.TH OSPD-OpenVAS 8 "August 2019" "Greenbone Vulnerability Management" "User Manuals"
.SH NAME
ospd-openvas \- The OpenVAS Wrapper of the Greenbone Vulnerability Management
.SH SYNOPSIS
.BI "ospd-openvas [\|-v\|] [\|-h\|]  [\|-c " config-file\| "] [\|--log-file " log-file\| "]

.SH DESCRIPTION
.B Greenbone Vulnerability Management (GVM)
is a vulnerability auditing and management framework made up of several modules.
The OSPD OpenVAS Wrapper,
.BR ospd-openvas
is in charge of the communication between the scanner OpenVAS and the clients
(GVMd and gvm-tools).


.BR ospd-openvas
inspects the remote hosts to list all the vulnerabilities and common
misconfigurations that affects them.

It is a command line tool with parameters to start a daemon which keeps
waiting for instructions to update the feed of vulnerability tests and
 to start a scan.
The second part of the interface is the redis store where the parameters
about a scan task need to be placed and from where the results can be
retrieved, being the unique communication channel between OSPD-OpenVAS
and OpenVAS.

.SH OPTIONS
.TP
.BI "-s " <config-file> ", --config-file "<config-file>
Use the alternate configuration file instead of
.I ~/.config/ospd.conf

.TP
.BI "--log-config "<log-config-path>
Log configuration file path. Default: ~/.config/ospd-logging.conf

.TP
.B "--version"
Print the version number and exit

.TP
.B "-h, --help"
Show a summary of the commands

.TP
.BI "-p " PORT ", --port "PORT
TCP Port to listen on. Default: 0

.TP
.BI "-b " ADDRESS ", --bind-address "ADDRESS
Address to listen on. Default: 0.0.0.0

.TP
.BI "-u " UNIX_SOCKET ", --unix-socket "UNIX_SOCKET
Unix file socket to listen on. Default: /var/run/ospd/ospd.sock

.TP
.BI "-m " SOCKET_MODE ", --socket-mode "SOCKET_MODE
Unix file socket mode. Default: 0o700

.TP
.BI "--pid-file "PID_FILE
Location of the file for the process ID. Default: /var/run/ospd.pid

.TP
.BI "--lock-file-dir "LOCK_FILE_DIR
Directory where the feed lock file is placed. Default: /var/run/ospd

.TP
.BI "-k " KEY_FILE ", --key-file "KEY_FILE
Server key file. Default:
/usr/var/lib/gvm/private/CA/serverkey.pem

.TP
.BI "-c " CERT_FILE ", --cert-file "CERT_FILE
Server cert file. Default:
/usr/var/lib/gvm/CA/servercert.pem

.TP
.BI "--ca-file "CA_FILE
CA cert file. Default: /usr/var/lib/gvm/CA/cacert.pem

.TP
.BI "-L " LOG_LEVEL ", --log-level "LOG_LEVEL
Desired level of logging. Default: WARNING

.TP
.BI "-f, --foreground"
Run in foreground and logs all messages to console.

.TP
.BI "-l " LOG_FILE ", --log-file "LOG_FILE
Path to the logging file.

.TP
.BI "-t " TIMEOUT ", --stream-timeout "TIMEOUT
Set a timeout on socket operations. Default 10 seconds

.TP
.BI "--niceness "NICENESS
Start the scan with the given niceness. Default 10

.TP
.BI "--mqtt-broker-address "ADDRESS
Broker address to connect to for MQTT communication. Neccessary to get
results from Notus-Scanner. Default: localhost

.TP
.BI "--mqtt-broker-port "PORT
Broker port to connect to for MQTT communication. Neccessary to get
results from Notus-Scanner. Default: 1883

.TP
.BI "--mqtt-broker-username "USERNAME
Username to connect to MQTT broker for MQTT communication.

.TP
.BI "--mqtt-broker-password "PASSWORD
Password to connect to MQTT broker for MQTT communication.

.TP
.BI "--scaninfo-store-time "TIME
Time in hours a scan is stored before being considered forgotten and being delete from
the scan table. Default 0, disabled.

.TP
.BI "--max-scans "VALUE
Max. amount of parallel task that can be started. Default 0, disabled.

.TP
.BI "--min-free-mem-scan-queue "MB
Minimum free memory in MB required to run the scan. If no enough free memory is
available, the scan is queued. Default 0, disabled.

.TP
.BI "--max-queued-scans "VALUE
Maximum number allowed of queued scans before starting to reject new scans.
Default 0, disabled.

.TP
.BI "--feed-updater "METHOD
Sets the method of updating the feed. Can either be openvas or
nasl-cli. Default: openvas

.TP
.BI "-x, --signature-check"
Enable feed signature check.

.TP
.BI "--list-commands"
Display all protocol commands.

.SH THE CONFIGURATION FILE

The default
.B ospd-openvas
configuration file,
.I ~/.config/ospd.conf
contains these options under the section [OSPD - openvas]:

.IP log_level
Wished level of logging.

.IP socket_mode
This option defines the permissions on a socket.
It must be set in octal format. E.g. socket_mode = 0o770

.IP unix_socket
This option specifies the socket path.

.IP pid_file
Location of the file for the process ID.

.IP log_file
Path to the log file. If no log file is given, the system log
facility is used by default.

.IP foreground
If this option is set to yes, the daemon logs to the standard output instead of logging
to a file or syslog.

.IP niceness
Start the scan with the given niceness. Default 10

.IP stream_timeout
Set a timeout on socket operations. Default 10 seconds

.IP scaninfo_store_time
Time in hours a scan is stored before being considered forgotten and being delete from
the scan table. Default 0, disabled.

.IP max_scans
Max. amount of parallel task that can be started. Default 0, disabled.

.IP min_free_mem_scan_queue
Minimum free memory in MB required to run the scan. If no enough free memory is
available, the scan is queued. Default 0, disabled.

.IP max_queued_scans
Maximum number allowed of queued scans before starting to reject new scans.
Default 0, disabled.

.SH SEE ALSO
\fBopenvas(8)\f1, \fBgsad(8)\f1, \fBgvmd(8)\f1, \fBgreenbone-nvt-sync(8)\f1,

.SH MORE INFORMATION

The canonical places where you will find more information
about OSPD-OpenVAS are:

.RS
.UR https://community.greenbone.net
Community Portal
.UE
.br
.UR https://github.com/greenbone
Development Platform
.UE
.br
.UR https://www.openvas.org
Traditional home site
.UE
.RE

.SH AUTHORS

ospd-openvas code is developed by Greenbone AG.