Maldet

Linux Malware Detect (LMD) or Maldet is a malware scanner for Linux I used for checking threats while managing Linux servers.

In Ubuntu or CentOs, I like to use the following directory:


$ cd /usr/local/src

Here are the commands I use for a quick installation:


$ sudo apt update && sudo apt upgrade -y
$ sudo apt install wget -y
$ cd /tmp/ && wget http://www.rfxn.com/downloads/maldetect-current.tar.gz
$ tar xfz maldetect-current.tar.gz
$ cd maldetect-1.6.4
$ sudo && ./install.sh

then I verify the installation by checking the version running with this command:


$ maldet --version
$ Latest version: v1.6.4 | Mar 18 2019

Some of the settings I use:

$ sudo nano /usr/local/maldetect/conf.maldet

I leave most of the default configuration but these are the minimum changes I configure:

Enable Email Alerts

email_alert="1"

The destination Email Addresses where I want to send the scan reports

email_addr="my@email.com"

If installed, I use the ClamAV clamscan binary as default

scan_clamscan="1"

Enable scanning for root-owned files. Set 1 to disable.

scan_ignore_root="0"

Move hits to quarantine & alert

quarantine_hits="1"

Suspend user if malware is found.

quarantine_suspend_user="1"

Command to update the Maldet virus definition database

maldet -u

To check the latest version

maldet -d

You can google for detailed instructions on how to use it. I just want to share a few benefits I get by using Maldet in our servers.

  • MD5 file hash detection for quick threat identification
  • integrated detection of ClamAV to use as scanner engine
  • scan-all option for full path based scanning
  • quarantine queue that stores threats in a safe fashion with no permissions
  • quarantine suspend account option to Cpanel suspend or shell revoke users
  • cleaner rules to attempt removal of malware injected strings
  • daily cron based scanning of all changes in last 24h in user home directories
  • daily cron script compatible with stock RH style systems, Cpanel & Ensim
  • e-mail alert reporting after every scan execution (manual & daily)
  • verbose logging & output of all actions.

Some of my favorite commands

Targeting file extensions or entire directories

maldet -a /var/www/html/*.php

Checking reports

sudo maldet --report 210724-0528.4723
maldet -a /home/username/

To attempt a clean on all malware results from a previous scan that did not have the feature enabled, use the command:

maldet –clean SCANID

IN CONCLUSION

Maldet is one of the best choices to monitor your servers against malware and viruses.

SUPPORT

If you need me for a consultation or to manage your Linux server, contact me via admin@domiserver.com

0 Comments

Submit a Comment

Your email address will not be published. Required fields are marked *

AFILIATE A DOMISERVER


 
 
 

¿No sabes por donde empezar?