Prisma Cloud Compute: scan returns EOF error on Container Defender
781
Created On 10/05/23 15:26 PM - Last Modified 02/21/25 19:08 PM
Symptom
Scanning process doesn't gives vulnerability data and gives the below error in the defender logs :
DEBU 2023-08-01T07:34:16.951 manager_container.go:1049 Profile update new: 1 total: 1 DEBU 2023-08-01T07:34:16.951 radar_container.go:331 Received profile update for sha256:83a4766d5ee6c799c93f42c101145f3a4c6f87d670ff4b59b1c66cabb9c746c6_twistlock_ ERRO 2023-08-01T07:34:20.550 host_scanner_client.go:139 Failed waiting on host scan command: signal: killed ERRO 2023-08-01T07:34:20.550 scanner.go:428 Failed executing host scanning: EOF
Environment
- PCC self-hosted 30.00.140
- Defender 30.00.140
Cause
Container Defender - Linux was running out of memory.
Resolution
We increase the memory reserved for the defender. By default the reserved memory for the container is 512Mb
# Remark: Defender is the only container that has a name combined from container name and TAG ${docker} ${docker_action} \ $(get_userns_flag) \ --name=${container_name} \ --net=host \ --pid=host \ ${caps} \ -e WS_ADDRESS=${WS_ADDRESS} \ -e INSTALL_BUNDLE=${install_bundle} \ -e HOSTNAME=${DEFENDER_CN} \ -e LOG_PROD=true \ -e DEFENDER_LISTENER_TYPE=${DEFENDER_LISTENER_TYPE} \ -e REGISTRY_SCAN_ENABLED=${registry_enabled} \ -e DATA_FOLDER=${DATA_FOLDER} \ -e SYSTEMD_ENABLED=${SYSTEMD_ENABLED} \ -e HOST_CUSTOM_COMPLIANCE_ENABLED=${HOST_CUSTOM_COMPLIANCE_ENABLED} \ -e CLOUD_HOSTNAME_ENABLED=${CLOUD_HOSTNAME_ENABLED} \ -e FIPS_ENABLED=${FIPS_ENABLED} \ ${additional_env} \ ${additional_mounts} \ -v ${DATA_FOLDER}:/var/lib/twistlock \ -v ${syslog_mount}:${syslog_mount} \ ${additional_parameters} \ --cpu-shares 900 \ -m 512m \ ${defender_image} >>${install_log} 2>&1
Increased the default reserved memory to 1GB.
docker update --memory 1Gi
Additional Information
View our documentation here on How to update CPU and Memory for Defenders.