Skip to main content

Greenbone OS (GOS) Administration

What this covers

This page describes how a system administrator manages the Greenbone Operating System (GOS) on a Greenbone Enterprise Appliance: upgrading GOS to a new major version, the authorization concept that separates user-level and system-level access, and the three top-level branches of the GOS administration menu. It walks through the Setup menu (users, network, VPN, services, backups, feed sync, airgap, time, mail, logging), the Maintenance menu (self-check, backup/restore, beaming, upgrade, feed update, power), and the Advanced menu (logs, superuser, support package, shell).

Source scope

Based on the Greenbone Enterprise Appliance manual (GOS 22.04 / OPENVAS SCAN 22.04), chapters 6-7, verified June 2026. This is appliance-specific administration via the GOS administration menu; it does not apply to the free Community Edition / Docker setup. Not all menu options are available on every appliance model.

1. Upgrading GOS to a new major version​

GOS 21.04 provides a seamless upgrade to the major version GOS 22.04. All system settings and user data are retained and migrated automatically, unless a change in default behavior affects a specific setting or data (§6, §6.5).

1.1 Requirements before upgrading​

Before upgrading to GOS 22.04, the following must be true in GOS 21.04 (§6.1):

  • The latest version of GOS 21.04 is installed.
  • A Feed Import Owner is set.
  • The data objects are installed (a feed update is required after setting the Feed Import Owner).

It is recommended to switch to the networking mode gnm before upgrading (§7.2.2.1).

1.2 Performing the upgrade​

The upgrade is started from the Maintenance menu (§6.1):

Maintenance > Upgrade > Switch Release

A warning informs that the appliance is upgraded to a new major version, then that the appliance is locked during the upgrade. No system operations can run during the upgrade, and all running operations must finish first. After confirming, the upgrade starts; when it finishes, a reboot is required to apply all changes (Reboot).

After the reboot, GOS checks for unfinished setup steps and offers to complete them. If the old legacy network mode was still in use, GOS offers to switch to the new GOS Network Manager (gnm) mode; this can also be done later (§7.2.2.1). A feed update must be performed after the upgrade to use new features such as the Notus Scanner (§6.5).

Major-version upgrades are disruptive

The appliance is locked for the duration of the upgrade and a reboot is required afterwards. Complete or stop running scans first to avoid losing unsaved data.

1.3 After the upgrade​

  • Flash partition. The internal flash partition holds a backup copy of GOS used for factory resets. Upgrading the GOS version on the flash partition is recommended (§6.2, §7.3.8).
  • Reload the GOS administration menu. An upgrade can change available functionality; log out of the menu and back in so changes take effect (§6.3).
  • Reload the web interface. Empty the browser cache after a major-version upgrade. Alternatively, clear each page's cache with Ctrl + F5 (per page); clearing the browser cache is global (§6.4).

1.4 Notable changes in GOS 22.04​

Selected additions and changes of default behavior (§6.5):

  • Notus Scanner runs after every regular scan with no user interaction, replacing the logic of NASL-based local security checks for the supported VT families. For a manually created scan configuration, the VT Determine OS and list of installed packages via SSH login (OID 1.3.6.1.4.1.25623.1.0.50282) must be active (§6.5.1).
  • HTTP web interface access is removed. Unencrypted HTTP is no longer supported; a valid HTTPS certificate (self-signed or CA-signed) must be configured (§6.5.4, §7.2.4.1.7).
  • Backups: the remote backup repository password can now be changed (Setup > Backup > Backup Password); obnam and all obnam backups are removed (§6.5.5).
  • Mailhub: a new option enforces SMTPS (Setup > Mail > SMTP Enforce TLS) (§6.5.6).
  • Web interface removals: Business Process Map, the task/audit setting Network Source Interface, the user setting Interface Access, OVAL definitions, and the OSP Scanner scanner type are removed (§6.5.7).
  • GMP is updated to version 22.04 with some commands, elements and attributes deprecated (§6.5.10).

