diff --git a/doc/gvmd.8 b/doc/gvmd.8
index 38a6cb1d1..c963b74af 100644
--- a/doc/gvmd.8
+++ b/doc/gvmd.8
@@ -10,84 +10,170 @@ The Greenbone Vulnerability Manager is the central management service between se
It manages the storage of any vulnerability management configurations and of the scan results. Access to data, control commands and workflows is offered via the XML-based Greenbone Management Protocol (GMP). The primary scanner 'OpenVAS Scanner' is controlled directly via protocol OTP while any other remote scanner is coupled with the Open Scanner Protocol (OSP).
.SH OPTIONS
.TP
-\fB-a, --listen=\fIADDRESS\fB\f1
-Listen on ADDRESS.
+\fB--backup\f1
+Backup the database.
+.TP
+\fB--check-alerts\f1
+Check SecInfo alerts.
+.TP
+\fB--client-watch-interval=\fINUMBER\fB\f1
+Check if client connection was closed every NUMBER seconds. 0 to disable. Defaults to 1 second.
+.TP
+\fB--create-scanner=\fISCANNER\fB\f1
+Create global scanner SCANNER and exit.
.TP
\fB--create-user=\fIUSERNAME\fB\f1
Create admin user USERNAME and exit.
.TP
-\fB--role=\fIROLE\fB\f1
-Role for --create-user option.
+\fB-d, --database=\fIFILE/NAME\fB\f1
+Use FILE/NAME as database for SQLite/Postgres.
+.TP
+\fB--delete-scanner=\fISCANNER-UUID\fB\f1
+Delete scanner SCANNER-UUID and exit.
.TP
\fB--delete-user=\fIUSERNAME\fB\f1
Delete user USERNAME and exit.
.TP
+\fB--dh-params=\fIFILE\fB\f1
+Diffie-Hellman parameters file
+.TP
+\fB--disable-cmds=\fICOMMANDS\fB\f1
+Disable comma-separated COMMANDS.
+.TP
+\fB--disable-encrypted-credentials\f1
+Do not encrypt or decrypt credentials.
+.TP
+\fB--disable-password-policy\f1
+Do not restrict passwords to the policy.
+.TP
+\fB--disable-scheduling\f1
+Disable task scheduling.
+.TP
+\fB--encrypt-all-credentials\f1
+(Re-)Encrypt all credentials.
+.TP
+\fB-f, --foreground\f1
+Run in foreground.
+.TP
+\fB--get-scanners\f1
+List scanners and exit.
+.TP
\fB--get-users\f1
List users and exit.
.TP
-\fB--create-scanner=\fINAME\fB\f1
-Create scanner NAME and exit.
+\fB--gnutls-priorities=\fIPRIORITIES-STRING\fB\f1
+Sets the GnuTLS priorities for the Manager socket.
.TP
-\fB--scanner-host=\fIHOST\fB\f1
-Scanner host for --create-scanner, --rebuild and --update. Default is 127.0.0.1.
+\fB--inheritor=\fIUSERNAME\fB\f1
+Have USERNAME inherit from deleted user.
.TP
-\fB--scanner-port=\fIPORT\fB\f1
-Scanner port for --create-scanner, --rebuild and --update. Default is 9391.
+\fB-a, --listen=\fIADDRESS\fB\f1
+Listen on ADDRESS.
.TP
-\fB--scanner-type=\fITYPE\fB\f1
-Type for --create-scanner option. Could be "OpenVAS Scanner" or "OSP Ovaldi".
+\fB--listen2=\fIADDRESS\fB\f1
+Listen also on ADDRESS.
.TP
-\fB--scanner-ca-pub=\fICAPUB\fB\f1
-Scanner CA public key path for --create-scanner.
+\fB--listen-group=\fISTRING\fB\f1
+Group of the unix socket
.TP
-\fB--scanner-key-pub=\fIKEYPUB\fB\f1
-Scanner public key path for --create-scanner.
+\fB--listen-mode=\fISTRING\fB\f1
+File mode of the unix socket
.TP
-\fB--scanner-key-priv=\fIKEYPRIV\fB\f1
-Scanner private key path for --create-scanner.
