LWN.net Logo

Not logged in

Log in now

Create an account

Subscribe to LWN

Recent Features

LWN.net Weekly Edition for July 24, 2008

Tracing: no shortage of options

Interview: Wind River's John Bruggeman

LWN.net Weekly Edition for July 17, 2008

Handling kernel security problems

Printable page
Weekly edition Kernel Security Distributions Search
Archives Calendar Subscribe Write for LWN LWN.net FAQ

Nessus Roadmap / Nessus 3.0.0rc1 testers wanted

[Posted October 10, 2005 by corbet]

From:  Renaud Deraison <rderaison-AT-tenablesecurity.com>
To:  nessus-AT-list.nessus.org, nessus-announce-AT-list.nessus.org
Subject:  Nessus Roadmap / Nessus 3.0.0rc1 testers wanted
Date:  Wed, 5 Oct 2005 12:16:45 -0400
Archive-link:  Article, Thread 



Hi everyone,


We are a few weeks away from releasing Nessus 3.0.0, and I'd like to  
take some time to explain our roadmap in this regard.

Nessus 3 / Nessus 2 Roadmap
----------------------------


Nessus 3 is major enhancement of the key components of the Nessus  
engine - the NASL3 intepreter has been rewritten from scratch, the  
process management has changed to reduce the overhead of executing a  
plugin (instead of creating NxM processes, nessusd now only creates N  
processes), the way plugins are stored has been improved to reduce  
disk usage, etc...

Nessus 3 also contains a lot of built-in features and checks to debug  
crashes and mis-behaving plugins more easily, and to catch  
inconsistencies early.


As a result, Nessus 3 is much faster than Nessus 2 and less resource  
intensive. Your mileage may vary, but when scanning a local network,  
Nessus 3 is on average twice as fast as Nessus 2, with spikes going  
as high as 5 times faster when scanning desktop windows systems.


Nessus 3 will be available free of charge, including on the Windows  
platform, but will not be released under the GPL.

Nessus 3 will be available for many platforms, but do understand that  
we won't be able to support every distribution / operating system  
available. I also understand that some free software advocates won't  
want to use a binary-only Nessus 3. This is why Nessus 2 will  
continue to be maintained and will stay under the GPL.

To make things simple :

  - Nessus 2 : GPL, will have regular releases containing bug fixes
  - Nessus 3 : free of charge, contains major improvements


The two versions can share most of their plugins -- we intend to  
maintain backward compatibility whenever possible for most  
vulnerability checks. Some checks will only work on Nessus 3 (ie: we  
are about to release a set of plugins to determine policy  
compliance), but the huge majority will work on either platform  
likewise.


Finally, the Nessus GUI has been split in a separate project  
(NessusClient) which is released under the GPL. The 'nessus' client  
in Nessus3 is CLI only, as it will be in Nessus 2.4.x. For a GUI, use  
NessusClient.


Testers needed
---------------

That being said, we are looking for experienced Nessus users who  
would want to try Nessus 3.0.0rc1. For the sake of simplicity, we  
would like users running on Red Hat ES3 or ES4 platforms or  
compatible. We are looking for people scanning big networks, mostly  
to collect performance information. Keep in mind that Nessus3 is CLI  
only, so you'll have to use NessusWX or be familiar with the CLI.


If you are interested in testing Nessus 3.0.0rc1, please drop me a  
line at <deraison@nessus.org> (no @gmail/@hotmail/@anonymous accounts  
please).


Thanks,

                                     -- Renaud







_______________________________________________
Nessus mailing list
Nessus@list.nessus.org
http://mail.nessus.org/mailman/listinfo/nessus
(Log in to post comments)

Copyright © 2005, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds
Powered by Rackspace Managed Hosting.