2. The GOS administration menu and authorization concept​

2.1 Two levels of access​

The appliance offers two distinct access levels (§7.1.2):

LevelAccess pathPurpose
User levelWeb interface or GMP APIScanning and vulnerability management; administration of users, groups and permissions
System levelGOS administration menu (console or SSH)Administration of the Greenbone Operating System itself

User-level access (§7.1.2.1): By default no user-level account exists on delivery or after a factory reset. At least one web administrator must be created via the GOS administration menu (§7.2.1.3). Web users created via the web interface have an owner; web users created via the GOS administration menu always have the Admin role, have no owner, and are global objects manageable only via the GOS administration menu or by a super administrator. The models Greenbone Enterprise 35 and Greenbone Enterprise 25V have no user-level access and must be managed by a master appliance.

System-level access (§7.1.2.2): Only a single system administrator account is supported. The administrator instructs the system to change configurations rather than editing system files directly. The shell is provided for support and troubleshooting only. On delivery or after a factory reset, a default system administrator account and password are pre-configured; this password should be changed during initial setup (§7.2.1.1).

Feed subscription key

A unique Greenbone Enterprise Feed subscription key is pre-installed for feed authorization only (not billing or encryption). It is individual per appliance. A factory reset deletes the key; contact Greenbone Enterprise Support beforehand for a copy (§7.1.1).

2.2 Logging in to the menu​

The menu is reached via console (serial, hypervisor, or monitor/keyboard) or SSH. The default console login is user admin / password admin, which should be changed during first setup. A setup wizard assists with basic configuration on first login (§7.1.2.2).

SSH is disabled by default and must be enabled first, usually via the console (§7.2.4.4). To connect on Linux, macOS or Unix-like systems:

ssh admin@<appliance>

Replace <appliance> with the appliance's IP address or domain name. On Windows, PuTTY, smarTTY, or the OpenSSH Client component can be used. The host key fingerprint can be verified via Setup > Services > SSH > Fingerprint.

2.3 Navigating the menu​

The menu is keyboard-driven (§7.1.3): arrow keys select, Enter confirms, Space toggles on/off switches, and Esc exits the current menu. In most cases changes are not applied immediately - a Save option appears below the others, and exiting without saving shows a warning.

2.4 The three top-level menus​

MenuPurpose
Setup (§7.2)Configure users, network, VPN, services, backups, upgrades, feed, airgap, time, keyboard, mail, logging and maintenance time
Maintenance (§7.3)Self-check, manual backup/restore, beaming, GOS upgrades, feed updates, flash partition, reboot/shutdown
Advanced (§7.4)Log files, superuser account, support package, shell access, subscription key and license info

3. The Setup menu​

3.1 Managing users​

  • System administrator password (§7.2.1.1): Setup > User > Password. Trivial passwords (including admin) are rejected. The change is immediate and cannot be rolled back.
  • List web users (§7.2.1.2): Setup > User > Users > List Users.
  • Create a web administrator (§7.2.1.3): Setup > User > Users > Admin User. The first web administrator can only be created here. User names allow alphanumerics, -, _ and .; passwords may use any characters up to 30 characters.
  • Guest user (§7.2.1.4): Setup > User > Users > Guest User lets an existing web user log in without a password.
  • Super administrator (§7.2.1.5): Setup > User > Users > Super Admin creates the highest level of access; a super administrator can only be edited by the super administrator themself.
  • Delete an account (§7.2.1.6): Setup > User > Users > Delete Account, optionally choosing an inheritor. Super administrators can only be deleted here, not via the web interface. The current Feed Import Owner cannot be deleted.
  • Concurrent web sessions (§7.2.1.7): Setup > User > Users > User sessions; value 0 to 25, default 0 (unlimited).
  • Change a user password (§7.2.1.8): Setup > User > Users > Change Password.
  • Password policy (§7.2.1.9): Setup > User > Users > Password Policy sets minimum Length (at least 10), whether Username may equal the password, and Complex (letter + number + symbol).
  • Data objects / Feed Import Owner (§7.2.1.10): Setup > User > Users > Distributed Data sets the Import Owner (owner of feed-distributed scan configs, compliance policies, report formats and port lists) and the Access Roles with read access (by default User, Admin, Super Admin).

3.2 Network settings​

Networking mode (§7.2.2.1): If the legacy mode is still active, Setup > Network > Switch Networking Mode switches to GOS Network Manager (gnm). A console connection is recommended first, and switching back is not possible.

Namespaces (§7.2.2.2, §7.2.2.3): On some models, interfaces are organized into a management namespace (GOS menu, web interface, feed server, master-sensor traffic) and a scan namespace (scan traffic only). By default all interfaces are in the management namespace; separation takes effect once at least one interface is in the scan namespace. Interfaces are moved via Setup > Network > Configure Namespaces (scan-namespace interfaces are marked *).

