Hostwinds Tutorials

Search results for:


Table of Contents


Installing Maldet
Enable email alerts
Enter the destination address for email alerts
Quarantine any detected malware and send an alert
Clean the detected malware injections
The default suspend action for infected users. Change to 1 if you wish to suspend the user
Scanning Directories For Malware
Reporting

How To Install Maldet on Ubuntu

Tags: Ubuntu 

Installing Maldet
Enable email alerts
Enter the destination address for email alerts
Quarantine any detected malware and send an alert
Clean the detected malware injections
The default suspend action for infected users. Change to 1 if you wish to suspend the user
Scanning Directories For Malware
Reporting

Maldet is a Linux malware detection scanner. Maldet is a useful tool for those that run a hosted environment like WHM/cPanel installations. The Maldet creators use threat data from network edge IDS that are actively used in attacks to generate an effective signature detection of PHP backdoors and darkmailers. The following steps will walk you through the process of installing maldet on your Linux machine.

Installing Maldet

  1. Change your working directory to /opt
cd /opt/
  1. Grab the file containing maldet from the official website.
wget http://www.rfxn.com/downloads/maldetect-current.tar.gz
  1. Uncompress the contents of the tar file.
tar xfz maldetect-current.tar.gz
  1. With the tar file contents in the /opt, you should now have a directory called maldetect followed by the version number. You can verify this by running the ls command.

ls

The output should be similar to the image below.

  1. Now change from your current to the maldetect directory.
cd may detect-*
  1. Run the installation script
./install.sh
  1. Once the installation script has finished, you can modify the configuration file using your preferred text editor. Use the following link for more info on how to edit files in the Linux shell here.
/usr/local/maldetect/conf.maldet

Recommended configurable options:

```plaintext

Enable email alerts

email_alert=1

Enter the destination address for email alerts

email_addr="user@yourdomain.tld"

Quarantine any detected malware and send an alert

quarantine_hits=1

Clean the detected malware injections

quarantine_clean=1

The default suspend action for infected users. Change to 1 if you wish to suspend the user

quarantinesuspenduser=0
```

Scanning Directories For Malware

  1. Scan a particular path.
maldet -a /home/username
  1. Scan all user directories in /home
maldet --scan-all /home

Reporting

  1. List all scan reports
maldet --report list
  1. Display the details for a specific report. Note, modify the SCAN-ID with the one you intend to use.
maldet --report SCAN-ID

Written by Hostwinds Team  /  May 29, 2018