Menu

#177 Nessus Server with max_scans < 5 dont scan

open
nobody
nessus_run (PERL) (11)
5
2009-10-15
2009-10-15
No

In nessusCron_1.60.pl line 368:

This query select only servers withs scan_max > 5

Change
$sql = qq{ SELECT id, hostname, TYPE, site_code, server_feedtype FROM nessus_servers
WHERE enabled='1' AND status='A' AND ( max_scans - current_scans > 5 )
ORDER BY ( max_scans - current_scans ) DESC };
to
$sql = qq{ SELECT id, hostname, TYPE, site_code, server_feedtype FROM nessus_servers
WHERE enabled='1' AND status='A' AND ( max_scans - current_scans > 0 )
ORDER BY ( max_scans - current_scans ) DESC };

Discussion

  • Anonymous

    Anonymous - 2009-10-15
    • labels: --> nessus_run (PERL)
     

  • Kenneth Kline

    Kenneth Kline - 2009-10-21

    Sorry that is one of the undocumented things about the scanning.

    I currently run 9 fully licensed nodes in my production environment. I have it coded so that each job takes up 5 slots there must be greater than 5 for a job to start.

    A single job will run as many hosts in parallel as you allow per your preference settings in your scan profiles. Depending on your servers and their memory/cpu/disk/bandwidth. I have found it to be ideal to limit each server from 2 to 4 scan jobs concurrently.

    I typically run the profile with max 40 hosts and 5 checks. I range the value between 11-24: per review 11 ( 10 or 2 scans max concurrently ), 15 (3 scans ) 20 (4 scans ).

    The benefit of ranking them as such:

    11 - scan node 1
    12 - scan node 2
    14 - scan node 3
    16 - scan node 4
    17 - scan node 5
    17 - scan node 6
    19 - scan node 7
    21 - scan node 8
    24 - scan node 9

    The purpose of the query was to rank the server and provide the admin some ability to control ( enable a desired loading order or perferred servers ). There are some servers that may be better suited to run 2 if not 3 jobs before some servers take their first. ) this is ideal for a flat network where zones do not come in play.

    I coded it this way as you do not want too many jobs running as comparison to in 0.22.5 where every single host ip was run per a unique launch of nessus client. In my code based I have successfully scanned Class B's with succesful import per a single job. So loading needs to be controlled. So that is were the greater than 5 comes in play per my madness

    Kenneth Kline

     

Log in to post a comment.

MongoDB Logo MongoDB