Do not isolate the appliance

Not all interfaces may be moved to the scan namespace, otherwise the appliance is no longer reachable. Separating namespaces so that only scan interfaces face internet-accessible networks is recommended (§7.2.2.2, §7.2.2.3).

Interfaces (§7.2.2.4): Setup > Network > <namespace> > Interfaces > <interface>. Each interface supports Static IP (IPv4/IPv6, with prefix length), DHCP, MTU (static IP only), Router-advertisement for IPv6 SLAAC, VLAN subinterfaces, and routes. On virtual appliances the first interface is preconfigured with IPv4 via DHCP, and VLAN interfaces are not supported.

Other network options:

  • DNS (§7.2.2.5): Setup > Network > Namespace: Management > DNS - up to three servers; the second and third are used only on outage of the first.
  • Global gateway (§7.2.2.6): Global Gateway for IPv4 / Global Gateway (IPv6), may come from DHCP or router advertisement.
  • Host name / domain name (§7.2.2.7): Setup > Network > Namespace: Management > Hostname / Domainname. Defaults are host gsm, domain gbuser.net; combined they form the FQDN.
  • Restrict management access (§7.2.2.8): Management IP (v4) / Management IP (v6) restricts SSH, HTTPS and GMP to one interface in the management namespace. This overlaps with namespace separation, which is recommended.
  • Display MAC/IP/Routes (§7.2.2.9): read-only overview per namespace.

3.3 VPN (Setup > VPN)​

OpenVPN is integrated in GOS. The VPN feature lets the appliance scan targets reachable through the tunnel; it does not affect other targets, network settings or master-sensor connections, and is only available on the Greenbone Enterprise DECA/TERA/PETA/EXA models. The tunnel is always initiated from the appliance side, and only one VPN connection can exist at a time (§7.2.3).

Authentication uses a PKCS#12 file containing the certificate and private key (CA optional; password-protected private keys inside the file are not supported). Setup uploads the PKCS#12 container, and optionally a separate CA file, via a temporary HTTP URL shown in the menu (§7.2.3.1). Editing a connection (§7.2.3.2) exposes Remote Address, Port (OpenVPN default 1194), Cipher algorithm, Digest algorithm, PKCS#12, Routes (one route only) and Delete.

3.4 Services (Setup > Services)​

Several remote-access interfaces are available (§7.2.4):

ServiceDefault port / protocolNotes
HTTPS (web interface)-Enabled by default and cannot be disabled; requires an HTTPS certificate (§7.2.4.1)
GMP-Greenbone Management Protocol; requires SSH enabled first (§7.2.4.2)
OSP-Open Scanner Protocol; required for master-sensor communication; requires SSH enabled first (§7.2.4.3)
SSH-Disabled by default; secure access to menu and shell; required for master-sensor communication (§7.2.4.4)
SNMP-SNMPv3 for read access; SNMPv1 for traps via alerts (§7.2.4.5)
Temporary HTTPrandom by defaultUsed for uploads/downloads; a fixed Port can be set (§7.2.4.6)

The manual does not state fixed port numbers for HTTPS, GMP, OSP, SSH or SNMP, so none are reproduced here.

HTTPS (§7.2.4.1) options under Setup > Services > HTTPS:

  • Timeout - auto-logout, 1 to 1440 minutes, default 15.
  • Protocols - TLSv1.2 and/or TLSv1.3 (both selected by default).
  • Ciphers - only configurable when TLSv1.2 is in use; current setting requires at least 128-bit keys and disallows SSLv3 and TLSv1.0 suites.
  • DH Parameters - regenerate Diffie-Hellman parameters.
  • HTTP STS and HTTP STS max age - enable HSTS (requires a CA-signed certificate) and set its max age in seconds.
  • OCSP Stapling - enable/disable.
  • Certificate - display, Generate a self-signed certificate, create a CSR and import the signed certificate, or import an existing PKCS#12 file. Fingerprints shows SHA1, SHA256 and BB.
Certificate operations overwrite the active certificate

Generating a self-signed certificate, creating a CSR, or importing a PKCS#12 file overwrites the current certificate and private key. While a CSR is awaiting signing, the web interface cannot be used until the signed certificate is imported. Always verify the displayed fingerprint before confirming (§7.2.4.1).