+\fB--listen-owner=\fISTRING\fB\f1
+Owner of the unix socket
.TP
-\fB--delete-scanner=\fIUUID\fB\f1
-Delete scanner with UUID and exit.
+\fB--max-email-attachment-size=\fINUMBER\fB\f1
+Maximum size of alert email attachments, in bytes.
.TP
-\fB--get-scanners\f1
-List scanners and exit.
+\fB--max-email-include-size=\fINUMBER\fB\f1
+Maximum size of inlined content in alert emails, in bytes.
.TP
-\fB--gnutls-priorities=\fIPRIORITY\fB\f1
-Set the GnuTLS priority string to PRIORITY.
+\fB--max-email-message-size=\fINUMBER\fB\f1
+Maximum size of user-defined message text in alert emails, in bytes.
.TP
-\fB--dh-params=\fIFILE\fB\f1
-Path to file containing Diffie-Hellman parameters which are needed for DHE-RSA. This file could be generated using openssl or certtool.
+\fB--max-ips-per-target=\fINUMBER\fB\f1
+Maximum number of IPs per target.
.TP
-\fB--max-email-attachment-size=\fISIZE\fB\f1
-Maximum number of bytes permitted in alert email attachments.
-
-0 to use the default, negative to allow any size.
+\fB-m, --migrate\f1
+Migrate the database and exit.
.TP
-\fB--max-email-include-size=\fISIZE\fB\f1
-Maximum number of bytes permitted in reports inlined in alert email attachments.
-
-0 to use the default, negative to allow any size.
+\fB--modify-scanner=\fISCANNER-UUID\fB\f1
+Modify scanner SCANNER-UUID and exit.
+.TP
+\fB--modify-setting=\fIUUID\fB\f1
+Modify setting UUID and exit.
+.TP
+\fB--new-password=\fIPASSWORD\fB\f1
+Modify user's password and exit.
+.TP
+\fB--new-password=\fIPASSWORD\fB\f1
+Modify user's password and exit.
+.TP
+\fB--optimize=\fINAME\fB\f1
+Run an optimization: vacuum, analyze, cleanup-config-prefs, cleanup-port-names, cleanup-result-severities, cleanup-schedule-times, rebuild-report-cache or update-report-cache.
.TP
-\fB--max-ips-per-target=\fISIZE\fB\f1
-Maximum number of IPs per target.
+\fB--osp-vt-update=\fISCANNER-SOCKET\fB\f1
+Unix socket for OSP NVT update. Default is to do an OTP update.
.TP
-\fB-u, --update\f1
-Updates the database with information from a running scanner (openvassd) and exits.
+\fB--password=\fIPASSWORD\fB\f1
+Password, for --create-user.
.TP
\fB-p, --port=\fINUMBER\fB\f1
-Listen on port number \fINUMBER\f1.
+Use port number NUMBER.
.TP
-\fB--rebuild\f1
-Rebuild the database with information from a running scanner (openvassd) and exits.
+\fB--port2=\fINUMBER\fB\f1
+Use port number NUMBER for address 2.
.TP
-\fB--version\f1
-Print version.
+\fB--role=\fIROLE\fB\f1
+Role for --create-user and --get-users.
+.TP
+\fB--scanner-ca-pub=\fISCANNER-CA-PUB\fB\f1
+Scanner CA Certificate path for --[create|modify]-scanner.
+.TP
+\fB--scanner-host=\fISCANNER-HOST\fB\f1
+Scanner host for --create-scanner and --modify-scanner.
+.TP
+\fB--scanner-key-priv=\fISCANNER-KEY-PRIVATE\fB\f1
+Scanner private key path for --[create|modify]-scanner.
+.TP
+\fB--scanner-key-pub=\fISCANNER-KEY-PUBLIC\fB\f1
+Scanner Certificate path for --[create|modify]-scanner.
.TP
-\fB-v, --verbose\f1
-Print progress messages.
+\fB--scanner-name=\fINAME\fB\f1
+Name for --modify-scanner.
.TP
-\fB-?, --help\f1
-Show help.
