Compatibility with Vulnerability Scanners

A

acca

New Member
Proxmox Subscriber
Jan 10, 2023
2
0
1
Regards,

As part of the corporate policy, I've received the request to install the vulnerability scanning agents on the bare metal servers running the latest version of the Proxmox hypervisor.

These agents are designed for the end-point use case and can be aggressive while scanning the file system, processes, network communication, etc. I'm concerned about the impact of these tools on the Hypervisor operations. Is there any recommendation or advisory on installing the vulnerability scanner agents on the hypervisor?

Thank you in advance!
 
Hi,

One potential concern is that the agents may consume a significant amount of system resources while they are running scans, which could lead to slowdowns or even crashes of the VMs running on the System. Otherwise, the agents may cause increased network traffic or file system activity, which could disrupt the normal operations of the VMs.

I would simulate installing the vulnerability scanner on a test environment first before running it in a production environment in order to avoid any issues and test the behavior.

acca said:
Is there any recommendation or advisory on installing the vulnerability scanner agents on the hypervisor?
Click to expand...

My personal recommendation would be the following (maybe someone else will have other recommendations):
- Schedule the scan on off-peak hours (to avoid the high network traffic)
- Make double-check to have a valid backup for the important images and configs file.
- I would also reach out to the vendor of the vulnerability scanner to inquire about any guidelines they may have for utilizing their software on Proxmox VE.
 
  • Like
Reactions: Stoiko Ivanov
Moayad said:
Hi,

One potential concern is that the agents may consume a significant amount of system resources while they are running scans, which could lead to slowdowns or even crashes of the VMs running on the System. Otherwise, the agents may cause increased network traffic or file system activity, which could disrupt the normal operations of the VMs.

I would simulate installing the vulnerability scanner on a test environment first before running it in a production environment in order to avoid any issues and test the behavior.



My personal recommendation would be the following (maybe someone else will have other recommendations):
- Schedule the scan on off-peak hours (to avoid the high network traffic)
- Make double-check to have a valid backup for the important images and configs file.
- I would also reach out to the vendor of the vulnerability scanner to inquire about any guidelines they may have for utilizing their software on Proxmox VE.
Click to expand...
Sounds reasonable. Thank you very much for your help and swift reply...
 
You must log in or register to reply here.

About

The Proxmox community has been around for many years and offers help and support for Proxmox VE, Proxmox Backup Server, and Proxmox Mail Gateway.
We think our community is one of the best thanks to people like you!

Quick Navigation

Home Get Subscription Wiki Downloads Proxmox Customer Portal About

Get your subscription!

The Proxmox team works very hard to make sure you are running the best software and getting stable updates and security enhancements, as well as quick enterprise support. Tens of thousands of happy customers have a Proxmox subscription. Get yours easily in our online shop.

Buy now!
Community platform by XenForo® © 2010-2024 XenForo Ltd.
Top Bottom