacert.pem
|
|
# If you decide to protect your private key with a password,
|
|
# uncomment and change next line
|
|
# pem_password=password
|
|
# If you want to force the use of a client certificate, uncomment next line
|
|
# force_pubkey_auth = yes
|