DragonFly On-Line Manual Pages
OpenVAS-ADDUSER(8) User Manuals OpenVAS-ADDUSER(8)
NAME
openvas-adduser - add a user in the openvasd userbase
SYNOPSIS
openvas-adduser
DESCRIPTION
The OpenVAS Security Scanner comes with its own user base which
contains the list of who can use the services of openvasd, and what
restriction (or rules) each user has.
openvas-adduser is a simple program which will add a user to the
openvasd userbase.
The program is straightforward and asks for the following items:
o Login
the login name of the openvasd user to add
o Password
the password that the user will use to connect to openvasd
o Rules
the set of rules to apply to the user. See below.
RULES
Each user has his own set of rules. Rules are here to restrict the
rights of the users. For instance, you can add user "joe" so that he
can only test the host "192.168.1.1", whereas you can add user "bob" so
that he can test whatever IP address he wishes.
Each rule fits on one line. A user can have an unlimited amount of
rules (and can even have no rule at all).
The syntax is:
accept|deny ip/mask
and
default accept|deny
Where mask is the CIDR netmask of the rule.
The default statement must be the last rule and defines the policy of
the user.
The following rule set will allow the user to test 192.168.1.0/24,
192.168.3.0/24 and 172.22.0.0/16, but nothing else:
accept 192.168.1.0/24
accept 192.168.3.0/24
accept 172.22.0.0/16
default deny
The following rule set will allow the user to test whatever he wants,
except the network 192.168.1.0/24:
deny 192.168.1.0/24
default accept
The keyword client_ip has been defined, and is replaced at run time by
the IP address of the openvasd user. For instance, if you want your
users to be able to only be able to scan the system they come from,
then you want them to have the following ruleset:
accept client_ip
default deny
SEE ALSO
openvas-rmuser(8), openvasd(8)
MORE INFORMATION ABOUT THE OpenVAS PROJECT
The canonical places where you will find more information about the
OpenVAS project are:
http://www.openvas.org/ <> (Official site)
AUTHOR
openvas-adduser was quickly written by Renaud Deraison
<deraison@cvs.nessus.org>
BUGS
openvas-adduser creates temporary files in $TMPDIR/. If this variable
is not set, then it will use /var/tmp which may be a security risk
depending of your configuration.
If you set your TMPDIR variable to /tmp, then you are in trouble.
The OpenVAS Project May 2009 OpenVAS-ADDUSER(8)