How to install a Linux malware detection program

Malware is known as malware, it can be any script, application or anything harmful to our system and data.

Linux Malware detect (LMD) is a malware scanner for Linux, released under the GNU GPLV2 license and designed to address threats faced in hosted environments . It uses threat data from network edge intrusion detection systems to extract malware actively used in attacks and generate signatures for detection.

Threats in shared hosting environments are unique from standard AV product detection suites in that they focus on detecting operating system-level Trojans, rootkits, and traditional virus-infected files, but ignore ongoing threats at the user account level. Increased variety of malware as an attack platform.

Step 1: Download and install LMD

First log in to the server using an ssh client (e.g. putty), then use the following command to download the latest lmd source code.

#cd / opt 
#wget http://www.rfxn.com/downloads/maldetect-current.tar.gz

Now extract the downloaded archive in the current directory

Now extract the downloaded archive file in the current directory

#tar xfz maldetect-current.tar.gz

After decompressing the archive file, execute the install provided in the source .sh script that will install LMD in your system.

#cd maldetect-1.4.2 
#sh install.sh

Step 2: Configure LMD

LMD creates a configuration file /usr/local/maldetect/conf.maldet, where we can define the work and requirements of LMD Action taken.

#vim /usr/local/maldetect/conf.maldet

# [ EMAIL ALERTS ]
##
# The default email alert toggle
# [0 = disabled, 1 = enabled]
email_alert=1

# The subject line for email alerts
email_subj="MLD Scan Report from $(hostname)"

# The destination addresses for email alerts
# [ values are comma (,) spaced ]
email_addr="webmaster@mydomain.com"

# Ignore e-mail alerts for reports in which all hits have been cleaned.
# This is ideal on very busy servers where cleaned hits can drown out
# other more actionable reports.
email_ignore_clean=0

##
# [ QUARANTINE OPTIONS ]
##
# The default quarantine action for malware hits
# [0 = alert only, 1 = move to quarantine & alert]
quar_hits=1

# Try to clean string based malware injections
# [NOTE: quar_hits=1 required]
# [0 = disabled, 1 = clean]
quar_clean=1

# The default suspend action for users wih hits
# Cpanel suspend or set shell /bin/false on non-Cpanel
# [NOTE: quar_hits=1 required]
# [0 = disabled, 1 = suspend account]
quar_susp=0

# minimum userid that can be suspended
quar_susp_minuid=500

Step 3: Start scanning manually

At this stage, LMD has been successfully installed and configured on the system. Let us run the first scan manually by executing the following command.

#maldet --scan-all / var / www / html

The above command will scan all files and directories under /var/www/html. Depending on the number of files, it may take a long time to complete. After completing the above command, it will display a command to view the report as shown below

#maldet --report 060214-1946.24560

malware detect scan report for svr1.tecadmin.net:
SCAN ID: 060214-1946.24560
TIME: May  28 19:46:12 +0530
PATH: /var/www/html/
TOTAL FILES: 4441
TOTAL HITS: 0
TOTAL CLEANED: 0

===============================================
Linux Malware Detect v1.4.2 < proj@rfxn.com >

In this example, TOTAL HITS is 0, so LMD will not detect any malware on the system. But if it detects any malware on the system, the malware can be quarantined using one of the following commands

# maldet --quarantine SCANID
OR
# maldet --clean SCANID

The SCANID can be found in the report generated above.

Step 4: Set up periodic scans

During the installation of LMD, it has created crontab files that are executed daily.

#vi /etc/cron.daily/maldet

However, if your system has a large number of files and directories, you can change the scan to weekly instead of daily.

This article has ended here. For more other exciting content, you can pay attention to the Linux Video Tutorial column on the PHP Chinese website!

The above is the detailed content of How to install a Linux malware detection program. For more information, please follow other related articles on the PHP Chinese website!