知識庫

How to install Malware Detection [Maldet] on CentOS 列印

  • Maldet Installation, Maldet on CentOS, Maldet on Linux, Install Security plugins, Linux Security
  • 2

Linux Malware Detect (LMD) is a malware scanner for Linux released under the GNU GPLv2 license, that is designed around the threats faced in shared hosted environments. It uses threat data from network edge intrusion detection systems to extract malware that is actively being used in attacks and generates signatures for detection.

In addition, threat data is also derived from user submissions with the LMD checkout feature and from malware community resources. The signatures that LMD uses are MD5 file hashes and HEX pattern matches, they are also easily exported to any number of detection tools such as ClamAV.

Note: This guide assumes you are familiar with SSH and basic command line navigation. These instructions apply primarily to customers who have Virtual Private Servers or Dedicated servers. 
If you do not have root-level access you will not be able to make these changes.

It is very simple process but make sure you have the right updation version will be your directory. 

1. Open your any of your ssh tool and login,

# cd /usr/local/src 
# wget http://www.rfxn.com/downloads/maldetect-current.tar.gz
# tar -zxvf maldetect-current.tar.gz
# cd maldetect-1.4.2
# ./install.sh

Your Output should be

installation completed to /usr/local/maldetect config file: /usr/local/maldetect/conf.maldet exec file: /usr/local/maldetect/maldet exec link: /usr/local/sbin/maldet exec link: /usr/local/sbin/lmd cron.daily: /etc/cron.daily/maldet maldet(3401): {sigup} performing signature update check... maldet(3401): {sigup} local signature set is version 2017070716978 maldet(3401): {sigup} new signature set (201708255569) available maldet(3401): {sigup} downloading https://cdn.rfxn.com/downloads/maldet-sigpack.tgz maldet(3401): {sigup} downloading https://cdn.rfxn.com/downloads/maldet-cleanv2.tgz maldet(3401): {sigup} verified md5sum of maldet-sigpack.tgz maldet(3401): {sigup} unpacked and installed maldet-sigpack.tgz maldet(3401): {sigup} verified md5sum of maldet-clean.tgz maldet(3401): {sigup} unpacked and installed maldet-clean.tgz maldet(3401): {sigup} signature set update completed maldet(3401): {sigup} 15218 signatures (12485 MD5 | 1954 HEX | 779 YARA | 0 USER) 

Now you need to open this file 

/usr/local/maldetect/conf.maldet

That's it, now just try to change the value that you want to change like on what email that should go, and than the quarantine value, eiher that should move or inform only. 

Remember, when you install, we recommend you to check the whole file. 

To run manually use this command

maldet -a /home.

Below are the another way to work around.
  • Log into server as root and run the following command
    • cd /usr/local/src/
  • Next download the installation file
  • Extract using the following command -
    • tar -xzf maldetect-current.tar.gz
  • Change the folder:
    • cd maldetect-*
  • Run the installer:
    • sh ./install.sh
  • To configure the script, run the following command:
    • nano /usr/local/maldetect/conf.maldet 

Here are some tips on using the script 

  • To scan a specific user:
    • maldet -a /home/username/
  • To scan all public_html folders
    • maldet –scan-all /home?/?/public_html

這篇文章有幫助嗎?

« 返回