Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Nessus-Users
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Nessus linux client unusally high cpu/load against windows nessus server

from [Kenneth Kline] Network Security [Permanent Link]
Subject: Nessus linux client unusally high cpu/load against windows nessus servers.
Date: Fri, 24 Aug 2007 10:37:19 -0400 
Hello,

Sorry for the length of this email, I felt it was necessary to provide some
background.

I am using a variety of OS platforms to run the nessus daemon.

SUN OS 9, redhat 9, freebsd 6, and Windows Server 2003 Standard currently
all running the latest client 3.0.6

(windows servers have the 3.0.6 re-released version new one did not
remove/update the existing uninstall key in the reg).  Now looks like it is
installed twice from inventory point of view.

Anyway,  I have been using a distributed scan architecture where all scans
originate from a central host (nessus_client 3.0.6  on a freebsd 6 box)

The nessus client box only has a finite amount of memory and CPU.  Currently
1 CPU no dual core at this point.  My concern is I typically have run
multiple jobs against each dedicated scan server for the past 5 months.
Recently the windows nodes where added to replace existing ones to ensure
automated patching when not scanning plus cheaper than buying enterprise
redhat.

I have been running 1 job per server on the windows boxes, and 2 - 3 jobs
simultaneously on the unix/linux nodes.  I am not sure if is coincidense on
the jobs, network populations.  The unix jobs tend to complete faster,
without nearly any cpu time by the client.  The windows clients tend to use
all available cpu on the central node, and tend to not complete in a
reasonable time frame.

Shouldn't the nessus client hand the job over to the server and just collect
data coming back?  What would make a job against a windows nessus server use
so much cpu time as apposed to the unix/linux conterpart.

Ultimately wanting to confirm their isn't unnecessary chatter to the linux
client.

 Additionally, I just confirmed each of the windows servers had their latest
job running for like 1300+ minutes, as soon as I killed those scans the
system load went from 100% to 3% still have like 8 other nessus clients
running, all are about half way down the output of a top command.

Ultimately, what can be done if anything to reduce the load on the linux
client in client/server architecture where windows clients wish to be
utilized and to ensure jobs complete in a timely manor.

example client usage:

 /usr/local/nessus/bin/nessus -qx X.X.X.X 1241 user pass
/var/www/TNS2/tmp/target_s45992 /var/www/TNS2/tmp/nessus_s45992.out -V -T
nbe -c /var/www/TNS2/tmp/nessus_s45992.cfg

Additionally, does any of the windows clients support this command line
usage yet? (to provide target file, outfile, and config ) against the
cmd-line nessus.  I haven't found adequate documentation on this.


Respecfully,


-- 
Kenneth

_______________________________________________
Nessus mailing list
Nessus@list.nessus.org
http://mail.nessus.org/mailman/listinfo/nessus
[More messages with this same subject...]




<Prev in Thread] Current Thread [Next in Thread>
  • Nessus linux client unusally high cpu/load against windows nessus servers., Kenneth Kline <=
Previous by Date:  RE: Nessus and Webcams, Holstein, Robert - BLS CTR
Next by Date:  RE: Nessus and Webcams, Ng, Kenneth (US)
Previous by Thread:  Windows Commandline, p1g
Next by Thread:  Fwd: Nessus/Client Server Performance Issue, Kenneth Kline
Indexes:  [Date] [Thread] [Top] [All Lists]