File: connectiontypes.md

package info (click to toggle)
gvm-tools 25.4.5-1
  • links: PTS, VCS
  • area: main
  • in suites: sid
  • size: 1,480 kB
  • sloc: python: 10,611; xml: 445; makefile: 27
file content (73 lines) | stat: -rw-r--r-- 2,923 bytes parent folder | download 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
 
(connection-types)=

# Connection Types

Before being able to talk to a remote {term}`GMP` or {term}`OSP` server using
one of the {ref}`provided command line clients <tools>`, the user
has to choose a connection type for establishing a communication channel.
Currently three different connection types are supported for being used as
transport protocol:

> - {ref}`TLS – tls <tls_connection_type>`
> - {ref}`SSH – ssh <ssh_connection_type>`
> - {ref}`Unix Domain Socket – socket <socket_connection_type>`

For the most common use case (querying {term}`gvmd` via
{term}`GMP` on the same host) the {ref}`socket connection
<socket_connection_type>` should be chosen. The other connection types require
some setup and possible adjustments at the server side, if no {term}`Greenbone OS <GOS>`
based system is used.

(socket-connection-type)=

## Using a Unix Domain Socket

The Unix Domain Socket is the default connection type of {term}`gvmd` in the
{term}`Greenbone Community Edition`. It is only usable when running the
client tool on the same host as the daemon.

The location and name of the Unix Domain Socket provided by {term}`gvmd` highly
depends on the environment and {term}`Greenbone Community Edition` installation.

For current releases of the Greenbone Community Edition 21.4 and 22.4 the
socket should be found at {file}`/run/gvmd/gvmd.sock`.

For {term}`GOS 4 <GOS>` the path is either {file}`/run/openvas/openvasmd.sock` or
{file}`/usr/share/openvas/gsa/classic/openvasmd.sock` and for
{term}`GOS 5 <GOS>` and later the path is either {file}`/run/gvm/gvmd.sock` or
{file}`/usr/share/gvm/gsad/web/gvmd.sock`.

{term}`OSPd based scanners <OSPd>` may be accessed via Unix Domain Sockets as well.
The location and name of these sockets is configurable and depends on the used
OSPd scanner implementation.

(don-t-use-sudo)=

```{warning}
Accessing a Unix Domain Socket requires sufficient Unix file permissions for
the user running the {ref}`command line interface tool <tools>`.

Please do not start a tool as **root** user via {command}`sudo` or {command}`su` only to
be able to access the socket path. Instead, adjust the
socket file permissions, e.g. by setting the {command}`--listen-owner`,
{command}`--listen-group` or {command}`--listen-mode` arguments of
{term}`gvmd`.
```

(tls-connection-type)=

## Using TLS

The TLS connection type was the default connection type for remote and local
communication in {term}`GOS 3.1 <GOS>` and before. It is used to secure the
transport protocol connection of {term}`GMP` or {term}`OSP`. It requires to
provide a TLS certificate file, TLS key file and TLS certificate authority file.

(ssh-connection-type)=

## Using SSH

Since {term}`GOS 4 <GOS>`, SSH is the default connection type for secure remote
communication with the manager daemon via {term}`GMP`. The {term}`Greenbone
Management Protocol <GMP>` is tunneled through SSH and forwarded to
{term}`gvmd`.