• Donald Ashdown

Greenbone Vulnerability Management Scanner - New Notus Scanner



References

https://www.greenbone.net/en/notus/

https://www.greenbone.net/en/new-vulnerability-scanner-notus/

https://www.greenbone.net/en/roadmap-lifecycle/#tab-id-2

https://github.com/greenbone/notus-scanner


Summary

Notus is a new Vulnerability scanner provided in the Greenbone vulnerability management. It applies strictly to Linux distributions. This is considered a big milestone for performance reasons as stated by the CIO Elmar Geese.

Notus is addressing issues to do with performance and version checks.


Performance boost

The reason behind the performance boost has to do with JSON. This Senior software developer "Bjorn Ricks", explains that previously, separate processes per version check had to be created. This meant manually creating a script for each version check. Having to generate these scripts was consuming on resources behind the scanner. What makes Notus different, is it loads only the data which it needs from the JSON files. Therefore it is significantly less overhead, memory and processes intensive.


The 2 parts of Notus

The Notus implementation consists of several parts. Firstly, the generator, which creates information about vulnerable RPM/Dev packages in JSON files. Secondly, the Notus scanner which loads these JSON files and parses them for information.


How does it work?

Well the Notus scanner actually requires no additional input from the user. It performs a scan after every regular scan eliminating the need for user interaction. The Notus scanner relies on SSH login and SNMP OID = OID: 1.3.6.1.4.1.25623.1.0.50282.


Notus replaces the (NASL) Nessus Attack Scripting Language with regards to local security checks (LSC's) For each LSC there is a comparison process of installed software compared to the list of vulnerable software, as opposed to running the VT scripts on a separate process for every LSC. The now legacy OpenVas scanner loads each NASL LSC in a separate process and executes on a individual bases on every single host.


The information regarding known vulnerable software is collected in a single list and the software version collected during the scan are compares to it.


Compatibility

  • Amazon Linux Local Security Checks

  • Oracle Linux Local Security Checks

  • EulerOS Local Security Checks

  • SuSE Local Security Checks

  • Mageia Linux Local Security Checks

  • Slackware Local Security Checks

  • Rocky Linux Local Security Checks

Requirements


Python 3.7 and later is supported.

notus-scanner uses poetry for its own dependency management and build process.

First install poetry via pip

python3 -m pip install --user poetry

Afterwards run

poetry install

in the checkout directory of notus-scanner (the directory containing the pyproject.toml file) to install all dependencies including the packages only required for development.

For development activate the git hooks for auto-formatting and linting via autohooks.

poetry run autohooks activate

Validate the activated git hooks by running

poetry run autohooks check

For further information about installation and configuration read install description.



18 views0 comments