26. CLI Configuration Reference¶

This chapter lists all settings in alphabetical order. For each setting there is a short description and reference to sections where the setting is discussed in more detail.

address_ethX_ipv4: IPv4 address of the network adapter Ehernet-X with netmask. Alternatively the value dhcp could be set. Depending on the appliance X can have a value between 0 and 19. See section IP Addresses. Entering an IPv4 address for network adapter Ethernet-0 in mandatory all other IP addresses are optional.
address_ethX_ipv6: This is the IPv6 address for adapter Ethernet-X. See section IP Addresses. The setting is optional.
airgap: Default: disabled This is the role in a airgap synchronization scenario. Possible Values are: disabled, master or slave. See section Airgap Update.
airgap_ftp_location: Default: not set This is the address of the ftp server for the airgap synchronization. Hereby a directory can be included as well (for example: your.ftp.server/subdirectory). See section Airgap Update.
airgap_ftp_password: Default: not set This is the password that is being used when logging into the ftp server for the airgap functionality. See section Airgap Update.
airgap_ftp_user: Default: not set This is the user that is being used when logging into the ftp server for the airgap functionality. See section Airgap Update.
airgap_type: Default: usb This is the airgap method. Possible values are ftp and usb. See section Airgap Update.
autoslavesync: Default: disabled This variable decides if slaves are being supplied with the NVT feeds from the master automatically using the push method. See chapter Master and Slave Setup.
default_route_ipv4: Default: not set This is the default route for IPv4. By default the system is configured via DHCP. Then the default route is also being set via DHCP. See section Default Gateway. This setting is optional.
dns1: Default: 8.8.8.8 This is the first namserver that is being used by the GSM. If this namserver is not available the second one will be used. Only an IPV4 address is allowed for this value. IPv6 nameservers are not yet supported. The default value is a Google server. See section DNS server.
dns2: Default: 8.8.4.4 This is the second namserver that is being used by the GSM. This setting is optional. If this namserver is not available the third one will be used. Only an IPV4 address is allowed for this value. IPv6 nameservers are not yet supported. The default value is a Google server. See section DNS server.
dns3: Default: not set This is the third namserver that is being used by the GSM. This setting is optional. If this namserver is not available a name resolution is not possible. Only an IPV4 address is allowed for this value. IPv6 nameservers are not yet supported. See section DNS server.
domainname: Default: Greenbone.net This is the domain of the appliance. By prepending the hostname you get the fully qualified name of the appliance. See section domainname.
fancontrol: Default: enabled This controls the fan behaviour. If this functionality is enabled the fan will only be activated on demand. Possible values are enabled and disabled. See section domainname.
feedfrommaster: Default: disabled This variable defines if the slave expects and accepts feeds from the master. Possible values are enabled and disabled. See chapter Master and Slave Setup.
feedsync: Default: enabled This variable defines if synchronization with the Greenbone Security Feed should occur. Possible values are enabled and disabled. See section Feed Synchronization.
guest_login: Default: disabled This variable enables or disables the guest access for the web interface. Possible values are enabled and disabled. See section Guest Log in.
guest_password: Default: not set This variable defines the password for the guest access. See section Guest Log in.
guest_user: Default: not set This variable defines the user name for the guest access. See section Guest Log in.
hostname: Default: gsm This is the host name of the appliance. By appending the domain name you get the fully qualified name of the appliance. See section hostname.
ifadm: Default: all This is the network adapter through which the web interface and SSH interface are allowed to be accessed. Possible values are all or the specific network adapter (i.e. eth0). See section Management Adapter.
ipv6support: Default: enabled With this variable IPv6 support can be enabled and disabled. If IPv6 support is enabled the GSM creates Link-Local IPV6 addresses. Possible values are enabled and disabled. See section IP Addresses.
keyboard_layout: Default: DE This configures the keyboard layout for the CLI interface. Possible values are DE, ES, FR, IT, PL, SE, UK and US. See section Keyboard layout.
