[Openvas-commits] r6133 - trunk/openvas-packaging/openvas-scanner/debian/trunk/debian

scm-commit@wald.intevation.org scm-commit at wald.intevation.org
Mon Dec 14 11:00:56 CET 2009


Author: mwiegand
Date: 2009-12-14 11:00:55 +0100 (Mon, 14 Dec 2009)
New Revision: 6133

Modified:
   trunk/openvas-packaging/openvas-scanner/debian/trunk/debian/openvassd.conf
Log:
Removed a number of superfluous options from the configuration file, changed other options to the recommended settings as of OpenVAS 3.0.


Modified: trunk/openvas-packaging/openvas-scanner/debian/trunk/debian/openvassd.conf
===================================================================
--- trunk/openvas-packaging/openvas-scanner/debian/trunk/debian/openvassd.conf	2009-12-14 09:00:43 UTC (rev 6132)
+++ trunk/openvas-packaging/openvas-scanner/debian/trunk/debian/openvassd.conf	2009-12-14 10:00:55 UTC (rev 6133)
@@ -16,12 +16,12 @@
 email = root
 
 # Maximum number of hosts
-max_hosts = 255
+max_hosts = 30
 
 # Number of plugins that will run against each host,
 # i.e. simultaneous tests
 # Total number of processes will be max_checks x max_hosts
-max_checks = 15
+max_checks = 10
 
 # File used to log activity. Set it to 'syslog' if you want to use syslogd.
 logfile = /var/log/openvas/openvassd.messages
@@ -29,7 +29,7 @@
 # Log every detail of the attack in openvassd.messages
 # If disabled only the beginning and end are logged, and
 # not the time each plugin takes to execute
-log_whole_attack = yes
+log_whole_attack = no
 
 # Log the name of the plugins that are loaded by the server
 log_plugins_name_at_load = no
@@ -40,17 +40,11 @@
 # File that contains rules database that apply to all users
 rules = /etc/openvas/openvassd.rules
 
-# User that can upload plugins
-# admin_user =
-
 # Users database file
 users = /etc/openvas/openvassd.users
 
-# Path where it will find information for all users
-per_user_base = /var/lib/openvas/users
-
 # CGI paths to check for (cgi-bin:/cgi-aws:/ can do)
-cgi_path = /cgi-bin
+cgi_path = /cgi-bin:/scripts
 
 # Optimize the test
 optimize_test = yes
@@ -64,20 +58,14 @@
 delay_between_tests = 1
 
 # Maximum time to wait for a plugin to execute
-# plugins_timeout = 320
+plugins_timeout = 320
 
 # Do not run simultaneous ports for these tests. Default value:
-# non_simul_ports = 139, 445
+non_simult_ports = 139, 445
 
-# Remote file that the plugins will try to read:
-test_file = /etc/passwd
-
 # Range of the ports that nmap will scan
-port_range = 1-15000
+port_range = default
 
-# Ping hosts before scanning them?
-ping_hosts = yes
-
 # Only test the IPs that can be reversely looked up?
 reverse_lookup = no
 
@@ -89,8 +77,6 @@
 # ip:   scan the entire subnet
 host_expansion = dns;ip
 
-subnet_class = C
-
 # Use the MAC address as host identifier (useful in 
 # local LANs with dynamic addresses, e.g. DHCP)
 # use_mac_addr = yes
@@ -100,37 +86,13 @@
 # behaviour of scanning a network incrementally.
 # slice_network_addresses = yes
 
-scan_level = normal
-outside_firewall = no
-
 # Enable plugins that are depended on
-# auto_enable_dependencies = yes
+auto_enable_dependencies = yes
 
 # Enable safe checks (this overrides the client's configuration)
 # safe_checks = yes
 
-# Allow users to upload plugins to the server
-# Note: This effectively gives administrative permissions
-# to OpenVAS users and, when using local checks, could grant
-# them execute permissions in remote systems, so use with care!
-plugin_upload = no
-
-# Filename suffixes that are allowed when uploading
-# plugin_upload_suffixes = .nasl, .inc
-
-# Language to use in plugins.
-# Current valid options are 'english' and 'french'
-language = english
-
 # Public key client server encryption (crypto options)
-peks_username = openvassd
-peks_keylen = 1024
-peks_keyfile = /etc/openvas/openvassd.private-keys
-peks_usrkeys = /etc/openvas/openvassd.user-keys
-peks_pwdfail = 5
-track_iothreads = yes
-cookie_logpipe = /etc/openvas/openvassd.logpipe
-cookie_logpipe_suptmo = 2
 force_pubkey_auth = yes
 # Define SSL version, use NONE to disable SSL
 # ssl_version = 3
@@ -151,12 +113,8 @@
 # scripts). OpenVAS will refuse to load and execute trusted
 # scripts that are not signed. Use extreme caution when
 # setting this to 'yes'
-#nasl_no_signature_check = no
 nasl_no_signature_check = yes
 
-# Uncomment the following for IO thread debugging
-#track_iothreads = yes
-
 # Set this to 'yes' if you want each child to be nice(2)d
 # be_nice = yes
 



More information about the Openvas-commits mailing list