28. CLI Configuration ReferenceΒΆ

This chapter lists all settings in alphabetical order. For each setting there is a short description and reference to sections where the setting is discussed in more detail.

address_ethX_ipv4
IPv4 address of the network adapter Ehernet-X with netmask. Alternatively the value dhcp could be set. Depending on the appliance X can have a value between 0 and 19. See section IP Addresses. Entering an IPv4 address for network adapter Ethernet-0 in mandatory all other IP addresses are optional.
address_ethX_ipv6
This is the IPv6 address for adapter Ethernet-X. See section IP Addresses. The setting is optional.
airgap
Default: disabled This is the role in a airgap synchronization scenario. Possible Values are: disabled, master or slave. See section Airgap Update.
airgap_ftp_location
Default: not set This is the address of the ftp server for the airgap synchronization. Hereby a directory can be included as well (for example: your.ftp.server/subdirectory). See section Airgap Update.
airgap_ftp_password
Default: not set This is the password that is being used when logging into the ftp server for the airgap functionality. See section Airgap Update.
airgap_ftp_user
Default: not set This is the user that is being used when logging into the ftp server for the airgap functionality. See section Airgap Update.
airgap_type
Default: usb This is the airgap method. Possible values are ftp and usb. See section Airgap Update.
autoslavesync
Default: disabled This variable decides if slaves are being supplied with the NVT feeds from the master automatically using the push method. See chapter Master and Slave Setup.
default_route_ipv4
Default: not set This is the default route for IPv4. By default the system is configured via DHCP. Then the default route is also being set via DHCP. See section Default Gateway. This setting is optional.
dns1
Default: 8.8.8.8 This is the first namserver that is being used by the GSM. If this namserver is not available the second one will be used. Only an IPV4 address is allowed for this value. IPv6 nameservers are not yet supported. The default value is a Google server. See section DNS server.
dns2
Default: 8.8.4.4 This is the second namserver that is being used by the GSM. This setting is optional. If this namserver is not available the third one will be used. Only an IPV4 address is allowed for this value. IPv6 nameservers are not yet supported. The default value is a Google server. See section DNS server.
dns3
Default: not set This is the third namserver that is being used by the GSM. This setting is optional. If this namserver is not available a name resolution is not possible. Only an IPV4 address is allowed for this value. IPv6 nameservers are not yet supported. See section DNS server.
domainname
Default: Greenbone.net This is the domain of the appliance. By prepending the hostname you get the fully qualified name of the appliance. See section domainname.
fancontrol
Default: enabled This controls the fan behaviour. If this functionality is enabled the fan will only be activated on demand. Possible values are enabled and disabled. See section domainname.
feedfrommaster
Default: disabled This variable defines if the slave expects and accepts feeds from the master. Possible values are enabled and disabled. See chapter Master and Slave Setup.
feedsync
Default: enabled This variable defines if synchronization with the Greenbone Security Feed should occur. Possible values are enabled and disabled. See section Feed Synchronization.
guest_login
Default: disabled This variable enables or disables the guest access for the web interface. Possible values are enabled and disabled. See section Guest Log in.
guest_password
Default: not set This variable defines the password for the guest access. See section Guest Log in.
guest_user
Default: not set This variable defines the user name for the guest access. See section Guest Log in.
hostname
Default: gsm This is the host name of the appliance. By appending the domain name you get the fully qualified name of the appliance. See section hostname.
ifadm
Default: all This is the network adapter through which the web interface and SSH interface are allowed to be accessed. Possible values are all or the specific network adapter (i.e. eth0). See section Management Adapter.
ipv6support
Default: enabled With this variable IPv6 support can be enabled and disabled. If IPv6 support is enabled the GSM creates Link-Local IPV6 addresses. Possible values are enabled and disabled. See section IP Addresses.
keyboard_layout
Default: DE This configures the keyboard layout for the CLI interface. Possible values are DE, ES, FR, IT, PL, SE, UK and US. See section Keyboard layout.
mailhub
Default: mail.example.com The GSM can send emails with reports for example. For this the mailserver specified in this variable is used. The value should be a fully qualified DNS name. See section Mail Server.
netmode
Default: default Selects the network configuration mode. Possible values are enabled and expert. See section Expert Network Configuration.
ntp_server1
This is the first NTPv5 time server. As a value an IPv4 address is expected. See section Network Time Protocol.
ntp_server2
This is the second NTPv5 time server. This setting is optional See section Network Time Protocol.
omp_ciphers

