CPU usage limit feature
This feature was implemented to resolve possible server load issues by limiting the overall CPU usage of BitNinja's modules.
By default, the feature is disabled, and BitNinja's CPU usage is not limited.
The CPU usage limit can be changed from the Configurations menu Under the System module, or it can be also modified from the System module's config.ini file as well. The name of the variable in the config file is cpuUsageLimit
What is limited
The WAF module's Nginx server cannot be limited in this manner as limiting them would make the server unavailable if the connections could not be accepted if serving them would mean crossing the CPU limit threshold. This means the limit does not affect the WAF module's Nginx workers and the HAproxy used by the SSL terminating module. Also, the BitNinja Dispatcher and bitninja-mq modules are not limited by the cpuUsageLimit variable, as limiting them might cause settings and incidents to be lost in some instances.
All other modules will use the CPU in a percentage lower than or the same as the cpuUsageLimit variable. The processes/workers that are running would cross the threshold and will be paused. This means setting the limit too low will slow down the malware scan.
Further limiting the Malware detection module's effect on the load with the module-specific settings is not recommended if the system-level CPU usage limitation is enabled. Applying both load reduction methods will significantly slow down the malware scans.
The limit will also affect the Inotify-wait file system monitor's CPU usage as well. However the AuditD file system monitor cannot be limited by this feature as it is outside of BitNinja.
After setting up a limit, the agent might start up slower after the agent was restarted or after the agent was updated. Also, setting the value too low might cause API request timeout errors and curl request timeout errors in any of the BitNinja logs. In such cases, the limit should be raised.
Possible values for the variable
The feature understands values from 20-100. This represents the percentage of CPU that the BitNinja agent can use overall. If no value is added or it is set to 100, then the feature is disabled.
If a value lower than 20 is added then the feature will set it to 20. If the cpuUsageLimit is set to a value greater than 100, then it will be set to 100% which means the feature is disabled, and there is no limit given.
Kernel limitations
Among the Linux distributions supported by BitNinja, Debian 11 and Ubuntu 22 versions did not support the CPU limitation feature by default because of a kernel flag.
However, this compatibility issue can be solved by the following steps:
Create a config file in the grub.d directory with the command below:
echo "GRUB_CMDLINE_LINUX=systemd.unified_cgroup_hierarchy=false" | sudo tee /etc/default/grub.d/cgroup.cfgUpdate grub:
sudo update-grubReboot the server:
sudo reboot
There are no known dangers of changing this setting.
You can check if your server needs to enable the kernel feature by checking if the following directories are populated or even exist.
On Debian-based servers, check the /sys/fs/cgroup directory if the cpu.cfs_quota_us or cpu.cfs_period_us files exists.
On CentOS/Redhat systems the cpu.cfs_period_us or cpu.cfs_quota_us files are present in the /sys/fs/cgroup/cpu* directory.
After setting up the limit, you can check the BitNinja agent's main log file under /var/log/bitninja/main.log to ensure no Warning messages are referring to the cgroup value.