MilesWeb
MilesWeb Hosting Forum

Please login or register.

Login with username, password and session length

 

News:

SMF - Just Installed!


Author Topic: How to install and confirgure Linux Malware Detect (LMD) ?  (Read 3708 times)

0 Members and 1 Guest are viewing this topic.

Offline Dipak Bhoi

  • MilesWeb Team Member
  • Full Member
  • ***
  • Posts: 208
  • Karma: +5/-0
    • View Profile
    • MilesWeb Internet Services
Hello guys,

Linux Malware Detect (LMD) is a malware scanner for Linux that is designed around the threats faced in shared hosted environments. Here Iím explaining how to install & Configure it.

How to install Maldet on server ?

Step I: SSH to your server with root user.
Step II: Download the tar file and install it.

Quote
# wget http://www.rfxn.com/downloads/maldetect-current.tar.gz
# tar -xzvf maldetect-current.tar.gz
# cd maldetect-*
# sh install.sh

Linux Malware Detect v1.3.4
            (C) 1999-2010, R-fx Networks <proj@r-fx.org>
            (C) 2010, Ryan MacDonald <ryan@r-fx.org>
inotifywait (C) 2007, Rohan McGovern <rohan@mcgovern.id.au>
This program may be freely redistributed under the terms of the GNU GPL

installation completed to /usr/local/maldetect
config file: /usr/local/maldetect/conf.maldet
exec file: /usr/local/maldetect/maldet
exec link: /usr/local/sbin/maldet
cron.daily: /etc/cron.daily/maldet

maldet(32517): {sigup} performing signature update check...
maldet(32517): {sigup} local signature set is version 2010051510029
maldet(32517): {sigup} latest signature set already installed

How to configure Maldet ?

Lets go ahead and open the configuration file located at /usr/local/maldetect/conf.maldet

Quote
root@server [~]# vi /usr/local/maldetect/conf.maldet

Check the following options.

email_alert
This is a top level toggle for the e-mail alert system, this must be turned on if you want to receive alerts.

email_addr
This is a comma spaced list of e-mail addresses that should receive alerts.

quar_hits
This tells LMD that it should move malware content into the quarantine path and strip it of all permissions. Files are fully restorable to original path, owner and permission using the --restore FILE option.

quar_clean
This tells LMD that it should try to clean malware that it has cleaner rules for, at the moment base64_decode and gzinflate file injection strings can be cleaned. Files that are cleaned are automatically restored to original path, owner and permission.

quar_susp
Using this option allows LMD to suspend a user account that malware is found residing under. On CPanel systems this will pass the user to /scripts/suspendacct and add a comment with the maldet report command to the report that caused the users suspension (e.g: maldet --report SCANID). On non-cpanel systems, the users shell will be set to /bin/false.

quar_susp_minuid
This is the minimum user id that will be evaluated for suspension, the default should be fine on most systems.

How to scan manually by maldet ?

Quote
# maldet -a /path/to/scan OR maldet --scan-all /path/to/scan

If you wanted to scan all user public_html paths under /home/* this can be done with:

Quote
maldet --scan-all /home?/?/public_html

Enjoy !!!

MilesWeb.com
cPanel Hosting in India - cPanel Hosting in India.

Grab an SSL for your website and SAVE 20% now. Coupon Code SSLSAVE20.

MilesWeb Hosting Forum