Search The Hostwinds Guides Knowledge Base

How To Install Maldet on Ubuntu

Share This Article [TheChamp-Sharing]

Maldet is a Linux malware detection scanner. Maldet is a useful tool for those that run a hosted environment like WHM/cPanel installations. As stated by the Maldet creators, it uses threat data from network edge IDS that are actively used in attacks to generate  an effective signature detection of php backdoors and darkmailers. The following steps will walk you through the process of installing maldet on your Linux machine.

 

Installing Maldet

  1. Change your working directory to /opt
cd /opt/

 

  1. Grab the file containing maldet from the official website.
wget http://www.rfxn.com/downloads/maldetect-current.tar.gz

 

  1. Uncompress the contents of the tar file.
tar xfz maldetect-current.tar.gz

 

  1. With the contents of the tar file in the /opt you should now have a directory called maldetect followed by the version number. You can verify this by running ls command. 
ls

The output should be similar to the image below.

  1. Now change from your current to the maldetect directory.
cd maldetect-*

 

  1. Run the installation script
./install.sh

 

  1. Once the installation script has finished you can then modify the configuration file using your preferred text editor. Use the following link for more info on how to edit files in the Linux shell here.
/usr/local/maldetect/conf.maldet

 

Recommended configurable options:

#Enable email alerts
email_alert=1

#Enter the destination address for email alerts
email_addr=”user@yourdomain.tld”

#Quarantine any detected malware and send an alert
quarantine_hits=1

#Clean the detected malware injections
quarantine_clean=1

#The default suspend action for infected users. Change to 1 if you wish to suspend the user
quarantine_suspend_user=0

 

 

Scanning Directories For Malware

  1. Scan a particular path.
maldet -a /home/username

 

  1. Scan all user directories in /home
maldet --scan-all /home

 

Reporting

  1. List all scan reports
maldet --report list

 

  1. Display the details for a specific report. Note, modify the SCAN-ID with the one you intend to use.
maldet --report SCAN-ID