+\fB--scanner-port=\fISCANNER-PORT\fB\f1
+Scanner port for --create-scanner and --modify-scanner.
+.TP
+\fB--scanner-type=\fISCANNER-TYPE\fB\f1
+Scanner type for --create-scanner and --modify-scanner.
+.TP
+\fB--schedule-timeout=\fITIME\fB\f1
+Time out tasks that are more than TIME minutes overdue. -1 to disable, 0 for minimum time.
+.TP
+\fB--secinfo-commit-size=\fINUMBER\fB\f1
+During CERT and SCAP sync, commit updates to the database every NUMBER items, 0 for unlimited.
+.TP
+\fB--slave-commit-size=\fINUMBER\fB\f1
+During slave updates, commit after every NUMBER updated results and hosts, 0 for unlimited.
+.TP
+\fB-c, --unix-socket=\fIFILENAME\fB\f1
+Listen on UNIX socket at FILENAME.
+.TP
+\fB--user=\fIUSERNAME\fB\f1
+User for --new-password.
+.TP
+\fB--value=\fIVALUE\fB\f1
+User for --new-password.
+.TP
+\fB--verbose\f1
+Has no effect. See INSTALL.md for logging config.
+.TP
+\fB--verify-scanner=\fISCANNER-UUID\fB\f1
+Verify scanner SCANNER-UUID and exit.
+.TP
+\fB--version\f1
+Print version and exit.
.SH SIGNALS
SIGHUP causes gvmd to rebuild the database with information from the Scanner (openvassd).
.SH EXAMPLES
diff --git a/doc/gvmd.8.xml b/doc/gvmd.8.xml
index f01cbe0a4..43d3b1602 100644
--- a/doc/gvmd.8.xml
+++ b/doc/gvmd.8.xml
@@ -48,162 +48,342 @@ Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+
+
+
-
-
+
-
+
+
+
+
+
+
+
+
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
+
+
+
+
-
-
-
-
-
+
+
+
-
+
+
+
+
+
+
+
+
+
+
+
diff --git a/doc/gvmd.html b/doc/gvmd.html
index 88b9458cf..30fab8c99 100644
--- a/doc/gvmd.html
+++ b/doc/gvmd.html
@@ -31,162 +31,342 @@
Description
Options
-
-a, --listen=ADDRESS
-
Listen on ADDRESS.
+
--backup
+
+
Backup the database.
+
+
+
+
--check-alerts
+
+
Check SecInfo alerts.
+
+
+
+
--client-watch-interval=NUMBER
+
+
Check if client connection was closed every NUMBER seconds.
+ 0 to disable. Defaults to 1 second.
+
+
+
+
--create-scanner=SCANNER
+
+
Create global scanner SCANNER and exit.
+
-
--create-user=USERNAME
-
Create admin user USERNAME and exit.
+
+
Create admin user USERNAME and exit.
+
-
-
--role=ROLE
-
Role for --create-user option.
+
-d, --database=FILE/NAME
+
+
Use FILE/NAME as database for SQLite/Postgres.
+
+
+
+
--delete-scanner=SCANNER-UUID
+
+
Delete scanner SCANNER-UUID and exit.
+
-
--delete-user=USERNAME
-
Delete user USERNAME and exit.
+
+
Delete user USERNAME and exit.
+
+
+
+
--dh-params=FILE
+
+
Diffie-Hellman parameters file
+
+
+
+
--disable-cmds=COMMANDS
+
+
Disable comma-separated COMMANDS.
+
+
+
+
--disable-encrypted-credentials
+
+
Do not encrypt or decrypt credentials.
+
+
+
+
--disable-password-policy
+
+
Do not restrict passwords to the policy.
+
+
+
+
--disable-scheduling
+
+
Disable task scheduling.
+
+
+
+
--encrypt-all-credentials
+
+
(Re-)Encrypt all credentials.
+
+
+
+
-f, --foreground
+
+
Run in foreground.
+
+
+
+
--get-scanners
+
+
List scanners and exit.
+
-
--get-users
-
List users and exit.
+
+
List users and exit.
