How to Install Maldet on Linux Server
When you want to scan your Linux server for malware or security threats. This article explains how to install and configure Maldet and run malware scans.
Linux Malware Detect (LMD) or Maldet is a malware scanner for Linux released under the GNU GPLv2 (free, open source) license, that is designed around the threats faced in hosting environments. It uses threat data from network edge intrusion detection systems to extract malware that is actively being used in attacks and generates signatures for detection. In addition, threat data is also derived from user submissions with the LMD checkout feature, threats found on the TCH network of over 30,000 hosted domains, and from malware community resources. The process below explains how to install CloudLinux on your server.
To install Maldet
-
Change the present working directory to /usr/local/src using the command below. You may choose any other directory where you want the installation script to be downloaded.
cd /usr/local/src
- Run the below command to download the archive file to the present working directory:
wget https://www.rfxn.com/downloads/maldetect-current.tar.gz
- Extract the files using the command:
tar -xzf maldetect-current.tar.gz
- Go to the Maldet directory using the command:
cd maldetect-*
- Run the installation script:
sh ./install.sh
Sample Output:
Linux Malware Detect v1.3.4 (C) 1999-2010, R-fx Networks (C) 2010, Ryan MacDonald inotifywait (C) 2007, Rohan McGovern
This program may be freely redistributed under the terms of the GNU GPL
installation completed to /usr/local/maldetect
config file: /usr/local/maldetect/conf.maldet
exec file: /usr/local/maldetect/maldet
exec link: /usr/local/sbin/maldet
cron.daily: /etc/cron.daily/maldet
maldet(32517): {sigup} performing signature update check…
maldet(32517): {sigup} local signature set is version 2010051510029
maldet(32517): {sigup} latest signature set already installed@mcgovern.id.au>@r-fx.org>@r-fx.org>
To configure LMD
email_alert: Set it to 1 to receive email alerts.
email_subj: Specify your email subject.
email_addr: Add your email address to receive malware alerts.
quar_hits: This is the default quarantine action for malware hits and should be set to 1.
quar_clean: This is the cleaning action for detected malware injections and should be set to 1.
quar_susp: This is the default suspend action for users with hits. Set it as per your requirement.
quar_susp_minuid: Minimum userid that can be suspended.
You can update Maldet using the command:
maldet -u or maldet -d
To scan using Maldet
To scan the files of a particular user, use the command:
maldet -a /home/username/
To scan all users under /home/public_html, use the command:
maldet –scan-all /home?/?/public_html
To attempt a clean on all malware results from a previous scan that did not have the feature enabled, use the command:
maldet –clean SCANID