Community Articles

Note: Cloudera does not support Antivirus software of any kind.

This article contains recommendations for excluding CDP components and directories from AV scans and monitoring. It is important to note that these recommendations do not apply to each service, and further, some services will have additional items to exclude that are unique to them. These details will be addressed in individual articles dedicated to the service in question.

The three primary locations you will want to exclude from Antivirus are:

• Data directories: These can be very large, and therefore, take a long time to scan; they can also be very write-heavy, and therefore suffer performance impacts or failures if the AV holds up writes.
• Log directories: These are write-heavy.
• Scratch directories: These are internal locations used by some services for writing temporary data, and can also cause performance impacts or failures if the AV holds up writes.

In general, consider excluding the following directories and all of their subdirectories:

Installation, Configuration, and Libraries

/opt/cloudera
/etc/<component>
/var/lib/<component>

Runtime and Logging

/var/run/<component>
/var/log/<component>

Scratch and Temp

/var/tmp/<component>
/tmp/<component>

Note: The <component> does not only refer to the service name, as a given service may have multiple daemons with their own directories.

Example: cloudera-scm-agent and cloudera-scm-server

Across CDP services, there are also many user-configurable locations. Most of these can be found in Cloudera Manager properties with names like "service.scratch.dir" and "service.data.dir"; go to Cloudera Manager > Service > Configuration and search for any property containing "dir", all of which may be considered for exclusion. Instructions for specific services follow:

Cloudera Manager:

Note: Cloudera Manager has a special requirement in the form of a user-configurable database. I recommend you to exclude this database. However, the details of this database are set on installation; the database may be co-located with cloudera-scm-server, or on a remote host. Consult with your database administrators for details on the path where the database information is stored.

Installation, Configuration, and Libraries

/opt/cloudera/cm
/opt/cloudera/cm-agent
/etc/cloudera-scm-agent
/etc/cloudera-scm-server

/var/lib/cloudera-host-monitor
/var/lib/cloudera-scm-agent
/var/lib/cloudera-scm-eventserver
/var/lib/cloudera-scm-server
/var/lib/cloudera-scm-server-db
/var/lib/cloudera-service-monitor

Runtime and Logging

/var/run/cloudera-scm-agent
/var/run/cloudera-scm-server
/var/run/cloudera-scm-server-db

/var/log/cloudera-scm-agent
/var/log/cloudera-scm-alertpublisher
/var/log/cloudera-scm-eventserver
/var/log/cloudera-scm-firehose
/var/log/cloudera-scm-server

HDFS:

# grep -A1 "dir" /etc/hadoop/conf/hdfs-site.xml

Consider excluding the following directories and all of their subdirectories:

Installation, Configuration, and Libraries

/opt/cloudera

/var/lib/hadoop-hdfs

Runtime and Logging

/var/log/hadoop-hdfs

Scratch and Temp

/tmp/hadoop-hdfs

Note: HDFS, YARN, MapReduce, and ZooKeeper are mutually interdependent and you are likely to experience unsatisfactory results if you fail to exclude the other components.

YARN:

yarn.nodemanager.local-dirs
yarn.nodemanager.log-dirs
yarn.nodemanager.recovery.dir

yarn.timeline-service.leveldb-state-store.path
yarn.timeline-service.leveldb-timeline-store.path

Consider excluding the following directories and all of their subdirectories:

Installation, Configuration, and Libraries

/opt/cloudera

/var/lib/hadoop-yarn

Runtime and Logging