GMP / OSP (§7.2.4.2, §7.2.4.3): toggle under Setup > Services > GMP / OSP. SSH must be enabled first for both.

SSH (§7.2.4.4) under Setup > Services > SSH:

  • SSH State enables the embedded SSH server.
  • Login Protection locks the user after a configurable number of failed attempts (Login Attempts). A self-scan may trigger it; it does not block login via SSH admin key.
  • Admin Key uploads an SSH public key (Ed25519 or RSA) for key-based authentication.
  • Fingerprint displays the SHA256 fingerprints of the appliance's Ed25519 and RSA host keys.

A locked system is unlocked from the console via Setup > User > Unlock SSH.

SNMP (§7.2.4.5): Setup > Services > SNMP enables SNMP and exposes Location, Contact, Username, Authentication and Privacy (the appliance uses SHA-1 and AES128). After a user is configured, Engine ID is displayed. Read access can be tested with snmpwalk, exposing uptime, network interfaces, memory, harddisk, load and CPU.

3.5 Periodic backups (Setup > Backup)​

The appliance supports automatic daily backups, stored locally or remotely (§7.2.5):

  • Last 7 daily backups
  • Last 5 weekly backups
  • Last 12 monthly backups
  • Backups older than one year are deleted automatically.

Periodic Backup enables scheduled backups (§7.2.5.1). By default backups are stored locally; Backup Location switches to a remote server using SFTP (§7.2.5.2). The remote setup uses Server (username@hostname[:port]/directory; port 22 may be omitted), Server key (the remote host public key in OpenSSH format), User key (the appliance's public key for authorized_keys on the remote), Client (a unique backup identifier, defaulting to the host name), Test (verifies login), and Backup Password (changing it is recommended; each appliance should use its own).

3.6 Upgrade settings (Setup > Upgrade)​

  • Upgrade key (§7.2.6.1, §7.2.6.2): for recovery only and only when instructed by Greenbone. Add via New Upgrade Key (Editor) or New Upgrade Key (HTTP); Delete Upgrade Key removes it. The key is removed automatically after a successful upgrade.
  • Automatic Reboot (§7.2.6.3): disabled by default. When enabled, the appliance reboots immediately after a GOS upgrade that requires it, terminating running scans. This setting applies only to the appliance it is configured on, not to its sensors.

3.7 Feed synchronization (Setup > Feed)​

The Greenbone Enterprise Feed provides VT, SCAP (CVE/CPE) and CERT-Bund / DFN-CERT advisory updates, GOS upgrades, and updates for scan configs, compliance policies, port lists and report formats. Without a valid subscription key the public Greenbone Community Feed is used instead (§7.2.7).

  • Subscription key (§7.2.7.1): add via Key(HTTP) or Key(Editor); a new key overwrites the existing one and resets feed state, requiring a feed update afterwards.
  • Synchronisation (§7.2.7.2): enable/disable automatic feed sync; sync time follows the maintenance time.
  • Sync port (§7.2.7.3): Setup > Feed > Greenbone Server > Sync port selects 24/tcp (default) or 443/tcp. The traffic is SSH (rsync over SSH), not HTTPS, even on port 443.
  • Sync proxy (§7.2.7.4): Greenbone Server > Sync proxy, format http://proxy:port; the proxy must support the CONNECT method and must not inspect SSL/TLS.
  • Cleanup (§7.2.7.5): deletes the subscription key (e.g. at end of life), after which only the Community Feed is retrieved.

3.8 Airgap master/sensor (Setup > Feed > Airgap Master / Airgap Sensor)​

The Airgap function lets an appliance not connected to the internet receive feed updates and GOS upgrades. It needs at least two appliances - an Airgap master (internet-connected) and an Airgap sensor (in a secured area); they may be chained (§7.2.8).

  • USB Airgap (§7.2.8.1): Setup > Feed > Airgap Master > USB Master. Data is copied to a Greenbone-provided Airgap USB stick on the master, then transferred automatically when the stick is connected to the sensor. Configuring an appliance as a USB master disables configuring it as a USB sensor.
  • FTP Airgap (§7.2.8.2): Setup > Feed > Airgap Master > FTP Master exposes FTP Master Location (ftp://host[:port], default port 21), FTP Master User, FTP Master Password and FTP Master Test. The sensor is configured under Airgap Sensor with equivalent (slightly renamed) options; the FTP server acts as a unidirectional data diode. For slow links, set the sensor's maintenance time at least three hours behind the master's.

