1 基础知识
本章节需要你先掌握Linux系统的Clamav编译部署,如你尚未具备此知识,烦请参阅如下章节熟悉,
2 最佳实践
2.1 部署前的准备
2.1.1 部署Docker环境
本章使用如下Docker环境部署,参阅本章建议你先搭建以下Docker集群环境并熟悉,
2.1.2 准备系统镜像
In docker01
cd /data/docker/images/ docker load -i centos_centos7.3.1611.tar docker tag centos:centos7.3.1611 docker01.cmdschool.org:5000/centos:centos7.3.1611 docker push docker01.cmdschool.org:5000/centos:centos7.3.1611 docker image rm centos:centos7.3.1611
另外,安装包的离线下载请在能上网的docker环境的机器上使用如下命令,
docker pull centos:centos7.3.1611 docker save centos:centos7.3.1611 -o centos_centos7.3.1611.tar
另外,其他版本请从以下链接下载,
https://hub.docker.com/_/centos
2.1.3 下载Clamav源码包
cd ~ wget http://www.clamav.net/downloads/production/clamav-0.102.3.tar.gz
注,另外其他版本请从以下链接下载(含二进制安装包,如rpm包),
http://www.clamav.net/download/
2.1.4 下载curl源码包
cd ~ wget https://curl.haxx.se/download/curl-7.65.3.tar.gz
注意:其他版本请从以下目录下载,
https://curl.haxx.se/download/
2.2 创建Clamav镜像
2.2.1 创建镜像项目文件夹
cd ~ mkdir ~/imageProject-clamav-0.102.3
2.2.2 创建Dockerfile
vim ~/imageProject-clamav-0.102.3/Dockerfile
加入如下配置,
FROM docker01.cmdschool.org:5000/centos:centos7.3.1611 MAINTAINER will@cmdschool.org # Install Tools RUN yum -y install net-tools telnet crontabs RUN yum -y install gcc gcc-c++ make expat-devel # Make Before COPY clamav-0.102.3.tar.gz /root COPY curl-7.65.3.tar.gz /root WORKDIR /root RUN tar -xf clamav-0.102.3.tar.gz RUN tar -xf curl-7.65.3.tar.gz RUN yum install -y libnghttp2-devel openssl-devel WORKDIR /root/curl-7.65.3 RUN ./configure --prefix=/usr/local/curl-7.65.3 \ --with-nghttp2 \ --with-ssl RUN make RUN make install # Install the required packages for make RUN yum install -y check-devel sendmail-devel libcurl-devel RUN rm -rf /var/cache/yum/* # Make Clamav WORKDIR /root/clamav-0.102.3 RUN ./configure '--build=x86_64-redhat-linux-gnu' \ '--host=x86_64-redhat-linux-gnu' \ '--target=x86_64-redhat-linux-gnu' \ '--prefix=/usr' \ '--bindir=/usr/bin' \ '--sbindir=/usr/sbin' \ '--libexecdir=/usr/libexec' \ '--sysconfdir=/etc' \ '--localstatedir=/var' \ '--libdir=/usr/lib64' \ '--includedir=/usr/include' \ '--datadir=/usr/share' \ '--infodir=/usr/share/info' \ '--localedir=/usr/share/locale' \ '--mandir=/usr/share/man' \ '--docdir=/usr/share/doc/clamav-0.102.3' \ '--exec-prefix=/usr' \ '--sharedstatedir=/var/lib' \ '--program-prefix=' \ '--enable-milter' \ '--disable-clamav' \ '--disable-static' \ '--disable-zlib-vcheck' \ '--disable-unrar' \ '--enable-id-check' \ '--enable-dns' \ '--with-dbdir=/var/lib/clamav' \ '--with-group=clamav' \ '--with-user=clamav' \ '--with-zlib=/usr' \ '--enable-ltdl-convenience' \ '--enable-check' \ '--with-systemdsystemunitdir=no' \ 'build_alias=x86_64-redhat-linux-gnu' \ 'host_alias=x86_64-redhat-linux-gnu' \ 'target_alias=x86_64-redhat-linux-gnu' \ 'CXXFLAGS=-O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector --param=ssp-buffer-size=4 -m64 -mtune=generic' \ 'LDFLAGS= -Wl,-z,relro' \ 'CFLAGS=-O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector --param=ssp-buffer-size=4 -m64 -mtune=generic -fPIC' \ 'PKG_CONFIG_PATH=:/usr/lib64/pkgconfig:/usr/share/pkgconfig' \ '--with-libcurl=/usr/local/curl-7.65.3' RUN make RUN make install RUN rm -rf /root/clamav-0.102.3* RUN rm -rf /root/curl-7.65.3* COPY clamd.conf /etc/clamd.conf COPY freshclam.conf /etc/freshclam.conf RUN groupadd -g 498 clamav RUN useradd -u 498 -g 498 -d /var/lib/clamav -s /sbin/nologin -c "Clam Anti Virus Checker" clamav RUN mkdir -p /var/log/clamav /var/run/clamav RUN chown clamav:clamav /var/lib/clamav /var/log/clamav /var/run/clamav RUN chmod 775 -R /var/lib/clamav/ /var/log/clamav RUN /usr/bin/freshclam --quiet RUN echo '47 * * * * /usr/bin/freshclam --quiet' >> /var/spool/cron/root RUN echo '#!