Maldet (Malware Detect) op Linux

LMD : Linux Malware Detect is Malware scanner for server. Here I’m explaining how to install & Use this feature under a linux based server.

1. How can I install Maldet on server ?

Installation steps are very simple and easy to do. Follow the steps below to install maldet on your server.

Step I: SSH to your server
Step II: Download the tar file and install it.

# wget http://www.rfxn.com/downloads/maldetect-current.tar.gz
# tar -xzvf maldetect-current.tar.gz
# cd maldetect-*
# sh install.sh

That’s it. Installation completed.

2. configuration file ?

The configuration file for Maldet is located under /usr/local/maldetect/conf.maldet . Other important files are:

# exec file: /usr/local/maldetect/maldet
# exec link: /usr/local/sbin/maldet
# exec link: /usr/local/sbin/lmd
# cron.daily: /etc/cron.daily/maldet

3. How to USE maldet ?

3.1 Scan

# maldet -a /path/to/scan OR maldet --scan-all /path/to/scan

Example

Selection_116

3.2 View the scan report

# maldet -e SCAN ID
# maldet --report SCAN ID

Example

Selection_117

3.3 Quarantine all malware results from a previous scan

# maldet -q SCAN ID
# maldet –quarantine SCANID

3.4 Clean on all malware results from a previous scan

# maldet -n SCAN ID
# maldet --clean SCAN ID

3.5 Restore a file that you have already quarantined

# maldet -s FILENAME
# maldet --restore FILENAME

Sometime it is not possible to restore by using the file name only. In such condition use the full path where the quarantined files stored, ie /usr/local/maldetect/quarantine

# maldet --restore /usr/local/maldetect/quarantine/FILENAME

4. How to setup Email Alert

Open the configuration file (/usr/local/maldetect/conf.maldet) using your favorite editor (vi, vim, nano etc…) and follow the setting below:

----------------Email Alert----------------
#[0 = disabled, 1 = enabled]
 email_alert=0

#The subject line for email alerts
 email_subj="maldet alert from $(hostname)"

# The destination addresses for email alerts
 # [ values are comma (,) spaced ]
 email_addr="you@domain.com"
--------------------------------------------

About hagroot