English | Deutsch
Home »

OpenVAS Change Request #62: Distributed KB with Redis

Status: Voted +3. Done as r19309, r19310.

Purpose

Improve scalability and ability to trace/debug the KB by exporting it to an autonomous server. We propose to use Redis, a key/value store.

References

Rationale

Currently, the KB is stored in RAM and populated/queried via a communication tree established through the multiple scanner processes.

The existing KB code is getting hard to extend and suffers several limitations. It is not trivial to trace the activity of the KB or to enforce consistent and structured data models within the KB.

Delegating the management of the KB to an autonomous (and possibly remote) server allows new features to be developed, easier tracing and let us expect higher performances (shared KB, advanced data structures...). Redis is a key/value store that would fit such needs. It allows remote concurrent processes to populate and query structured datasets.

Effects

It would make redis become a dependency of OpenVAS. Redis is a small ANSI C server, distributed under the terms of the BSD license. It has a very active community and is used in a variety of projects and areas. The scanner would have to be linked against a redis client library (like hiredis). Redis 2.4 and 2.6 should be supported to guarantee compatibility with most GNU/Linux distributions.

The feature can be implemented to export an interface that is extremely similar to the existing one, thus requiring only minor changes to the scanner code itself. Once the feature is considered stable and mature enough, the interface could be simplified or extended in a way that would allow OpenVAS to leverage more features from Redis. The access to redis would (at least initially) be done through a Unix socket, so that standard filesystem permissions can be used to control access to the KB.

Design and Implementation

The following steps would need to be done:

  1. Specify and implement the KB interface that is to be exported to the scanner.

  2. Implement a Redis-based backend.

  3. Determine and document the recommended configuration and settings for redis with OpenVAS.

History