I know this might be a little untraditional and a little more complicated than necessary, but I am building openvas weekly and pushing it out as a single docker container with all of its updates. However, one thing that I’ve noticed is that pulling down and running the image turns into another updating process. I believe this might be contributing to some memory consumption issues.
I notice this specifically when gvmd is started. It starts going through its “Updating CPEs” process (even though the image was just built with the latest), and eventually /tmp maxes out the disk space or the memory consumption goes to 4GB+, eventually crashing.
Is there a way to simply start the gvmd service without updating CPEs?
No I don’t think so. When gvmd and ospd-openvas are started both need to ensure that their data is up to date. Therefore both start to read the data they are responsible for.
Gotcha. So if I’m understanding correctly, gvmd will trigger updates every single time the service starts? Even if you start it, run updates, stop it, and then start it again, it’ll restart updates again?
To be precise, gvmd will not trigger updates. It will just load the feed data from the provided files and update its database. But yes it will do that with every start of the the daemon because the data may have been updated in the meanwhile. It’s similar for ospd-openvas with the addition that ospd-openvas needs to create a redis database with the VT meta information with every startup because this redis db is not persistent. Thus you should avoid shutting down both.