Scan OptionsTopPrintAuthentication

Authentication

OpenVAS-Client needs to connect to an OpenVAS server in order to retrieve the available plugins and to actually execute a security scan. Starting with OpenVAS-Client 2.0.0, the client will display a notification whenever new NVTs are found on the server.

OpenVAS-Client can handle multiple connections to different servers. Each scope has a connection of its own. Additionally, the Global Settings can be connected to an OpenVAS server to define default plugin selections and plugin parameters. Note that only explicitly saved Global Settings are used as defaults for new scopes.

The connection status is indicated with a icon in the tasks/scopes/reports treelist next to the title of the global settings or a scope. Only scopes are connected with the OpenVAS server.

More information on the connection status is shown in the statusbar at the bottom of the main window. There, the connection information is displayed, e.g. "Connection: username@host.test.example". At bottom right there is an icon indicating the connection status.

The connection dialog allows to specify the following settings for establishing a connection to an OpenVAS server:

Host

The hostname or IP address of the server where an OpenVAS server is running.

Port

The port where the OpenVAS Server waits for connections. Older versions of the OpenVAS server up to and including version 2.0.0 used port 1241 as the default port. The default port used for communication via the OpenVAS Transfer Protocol (OTP) by more recent versions is 9390. You can reset this option to the default port using the "default" button.

Login

Your username on the selected OpenVAS server. To use an OpenVAS server you have to have an account on the OpenVAS server. Please contact the administrator of the server if you need an account.

Password

The password for your account on the OpenVAS server.

Authentication by Certificate:

If you use this method you have to have a key/certificate pair created for you. This is usually done by the administrator of OpenVAS server using the available scripts. The administrator will give you the two files you need to specify (User Certificate File and User Key File). The administrator may create a key without a password or with a password. If you have a password for the User Key File you must enter the password in the corresponding text field when connecting to the OpenVAS server.

Trusted CA:

This certificate defines a certificate authority (CA) you trust. With this certificate you will be able to check that you are connecting to a trusted OpenVAS server. This is checked if you have the "Paranoia Level" set to 2 or 3 and is is not checked with a "Paranoia Level" of 1. Note that you can set the Paranoia Level by hand in the openvasrc files or when first connecting to an OpenVAS server where you are asked explicitly.

The default path for the Trusted CA is the filename used by the OpenVAS server itself. Thus, if you are running OpenVAS-Client on the same machine or have the same volume mounted, you can just use the default.

If you are running OpenVAS-Client from a remote machine, you need to have a copy of the CA certificate and set the location of the certificate file manually.


Scan OptionsTopPrintAuthentication