ya, when i wrote this, i hadn't run the 10 or so scans at various parameters this morning. right now, somewhere between 1 and 5 simultaneous checks is good... 1 takes 4x as long as 5, but very little impact. 5 seems to nearly peg the cpu.
On Wed, May 28, 2008 at 12:07 PM, Ron Gula <[EMAIL PROTECTED]> wrote: > Doug Nordwall wrote: > > any way to reduce the impact/adjust the priority of windows compliance > > checks? it seemed that the unix ones were largely pretty nice, but was > > hoping for something on the windows side > > You didn't mention it, but if you are doing a credentialed patch and > system audit simultaneously with a windows compliance check, reducing > the number of simultaneous checks in your scan will have less impact. > > For the specific compliance checks themselves, the configuration checks > are less intrusive then the content checks. Again, if you are running both > of these types of checks at the same time, reducing these to one plugin > per host will minimize any system impact. > > Lastly, if you want to minimize the time the content checks take to execute > you can sacrifice some accuracy for speed. Most content audit files have > a "max_size" keyword which specifies how deep into each file the search > is performed. > > The UNIX audit files you have tested may have focused more on content of > specific files like /etc/syslog.conf whereas many of the windows content > checks look for any .doc or .pdf file which can take longer to complete a > test for. > > Ron Gula > Tenable Network Security > > _______________________________________________ > Nessus mailing list > [email protected] > http://mail.nessus.org/mailman/listinfo/nessus > -- Doug Nordwall Unix, Network, and Security Administrator You mean the vision is subject to low subscription rates?!!? - Scott Stone, on MMORPGs
_______________________________________________ Nessus mailing list [email protected] http://mail.nessus.org/mailman/listinfo/nessus
