Maldet is a Linux malware detection scanner. Maldet is a useful tool for those that run a hosted environment like WHM/cPanel installations. As stated by the Maldet creators, it uses threat data from network edge IDS that are actively used in attacks to generate an effective signature detection of php backdoors and darkmailers. The following steps will walk you through the process of installing maldet on your Linux machine.
- Change your working directory to /opt
- Grab the file containing maldet from the official website.
- Uncompress the contents of the tar file.
tar xfz maldetect-current.tar.gz
- With the contents of the tar file in the /opt you should now have a directory called maldetect followed by the version number. You can verify this by running ls command.
The output should be similar to the image below.
- Now change from your current to the maldetect directory.
- Run the installation script
- Once the installation script has finished you can then modify the configuration file using your preferred text editor. Use the following link for more info on how to edit files in the Linux shell here.
Recommended configurable options:
#Enable email alerts email_alert=1 #Enter the destination address for email alerts email_addr=”email@example.com” #Quarantine any detected malware and send an alert quarantine_hits=1 #Clean the detected malware injections quarantine_clean=1 #The default suspend action for infected users. Change to 1 if you wish to suspend the user quarantine_suspend_user=0
Scanning Directories For Malware
- Scan a particular path.
maldet -a /home/username
- Scan all user directories in /home
maldet --scan-all /home
- List all scan reports
maldet --report list
- Display the details for a specific report. Note, modify the SCAN-ID with the one you intend to use.
maldet --report SCAN-ID