Default:

SECURE128:-AES-128-CBC:-CAMELLIA-128-CBC:-VERS-SSL3.0:-VERS-TLS1.0 Selects the TLS cipher supported by OMP. The syntax of this cipher priority string is the one of “GNUTLS” and documented here: http://gnutls.org/manual/html_node/Priority-Strings.html . See section OpenVAS Management Protocol (OMP).

proxy_credentials
Default: not set The GSM can receive its feeds through an http proxy. If the proxy expects an authentication then with this variable the username and password can be stored (username:password). See section Proxy configuration.
proxy_feed
Default: not set The GSM can receive its GOS updates and feeds through an http proxy. Here the proxy for receiving the updates and feeds can be set. See section Proxy configuration.
public_omp
Default: disabled Enables or disables OMP access to port 9390. Here the proxy for receiving the updates can be set. See section OpenVAS Management Protocol (OMP).
selfsigssl
Default: disabled This setting allows for the creation and use of self-signed certificates for the authentication of the GSM. See section Self-signed certificates.
sensors
Default: not set This is a list of the sensors managed by the GSM. The list is separated by spaces. See section Sensor.
snmp
Default: disabled This setting allows remote access via SNMPv3. See section SNMP.
snmp_contact
Default: Greenbone_Unspecified_contact This is the contact specified in the SNMP output. See section SNMP.
snmp_key
Default: not set The privacy password for SNMPv3 requests. The password must be at least 8 characters See section SNMP.
snmp_location
Default: Hildesheim This is specified in the SNMP output place. See section SNMP.
snmp_password
Default: not set This is the authentication password for SNMPv3 requests. The password must be at least 8 characters long. See section SNMP.
snmp_trap
Default: disabled With this setting sending of SNMP traps can be activated. See section SNMP.
snmp_trapcommunity
Default: public This defines the community string for SNMP traps. See section SNMP.
snmp_trapreceiver
Default: 192.168.0.1 This defines the receiver for SNMP traps. See section SNMP.
snmp_user
Default: not set This is the user name for SNMPv3 requests. See section SNMP.
ssh
Default: disabled This is the status of the SSH server. Possible values are enabled and disabled. See section SSH Access.
superuser
Default: disabled This activates the superuser access via SSH for debugging purposes. Possible values are enabled and disabled. See section Superuser.
superuserpassword
Default: disabled When the superuser was activated the password can be set with this variable. Possible values are disabled or an 8 character long password. See section Superuser.
syncport
Default: 24 This is the port for the synchronization with the Greenbone Security Feed. Possible values are 24 or 443. See section Feed Synchronization.
synctime
Default: 06:25 This is the time for the daily synchronization with the Greenbone Security Feed. The format is entered in HH:MM in the UTC time zone. The synchronization is not possible between 10:00 (10 am) and 13:00 (1pm). See section Feed Synchronization.
syslog_server1
Default: not set This is the first syslog server. See section Central Logging Server.
syslog_server2
Default: not set This is the second syslog server. See section Central Logging Server.
web_ciphers

Default:

SECURE128:-AES-128-CBC:-CAMELLIA-128-CBC:-VERS-SSL3.0:-VERS-TLS1.0 Select the supported SSL/TLS cipher. See section Central Logging Server.

web_interface
Default: classic This is the default web interface. See chapter Alternate User Interfaces.
webtimeout
Default: 15 This is the default timeout for HTTPS browser sessions in minutes. See section HTTPS Timeout.