+
-
-
--create-scanner=NAME
-
Create scanner NAME and exit.
+
--gnutls-priorities=PRIORITIES-STRING
+
+
Sets the GnuTLS priorities for the Manager socket.
+
-
-
--scanner-host=HOST
+
--inheritor=USERNAME
-
Scanner host for --create-scanner, --rebuild and --update. Default is 127.0.0.1.
+
Have USERNAME inherit from deleted user.
-
-
--scanner-port=PORT
+
-a, --listen=ADDRESS
-
Scanner port for --create-scanner, --rebuild and --update. Default is 9391.
+
Listen on ADDRESS.
-
-
--scanner-type=TYPE
-
Type for --create-scanner option.
- Could be "OpenVAS Scanner" or "OSP Ovaldi".
+
--listen2=ADDRESS
+
+
Listen also on ADDRESS.
+
-
-
--scanner-ca-pub=CAPUB
-
Scanner CA public key path for --create-scanner.
+
--listen-group=STRING
+
+
Group of the unix socket
+
-
-
--scanner-key-pub=KEYPUB
-
Scanner public key path for --create-scanner.
+
--listen-mode=STRING
+
+
File mode of the unix socket
+
-
-
--scanner-key-priv=KEYPRIV
-
Scanner private key path for --create-scanner.
+
--listen-owner=STRING
+
+
Owner of the unix socket
+
-
-
--delete-scanner=UUID
-
Delete scanner with UUID and exit.
+
--max-email-attachment-size=NUMBER
+
+
Maximum size of alert email attachments, in bytes.
+
-
-
--get-scanners
-
List scanners and exit.
+
--max-email-include-size=NUMBER
+
+
Maximum size of inlined content in alert emails, in bytes.
+
-
-
--gnutls-priorities=PRIORITY
-
Set the GnuTLS priority string to PRIORITY.
+
--max-email-message-size=NUMBER
+
+
Maximum size of user-defined message text in alert emails,
+ in bytes.
+
-
-
--dh-params=FILE
-
Path to file containing Diffie-Hellman parameters which
- are needed for DHE-RSA. This file could be generated using
- openssl or certtool.
+
--max-ips-per-target=NUMBER
+
+
Maximum number of IPs per target.
+
-
-
--max-email-attachment-size=SIZE
+
-m, --migrate
-
- Maximum number of bytes permitted in alert email attachments.
-
-
- 0 to use the default, negative to allow any size.
-
+
Migrate the database and exit.
-
-
--max-email-include-size=SIZE
+
--modify-scanner=SCANNER-UUID
-
- Maximum number of bytes permitted in reports inlined in alert email
- attachments.
-
-
- 0 to use the default, negative to allow any size.
-
+
Modify scanner SCANNER-UUID and exit.
-
-
--max-ips-per-target=SIZE
+
--modify-setting=UUID
-
- Maximum number of IPs per target.
-
+
Modify setting UUID and exit.
-
-
-u, --update
+
--new-password=PASSWORD
-
Updates the database with information from a running
- scanner (openvassd) and exits.
+
Modify user's password and exit.
+
+
+
+
--new-password=PASSWORD
+
+
Modify user's password and exit.
+
+
+
+
--optimize=NAME
+
+
Run an optimization: vacuum, analyze, cleanup-config-prefs,
+ cleanup-port-names, cleanup-result-severities,
+ cleanup-schedule-times, rebuild-report-cache or
+ update-report-cache.
+
+
+
+
--osp-vt-update=SCANNER-SOCKET
+
+
Unix socket for OSP NVT update. Default is to do an OTP update.
+
+
+
+
--password=PASSWORD
+
+
Password, for --create-user.
-
-p, --port=NUMBER
-
Listen on port number NUMBER.
+
Use port number NUMBER.
-
-
-
--rebuild
+
+
--port2=NUMBER
-
Rebuild the database with information from a running
- scanner (openvassd) and exits.
+
Use port number NUMBER for address 2.
-
-
--version
-
Print version.
+
--role=ROLE
+
+
Role for --create-user and --get-users.
+
-
-
-v, --verbose
-
Print progress messages.
