Comments (17)
Confirmed , after hugepage disable , it running well.
from emba.
from emba.
Thank you for your feedback. I will add a link to this thread in our wiki
Just another parameter needs to be changed in redis-server,
save <seconds> <changes>
#
# Will save the DB if both the given number of seconds and the given
# number of write operations against the DB occurred.
#
# In the example below the behavior will be to save:
# after 900 sec (15 min) if at least 1 key changed
# after 300 sec (5 min) if at least 10 keys changed
# after 60 sec if at least 10000 keys changed
#
# Note: you can disable saving completely by commenting out all "save" lines.
#
# It is also possible to remove all the previously configured save
# points by adding a save directive with a single empty string argument
# like in the following example:
#
# save ""
save 900 1
save 300 10
save 60 10000
this is ok if you have > 8GB ram, but I suggest 100 seconds per GB / RAM
eX: 4GB
save 400 100
with 2GB I put:
save 120 1
because just mongo and docker took 90 % of RAM
The Kali Distro just came with a 1GB swap partition, same amount of GB on RAM for swap space will help a lot .
EDIT: Added markdown tags for better readability.
from emba.
cve-search has a problem getting the number of available cores in virtual machines, bypass needs to be set manually set to avoid crashing.
sudo env "WORKER_SIZE=1" ./sbin/db_updater.py -c
or
export WORKER_SIZE=1
or save WORKER_SIZE=1 in a file in /etc/enviroment.d/
this way the queue will be sent to all cores in sync.
Regards
from emba.
In my first installation I had some issues with the cve-database. It needs a complete drop and repopulation:
└─$ sudo ./external/cve-search/sbin/db_updater.py -f
afterwards it was running as expected. Could someone verify this?
I have included this update to our installer: 2c26077
from emba.
It last just 20 minutes , after crashing multiple times.
redis-server has a maxmemory value of 0, also is not auto started.
'echo madvise > /sys/kernel/mm/transparent_hugepage/enabled'
'To fix this issue add 'vm.overcommit_memory = 1' to /etc/sysctl.conf / reboot
supervised by systemd - you MUST set appropriate values for TimeoutStartSec and TimeoutStopSec in your service unit.
from emba.
Thank you for your feedback and your solution. Can you please give us some information about your setup? I also had issues with Redis once and solved it by increasing the available storage for my Kali VM from 4GB to 8GB. But I don't know if it's the same problem, so I need additional information from you.
from emba.
Thank you for your feedback and your solution. Can you please give us some information about your setup? I also had issues with Redis once and solved it by increasing the available storage for my Kali VM from 4GB to 8GB. But I don't know if it's the same problem, so I need additional information from you.
The issue is that redis-server crashes all other process because of the huge memory pages, you cannot limit it because you will broke a dependency method, I tried 5, 8 , 12 GB ram and it is worst 2GB Ram is enough, just set transparent_hugepage to
'madvise' or better to 'never' , do not give permission to make a giant RAM DRIVE to redis.
last time I used transparent_hugepage was in red hat 5
Kali Rolling (2021.2) x64 2021-05-31 on WorkStation 16.x VM
Just disable permanently by creating a service.
$sudo nano /etc/systemd/system/disable-thp.service
[Unit]
Description=Disable Transparent Huge Pages (THP)
[Service]
Type=simple
ExecStart=/bin/sh -c "echo 'never' > /sys/kernel/mm/transparent_hugepage/enabled && echo 'never' > /sys/kernel/mm/transparent_hugepage/defrag"
[Install]
WantedBy=multi-user.target
$ sudo systemctl daemon-reload
$ sudo systemctl start disable-thp
$ sudo systemctl enable disable-thp
Both Mongo and Redis has the issue with hugepages. so be sure that DBs start after disabling the pages and its defrag.
Kind Regards.
from emba.
As far as I can see the redis server is started during the installation process (see
Line 530 in 849eba6
emba/config/cve_database_updater.init
Line 8 in 849eba6
from emba.
2GB of memory is not a lot for emba. Probably we should add a wiki section with hardware requirements.
from emba.
from emba.
I have added a quick prerequisits section to our wiki: https://github.com/e-m-b-a/emba/wiki/Installation#prerequisites
from emba.
Thank you for your feedback. I will add a link to this thread in our wiki
from emba.
Thank you for your feedback and your manual on getting everything up and running on less powered hosts.
I have created the following entry in our wiki: https://github.com/e-m-b-a/emba/wiki/Installation#prerequisites
Additionally I have linked your manual in the cve installation area: https://github.com/e-m-b-a/emba/wiki/Installation#cve-search-installation-just-in-case-the-installer-fails
Thanks and keep on using and improving emba :)
from emba.
Just an fyi, this entire thing is still an issue. I also set stop-writes-on-bgsave-error no
in /etc/redis/redis.conf
to prevent some errors. After the installation fails you can do the following to clean out (maybe add to the installation page on the wiki for us redis noobs?):
# redis-cli
127.0.0.1:6379> FLUSHDB
OK
127.0.0.1:6379> FLUSHALL
OK
127.0.0.1:6379> exit
# /etc/init.d/redis-server restart
Restarting redis-server (via systemctl): redis-server.service.
# ./external/cve-search/sbin/db_updater.py -f
And then suddenly the installation ran smoothly.
Off-topic fyi: Your tool depends on netstat
, so it is necessary to sudo apt install net-tools
on a fresh Ubuntu, maybe make that a dependency
from emba.
Thank you for your ongoing effort and updates on this redis issue. I will add some notes to the wiki.
Regarding the net-tools: They should get installed:
Line 357 in 5bc2275
Could you do a quick check if your EMBA installation is up to date and if the installation of this dep is failing?
from emba.
I'm running in a fresh Ubuntu VM and cloned EMBA from git then ran the installer and yes, it seems to have failed to install the net-tools.
I could (untested!) imagine that the way you handle parameters with a dash (-) in it, that it somehow breaks because the dash is interpreted as a command line parameter switch. But that's just wild speculation.
from emba.
Related Issues (20)
- NVD CVE database missing HOT 3
- f10 + p99 csv files question HOT 3
- Specify file system instead of firmware HOT 4
- Internet connection - not OK HOT 6
- Improve "ISC DHCP" detection and CVE search HOT 13
- installer.sh failing with non-english locale HOT 10
- module_blacklist.txt gets ignored with default-scan.emba profile HOT 2
- Are we able to get the file system in the firmware? HOT 7
- The s110 module cannot be executed normally HOT 4
- New Kali Linux 2024-2 available HOT 8
- docker image question HOT 9
- emba install error << when i start build the emba in docker with this command "sudo docker-compose build emba " the install stop in 7/9 step << please help me HOT 6
- unsupported manifest format HOT 5
- installer issue HOT 3
- running issue HOT 9
- cannot finish the installation HOT 7
- "./installer.sh -d " failed HOT 3
- Report generation after a (default) scan HOT 8
- Run sudo ./installer.sh in a gitpod.io instance and receive an error HOT 8
- Installation stopped HOT 10
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from emba.