I have more than 10 networks to scan, I would not to add them in a single target
For my usage, one target per network is more simple to admin
But when I schedule all tasks in the same time, GVM crashes. It is normal to many ressources needed
So I schedule dufferent period by groups of tasks, without warranty that all tasks finish before new tasks start
I found this post with a good idea : Extended Schedules
The feature to limit scan per scheduling, but it doesn’t exist
Do you have an idea to limit the number of tasks per schedule to preserve ressources of the host?
Thanks for your help
When I launch more than 3 tasks, openvas crashes because it consumes all the memoey of the server
Here is the logs
nov. 14 10:42:02 Pentesting-01 kernel: Out of memory: Killed process 2337524 (ospd-openvas) total-vm:883956kB, anon-rss:199668kB, file-rss:256kB, shmem-rss:0kB, UID:110 pgtables:1192kB oom_score_adj:0
nov. 14 10:42:02 Pentesting-01 systemd-journald: /dev/kmsg buffer overrun, some messages lost.
nov. 14 10:41:57 Pentesting-01 systemd: ospd-openvas.service: A process of this unit has been killed by the OOM killer.
nov. 14 10:41:57 Pentesting-01 systemd: firstname.lastname@example.org: A process of this unit has been killed by the OOM killer.
nov. 14 10:41:57 Pentesting-01 systemd: email@example.com: Main process exited, code=killed, status=9/KILL
nov. 14 10:41:57 Pentesting-01 systemd: firstname.lastname@example.org: Failed with result 'signal'.
nov. 14 10:41:57 Pentesting-01 systemd: user-0.slice: A process of this unit has been killed by the OOM killer.
The server has 4Go of RAM and 2 vCPU
In my mind, it is normal because there is no limitation of ressources by task
4GB of RAM is the minimum requirement to run a scan task. It is not enough to run several scans each with numerous hosts. If you don’t have a system with enough RAM, you can try the Greenbone Cloud Service (GCS) which will aleviate you from all the responsibility of managing the Greenbone software stack itself. With the cloud service, you can just focus on finding the vulnerabilities in your infrastructure,
It is not the system that is crashing, it´s Linux and the out of memory killer that kills just the process.
There is NO_WAY around that. You could add 12GB of Swap, but then you will execute the scan on the hard disk and no longer on the RAM.