+
--scanner-ca-pub=SCANNER-CA-PUB
+
+
Scanner CA Certificate path for --[create|modify]-scanner.
+
+
+
+
--scanner-host=SCANNER-HOST
+
+
Scanner host for --create-scanner and --modify-scanner.
+
+
+
+
--scanner-key-priv=SCANNER-KEY-PRIVATE
+
+
Scanner private key path for --[create|modify]-scanner.
+
+
+
+
--scanner-key-pub=SCANNER-KEY-PUBLIC
+
+
Scanner Certificate path for --[create|modify]-scanner.
+
-
-
-?, --help
-
Show help.
+
--scanner-name=NAME
+
+
Name for --modify-scanner.
+
+
+
+
--scanner-port=SCANNER-PORT
+
+
Scanner port for --create-scanner and --modify-scanner.
+
+
+
+
--scanner-type=SCANNER-TYPE
+
+
Scanner type for --create-scanner and --modify-scanner.
+
+
+
+
--schedule-timeout=TIME
+
+
Time out tasks that are more than TIME minutes overdue.
+ -1 to disable, 0 for minimum time.
+
+
+
+
--secinfo-commit-size=NUMBER
+
+
During CERT and SCAP sync, commit updates to the database every
+ NUMBER items, 0 for unlimited.
+
+
+
+
--slave-commit-size=NUMBER
+
+
During slave updates, commit after every NUMBER updated results and
+ hosts, 0 for unlimited.
+
+
+
+
-c, --unix-socket=FILENAME
+
+
Listen on UNIX socket at FILENAME.
+
+
+
+
--user=USERNAME
+
+
User for --new-password.
+
+
+
+
--value=VALUE
+
+
User for --new-password.
+
+
+
+
--verbose
+
+
Has no effect. See INSTALL.md for logging config.
+
+
+
+
--verify-scanner=SCANNER-UUID
+
+
Verify scanner SCANNER-UUID and exit.
+
+
+
+
--version
+
+
Print version and exit.
+
diff --git a/src/gvmd.c b/src/gvmd.c
index c4cabe309..a6c74ab4d 100644
--- a/src/gvmd.c
+++ b/src/gvmd.c
@@ -1745,98 +1745,240 @@ main (int argc, char** argv)
GOptionContext *option_context;
static GOptionEntry option_entries[]
= {
- { "backup", '\0', 0, G_OPTION_ARG_NONE, &backup_database, "Backup the database.", NULL },
- { "check-alerts", '\0', 0, G_OPTION_ARG_NONE, &check_alerts, "Check SecInfo alerts.", NULL },
+ { "backup", '\0', 0, G_OPTION_ARG_NONE,
+ &backup_database,
+ "Backup the database.",
+ NULL },
+ { "check-alerts", '\0', 0, G_OPTION_ARG_NONE,
+ &check_alerts,
+ "Check SecInfo alerts.",
+ NULL },
{ "client-watch-interval", '\0', 0, G_OPTION_ARG_INT,
&client_watch_interval,
"Check if client connection was closed every seconds."
