• Home
  • Ubuntu 18.04
    • Whats New?
    • Upgrade Ubuntu
    • Install Java
    • Install Node.js
    • Install Docker
    • Install Git
    • Install LAMP Stack
  • Tutorials
    • AWS
    • Shell Scripting
    • Docker
    • Git
    • MongoDB
  • Funny Tools
  • FeedBack
  • Submit Article
  • About Us
TecAdmin
Menu
  • Home
  • Ubuntu 18.04
    • Whats New?
    • Upgrade Ubuntu
    • Install Java
    • Install Node.js
    • Install Docker
    • Install Git
    • Install LAMP Stack
  • Tutorials
    • AWS
    • Shell Scripting
    • Docker
    • Git
    • MongoDB
  • Funny Tools
  • FeedBack
  • Submit Article
  • About Us

Installing Linux Malware Detect (LMD) on CentOS, RHEL

Written by Rahul, Updated on May 28, 2014

Malware is known as malicious software. It can be any script, app or anything which is harmful for our system and data in any kinds.

Linux Malware detect (LMD) is a malware scanner for linux released under the gnu GPLv2 license, that is intended around the threats faced in hosted environments. It uses threat data from network edge intrusion detection systems to extract malware that’s actively getting used in attacks and generates signatures for detection.

The threat landscape in shared hosted environments is unique from that of the standard AV products detection suite in that they are detecting primarily OS level trojans, rootkits and traditional file-infecting viruses but missing the ever increasing variety of malware on the user account level which serves as an attack platform.

Step 1: Download and Install LMD

First login to your server using SSH clients (Eg: Putty) and download the latest LMD source code using following commands.

# cd /opt
# wget http://www.rfxn.com/downloads/maldetect-current.tar.gz

Now extract the downloaded archive in current directory

# tar xfz maldetect-current.tar.gz

After extracting the archive, execute install.sh script provided in source, which will install LMD in your system.

# cd maldetect-1.4.2
# sh install.sh

Step 2: Configure LMD

LMD creates an configuration file /usr/local/maldetect/conf.maldet, where we can define the working of LMD and what action to take.

# vim /usr/local/maldetect/conf.maldet
# [ EMAIL ALERTS ]
##
# The default email alert toggle
# [0 = disabled, 1 = enabled]
email_alert=1

# The subject line for email alerts
email_subj="MLD Scan Report from $(hostname)"

# The destination addresses for email alerts
# [ values are comma (,) spaced ]
email_addr="[email protected]"

# Ignore e-mail alerts for reports in which all hits have been cleaned.
# This is ideal on very busy servers where cleaned hits can drown out
# other more actionable reports.
email_ignore_clean=0

##
# [ QUARANTINE OPTIONS ]
##
# The default quarantine action for malware hits
# [0 = alert only, 1 = move to quarantine & alert]
quar_hits=1

# Try to clean string based malware injections
# [NOTE: quar_hits=1 required]
# [0 = disabled, 1 = clean]
quar_clean=1

# The default suspend action for users wih hits
# Cpanel suspend or set shell /bin/false on non-Cpanel
# [NOTE: quar_hits=1 required]
# [0 = disabled, 1 = suspend account]
quar_susp=0

# minimum userid that can be suspended
quar_susp_minuid=500

Step 3: Start Scanning Manually

At this stage you have successfully installed and configured LMD on your system. Lets run your first scan manually by executing following command.

# maldet --scan-all /var/www/html

The above command will scan all the files and directories under /var/www/html. It may take a long time to complete depending on your number of files. After completion of above command it will show you a command to see report like below

# maldet --report 060214-1946.24560
malware detect scan report for svr1.tecadmin.net:
SCAN ID: 060214-1946.24560
TIME: May  28 19:46:12 +0530
PATH: /var/www/html/
TOTAL FILES: 4441
TOTAL HITS: 0
TOTAL CLEANED: 0

===============================================
Linux Malware Detect v1.4.2 < [email protected] >

In my case the TOTAL HITS is 0, So LMD doesn’t detect any malware on system. But If it detects any malware on your system, Use one of following command to quarantine malwares

# maldet --quarantine SCANID
OR
# maldet --clean SCANID

SCANID can be found in report generated above.

Step 4: Setup Regular Scanning

During installation of LMD it already creates and crontab file to be execute on daily basis

# vi /etc/cron.daily/maldet

But if your system has large number of files and directories change scanning to weekly basis rather than daily.

References:
https://www.rfxn.com/projects/linux-malware-detect/

Share it!
Share on Facebook
Share on Twitter
Share on LinkedIn
Share on Reddit
Share on Tumblr
Share on Whatsapp
Rahul
Rahul
Connect on Facebook Connect on Twitter

I, Rahul Kumar am the founder and chief editor of TecAdmin.net. I am a Red Hat Certified Engineer (RHCE) and working as an IT professional since 2009..

6 Comments

  1. Avatar Tim Rowley Reply
    April 21, 2015 at 3:42 am

    I ran # yum install wget and was told it was already present. I ran maldet –scan-all once again but got the same message, “could not find required binary wget, aborting.”

    I had a search around and found # yum install which which worked.

  2. Avatar Tim Rowley Reply
    April 20, 2015 at 11:58 pm

    I installed but on the scan command returns “could not find required binary wget, aborting.”.
    What do I do now ?

    • Rahul Rahul Reply
      April 21, 2015 at 3:00 am

      Hi Tim,

      Install wget package on your system.

      # yum install wget
      
      • Avatar Tim Rowley Reply
        April 21, 2015 at 3:04 am

        Will do, thanks Rahul.

        • Avatar Tim Rowley Reply
          April 21, 2015 at 4:44 am

          I installed only to find that it was already there. I searched around and found ” # yum install which ” , which worked.
          It found nothing in “/home” so I scanned ” / ” and it ended up cleaning a bit of itself , so I probably need to re-install it now !!

  3. Avatar Young man Reply
    October 22, 2014 at 5:54 am

    When i type my email address inside the “” how do i save it also email_alert=1 how do i save it?
    hope to help

Leave a Reply Cancel reply

Popular Posts

  • How To Install Python 3.9 on Ubuntu 20.04 5
  • How to Install Python 3.9 on CentOS/RHEL 7 & Fedora 32/31 0
  • How To Install VNC Server on Ubuntu 20.04 1
  • How To Install NVM on macOS with Homebrew 0
  • (Solved) apt-add-repository command not found – Ubuntu & Debian 0
© 2013-2020 Tecadmin.net. All Rights Reserved | Terms  | Privacy Policy