1OpenVAS-ADDUSER(8)               User Manuals               OpenVAS-ADDUSER(8)
2
3
4

NAME

6       openvas-adduser - add a user in the openvassd userbase
7
8

SYNOPSIS

10       openvas-adduser
11
12

DESCRIPTION

14       The  OpenVAS  Security  Scanner comes with its own user base which con‐
15       tains the list of who can use  the  services  of  openvassd,  and  what
16       restriction (or rules) each user has.
17
18       openvas-adduser  is a simple program which will add a user to the open‐
19       vassd userbase.
20
21       The program is straightforward and asks for the following items:
22
23       · Login
24              the login name of the openvassd user to add
25
26
27       · Password
28              the password that the user will use to connect to openvassd
29
30
31       · Rules
32              the set of rules to apply to the user. See below.
33
34

RULES

36       Each user has his own set of rules. Rules  are  here  to  restrict  the
37       rights  of  the  users. For instance, you can add user “joe” so that he
38       can only test the host “192.168.1.1”, whereas you can add user “bob” so
39       that he can test whatever IP address he wishes.
40
41       Each  rule  fits  on  one  line. A user can have an unlimited amount of
42       rules (and can even have no rule at all).
43
44       The syntax is:
45              accept|deny ip/mask
46       and
47              default accept|deny
48
49       Where mask is the CIDR netmask of the rule.
50
51       The default statement must be the last rule and defines the  policy  of
52       the user.
53
54       The  following  rule  set  will  allow the user to test 192.168.1.0/24,
55       192.168.3.0/24 and 172.22.0.0/16, but nothing else:
56              accept 192.168.1.0/24
57              accept 192.168.3.0/24
58              accept 172.22.0.0/16
59              default deny
60
61       The following rule set will allow the user to test whatever  he  wants,
62       except the network 192.168.1.0/24:
63              deny 192.168.1.0/24
64              default accept
65
66       The  keyword client_ip has been defined, and is replaced at run time by
67       the IP address of the openvassd user. For instance, if  you  want  your
68       users  to  be  able  to only be able to scan the system they come from,
69       then you want them to have the following ruleset:
70              accept client_ip
71              default deny
72
73

SEE ALSO

75       openvas-rmuser(8), openvassd(8)
76
77

MORE INFORMATION ABOUT THE OpenVAS PROJECT

79       The canonical places where you will find  more  information  about  the
80       OpenVAS project are:
81              http://www.openvas.org/ ⟨⟩ (Official site)
82
83
84

AUTHOR

86       openvas-adduser   was   quickly  written  by  Renaud  Deraison  <derai‐
87       son@cvs.nessus.org>
88
89

BUGS

91       openvas-adduser creates temporary files in $TMPDIR/.  If this  variable
92       is  not  set,  then  it  will use /var/tmp which may be a security risk
93       depending of your configuration.
94
95       If you set your TMPDIR variable to /tmp, then you are in trouble.
96
97
98
99The OpenVAS Project                May 2009                 OpenVAS-ADDUSER(8)
Impressum