Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Nessus-Users
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: Nessus performance on Linux

from [Ron Gula] Network Security [Permanent Link]
Subject: Re: Nessus performance on Linux
Date: Thu, 09 Aug 2007 12:45:44 -0400 
I'm surprised you are seeing such a high system load, and not CPU cycles
shown for nessusd.

I'm not clear if you are scanning and seeing these loads, or nessusd is
just waiting and you have high loads. If you are scanning and you have
high loads but you don't see nessusd taking CPU usage, I'd look for any
local firewall or IDS or other type of on-system resource that could be
making the kernel work a bit harder. If you are scanning just a few
hosts and it's taking hours, this is also something that isn't normal.
I'd look at local environmental issues like a firewall or IPS running on
your system.

If it is spiking while you are doing the port scanning, you should see
nmap in your process list at some point. You could try doing a scan with
the built-in port scanner(s) for Nessus. I'd also kick your max checks
to something much higher like 20 and see if your scan times are different.

Ron Gula
Tenable Network Security


Richard van den Berg wrote:

I'm running nessus 3.0.5 on Debian 4.0 with a 2.6.18 kernel. The 
hardware is a Pentium 4M 2.2 GHz with 1GB of RAM. I'm using nessj on 
another system to connect to this nessus scan engine.

max_checks and max_hosts are both set to 2. I've enabled all plugins 
except DoS and safe_checks are off. I use nmap for port scanning, and 
the results are loaded from a gnmap file.

Occasionally the scanning system becomes very unresponsive, system load 
shoots up to around 10 and the CPU is at 0% idle. Today is especially 
bad with the system spending hours with continuously 60% of CPU time 
spent on "system" with peaks of 80%. If I "kill -STOP" the nessus 
processes, the system goes back to 99% idle. Only 800MB of RAM is used, 
and no swapping occurs.

This causes nessus to take hours to scan a single host with only a few 
open ports. Tcpdump shows that the hosts are still being scanned, but at 
a very slow rate.

What could be the reason that my system is spending so much time on 
kernel processes? Is there any tuning I can do to prevent this from 
happening?

Sincerely,

Richard van den Berg
_______________________________________________
Nessus mailing list
Nessus@list.nessus.org
http://mail.nessus.org/mailman/listinfo/nessus



_______________________________________________
Nessus mailing list
Nessus@list.nessus.org
http://mail.nessus.org/mailman/listinfo/nessus
[More messages with this same subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: Nessus performance on Linux, Doug Nordwall
Next by Date:  Re: Nessus performance on Linux, Richard van den Berg
Previous by Thread:  Re: Nessus performance on Linux, Richard van den Berg
Next by Thread:  Re: Nessus performance on Linux, Richard van den Berg
Indexes:  [Date] [Thread] [Top] [All Lists]