File: config.example.toml

package info (click to toggle)
openvas-scanner 23.38.1-1
  • links: PTS, VCS
  • area: main
  • in suites: sid
  • size: 22,468 kB
  • sloc: ansic: 41,621; xml: 6,251; pascal: 3,723; yacc: 1,250; sh: 1,068; makefile: 333; sql: 282; javascript: 12
file content (98 lines) | stat: -rw-r--r-- 3,237 bytes parent folder | download
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
# Openvasd contains several modes to control the behavior of it.
# Service enables nasl and notus feed observations all endpoints.
mode = "service"
# Notus disables /scan endpoints and just observes the notus feed.
# mode = "service_notus"

[feed]
# Path to the openvas feed. This is required for the /vts endpoint.
path = "/var/lib/openvas/plugins"
# Disables or enables the signature check
signature_check = true

# How often the feed should be checked for updates
check_interval = "3600s"

[notus]
# Path to the notus feed. This is required for the /notus endpoint
products_path = "/var/lib/notus/products/"
# path to the notus advisories feed. This is required for the /vts endpoint
advisories_path = "/var/lib/notus/advisories/"

[endpoints]
# Enables GET /scans endpoint
enable_get_scans = true
# If set it requires `x-api-key` header to use the endpoint
key = "mtls_is_preferred"

[tls]
# The server certificate
certs = "/etc/openvasd/tls/server.pem"
# Server key
key = "/var/lib/openvasd/tls/server.rsa"
# dir that contains client certificates. If there are none than every client is
# allowed to connect otherwise just the clients that have the configured
# client certificates.
client_certs = "/etc/openvasd/tls/client"

[scanner]
# Supported types:
#   "openvas": Current C based openvas-scanner
#   "openvasd": New Rust based scanner which is not yet fully implemented
type = "openvas"

[listener]
# ip address and port to listen to
address = "127.0.0.1:3000"

[logging]
level = 'INFO'

[logging.additional]
# with that we can set other packages to be quieter
sqlx = 'WARN'

[storage]
# The location can be either in-memory or a path
location = 'in-memory'
busy_timeout = '2s'
max_connections = 1
# credentials are stored encrypted. To set a manual key you can set credential_key
credential_key = "verysecretive"

[scheduler]
# Sets the maximum number scans that can be queued at once. If not set, there is no limit.
# max_queued_scans = 10
# Sets the maximum number of scans that can run in parallel. If the maximum number is reached,
# queued scans remain in the queue.  If not set, there is no limit.
# max_running_scans = 10
# Minimum memory that must be available in order to start a scan. If not set, there is no limit.
# min_free_mem = 2147483648 # 2GiB

# Iteration interval for the scheduler
check_interval = "500ms"

[container_image_scanner]
# Defines how many scans can be resolved to images although another scan is running.
#
# This will effectively resolve whole catalogs or repositories in parallel, however it does
# not mean that they will be actually scanned yet as those images are then picked up and
# the concurrency of those are controlled by images.max_scanning.
max_scans = 5

[container_image_scanner.database]
location = 'in-memory'
busy_timeout = '2s'
max_connections = 1

[container_image_scanner.image]
extract_to = '/tmp/openvasd/cis'
# Configures the amount of images that may be scanned concurrently
max_scanning = 10
# How many times an image scan should be retried on a failure that is retryable
scanning_retries = 10
# Configures the amount of images that should be processed in one batch synchronously
batch_size = 2
# How long openvasd should pause before retrying
retry_timeout = "1s"