Open sonstar2 opened 2 months ago
Thanks!
system hangs after oom kills oscap. Should oscap check the available ram size and stops executing if the minimum memory requirement doesn't meet?
Sep 13 01:37:51 ip-10-0-1-132 kernel: oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=/,mems_allowed=0,global_oom,task_memcg=/user.slice/user-1000.slice/session-1.scope,task=oscap,pid=15531,uid=0 Sep 13 01:37:51 ip-10-0-1-132 kernel: Out of memory: Killed process 15531 (oscap) total-vm:1914356kB, anon-rss:455456kB, file-rss:0kB, shmem-rss:0kB, UID:0 pgtables:1276kB oom_score_adj:0 Sep 13 01:37:51 ip-10-0-1-132 systemd[1]: session-1.scope: A process of this unit has been killed by the OOM killer. Sep 13 01:38:17 ip-10-0-1-132 oscap[15903]: Evaluation started. Content: /usr/share/xml/scap/ssg/content/ssg-rhel9-ds.xml, Profile: xccdf_org.ssgproject.content_profile_e8. Sep 13 01:38:53 ip-10-0-1-132 systemd-logind[640]: New session 3 of user ec2-user. Sep 13 01:38:53 ip-10-0-1-132 systemd[1]: Started Session 3 of User ec2-user. Sep 13 01:38:53 ip-10-0-1-132 systemd[1]: Starting Hostname Service... Sep 13 01:38:53 ip-10-0-1-132 systemd[1]: Started Hostname Service. Sep 13 01:38:55 ip-10-0-1-132 su[15957]: (to root) root on pts/1
Sep 13 01:39:25 ip-10-0-1-132 systemd[1]: systemd-hostnamed.service: Deactivated successfully. Sep 13 01:39:29 ip-10-0-1-132 oscap[15903]: Evaluation finished. Return code: 2, Base score 56.775208.
$ oscap -V OpenSCAP command line tool (oscap) 1.3.10
$ cat /etc/redhat-release Red Hat Enterprise Linux release 9.4 (Plow)
Title Write Audit Logs to the Disk Rule xccdf_org.ssgproject.content_rule_auditd_write_logs Ident CCE-83705-4 Result pass
oscap should check the minimum resource requirements before executing rather than causing a serious issue on the system
Thanks!
Description of Problem:
system hangs after oom kills oscap. Should oscap check the available ram size and stops executing if the minimum memory requirement doesn't meet?
Sep 13 01:37:51 ip-10-0-1-132 kernel: oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=/,mems_allowed=0,global_oom,task_memcg=/user.slice/user-1000.slice/session-1.scope,task=oscap,pid=15531,uid=0 Sep 13 01:37:51 ip-10-0-1-132 kernel: Out of memory: Killed process 15531 (oscap) total-vm:1914356kB, anon-rss:455456kB, file-rss:0kB, shmem-rss:0kB, UID:0 pgtables:1276kB oom_score_adj:0 Sep 13 01:37:51 ip-10-0-1-132 systemd[1]: session-1.scope: A process of this unit has been killed by the OOM killer. Sep 13 01:38:17 ip-10-0-1-132 oscap[15903]: Evaluation started. Content: /usr/share/xml/scap/ssg/content/ssg-rhel9-ds.xml, Profile: xccdf_org.ssgproject.content_profile_e8. Sep 13 01:38:53 ip-10-0-1-132 systemd-logind[640]: New session 3 of user ec2-user. Sep 13 01:38:53 ip-10-0-1-132 systemd[1]: Started Session 3 of User ec2-user. Sep 13 01:38:53 ip-10-0-1-132 systemd[1]: Starting Hostname Service... Sep 13 01:38:53 ip-10-0-1-132 systemd[1]: Started Hostname Service. Sep 13 01:38:55 ip-10-0-1-132 su[15957]: (to root) root on pts/1
Sep 13 01:39:25 ip-10-0-1-132 systemd[1]: systemd-hostnamed.service: Deactivated successfully. Sep 13 01:39:29 ip-10-0-1-132 oscap[15903]: Evaluation finished. Return code: 2, Base score 56.775208.
OpenSCAP Version:
$ oscap -V OpenSCAP command line tool (oscap) 1.3.10
Operating System & Version:
$ cat /etc/redhat-release Red Hat Enterprise Linux release 9.4 (Plow)
Steps to Reproduce:
Actual Results:
System hangs after printing out the following output
Title Write Audit Logs to the Disk Rule xccdf_org.ssgproject.content_rule_auditd_write_logs Ident CCE-83705-4 Result pass
Expected Results:
oscap should check the minimum resource requirements before executing rather than causing a serious issue on the system
Additional Information / Debugging Steps: