Provided by: gvmd_25.2.1-1_amd64 
NAME
gvmd - Greenbone Vulnerability Manager daemon
SYNOPSIS
gvmd OPTIONS
DESCRIPTION
The Greenbone Vulnerability Manager is the central management service between security scanners and the
user clients.
It manages the storage of any vulnerability management configurations and of the scan results. Access to
data, control commands and workflows is offered via the XML-based Greenbone Management Protocol (GMP).
The primary scanner 'OpenVAS Scanner' is controlled directly via protocol OTP while any other remote
scanner is coupled with the Open Scanner Protocol (OSP).
OPTIONS
-h, --help
Show help options.
--affected-products-query-size=NUMBER
Sets the number of CVEs to process per query when updating the affected products. Defaults to
20000.
--auth-timeout=TIMEOUT
Sets the authentication timeout time for the cached authentication. Defaults to 15 minutes.
--broker-address=ADDRESS
Sets the address for the publish-subscribe message (MQTT) broker. Defaults to localhost:9138. Set
to empty to disable.
--check-alerts
Check SecInfo alerts.
--client-watch-interval=NUMBER
Check if client connection was closed every NUMBER seconds. 0 to disable. Defaults to 1 second.
--create-encryption-key
Create a new credential encryption key, set it as the new default and exit. With no other options
given, a 4096 bit RSA key is created.
--create-scanner=SCANNER
Create global scanner SCANNER and exit.
--create-user=USERNAME
Create admin user USERNAME and exit.
-d, --database=NAME
Use NAME as database for PostgreSQL.
--db-host=HOST
Use HOST as database host or socket directory for PostgreSQL.
--db-port=PORT
Use PORT as database port or socket extension for PostgreSQL.
--delete-scanner=SCANNER-UUID
Delete scanner SCANNER-UUID and exit.
--delete-user=USERNAME
Delete user USERNAME and exit.
--dh-params=FILE
Diffie-Hellman parameters file
--disable-cmds=COMMANDS
Disable comma-separated COMMANDS.
--disable-encrypted-credentials
Do not encrypt or decrypt credentials.
--disable-password-policy
Do not restrict passwords to the policy.
--disable-scheduling
Disable task scheduling.
--encryption-key-length=LENGTH
Set key length to LENGTH bits when creating a new RSA credential encryption key. Defaults to 4096.
--encryption-key-type=TYPE
Use the key type TYPE when creating a new credential encryption key. Currently only RSA is
supported.
--encrypt-all-credentials
(Re-)Encrypt all credentials.
--feed-lock-path=PATH
Sets the path to the feed lock file.
--feed-lock-timeout=TIMEOUT
Sets the number of seconds to retry for if the feed is locked in contexts (like migration or
rebuilds) that do not retry on their own (like automatic syncs). Defaults to 0 (no retry).
-f, --foreground
Run in foreground.
--get-scanners
List scanners and exit.
--get-users
List users and exit.
--gnutls-priorities=PRIORITIES-STRING
Sets the GnuTLS priorities for the Manager socket.
--inheritor=USERNAME
Have USERNAME inherit from deleted user.
-a, --listen=ADDRESS
Listen on ADDRESS.
--ldap-debug
Enable debugging of LDAP authentication.
--listen2=ADDRESS
Listen also on ADDRESS.
--listen-group=STRING
Group of the unix socket
--listen-mode=STRING
File mode of the unix socket
--listen-owner=STRING
Owner of the unix socket
--max-concurrent-scan-updates=NUMBER
Maximum number of scan updates that can run at the same time. Default: 0 (unlimited).
--max-email-attachment-size=NUMBER
Maximum size of alert email attachments, in bytes.
--max-email-include-size=NUMBER
Maximum size of inlined content in alert emails, in bytes.
--max-email-message-size=NUMBER
Maximum size of user-defined message text in alert emails, in bytes.
--max-ips-per-target=NUMBER
Maximum number of IPs per target.
--mem-wait-retries=NUMBER
How often to try waiting for available memory. Default: 30. Each retry will wait for 10 seconds.
-m, --migrate
Migrate the database and exit.
--min-mem-feed-update=NUMBER
Minimum memory in MiB for feed updates. Default: 0. Feed updates are skipped if less physical
memory is available.
--modify-scanner=SCANNER-UUID
Modify scanner SCANNER-UUID and exit.
--modify-setting=UUID
Modify setting UUID and exit.
--new-password=PASSWORD
Modify user's password and exit.
--new-password=PASSWORD
Modify user's password and exit.