3.9 Time synchronization (Setup > Timesync)​

Time synchronisation enables NTP with up to four servers (IP or DNS); the appliance picks the most suitable and fails over automatically. Time zone and daylight saving are not synchronized via NTP - the appliance always runs at UTC±00:00 (§7.2.9).

3.10 Keyboard layout (Setup > Keyboard)​

Selects the appliance keyboard layout; the current layout is annotated (selected) (§7.2.10).

3.11 E-mail / mailhub (Setup > Mail)​

To deliver scan or audit reports by e-mail, the appliance forwards them via a mailhub (mail relay / smart host) over SMTP; it implements the Postfix MTA. The appliance does not store undelivered e-mails or retry, and mailhub spam protection such as gray listing must be disabled for the appliance (§7.2.11).

  • Mailhub (§7.2.11.1): Setup > Mail > Mail sets the mailhub URL; Mailhub Port is optional (default SMTP(S) ports are used otherwise).
  • SMTP authentication (§7.2.11.2): SMTP Authentication Requirements enables SMTP-Auth with SMTP Username and Password (max 128 characters). SMTP Enforce TLS forces SMTPS; without it GOS still tries STARTTLS and only falls back to unencrypted if the mailhub lacks STARTTLS.
  • Report size limits (§7.2.11.3): Max. Email Attachment Size / Max. Email Include Size in bytes; changing these restarts the Greenbone Vulnerability Manager and stops running scans.

3.12 Log collection (Setup > Remote Syslog)​

A central syslog server can collect either only security-related logs (auth, authpriv, security) or all system logs; both can be enabled. Logs are also always kept locally (§7.2.12).

  • Security Syslog / Full Syslog enable each log type; Security Remote / Full Remote set the server URL including protocol (§7.2.12.1). UDP (default), TCP and TLS are supported; without a port, 514 is used; without a protocol, UDP is used. TLS supports only TLS 1.2 / 1.3 and is not RFC 5425 compliant.
  • Certificates manages the HTTPS certificate required for TLS transmission (Generate, Download, Show, Fingerprints showing SHA1 and SHA256) (§7.2.12.2).

3.13 Maintenance time (Setup > Time)​

Sets the time of the daily feed synchronization. Any time of day may be chosen except 10:00-13:00 UTC (when Greenbone updates the feed and disables sync). The default is a random time between 03:00 and 05:00 UTC±00:00; values must be entered in UTC (§7.2.13).

4. The Maintenance menu​

4.1 Self-check (Maintenance > Selfcheck)​

Checks the appliance setup and reports wrong or missing configuration: network connection, DNS resolution, feed reachability, available updates, and user configuration (§7.3.1).

4.2 Backup and restore (Maintenance > Backup)​

Beyond scheduled backups (configured in Setup, §7.2.5), backups can be run manually. There are two types (§7.3.2):

Backup typeStorageBehavior
IncrementalRemote or local (per Backup Location)Saves only data changed since the last backup; a full backup runs if none exists. Includes user data and system settings. Retention: 7 daily / 5 weekly / 12 monthly, older than one year auto-deleted (§7.3.2.1)
USBUSB flash driveCreates a temporary full backup on the appliance, copies it to the USB drive, then deletes the temporary copy (§7.3.2.2)

Incremental Backup runs an incremental backup; List selects a stored backup to restore; USB Backup runs or restores a USB backup (formatting the drive first if needed).

When restoring, you choose whether to upload both user data and system settings (Yes) or only user data (No). System settings include all GOS configuration (e.g. network settings); user data includes all scanning and management information.

Restore overwrites local settings

Restoring a backup loses all local settings. Only backups from the current or the previous GOS version (for GOS 22.04: GOS 21.04 or 22.04) and from the same appliance model can be restored. If the backup and appliance subscription keys differ, you must confirm overwriting the key on the appliance (§7.3.2.1, §7.3.2.2).

4.3 Beaming (Maintenance > Beaming)​

Beaming copies an appliance's current state - user data and system settings - to another appliance. The receiving appliance decides whether to import only user data or both (§7.3.3).

