Skip to content

Commit

Permalink
Set openvas as default scanner
Browse files Browse the repository at this point in the history
  • Loading branch information
ArnoStiefvater committed Dec 12, 2024
1 parent d120b91 commit 9261611
Showing 1 changed file with 25 additions and 20 deletions.
45 changes: 25 additions & 20 deletions rust/examples/openvasd/config.example.toml
Original file line number Diff line number Diff line change
@@ -1,54 +1,59 @@
# openvasd contains several modes to control the behaviour of it.
# Openvasd contains several modes to control the behaviour of it.
# Service enables nasl and notus feed observations all endpoints.
mode = "service"
# Notus disables /scan endpoints and just observes the notus feed.
# mode = "service_notus"

[feed]
# path to the openvas feed. This is required for the /vts endpoint.
# Path to the openvas feed. This is required for the /vts endpoint.
path = "/var/lib/openvas/plugins"
# disables or enables the signnature check
# Disables or enables the signnature check
signature_check = true

[feed.check_interval]
# how often the feed should be checked for updates
# How often the feed should be checked for updates
secs = 3600
nanos = 0

[notus]
# path to the notus feed. This is required for the /notus endpoint.
# Path to the notus feed. This is required for the /notus endpoint
products_path = "/var/lib/notus/products/"
# path to the notus advisories feed. This is required for the /vts endpoint.
# path to the notus advisories feed. This is required for the /vts endpoint
advisories_path = "/var/lib/notus/advisories/"

[endpoints]
# enables GET /scans endpoint
# Enables GET /scans endpoint
enable_get_scans = true
# if set it requires `x-api-key` header to use the endpoint
# If set it requires `x-api-key` header to use the endpoint
key = "mtls_is_preferred"

[tls]
# the server certificate
# The server certificate
certs = "/etc/openvasd/tls/server.pem"
# server key
# Server key
key = "/var/lib/openvasd/tls/server.rsa"
# dir that contains client certificates. if there are none than every client is
# dir that contains client certificates. If there are none than every client is
# allowed to connect otherwise just the clients that have the configured
# client certificates
# client certificates.
client_certs = "/etc/openvasd/tls/client"

[scanner]
# Supported types: ospd, openvas, openvasd
type = "ospd"
# Supported types:
# "ospd": Old API which will be deprecated soon
# "openvas": Current C based openvas-scanner
# "openvasd": New Rust based scanner which is not yet fully implemented
# If "ospd" is used the ospd related settings have to be set.
# If "openvas" is selected the [storage] option has to be set to "redis".
type = "openvas"

[scanner.ospd]
# path to the unix socket of ospd-openvas
# Path to the unix socket of ospd-openvas
socket = "/var/run/ospd/ospd.sock"

[scanner.ospd.read_timeout]
# Max time openvasd waits for an ospd-openvas response before
# returning a 500 code (Internal server error). Using the config
# file, it can be set in seconds and nanoseconds
# file, it can be set in seconds and nanoseconds.
secs = 1
nanos = 0

Expand All @@ -69,13 +74,13 @@ level = "INFO"
# can be either fs (file system), redis or inmemory (in memory).
# If it is set to fs is highly recommended to set `STORAGE_KEY` in the env variable.
# WARNING: if the type is set to fs and no encryption key is set then the data is stored unencrypted.
# As long as legacy openvas is required redis is recommended
# "redis" has to be chosen if the "openvas" scanner type is set.
#type = "fs"
#type = "redis"
type = "inmemory"
type = "redis"
#type = "inmemory"

[storage.redis]
# set the redis url. When socket is used it has to start with `unix://`
# Set the redis url. When socket is used it has to start with `unix://`
# if a username and password is required it also needs to set in the url:
# redis://user:pass@localhost:6379
url = "redis://localhost:6379"
Expand Down

0 comments on commit 9261611

Please sign in to comment.