ghndrx/prowler
1
0
Fork 0
mirror of https://github.com/ghndrx/prowler.git synced 2026-02-10 14:55:00 +00:00
Code Issues Packages Projects Releases Wiki Activity

fix(ulimit): handle low ulimit OSError (#2042)

Browse Source 
Co-authored-by: Toni de la Fuente <toni@blyx.com>
This commit is contained in:
Sergio Garcia
2023-03-07 13:19:24 +01:00
committed by GitHub
parent a24cc399a4
commit 3ddb5a13a5
3 changed files with 19 additions and 6 deletions
Download Patch File Download Diff File Expand all files Collapse all files

10
prowler/lib/check/check.py
View File

@@ -4,6 +4,7 @@ import os
import sys import sys
import traceback import traceback
from pkgutil import walk_packages from pkgutil import walk_packages
from resource import RLIMIT_NOFILE, getrlimit
from types import ModuleType from types import ModuleType
from typing import Any from typing import Any
@@ -108,7 +109,7 @@ def exclude_services_to_run(
# Load checks from checklist.json # Load checks from checklist.json
def parse_checks_from_file(input_file: str, provider: str) -> set: def parse_checks_from_file(input_file: str, provider: str) -> set:
checks_to_execute = set() checks_to_execute = set()
f = open_file(input_file) with open_file(input_file) as f:
json_file = parse_json_file(f) json_file = parse_json_file(f)
for check_name in json_file[provider]: for check_name in json_file[provider]:
@@ -356,6 +357,13 @@ def execute_checks(
audit_progress=0, audit_progress=0,
) )
# Check ulimit for the maximum system open files
soft, _ = getrlimit(RLIMIT_NOFILE)
if soft < 4096:
logger.warning(
f"Your session file descriptors limit ({soft} open files) is below 4096. We recommend to increase it to avoid errors. Solve it running this command `ulimit -n 4096`. For more info visit https://docs.prowler.cloud/en/latest/troubleshooting/"
)
# Execution with the --only-logs flag # Execution with the --only-logs flag
if audit_output_options.only_logs: if audit_output_options.only_logs:
for check_name in checks_to_execute: for check_name in checks_to_execute:

5
prowler/lib/utils/utils.py
View File

@@ -16,6 +16,11 @@ from prowler.lib.logger import logger
def open_file(input_file: str, mode: str = "r") -> TextIOWrapper: def open_file(input_file: str, mode: str = "r") -> TextIOWrapper:
try: try:
f = open(input_file, mode) f = open(input_file, mode)
except OSError:
logger.critical(
"Ooops! You reached your user session maximum open files. To solve this issue, increase the shell session limit by running this command `ulimit -n 4096`. For more info visit https://docs.prowler.cloud/en/latest/troubleshooting/"
)
sys.exit(1)
except Exception as e: except Exception as e:
logger.critical( logger.critical(
f"{input_file}: {e.__class__.__name__}[{e.__traceback__.tb_lineno}]" f"{input_file}: {e.__class__.__name__}[{e.__traceback__.tb_lineno}]"

4
prowler/providers/aws/aws_provider.py
View File

@@ -110,7 +110,7 @@ def generate_regional_clients(
regional_clients = {} regional_clients = {}
# Get json locally # Get json locally
actual_directory = pathlib.Path(os.path.dirname(os.path.realpath(__file__))) actual_directory = pathlib.Path(os.path.dirname(os.path.realpath(__file__)))
f = open_file(f"{actual_directory}/{aws_services_json_file}") with open_file(f"{actual_directory}/{aws_services_json_file}") as f:
data = parse_json_file(f) data = parse_json_file(f)
# Check if it is a subservice # Check if it is a subservice
json_regions = data["services"][service]["regions"][ json_regions = data["services"][service]["regions"][
@@ -144,7 +144,7 @@ def generate_regional_clients(
def get_aws_available_regions(): def get_aws_available_regions():
try: try:
actual_directory = pathlib.Path(os.path.dirname(os.path.realpath(__file__))) actual_directory = pathlib.Path(os.path.dirname(os.path.realpath(__file__)))
f = open_file(f"{actual_directory}/{aws_services_json_file}") with open_file(f"{actual_directory}/{aws_services_json_file}") as f:
data = parse_json_file(f) data = parse_json_file(f)
regions = set() regions = set()