cobbr
commented
3 years ago I appreciate that this could be a frustrating issue, but I'm going to need help identifying memory leaks, if they exist. I'm not able to tell what the issue is from this description.
javierantunez
When using Covenant normally on a Ubuntu Server, after some time of use memory use spikes gradually until the oom_killer kills the Covenant process. I tried resizing the vm several times, from 4GB up to 16GB, but the problem persists and eventually covenant server crashes. I don't know if the HW requirements are not meeted in my scenario or there is a bug.
dmesg [2385505.072155] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=/,mems_allowed=0,global_oom,task_memcg=/user.slice/user-0.slice/session-759.scope,task=Covenant,pid=210546,uid=0 [2385505.072259] Out of memory: Killed process 210546 (Covenant) total-vm:40059000kB, anon-rss:15893864kB, file-rss:0kB, shmem-rss:8kB, UID:0 pgtables:33284kB oom_score_adj:0 [2385505.384048] oom_reaper: reaped process 210546 (Covenant), now anon-rss:0kB, file-rss:0kB, shmem-rss:8kB
Describe the feature request or bug When using Covenant normally on a Ubuntu Server, after some time of use memory use spikes gradually until the oom_killer kills the Covenant process.
To Reproduce Steps to reproduce the behavior:
Expected behavior Covenant server should not crash
Covenant Server Information: uname -a 5.4.0-72-generic #80-Ubuntu SMP Mon Apr 12 17:35:00 UTC 2021 x86_64 x86_64 x86_64 GNU/Linux
mpstat Linux 5.4.0-72-generic (C2BE) 06/08/21 _x8664 (8 CPU) 14:27:20 CPU %usr %nice %sys %iowait %irq %soft %steal %guest %gnice %idle 14:27:20 all 0.69 0.00 0.21 0.08 0.00 0.01 0.00 0.00 0.00 99.01
This image is of covenant memory comsuption in idle status
Browser Information:
Target Information (System that implant is running on):
Additional context Looks like the problem gets worse when importing more than one powershell module. Y some cases after a few days of operation suddenly the memory comsumption spikes at every command executed in any grunt.