mailhub: Default: mail.example.com The GSM can send emails with reports for example. For this the mailserver specified in this variable is used. The value should be a fully qualified DNS name. See section Mail Server.
netmode: Default: default Selects the network configuration mode. Possible values are enabled and expert. See section Expert Network Configuration.
ntp_server1: This is the first NTPv5 time server. As a value an IPv4 address is expected. See section Network Time Protocol.
ntp_server2: This is the second NTPv5 time server. This setting is optional See section Network Time Protocol.
omp_ciphers: Default: SECURE128:-AES-128-CBC:-CAMELLIA-128-CBC:-VERS-SSL3.0:-VERS-TLS1.0 Selects the TLS cipher supported by OMP. The syntax of this cipher priority string is the one of “GNUTLS” and documented here: http://gnutls.org/manual/html_node/Priority-Strings.html . See section OpenVAS Management Protocol (OMP).
proxy_credentials: Default: not set The GSM can receive its feeds through an http proxy. If the proxy expects an authentication then with this variable the username and password can be stored (username:password). See section Proxy configuration.
proxy_feed: Default: not set The GSM can receive its GOS updates and feeds through an http proxy. Here the proxy for receiving the updates and feeds can be set. See section Proxy configuration.
public_omp: Default: disabled Enables or disables OMP access to port 9390. Here the proxy for receiving the updates can be set. See section OpenVAS Management Protocol (OMP).
selfsigssl: Default: disabled This setting allows for the creation and use of self-signed certificates for the authentication of the GSM. See section Self-signed certificates.
sensors: Default: not set This is a list of the sensors managed by the GSM. The list is separated by spaces. See section Sensor.
snmp: Default: disabled This setting allows remote access via SNMPv3. See section SNMP.
snmp_contact: Default: Greenbone_Unspecified_contact This is the contact specified in the SNMP output. See section SNMP.
snmp_key: Default: not set The privacy password for SNMPv3 requests. The password must be at least 8 characters See section SNMP.
snmp_location: Default: Hildesheim This is specified in the SNMP output place. See section SNMP.
snmp_password: Default: not set This is the authentication password for SNMPv3 requests. The password must be at least 8 characters long. See section SNMP.
snmp_trap: Default: disabled With this setting sending of SNMP traps can be activated. See section SNMP.
snmp_trapcommunity: Default: public This defines the community string for SNMP traps. See section SNMP.
snmp_trapreceiver: Default: 192.168.0.1 This defines the receiver for SNMP traps. See section SNMP.
snmp_user: Default: not set This is the user name for SNMPv3 requests. See section SNMP.
ssh: Default: disabled This is the status of the SSH server. Possible values are enabled and disabled. See section SSH Access.
superuser: Default: disabled This activates the superuser access via SSH for debugging purposes. Possible values are enabled and disabled. See section Superuser.
superuserpassword: Default: disabled When the superuser was activated the password can be set with this variable. Possible values are disabled or an 8 character long password. See section Superuser.
syncport: Default: 24 This is the port for the synchronization with the Greenbone Security Feed. Possible values are 24 or 443. See section Feed Synchronization.
synctime: Default: 06:25 This is the time for the daily synchronization with the Greenbone Security Feed. The format is entered in HH:MM in the UTC time zone. The synchronization is not possible between 10:00 (10 am) and 13:00 (1pm). See section Feed Synchronization.
syslog_server1: Default: not set This is the first syslog server. See section Central Logging Server.
syslog_server2: Default: not set This is the second syslog server. See section Central Logging Server.
web_ciphers: Default: SECURE128:-AES-128-CBC:-CAMELLIA-128-CBC:-VERS-SSL3.0:-VERS-TLS1.0 Select the supported SSL/TLS cipher. See section Central Logging Server.
web_interface: Default: classic This is the default web interface. See chapter Alternate User Interfaces.
webtimeout: Default: 15 This is the default timeout for HTTPS browser sessions in minutes. See section HTTPS Timeout.