  • Directly between appliances (§7.3.3.1): on the sending appliance (A) Download creates the image and shows a one-time password and URL; on the receiving appliance (B) Upload from Greenbone Enterprise Appliance A takes that URL, the data/settings choice, and the password.
  • Via remote file system (§7.3.3.2): A's Download produces a GSMB file (plus a password) downloaded over the temporary HTTP URL; B's Upload via remote file system uploads the file and uses the password.
Beaming version and class constraints

Only beaming images from the current or previous GOS version can be imported, and only to an appliance of the same or higher class (not to a Greenbone Enterprise TRIAL). The target's release information must be up to date - download a current feed first. Mismatched subscription keys must be confirmed before overwriting (§7.3.3).

4.4 GOS upgrade (Maintenance > Upgrade)​

GOS upgrades are downloaded automatically at maintenance time but are not installed automatically (§7.3.4):

  • Upgrade installs an available upgrade; Switch Release switches to a new release.
  • Sensors installs an upgrade on selected connected sensors (multi-select with Space); sensors not ready for upgrade are labelled accordingly (§7.3.5).

By default a successful upgrade on the master also starts an upgrade on connected sensors. After upgrading, clear the browser/page cache if the web interface errors, reload the GOS administration menu, and reboot if the self-check requests it.

Upgrades interrupt scans

Because upgrades can interrupt running scan tasks, schedule them carefully (§7.3.4).

4.5 Feed update (Maintenance > Feed)​

  • Update triggers a manual feed update (otherwise it runs daily at maintenance time) (§7.3.6).
  • Sensors pushes a feed update to a selected sensor (§7.3.7). By default a successful feed update on the master also updates connected sensors.

4.6 Flash partition (Maintenance > Flash)​

The flash partition is used for factory resets and should be kept on the latest GOS version. After upgrading the appliance itself, Download fetches the latest flash image and Write writes it to the flash partition (this can take up to 20 minutes). The flash partition of sensors cannot be upgraded via the master (§7.3.8).

4.7 Power (Maintenance > Power)​

The appliance should not be switched off via the power switch; use the menu so cleanup processes run (§7.3.9). Reboot reboots and Shutdown shuts down the appliance, each after confirmation; both may take several minutes.

5. The Advanced menu​

5.1 Log files (Advanced > Logs)​

Displays appliance log files in a viewer (q or Ctrl + C to quit). The download status of, for example, a flash image can be watched in the live logs at Advanced > Logs > Live (§7.4.1).

5.2 Superuser account (Advanced > Support > Superuser)​

The shell normally runs as the unprivileged user admin. Superuser State enables the privileged root account and Password sets its password; su - then switches to root. Use of su - is disabled by default (§7.4.2.1).

Root access voids support unless coordinated

The root superuser should only be used in consultation with Greenbone Enterprise Support. If changes are made without consultation, the claim for support expires (§7.4.2.1).

5.3 Support package (Advanced > Support > Support Package)​

Collects all appliance configuration data into a support package for Greenbone Enterprise Support, optionally encrypted with Greenbone's GPG public key. An encrypted package is downloaded as a GPG file via a temporary HTTP URL; an unencrypted package must be downloaded via SCP (SSH must be enabled) - on Windows via pscp or smarTTY (§7.4.2.2).

5.4 Shell access (Advanced > Support > Shell)​

Opens a Linux shell as the unprivileged user admin. Exit with exit or Ctrl + D. Root access requires enabling the superuser and a password (§5.2), then su - (§7.4.2.3).

Shell is for support only

Shell access is not required for any administrative work; the shell level is undocumented and should not be used for administrative settings. It is provided for Greenbone Enterprise Support diagnostics (§7.4.2.3).

5.5 Subscription key and licenses​

  • Advanced > Subscription displays the Greenbone Enterprise Feed subscription key in a viewer (q to quit) (§7.4.3).
  • Advanced > Copyright and Licenses displays the copyright file (§7.4.4).

6. Displaying appliance information​

Selecting About and pressing Enter shows appliance information (§7.5):

  • Appliance model
  • GOS version
  • Feed version
  • Name of the subscription key
  • IP address of the web interface
  • Configured sensors
  • Currently running system operations

This is also the place to watch background operations started elsewhere in the menu (backups, beaming, upgrades, feed updates, DH parameter generation).