A Logo

Feel free to include my content in your page via my
RSS feed

Help Irongeek.com pay for
bandwidth and research equipment:
Subscribestar or Patreon

Search Irongeek.com:

Affiliates:
Irongeek Button
Social-engineer-training Button

Help Irongeek.com pay for bandwidth and research equipment:

paypalpixle


Man page of OpenVAS-ADDUSER

OpenVAS-ADDUSER

Section: User Manuals (8)
Updated: May 2009
Index of this MAN page

Back To MAN Pages From BackTrack 5 R1 Master List  

NAME

openvas-adduser - add a user in the openvassd userbase

 

SYNOPSIS

openvas-adduser

 

DESCRIPTION

The OpenVAS Security Scanner comes with its own user base which contains the list of who can use the services of openvassd, and what restriction (or rules) each user has.

openvas-adduser is a simple program which will add a user to the openvassd userbase.

The program is straightforward and asks for the following items:

• Login
the login name of the openvassd user to add

• Password
the password that the user will use to connect to openvassd

• Rules
the set of rules to apply to the user. See below.

 

RULES

Each user has his own set of rules. Rules are here to restrict the rights of the users. For instance, you can add user ``joe'' so that he can only test the host ``192.168.1.1'', whereas you can add user ``bob'' so that he can test whatever IP address he wishes.

Each rule fits on one line. A user can have an unlimited amount of rules (and can even have no rule at all).

The syntax is:

accept|deny ip/mask
and
default accept|deny

Where mask is the CIDR netmask of the rule.

The default statement must be the last rule and defines the policy of the user.

The following rule set will allow the user to test 192.168.1.0/24, 192.168.3.0/24 and 172.22.0.0/16, but nothing else:

accept 192.168.1.0/24
accept 192.168.3.0/24
accept 172.22.0.0/16
default deny

The following rule set will allow the user to test whatever he wants, except the network 192.168.1.0/24:

deny 192.168.1.0/24
default accept

The keyword client_ip has been defined, and is replaced at run time by the IP address of the openvassd user. For instance, if you want your users to be able to only be able to scan the system they come from, then you want them to have the following ruleset:

accept client_ip
default deny

 

SEE ALSO

openvas-rmuser(8), openvassd(8)

 

MORE INFORMATION ABOUT THE OpenVAS PROJECT

The canonical places where you will find more information about the OpenVAS project are:
http://www.openvas.org/ (Official site)

   

 

AUTHOR

openvas-adduser was quickly written by Renaud Deraison <deraison@cvs.nessus.org>

 

BUGS

openvas-adduser creates temporary files in $TMPDIR/. If this variable is not set, then it will use /var/tmp which may be a security risk depending of your configuration.

If you set your TMPDIR variable to /tmp, then you are in trouble.

 

Index

NAME
SYNOPSIS
DESCRIPTION
RULES
SEE ALSO
MORE INFORMATION ABOUT THE OpenVAS PROJECT
AUTHOR
BUGS
This document was created by man2html, using the manual pages.
Time: 07:34:21 GMT, September 13, 2011

Printable version of this article

15 most recent posts on Irongeek.com:


If you would like to republish one of the articles from this site on your webpage or print journal please contact IronGeek.

Copyright 2020, IronGeek
Louisville / Kentuckiana Information Security Enthusiast