" 0 to disable. Defaults to "
G_STRINGIFY (DEFAULT_CLIENT_WATCH_INTERVAL) " seconds.",
"" },
- { "database", 'd', 0, G_OPTION_ARG_STRING, &database, "Use as database for SQLite/Postgres.", "" },
- { "disable-cmds", '\0', 0, G_OPTION_ARG_STRING, &disable, "Disable comma-separated .", "" },
+ { "create-scanner", '\0', 0, G_OPTION_ARG_STRING,
+ &create_scanner,
+ "Create global scanner and exit.",
+ "" },
+ { "create-user", '\0', 0, G_OPTION_ARG_STRING,
+ &create_user,
+ "Create admin user and exit.",
+ "" },
+ { "database", 'd', 0, G_OPTION_ARG_STRING,
+ &database,
+ "Use as database for SQLite/Postgres.",
+ "" },
+ { "decrypt-all-credentials", '\0', G_OPTION_FLAG_HIDDEN,
+ G_OPTION_ARG_NONE,
+ &decrypt_all_credentials,
+ NULL,
+ NULL },
+ { "delete-scanner", '\0', 0, G_OPTION_ARG_STRING,
+ &delete_scanner,
+ "Delete scanner and exit.",
+ "" },
+ { "delete-user", '\0', 0, G_OPTION_ARG_STRING,
+ &delete_user,
+ "Delete user and exit.",
+ "" },
+ { "dh-params", '\0', 0, G_OPTION_ARG_STRING,
+ &dh_params,
+ "Diffie-Hellman parameters file",
+ "" },
+ { "disable-cmds", '\0', 0, G_OPTION_ARG_STRING,
+ &disable,
+ "Disable comma-separated .",
+ "" },
{ "disable-encrypted-credentials", '\0', 0, G_OPTION_ARG_NONE,
&disable_encrypted_credentials,
- "Do not encrypt or decrypt credentials.", NULL },
- {"disable-password-policy", '\0', 0, G_OPTION_ARG_NONE,
- &disable_password_policy, "Do not restrict passwords to the policy.",
- NULL},
- { "disable-scheduling", '\0', 0, G_OPTION_ARG_NONE, &disable_scheduling, "Disable task scheduling.", NULL },
- { "create-user", '\0', 0, G_OPTION_ARG_STRING, &create_user, "Create admin user and exit.", "" },
- { "delete-user", '\0', 0, G_OPTION_ARG_STRING, &delete_user, "Delete user and exit.", "" },
- { "get-users", '\0', 0, G_OPTION_ARG_NONE, &get_users, "List users and exit.", NULL },
- { "create-scanner", '\0', 0, G_OPTION_ARG_STRING, &create_scanner,
- "Create global scanner and exit.", "" },
- { "modify-scanner", '\0', 0, G_OPTION_ARG_STRING, &modify_scanner,
- "Modify scanner and exit.", "" },
- { "scanner-name", '\0', 0, G_OPTION_ARG_STRING, &scanner_name, "Name for --modify-scanner.", "" },
- { "scanner-host", '\0', 0, G_OPTION_ARG_STRING, &scanner_host,
- "Scanner host for --create-scanner and --modify-scanner. Default is " OPENVASSD_ADDRESS ".",
- "" },
- { "scanner-port", '\0', 0, G_OPTION_ARG_STRING, &scanner_port,
- "Scanner port for --create-scanner and --modify-scanner. Default is " G_STRINGIFY (OPENVASSD_PORT) ".",
- "" },
- { "scanner-type", '\0', 0, G_OPTION_ARG_STRING, &scanner_type,
- "Scanner type for --create-scanner and --modify-scanner. Either 'OpenVAS' or 'OSP'.",
- "" },
- { "scanner-ca-pub", '\0', 0, G_OPTION_ARG_STRING, &scanner_ca_pub,
- "Scanner CA Certificate path for --[create|modify]-scanner.", "" },
- { "scanner-key-pub", '\0', 0, G_OPTION_ARG_STRING, &scanner_key_pub,
- "Scanner Certificate path for --[create|modify]-scanner.", "" },
- { "scanner-key-priv", '\0', 0, G_OPTION_ARG_STRING, &scanner_key_priv,
- "Scanner private key path for --[create|modify]-scanner.", "" },
- { "verify-scanner", '\0', 0, G_OPTION_ARG_STRING, &verify_scanner,
- "Verify scanner and exit.", "" },
- { "delete-scanner", '\0', 0, G_OPTION_ARG_STRING, &delete_scanner, "Delete scanner and exit.", "" },
- { "get-scanners", '\0', 0, G_OPTION_ARG_NONE, &get_scanners, "List scanners and exit.", NULL },
- { "secinfo-commit-size", '\0', 0, G_OPTION_ARG_INT, &secinfo_commit_size, "During CERT and SCAP sync, commit updates to the database every items, 0 for unlimited, default: " G_STRINGIFY (SECINFO_COMMIT_SIZE_DEFAULT), "" },
- { "schedule-timeout", '\0', 0, G_OPTION_ARG_INT, &schedule_timeout, "Time out tasks that are more than