Want more timely Centmin Mod News Updates?
Become a Member

LFD crashing on a virgin Centmin Install due to maldet/clamav memory usage

Discussion in 'Add Ons' started by David Coate, Feb 20, 2021.

Tags:
  1. David Coate

    David Coate New Member

    8
    2
    3
    Jun 20, 2020
    Pensacola, Florida, US
    Ratings:
    +6
    Local Time:
    5:53 PM
    Please fill in any relevant information that applies to you:
    • CentOS Version:CentOS 7 64bit
    • Centmin Mod Version Installed:123.09beta01
    • Nginx Version Installed: 1.19.6
    • PHP Version Installed: 7.4.15
    • MariaDB MySQL Version Installed: i.e. 10.3.27
    • When was last time updated Centmin Mod code base ? : cronjob for cmupdate
    • Persistent Config:
      Code (Text):
      ZONEINFO=America/Chicago
      CUSTOM_CURLRPM=y
      NGINX_SSLCACHE_ALLOWOVERRIDE='y'
      NGINX_STAPLE_CACHE_OVERRIDE='y'
      NGINX_STAPLE_CACHE_TTL='86400'
      SET_DEFAULT_MYSQLCHARSET='utf8mb4'
      AUTOHARDTUNE_NGINXBACKLOG='y'
      ZSTD_LOGROTATE_NGINX='y'
      ZSTD_LOGROTATE_PHPFPM='y'
      LETSENCRYPT_DETECT='y'
      DUALCERTS='y'
      SELFSIGNEDSSL_ECDSA='y'
      NGINX_ZERODT='y'
      NGINX_LIBBROTLI='y'
      NGXDYNAMIC_BROTLI='y'
      PHP_PGO_ALWAYS='y'
      PHP_PGO='y'
      PHP_BROTLI='y'
      PHP_LZFOUR='y'
      PHP_LZF='y'
      PHP_ZSTD='y'
      PHPFINFO='y'
      WPCLI_CE_QUERYSTRING_INCLUDED='y'
      MARCH_TARGETNATIVE='n'
      AUDITD_ENABLE='y'
      ACMEDEBUG='y'
      
    I have set up autoupdating for yum and cmupdate per Centmin instructions and automated the install via the advanced configuration guide using zstd log compression and MalDet addon. I'm seeing the LFD Daemon crash after Nginx log rotation and staying down until the next cron job restarts it at midnight.


    Code (Text):
    Feb 19 00:00:02 hada lfd[60495]: Watching /var/log/httpd/error_log...
    Feb 19 04:42:44 hada lfd[60495]: /var/log/nginx/localhost.access.log rotated. Reopening log file
    Feb 19 04:42:44 hada lfd[60495]: Watching /var/log/nginx/localhost.access.log...
    Feb 19 04:42:44 hada lfd[60495]: /var/log/nginx/localhost.error.log rotated. Reopening log file
    Feb 19 04:42:44 hada lfd[60495]: Watching /var/log/nginx/localhost.error.log...
    Feb 19 04:55:46 hada lfd[60495]: *Error* cannot fork: Cannot allocate memory, at line 10605
    Feb 19 04:55:47 hada lfd[60495]: daemon stopped
    


    This happens with with or without a vhost created and on multiple servers. On my older servers created via manual install I don't have the problem. If I set csf.conf DEBUG="3", lfd.log shows the debugging logs and the problem doesn't happen, If I set it back to DEBUG="0" the problem reappears. It happens after a random time after midnight, usually within the first six hours of the day and then LFD daemon is down until cron restarts it at midnight. These servers are on the Linode Nanonode plan w/1GB memory. Not sure if this is an issue with zstd, lfd, too little memory, or ?? Since this happens after a virgin install before I've added anything to server I'm wondering if anyone else has experienced LFD crashing with same error.
     
  2. David Coate

    David Coate New Member

    8
    2
    3
    Jun 20, 2020
    Pensacola, Florida, US
    Ratings:
    +6
    Local Time:
    5:53 PM
    Update - after viewing more logs, I see that cron is kicking off the MalDet scans when LFD is crashing. Clamscan logs shows clamscan running out of memory which is causing LFD to run out of memory.
    So it looks like a 1GB VPS is maybe not enough memory for clamscan to run reliably. So either studying memory usage more or just run with Maldet without Clamscan may be the answer. Does running LFD with DEBUG="3" reduce LFD memory usage somehow? more checking!
     
  3. eva2000

    eva2000 Administrator Staff Member

    46,851
    10,627
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +16,493
    Local Time:
    8:53 AM
    Nginx 1.19.x
    MariaDB 5.5/10.x
    yes maldet with clamav/clamscan will consume lots of memory which speeds up maldet scans Maldet - Linux Malware Detect Addon (discussion). Maldet without clamav/clamscan is very very very slow

    Memory usage also dependent on how many files/directories you scan sometimes. So with Maldet/ClamAV probably need an extra 1-4GB of memory.