[EMAIL PROTECTED] wrote: >> [EMAIL PROTECTED] wrote: >> >>> I'm running the current version of nessus on an x86_64 linux system and >>> was comparing it to my coworker who runs FreeBSD. We both have the same >>> hardware but he can have his system set to 70/30 on the hosts/checks and >>> still have an extremely response system and no false positives in the >>> scan results. If I try to even set anything close to those my system >>> grinds to a halt and the results are extremely suspect. >>> >>> The question I have is what tuning can I do on Linux systems to make the >>> performance somewhat similar. I'm guessing that I won't be able to >>> match >>> it because of the differences between the OS's network stack and >>> kernel. >>> >> Hello, >> >> When you say same hardware, is it the exact same memory, >> CPU, disk, .etc? >> > > Same model laptop, I have 3GB of memory however he only has 2GB. > > >> Are you running any extra applications on your Linux system >> such as a network monitor or a network IDS? What about a local >> firewall logging all connections in/out? >> > > No extra specific applications (monitoring, ids, etc.) we are both running > X but with lightweight window managers, and usually only multiple terms. > Firewalls are disabled during scanning on both systems. > > >> Also, are you running the same exact scan configurations? You >> mention 70/30 hosts/checks, but I would be curious if you are >> also comparing the same scan configurations such as thorough >> checks. >> > > same nessusrc file for both of us. > > >> Lastly, I would also compare any process loads on the FreeBSD >> system to the Linux system. >> > > comparable loads, like I mentioned before, only basic X and multiple > xterms, no other services (mysql, http, etc.) or applications playing > mp3's etc. > > >> We've been very wary at Tenable to produce any sort of "this >> OS is faster than this OS" type of guidelines because there >> are many variables to consider. >> > > Understood. I'm just seeing a night and day difference here and I'm > wondering if there is something configured wrong on my system or something > obvious that I should set to make it comparable. > > We his system runs a scan with the config of 70/30 he can still switch > between terms, view\edit files and all with no really noticeable delay. > If I even try that, forget about it, my system is frozen, trying to switch > between terms takes a good 30 seconds or more. > > _______________________________________________ > Nessus mailing list > [email protected] > http://mail.nessus.org/mailman/listinfo/nessus > > Sounds like your kernel may not be compiled for responsiveness possibly?
In Linux, there is a kernel section on Timer Frequency. Setting this higher may make your system more responsive. Higher settings are more suitable for desktops to perform responsively, whereas lower settings are more suitable for servers to just get bulk work done at a time. If your setting is low, then it's doing more work at a time and therefore the system is less responsive to your actions since it's focusing on getting that work done. You didn't mention what distro you are using, if you compiled your kernel yourself or anything, so this is just a guess... worth a try though if you're stumped though. Have you tried looking at CPU, Ram usage, Load etc etc... Is your CPU flat out? -h -- Hari Sekhon _______________________________________________ Nessus mailing list [email protected] http://mail.nessus.org/mailman/listinfo/nessus