--optimize=NAME
Run an optimization: vacuum, add-feed-permissions, analyze, cleanup-config-prefs, cleanup-feed-
permissions, cleanup-port-names, cleanup-report-formats, cleanup-result-nvts, cleanup-result-
severities, cleanup-schedule-times, cleanup-sequences, cleanup-tls-certificate-encoding, migrate-
relay-sensors, rebuild-report-cache or update-report-cache.
--osp-vt-update=SCANNER-SOCKET
Unix socket for OSP NVT update. Defaults to the path of the 'OpenVAS Default' scanner if it is an
absolute path.
--password=PASSWORD
Password, for --create-user.
-p, --port=NUMBER
Use port number NUMBER.
--port2=NUMBER
Use port number NUMBER for address 2.
--rebuild-gvmd-data=TYPES
Reload all gvmd data objects of a given types from feed.
The types must be "all" or a comma-separated of the following: "configs", "port_lists" and
"report_formats".
--rebuild-scap
Rebuild all SCAP data.
--relay-mapper=FILE
Executable for automatically mapping scanner hosts to relays. If the option is empty or not given,
automatic mapping is disabled. This option is deprecated and relays should be set explictly in the
relay_... fields of scanners.
--role=ROLE
Role for --create-user and --get-users.
--scanner-ca-pub=SCANNER-CA-PUB
Scanner CA Certificate path for --[create|modify]-scanner.
--scanner-credential=SCANNER-CREDENTIAL
Scanner credential for --create-scanner and --modify-scanner.
Can be blank to unset or a credential UUID. If omitted, a new credential can be created instead.
--scanner-host=SCANNER-HOST
Scanner host or socket for --create-scanner and --modify-scanner.
--scanner-key-priv=SCANNER-KEY-PRIVATE
Scanner private key path for --[create|modify]-scanner if --scanner-credential is not given.
--scanner-key-pub=SCANNER-KEY-PUBLIC
Scanner Certificate path for --[create|modify]-scanner if --scanner-credential is not given.
--scanner-name=NAME
Name for --modify-scanner.
--scanner-port=SCANNER-PORT
Scanner port for --create-scanner and --modify-scanner.
--scanner-relay-host=SCANNER-HOST
Scanner relay host or socket for --create-scanner and --modify-scanner.
--scanner-relay-port=SCANNER-PORT
Scanner relay port for --create-scanner and --modify-scanner.
--scanner-type=SCANNER-TYPE
Scanner type for --create-scanner and --modify-scanner.
Either 'OpenVAS', 'GMP', 'OSP-Sensor' or a number as used in GMP.
--scanner-connection-retry=NUMBER
Number of auto retries if scanner connection is lost in a running task.
--schedule-timeout=TIME
Time out tasks that are more than TIME minutes overdue. -1 to disable, 0 for minimum time.
--secinfo-commit-size=NUMBER
During CERT and SCAP sync, commit updates to the database every NUMBER items, 0 for unlimited.
--secinfo-fast_init=NUMBER
Whether to prefer faster SQL with less checks for non-incremental SecInfo updates. 0 to use
statements with more checks, 1 to use faster statements, default: 1
-c, --unix-socket=FILENAME
Listen on UNIX socket at FILENAME.
--user=USERNAME
User for --new-password.
--value=VALUE
Value for --modify-setting.
--verbose
Has no effect. See INSTALL.md for logging config.
--verify-scanner=SCANNER-UUID
Verify scanner SCANNER-UUID and exit.
--version
Print version and exit.
--vt-verification-collation=COLLATION
Set collation for VT verification to COLLATION, omit or leave empty to choose automatically.
Should be 'ucs_default' if DB uses UTF-8 or 'C' for single-byte encodings.
SIGNALS
SIGHUP causes gvmd to rebuild the database with information from the Scanner (openvas).
EXAMPLES
gvmd --port 1241
Serve GMP clients on port 1241 and connect to an OpenVAS scanner via the default OTP file socket.
SEE ALSO
openvas(8), gsad(8), ospd-openvas(8), greenbone-certdata-sync(8), greenbone-scapdata-sync(8),
MORE INFORMATION
The canonical places where you will find more information about the Greenbone Vulnerability Manager are:
https://community.greenbone.net (Community Portal)
https://github.com/greenbone (Development Platform)
https://www.greenbone.net (Greenbone Website)
COPYRIGHT
The Greenbone Vulnerability Manager is released under the GNU GPL, version 2, or, at your option, any
later version.
Manuals User gvmd(8)