I have three main proxy servers running Squid, Squidguard and DansGuardian servicing over 1300 desktop computers. The stock DansGuardian code includes a setting to limit the number of potential DansGuardian child processes to the operating system file descriptor limits. I have managed to increase this to 900 but would like to push it further. The setting controlling this is:
maxchildren = 900
in my dansguardian.conf file. This limit was a bit unrealistic since the machines running DansGuardian had the memory available to deal with a much higher load. So following on from what other users have done I set about building an rpm for DansGuardian with higher limits.
Assumptions
I am assuming CentOS5 and Clam version 0.98 so amendments may be needed for future versions. I created a virtual machine for compilation purposes and then deployed the rpm on the production servers.
Install dependencies
On the CentOS5 VM used for compilation:
yum install zlib-devel pcre-devel
yum groupinstall 'Development Tools'
Install the RPMforge Repository
yum install clamd clamav-devel
Get the Source Files
mkdir -p /usr/src/redhat/{BUILD,RPMS,SOURCES,SPECS,SRPMS}
cd /usr/src/redhat/SOURCES
wget http://dansguardian.org/downloads/2/Stable/dansguardian-2.10.1.1.tar.gz
cd ../SPECS
wget http://ftp.qb.com.au/pub/yum/SPECS/dansguardian-centos-clamav.spec
Edit the Source Code
To the SPEC file you just downloaded an extra line is needed under the %{configure} section:
CXXFLAGS=-DFD_SETSIZE=8192
so it afterwards should read:
%{configure} \
CXXFLAGS=-DFD_SETSIZE=8192 \
--enable-clamav=no \
--enable-clamd=yes \
...
Next we need to make some changes to the operating system (only on the compilation machine).
/usr/include/bits/typesizes.h
setting:
#define __FD_SETSIZE 8192
And also:
/usr/include/linux/posix_types.h
setting:
#define __FD_SETSIZE 8192
Before comiling/building also set ulimit:
ulimit -n 8192
Build the RPM
Next, in the /usr/src/redhat directory:
rpmbuild -v -bb --clean /usr/src/redhat/SPECS/dansguardian-centos-clamav.spec
Assuming the build runs successfully you will find the rpm in /usr/src/redhat/RPMS/x86_64
Tar File
I have tarred up the contents of my own /usr/src/redhat directory for future convenience. This tar file includes:
- DansGuardian 2.10.1.1 source tarball
- SysV Start script and Logrotate file for Centos 5
- Spec file for rpmbuild amended with CXXFLAGS option
- The output rpm dansguardian-clamav-2.10.1.1-0.1.el5.clamav.0.98.x86_64.rpm
This tar file can be extracted and you could run the jonny-build.sh script to attempt the build or you can do the steps above manually. If you just want to install DansGuardian version 2.10.1.1 on Centos 5 x86_64 you could use the RPM.
The instructions above may need to be amended for CentOS6 / RedHat 6 – I haven’t tried that yet.
Testing
After installing the RPM try amending the dansguardian.conf file setting maxchildren value to say 2048 to see how things go. If there are problems (e.g. rabbits dammit) try the check list below.
Check list
If you are still having problems getting it to work check the following:
- Has “ulimit -n 8192” been set in the dansguardian startup script?
- When you run “/usr/sbin/dansguardian -v” do you see ‘CXXFLAGS=-DFD_SETSIZE=8192’
- Did you amend the following files on the build machine before running the rpmbuild command:
/usr/include/bits/typesizes.h
/usr/include/linux/posix_types.h
- Do you have enough RAM to cope with the increase in DansGuardian processes?
Nice tuto… But… I’m having trouble to build the rpm on CentOS 6.6 and Dansguardian 2.12.0.3. It keeps asking for the wrong directory and the dansguardian_gcc43.patch. After ignoring those, it fails by the end of the building process. Can you update the tutorial revalidating the steps?
Sorry Thiago I changed job role a while back and no longer work with Squid/Dansguardian.