/bin/bash' > /root/start.sh RUN echo 'echo "Starting Clamav Server...";' >> /root/start.sh RUN echo '/usr/sbin/clamd -F -c /etc/clamd.conf' >> /root/start.sh RUN chmod +x /root/start.sh EXPOSE 3310 WORKDIR /root CMD ["/bin/bash","./start.sh"]
“FROM”指令声明基于“centos7.3.1611”镜像打包
“COPY”指令声明复制当前目录的具体文件到打包的镜像
“ENV”指令声明JAVA JDK或Tigase所需的环境变量
“RUN”指令声明容器环境执行的命令
“EXPOSE ”指令声明容器使用的端口
“WORKDIR”指令声明切换容器内部的某个目录
“CMD”指令声明启动容器执行的启动服务命令
所以我们需要根据定义的文件准备需要复制的文件,
cd ~ cp curl-7.65.3.tar.gz imageProject-clamav-0.102.3/ cp clamav-0.102.3.tar.gz ~/imageProject-clamav-0.102.3/
然后,我们需要预先准备clamav的数据库更新工具配置,
vim ~/imageProject-clamav-0.102.3/freshclam.conf
加入如下配置,
# Example DatabaseDirectory /var/lib/clamav UpdateLogFile /var/log/clamav/freshclam.log LogSyslog yes DatabaseOwner clamav DatabaseMirror database.clamav.net
然后,我们需要预先准备clamav的配置文件,
vim ~/imageProject-clamav-0.102.3/clamd.conf
加入如下配置,
# Example LogFile /var/log/clamav/clamd.log LogFileMaxSize 0 LogTime yes LogSyslog yes PidFile /var/run/clamav/clamd.pid TemporaryDirectory /var/tmp DatabaseDirectory /var/lib/clamav LocalSocket /var/run/clamav/clamd.sock FixStaleSocket yes TCPSocket 3310 TCPAddr 0.0.0.0 MaxConnectionQueueLength 30 MaxThreads 50 ReadTimeout 300 User clamav ScanPE yes ScanELF yes ScanOLE2 yes ScanMail yes ScanArchive yes ArchiveBlockEncrypted no
确认所需的文件存在,
ls ~/imageProject-clamav-0.102.3
可见如下显示,
clamav-0.102.3.tar.gz clamd.conf curl-7.65.3.tar.gz Dockerfile freshclam.conf
2.2.3 执行打包操作
cd ~/imageProject-clamav-0.102.3 docker build -t clamav:0.102.3 .
以上“.”指当前目录为编译目录,编译程序会自动加载“Dockerfile”文件定义,可见如下显示,
Sending build context to Docker daemon 382.2MB Step 1/31 : FROM docker01.cmdschool.org:5000/centos:centos7.3.1611 ---> c5d48e81b986 [...] Successfully built 81175d1c3e79 Successfully tagged clamav:0.102.3
如果镜像集群公用,还需要执行以下命令,
docker tag clamav:0.102.3 docker01.cmdschool.org:5000/clamav:0.102.3 docker push docker01.cmdschool.org:5000/clamav:0.102.3 docker image rm clamav:0.102.3
完成后,可使用如下命令查看镜像,
docker images
可见如下显示,
REPOSITORY TAG IMAGE ID CREATED SIZE docker01.cmdschool.org:5000/clamav 0.102.3 0f81aac745b6 25 minutes ago 1.24GB
2.2.4 测试软件运行
docker run -d --name clamav -p 3310:3310 docker01.cmdschool.org:5000/clamav:0.102.3
以上运行容器环境后,我们使用以下命令登录容器虚拟机,
docker exec -it `docker container ls | grep 'clamav' | cut -d" " -f1 ` /bin/bash
可使用如下命令查看软件倾听的端口,
netstat -antp
可见如下显示,
Active Internet connections (servers and established) Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name tcp 0 0 0.0.0.0:3310 0.0.0.0:* LISTEN -
测试完成后可使用如下命令退出容器虚拟机,
exit
另外,你可以使用如下命令查询当前运行的container,
docker ps -a
可见如下显示,
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES 62b7a201dc4d docker01.cmdschool.org:5000/clamav:0.102.3 "/bin/bash ./start.sh" 5 minutes ago Up 5 minutes 0.0.0.0:3310->3310/tcp clamav [...]
然后可以使用如下命令停止并删除,
docker container stop 62b7a201dc4d docker container rm 62b7a201dc4d
参阅文档
====================
没有评论