bismark@foofus.net wrote:
bismark@foofus.net wrote:
I'm running the current version of nessus on an x86_64 linux system and
was comparing it to my coworker who runs FreeBSD. We both have the same
hardware but he can have his system set to 70/30 on the hosts/checks and
still have an extremely response system and no false positives in the
scan results. If I try to even set anything close to those my system
grinds to a halt and the results are extremely suspect.
The question I have is what tuning can I do on Linux systems to make the
performance somewhat similar. I'm guessing that I won't be able to
match
it because of the differences between the OS's network stack and
kernel.
Hello,
When you say same hardware, is it the exact same memory,
CPU, disk, .etc?
Same model laptop, I have 3GB of memory however he only has 2GB.
Are you running any extra applications on your Linux system
such as a network monitor or a network IDS? What about a local
firewall logging all connections in/out?
No extra specific applications (monitoring, ids, etc.) we are both running
X but with lightweight window managers, and usually only multiple terms.
Firewalls are disabled during scanning on both systems.
Also, are you running the same exact scan configurations? You
mention 70/30 hosts/checks, but I would be curious if you are
also comparing the same scan configurations such as thorough
checks.
same nessusrc file for both of us.
Lastly, I would also compare any process loads on the FreeBSD
system to the Linux system.
comparable loads, like I mentioned before, only basic X and multiple
xterms, no other services (mysql, http, etc.) or applications playing
mp3's etc.
We've been very wary at Tenable to produce any sort of "this
OS is faster than this OS" type of guidelines because there
are many variables to consider.
Understood. I'm just seeing a night and day difference here and I'm
wondering if there is something configured wrong on my system or something
obvious that I should set to make it comparable.
We his system runs a scan with the config of 70/30 he can still switch
between terms, view\edit files and all with no really noticeable delay.
If I even try that, forget about it, my system is frozen, trying to switch
between terms takes a good 30 seconds or more.
_______________________________________________
Nessus mailing list
Nessus@list.nessus.org
http://mail.nessus.org/mailman/listinfo/nessus
Sounds like your kernel may not be compiled for responsiveness possibly?
In Linux, there is a kernel section on Timer Frequency. Setting this
higher may make your system more responsive. Higher settings are more
suitable for desktops to perform responsively, whereas lower settings
are more suitable for servers to just get bulk work done at a time. If
your setting is low, then it's doing more work at a time and therefore
the system is less responsive to your actions since it's focusing on
getting that work done.
You didn't mention what distro you are using, if you compiled your
kernel yourself or anything, so this is just a guess... worth a try
though if you're stumped though.
Have you tried looking at CPU, Ram usage, Load etc etc... Is your CPU
flat out?
-h
--
Hari Sekhon
_______________________________________________
Nessus mailing list
Nessus@list.nessus.org
http://mail.nessus.org/mailman/listinfo/nessus
