Welcome to OCS Inventory NG community support, where you can ask questions and receive answers from other members of the community.

Please ask questions only in English or French.

Release 2.11.1 available

The official documentation can be found on http://wiki.ocsinventory-ng.org. Read it before asking your question.

Categories

The cron_cve.php sends too many queries

Hi:

My environment is as follows:

Operating system:

  • OS Name: Linux x86_64
  • Version: 4.15.0-112-generic
  • RAM installed: 3001 MB
  • Free RAM: 677 MB
  • CPU: Intel(R) Core(TM) i5-4590 CPU @ 3.30GHz
  • Distribution: Ubuntu 18.04.5 LTS

OCS server:

  • PHP Version : 7.2.24
  • Web Server : Apache/2.4.46 (Ubuntu)
  • Database Server : mariadb.org binary distribution version 10.3.17-MariaDB-1:10.3.17+maria~bionic-log
  • Version OCSReports: 2.8  (update form 2.6)

I have CVE enabled and set:

  • VULN_CVESEARCH_HOST: http://localhost:5000

When I run the cron_cve.php script manually, in the script console I get entries similar to this:

  • ....
  • Processing FNMT-RCM softwares....
  • ....

And in the cve-search server console i can see one entry for each query made by the cron_cve.php script

  • ...
  • 127.0.0.1 - - [09/Oct/2020 10:37:10] "GET /api/search/fnmtrcm/configurador_fnmt HTTP/1.1" 
  • ...

The problem is that there is one entry for each computer that has the software installed, even if it is the same software, in the same version and installed on computers with the same operating system.

I have 500 OCS clients with the same operating system and 90% of the software installed on them is the same, in the same versions, so the time taken for the script is several days ...

I think that if the queries were done only once per different software and version, the execution time would be reduced to a few hours

Is it correct that the script works as described? 

is there any reason to submit all these requests?

Thank you

in OCS Inventory NG server for Unix by (560 points)
edited by
Share on
share on gp share on fb share on tw share on li

1 Answer

0 votes

I've the same issue. Most of the functionality is in the function "getSoftwareInformations" in /usr/share/ocsinventory-reports/ocsreports/require/cve/Cve.php.

There are two nested loops: The outer loop goes through all publisher and the inner loop through all software (from the publishers) on all computers.

Since the table "software"  has a row for each software/hardware combination (see mysql: describe software;), the loop run through for each computer/software combination.

I fixed it by adding a "DISTINCT" to the SQL query (Line 133 in Cve.php):

$sql_soft = "SELECT DISTINCT n.NAME, v.VERSION, s.NAME_ID, s.VERSION_ID

FROM software_name n LEFT JOIN software s ON s.NAME_ID = n.ID
LEFT JOIN software_version v ON v.ID = s.VERSION_ID
WHERE s.PUBLISHER_ID = %s AND s.VERSION_ID != 1";

 

I haven't tested it yet. A test with the local cve-search is in progress. The number of request are reduced and it looks like, that there only one request per software and version and not per computer on which the software is installed.

by (140 points)
 
Powered by Question2Answer
...