References
Summary
Notus is a new Vulnerability scanner provided in the Greenbone vulnerability management. It applies strictly to Linux distributions. This is considered a big milestone for performance reasons as stated by the CIO Elmar Geese.
Notus is addressing issues to do with performance and version checks.
Performance boost
The reason behind the performance boost has to do with JSON. This Senior software developer "Bjorn Ricks", explains that previously, separate processes per version check had to be created. This meant manually creating a script for each version check. Having to generate these scripts was consuming on resources behind the scanner. What makes Notus different, is it loads only the data which it needs from the JSON files. Therefore it is significantly less overhead, memory and processes intensive.
The 2 parts of Notus
The Notus implementation consists of several parts. Firstly, the generator, which creates information about vulnerable RPM/Dev packages in JSON files. Secondly, the Notus scanner which loads these JSON files and parses them for information.
How does it work?
Well the Notus scanner actually requires no additional input from the user. It performs a scan after every regular scan eliminating the need for user interaction. The Notus scanner relies on SSH login and SNMP OID = OID: 1.3.6.1.4.1.25623.1.0.50282.
Notus replaces the (NASL) Nessus Attack Scripting Language with regards to local security checks (LSC's) For each LSC there is a comparison process of installed software compared to the list of vulnerable software, as opposed to running the VT scripts on a separate process for every LSC. The now legacy OpenVas scanner loads each NASL LSC in a separate process and executes on a individual bases on every single host.
The information regarding known vulnerable software is collected in a single list and the software version collected during the scan are compares to it.
Compatibility
Amazon Linux Local Security Checks
Oracle Linux Local Security Checks
EulerOS Local Security Checks
SuSE Local Security Checks
Mageia Linux Local Security Checks
Slackware Local Security Checks
Rocky Linux Local Security Checks
Requirements
Python 3.7 and later is supported.
notus-scanner uses poetry for its own dependency management and build process.
First install poetry via pip
python3 -m pip install --user poetry
Afterwards run
poetry install
in the checkout directory of notus-scanner (the directory containing the pyproject.toml file) to install all dependencies including the packages only required for development.
For development activate the git hooks for auto-formatting and linting via autohooks.
poetry run autohooks activate
Validate the activated git hooks by running
poetry run autohooks check
For further information about installation and configuration read install description.