The Maldet is a commonly using malware detector for Linux based server. The installation and usage of maldet is quite simple. Here i am going to discuss about the Maldet installation step on linux server.
Change the present working directory to /usr/local/src using the command below.
cd /usr/local/src
Run the below command to download the archive file to the present working directory:
wget http://www.rfxn.com/downloads/maldetect-current.tar.gz
Extract the files using the command:
tar -xzf maldetect-current.tar.gz
Go to the Maldet directory using the command:
cd maldetect-*
Run the installation script:
sh ./install.sh
How to setup Email Alert
Open the configuration file (/usr/local/maldetect/conf.maldet) using your favorite editor (vi, vim, nano etc…) and follow the setting below:
#[0 = disabled, 1 = enabled] email_alert=0 #The subject line for email alerts email_subj="maldet alert from $(hostname)" # The destination addresses for email alerts # [ values are comma (,) spaced ] email_addr="[email protected]"
To configure LMD
You can configure them as per your requirement. Various options are listed below:
email_alert: Set it to 1 to receive email alerts.
email_subj: Specify your email subject.
email_addr: Add your email address to receive malware alerts.
quar_hits: This is the default quarantine action for malware hits and should be set to 1.
quar_clean: This is the cleaning action for detected malware injections and should be set to 1.
quar_susp: This is the default suspend action for users with hits. Set it as per your requirement.
quar_susp_minuid: Minimum userid that can be suspended.
You can update Maldet, using the command:
-u Update malware detection signatures from rfxn.com
-d Update the installed version from rfxn.com
maldet -u or maldet -d
How To Scan Server using Maldet
To scan the files of a particular user, use the command:
maldet -a /home/username/
To scan all users under /home/public_html, use the command:
maldet –scan-all /home?/?/public_html
