Results 1 to 3 of 3

Thread: openvassd.conf location... no file?

  1. #1
    Join Date
    2014-Jul
    Posts
    1

    openvassd.conf location... no file?

    I am testing OpenVAS on Kali Linux for a security deployment solution. Everything is working and "functional", but I need to edit the "max_hosts" setting for the scanner. Running openvassd -s shows the config_file location as being /etc/openvas/openvassd.conf (this is also referenced in other areas of the program), but that file does not exist in that directory. I have tried looking for this on 3 different installations of Kali (all fully up to date) and have had no luck.

    I also looked under /usr/local/etc/openvas/openvassd.conf as suggested in this link http://www.irongeek.com/i.php?page=b...ages/openvassd but also unsuccessful. I even rand a few find commands such as find / -name "*open*.conf" that did not turn up any results.

    The scanner itself runs fine, I just need to change the max_hosts setting because it floods my network when I start a scan. I tried editing the setting through the GSAD, but it appears that I can only view the settings from there. I have searched the internet and these forums for a few hours now and have had no luck. What am I missing here? It seems like something painfully obvious, but I'm stumped.

    As an fyi, this is not something that can be changed in the scanner policy (which I find very odd... That's where the setting is in Nessus). Everything I see says that it needs to be changed in the openvassd.conf file.

  2. #2
    Join Date
    2014-Aug
    Posts
    1
    I'm looking for tis as well. Anyone have an answer for us?

  3. #3
    Join Date
    2014-Oct
    Location
    city11 -inspectral
    Posts
    1
    So openvas-check-setup looks for a file named /etc/openvas/openvassd.conf. If there is not one there, it will use the default settings. I've successfully gotten openvas-check-setup to read customized settings by making my own file:

    Code:
    # OpenVAS Security Scanner, Debian default configuration file
    #
    # Empty lines and those starting with '#' are ignored.
    
    # Directory where plug-ins are to be found
    plugins_folder = /var/lib/openvas/plugins
    
    # Path to OpenVAS caching folder:
    cache_folder = /var/cache/openvas
    
    # Path to OpenVAS include directories:
    # (multiple entries are separated with colon ':')
    include_folders = /var/lib/openvas/plugins
    
    # E-mail address of the admin
    #email = root
    
    # Maximum number of hosts
    max_hosts = 1
    
    # Number of plugins that will run against each host,
    # i.e. simultaneous tests
    # Total number of processes will be max_checks x max_hosts
    max_checks = 1
    
    # File used to log activity. Set it to 'syslog' if you want to use syslogd.
    logfile = /var/log/openvas/openvassd.messages
    
    # Log every detail of the attack in openvassd.messages
    # If disabled only the beginning and end are logged, and
    # not the time each plugin takes to execute
    log_whole_attack = no
    
    # Log the name of the plugins that are loaded by the server
    log_plugins_name_at_load = no
    
    # Dump file for debugging output, use `-' for stdout
    dumpfile = /var/log/openvas/openvassd.dump
    
    # File that contains rules database that apply to all users
    #rules = /etc/openvas/openvassd.rules
    
    # Users database file
    #users = /etc/openvas/openvassd.users
    
    # CGI paths to check for (cgi-bin:/cgi-aws:/ can do)
    cgi_path = /cgi-bin:/scripts
    
    # Optimize the test
    optimize_test = yes
    
    # Read timeout (in seconds) for the sockets of the tests
    # Increase this value if running on a slow network link (dialup)
    checks_read_timeout = 5
    
    # Delay (in seconds) to pass for between two tests against the same port
    # (to be inetd friendly)
    #delay_between_tests = 1
    
    # Maximum time to wait for a plugin to execute
    plugins_timeout = 320
    
    # Do not run simultaneous ports for these tests.
    # Default value: non_simult_ports = 139, 445
    # This setting is necessary for reliable scans of Microsoft Windows targets.
    non_simult_ports = 139, 445
    
    # Range of the ports that port scanners will scan
    #port_range = default
    
    # Only test the IPs that can be reversely looked up?
    #reverse_lookup = no
    
    # Host expansion:
    # dns:  performs and AXFR on the remote name server
    #       and test the host obtained
    # nfs:  test hosts that have the right to mount the
    #       filesystems exported by the remote host
    # ip:   scan the entire subnet
    #host_expansion = dns;ip
    
    # Use the MAC address as host identifier (useful in 
    # local LANs with dynamic addresses, e.g. DHCP)
    # use_mac_addr = yes
    
    # Slice the network IPs into portions and rotate them
    # between scanning each slice. Instead of the (default)
    # behaviour of scanning a network incrementally.
    # slice_network_addresses = yes
    
    # Enable plugins that are depended on
    auto_enable_dependencies = yes
    
    # Enable safe checks (this overrides the client's configuration)
    # safe_checks = yes
    
    # Public key client server encryption (crypto options)
    #force_pubkey_auth = yes
    # Define SSL version, use NONE to disable SSL
    # ssl_version = 3
    # Full path and filename of a trusted certificate authority
    # see /usr/share/doc/openvas/README_SSL.gz
    # trusted_ca = 
    
    # SSL Ciphers to use
    # The following removes all SSLv3 ciphers except RC4.
    # This has been implemented to workaround an OpenSSL 0.9.8
    # bug, for more information please read
    # http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=338006
    # and
    # http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=343487
    # ssl_cipher_list = SSLv2:-LOW:-EXPORT:RC4+RSA
    
    # NASL scripts cryptographic checks of some plugins (trusted
    # scripts). OpenVAS will refuse to load and execute trusted
    # scripts that are not signed. Use extreme caution when
    # setting this to 'yes'
    nasl_no_signature_check = yes
    
    # Set this to 'yes' if you want each child to be nice(2)d
    be_nice = yes
    
    # End of /etc/openvas/openvassd.conf file.
    However, I was a little disappointed to discover that the setting I was interested in using (max_hosts - same as axtronic) only applies to each individual scan, not all of the scans that are running/queued:

    http://lists.wald.intevation.org/pip...st/006678.html

    I haven't found a way to control how many Tasks will be executed simultaneously, which is why I've got the number of checks per host also set to 1 :\.

Similar Threads

  1. Ettercap problem with etter.conf file !
    By forwin in forum General Archive
    Replies: 1
    Last Post: 2017-04-25, 16:31
  2. Missing etter.conf file for ettercap in kali linux 64x
    By wikitjuggla in forum General Archive
    Replies: 2
    Last Post: 2015-06-22, 17:43
  3. Replies: 1
    Last Post: 2013-04-03, 20:52

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •