Home » Centos/RHEL » Installation & Configuration Linux Malware Detect

Installation & Configuration Linux Malware Detect

Linux Malware Detect (LMD) is a free open source malware/Trojans scanner for Linux based system such as Centos, RHEL, Ubuntu as well as it’s very effective for WHM/cPanel server to detect back doors files, php c99, c97 shell scripts and other suspicious/malicious codes which generally uploaded by hackers on vulnerable websites.

Installation & Configuration

root@linuxpcfix [~]#cd /usr/local/src
root@linuxpcfix [~]#wget http://www.rfxn.com/downloads/maldetect-current.tar.gz
wget http://www.rfxn.com/downloads/maldetect-current.tar.gz
–2014-10-14 20:34:45– http://www.rfxn.com/downloads/maldetect-current.tar.gz
Resolving www.rfxn.com… 129.121.132.46
Connecting to www.rfxn.com|129.121.132.46|:80… connected.
HTTP request sent, awaiting response… 200 OK
Length: 879295 (859K) [application/x-gzip]
Saving to: “maldetect-current.tar.gz”

100%[============================================================================================>] 879,295 373K/s in 2.3s

2014-10-14 20:34:49 (373 KB/s) – “maldetect-current.tar.gz” saved [879295/879295]
root@linuxpcfix [~]# tar xfz maldetect-current.tar.gz
tar xvf maldetect-current.tar.gz
maldetect-1.4.2/
maldetect-1.4.2/CHANGELOG
maldetect-1.4.2/cron.daily
maldetect-1.4.2/README
maldetect-1.4.2/files/
maldetect-1.4.2/files/ignore_file_ext
maldetect-1.4.2/files/sigs/
maldetect-1.4.2/files/sigs/rfxn.ndb
maldetect-1.4.2/files/sigs/md5.dat
maldetect-1.4.2/files/sigs/hex.dat
maldetect-1.4.2/files/sigs/maldet.sigs.ver
maldetect-1.4.2/files/sigs/rfxn.hdb
maldetect-1.4.2/files/tmp/
root@linuxpcfix [~]# cd maldetect-*
root@linuxpcfix [~]# ./install.sh
Linux Malware Detect v1.4.2
(C) 2002-2013, R-fx Networks (C) 2013, Ryan MacDonald
inotifywait (C) 2007, Rohan McGovern
This program may be freely redistributed under the terms of the GNU GPL

installation completed to /usr/local/maldetect
config file: /usr/local/maldetect/conf.maldet
exec file: /usr/local/maldetect/maldet
exec link: /usr/local/sbin/maldet
exec link: /usr/local/sbin/lmd
cron.daily: /etc/cron.daily/maldet

maldet(2821): {sigup} performing signature update check…
maldet(2821): {sigup} local signature set is version 201205035915
maldet(2821): {sigup} new signature set (2014100624041) available
maldet(2821): {sigup} downloaded http://cdn.rfxn.com/downloads/md5.dat
maldet(2821): {sigup} downloaded http://cdn.rfxn.com/downloads/hex.dat
maldet(2821): {sigup} downloaded http://cdn.rfxn.com/downloads/rfxn.ndb
maldet(2821): {sigup} downloaded http://cdn.rfxn.com/downloads/rfxn.hdb
maldet(2821): {sigup} downloaded http://cdn.rfxn.com/downloads/maldet-clean.tgz
maldet(2821): {sigup} signature set update completed
maldet(2821): {sigup} 11792 signatures (9899 MD5 / 1893 HEX)

Now configure the malware detect

root@linuxpcfix [~]#vi /usr/local/maldetect/conf.maldet
email_alert=0
email_addr=you@domain.com
quar_hits=0

Usage & Manual Scans
If you want to scan complete home directory then perform the following command.

root@linuxpcfix [~]#maldet –scan-all /home?/?/public_html

If you wanted to scan complete home directory but contents that have been created/modified in the last 5 days then run:

root@linuxpcfix [~]#maldet –scan-recent /home?/?/public_html 5

If you would like to perform quarantine on previous scan results then execute the following the command.

root@linuxpcfix [~]#maldet –quarantine SCANID

If you want to clean all malware results then do as below.

root@linuxpcfix [~]#maldet –clean SCANID

To restore the file which was quarantined from a false positive you can use the following:

root@linuxpcfix [~]#maldet –restore config.php.2384
root@linuxpcfix [~]#maldet –restore /usr/local/maldetect/quarantine/config.php.2384

About

I am founder and webmaster of www.linuxpcfix.com and working as a Sr. Linux Administrator (Expertise on Linux/Unix & Cloud Server) and have been in the industry from last 7 years.

Leave a Reply

Your email address will not be published. Required fields are marked *

*
*

Time limit is exhausted. Please reload the CAPTCHA.

Categorized Tag Cloud