[Openvas-discuss] Questions on distributed Setup
louis at systemgeek.net
Tue Apr 24 15:26:42 CEST 2018
I can tell you that I do use the Master/Slave setup and there is at least one other person on this list who uses the same model. Its pretty simple. The slaves just perform the actual scanning of the host and their disk usage is constant. I have one the slaves in AWS and one in the new IBM cloud (my company has instances in both clouds right now). Both slaves are using 20GB of disk. The number of CPUs and RAM is totally dependent on how many hosts you want to scan at a time.
The master I have is running on VMWare. This is where it uses the DB. Right now I am using the sqlite DB but I am thinking of going to Postgresql for better performance. Generally I can run about 5-10 scans (using a subset of the full and deep profile).
I will say that even if you are using a slave the master is being hit. The slave is the host reaching out to the end point doing the scanning. However, the slave scanner is CONSTANTLY updating the master with results. And from what I can get from the logs the Master is updating the slave with new marching orders.
If you are going to go over to postgresql do not bother doing the slaves. Only worry about the master. The same is true with Reds. Only worry about the Master. The slaves can be swapped in and out very quickly with little effort. I even started writing a build script that I was thinking of pumping in to AWS cloud formation so it could build a new slave on demand. However, it just takes too long to download the NVTs. So I have a script to stop and start the AWS slave as needed.
As far as building OpenVAS with Postgresql from scratch I am sure there are directions some where. But to be honest its so simple to install fully functional base system its not even funny. Then chaining over to postgresql is simple. Why make it harder then it needs to be.
Louis Bohm - Sr. Systems Engineer
Dell TechDirect Certified
> On Apr 23, 2018, at 8:21 AM, Frieder Schlesier <fschlesier at gk-software.com> wrote:
> Hi folks,
> we are trying to set up an infrastructure with multiple scanner-slaves in different locations and one central GVM+GSA. Also we want to use Postgres as DB Backend.
> So far, a few questions came up:
> 1) Is it possible to run the Postgres on a different machine than GVM+GSA? If yes: how? I was not able to find a definite place for configuration :(
> So far I found a couple mentions of psql and sqlite calls in source code and some wrapper scripts. Depending on the current stance about this topic in the community, we are willing to share our solution with you all. If you are interested ;-)
> 2) As far as I understand, openvas-scanner needs a redis-service and access to (a local) NVT database. Does it also require connection to SCAP and CERT data or (probably in our case) the central Postgres?
> 3) I found a couple tutorials online, how to set up openvas9 with postgres. Sadly those all mention the "migrate-to-postgres" script, which (afaik) require a running setup with SQLite. Is it also possible to setup openvas9 using postgres without having to build the sqlite version beforehand? Any vage hints?
> Thanks in advance :)
> Mit freundlichen Grüßen / Best regards
> Frieder Schlesier
> GK Software SE
> Waldstraße 7 | 08261 Schöneck | Germany
> Sitz der Gesellschaft / Registered Office of the Company: Waldstr. 7 | 08261 Schöneck | Germany
> Aufsichtsratsvorsitzender / Chairman of the Supervisory Board: Uwe Ludwig
> Vorstand/Management Board: Rainer Gläß (CEO), Andre Hergert
> Amtsgericht Chemnitz HRB 31501 / Commercial Register Chemnitz HRB 31501
> Openvas-discuss mailing list
> Openvas-discuss at wald.intevation.org
More information about the Openvas-discuss