Kenneth Kline
2007-08-24 14:37:19 UTC
Hello,
Sorry for the length of this email, I felt it was necessary to provide some
background.
I am using a variety of OS platforms to run the nessus daemon.
SUN OS 9, redhat 9, freebsd 6, and Windows Server 2003 Standard currently
all running the latest client 3.0.6
(windows servers have the 3.0.6 re-released version new one did not
remove/update the existing uninstall key in the reg). Now looks like it is
installed twice from inventory point of view.
Anyway, I have been using a distributed scan architecture where all scans
originate from a central host (nessus_client 3.0.6 on a freebsd 6 box)
The nessus client box only has a finite amount of memory and CPU. Currently
1 CPU no dual core at this point. My concern is I typically have run
multiple jobs against each dedicated scan server for the past 5 months.
Recently the windows nodes where added to replace existing ones to ensure
automated patching when not scanning plus cheaper than buying enterprise
redhat.
I have been running 1 job per server on the windows boxes, and 2 - 3 jobs
simultaneously on the unix/linux nodes. I am not sure if is coincidense on
the jobs, network populations. The unix jobs tend to complete faster,
without nearly any cpu time by the client. The windows clients tend to use
all available cpu on the central node, and tend to not complete in a
reasonable time frame.
Shouldn't the nessus client hand the job over to the server and just collect
data coming back? What would make a job against a windows nessus server use
so much cpu time as apposed to the unix/linux conterpart.
Ultimately wanting to confirm their isn't unnecessary chatter to the linux
client.
Additionally, I just confirmed each of the windows servers had their latest
job running for like 1300+ minutes, as soon as I killed those scans the
system load went from 100% to 3% still have like 8 other nessus clients
running, all are about half way down the output of a top command.
Ultimately, what can be done if anything to reduce the load on the linux
client in client/server architecture where windows clients wish to be
utilized and to ensure jobs complete in a timely manor.
example client usage:
/usr/local/nessus/bin/nessus -qx X.X.X.X 1241 user pass
/var/www/TNS2/tmp/target_s45992 /var/www/TNS2/tmp/nessus_s45992.out -V -T
nbe -c /var/www/TNS2/tmp/nessus_s45992.cfg
Additionally, does any of the windows clients support this command line
usage yet? (to provide target file, outfile, and config ) against the
cmd-line nessus. I haven't found adequate documentation on this.
Respecfully,
Sorry for the length of this email, I felt it was necessary to provide some
background.
I am using a variety of OS platforms to run the nessus daemon.
SUN OS 9, redhat 9, freebsd 6, and Windows Server 2003 Standard currently
all running the latest client 3.0.6
(windows servers have the 3.0.6 re-released version new one did not
remove/update the existing uninstall key in the reg). Now looks like it is
installed twice from inventory point of view.
Anyway, I have been using a distributed scan architecture where all scans
originate from a central host (nessus_client 3.0.6 on a freebsd 6 box)
The nessus client box only has a finite amount of memory and CPU. Currently
1 CPU no dual core at this point. My concern is I typically have run
multiple jobs against each dedicated scan server for the past 5 months.
Recently the windows nodes where added to replace existing ones to ensure
automated patching when not scanning plus cheaper than buying enterprise
redhat.
I have been running 1 job per server on the windows boxes, and 2 - 3 jobs
simultaneously on the unix/linux nodes. I am not sure if is coincidense on
the jobs, network populations. The unix jobs tend to complete faster,
without nearly any cpu time by the client. The windows clients tend to use
all available cpu on the central node, and tend to not complete in a
reasonable time frame.
Shouldn't the nessus client hand the job over to the server and just collect
data coming back? What would make a job against a windows nessus server use
so much cpu time as apposed to the unix/linux conterpart.
Ultimately wanting to confirm their isn't unnecessary chatter to the linux
client.
Additionally, I just confirmed each of the windows servers had their latest
job running for like 1300+ minutes, as soon as I killed those scans the
system load went from 100% to 3% still have like 8 other nessus clients
running, all are about half way down the output of a top command.
Ultimately, what can be done if anything to reduce the load on the linux
client in client/server architecture where windows clients wish to be
utilized and to ensure jobs complete in a timely manor.
example client usage:
/usr/local/nessus/bin/nessus -qx X.X.X.X 1241 user pass
/var/www/TNS2/tmp/target_s45992 /var/www/TNS2/tmp/nessus_s45992.out -V -T
nbe -c /var/www/TNS2/tmp/nessus_s45992.cfg
Additionally, does any of the windows clients support this command line
usage yet? (to provide target file, outfile, and config ) against the
cmd-line nessus. I haven't found adequate documentation on this.
Respecfully,
--
Kenneth
Kenneth