Facebook Twitter Instagram
    TecAdmin
    • Home
    • FeedBack
    • Submit Article
    • About Us
    Facebook Twitter Instagram
    TecAdmin
    You are at:Home»Security»Installing Linux Malware Detect (LMD) on CentOS, RHEL

    Installing Linux Malware Detect (LMD) on CentOS, RHEL

    By RahulMay 28, 20143 Mins Read

    Malware is known as malicious software. It can be any script, app or anything which is harmful for our system and data in any kinds.

    Advertisement

    Linux Malware detect (LMD) is a malware scanner for linux released under the gnu GPLv2 license, that is intended around the threats faced in hosted environments. It uses threat data from network edge intrusion detection systems to extract malware that’s actively getting used in attacks and generates signatures for detection.

    The threat landscape in shared hosted environments is unique from that of the standard AV products detection suite in that they are detecting primarily OS level trojans, rootkits and traditional file-infecting viruses but missing the ever increasing variety of malware on the user account level which serves as an attack platform.

    Step 1: Download and Install LMD

    First login to your server using SSH clients (Eg: Putty) and download the latest LMD source code using following commands.

    # cd /opt
    # wget http://www.rfxn.com/downloads/maldetect-current.tar.gz
    

    Now extract the downloaded archive in current directory

    # tar xfz maldetect-current.tar.gz
    

    After extracting the archive, execute install.sh script provided in source, which will install LMD in your system.

    # cd maldetect-1.4.2
    # sh install.sh
    

    Step 2: Configure LMD

    LMD creates an configuration file /usr/local/maldetect/conf.maldet, where we can define the working of LMD and what action to take.

    # vim /usr/local/maldetect/conf.maldet
    
    # [ EMAIL ALERTS ]
    ##
    # The default email alert toggle
    # [0 = disabled, 1 = enabled]
    email_alert=1
    
    # The subject line for email alerts
    email_subj="MLD Scan Report from $(hostname)"
    
    # The destination addresses for email alerts
    # [ values are comma (,) spaced ]
    email_addr="[email protected]"
    
    # Ignore e-mail alerts for reports in which all hits have been cleaned.
    # This is ideal on very busy servers where cleaned hits can drown out
    # other more actionable reports.
    email_ignore_clean=0
    
    ##
    # [ QUARANTINE OPTIONS ]
    ##
    # The default quarantine action for malware hits
    # [0 = alert only, 1 = move to quarantine & alert]
    quar_hits=1
    
    # Try to clean string based malware injections
    # [NOTE: quar_hits=1 required]
    # [0 = disabled, 1 = clean]
    quar_clean=1
    
    # The default suspend action for users wih hits
    # Cpanel suspend or set shell /bin/false on non-Cpanel
    # [NOTE: quar_hits=1 required]
    # [0 = disabled, 1 = suspend account]
    quar_susp=0
    
    # minimum userid that can be suspended
    quar_susp_minuid=500
    
    

    Step 3: Start Scanning Manually

    At this stage you have successfully installed and configured LMD on your system. Lets run your first scan manually by executing following command.

    # maldet --scan-all /var/www/html
    

    The above command will scan all the files and directories under /var/www/html. It may take a long time to complete depending on your number of files. After completion of above command it will show you a command to see report like below

    # maldet --report 060214-1946.24560
    
    malware detect scan report for svr1.tecadmin.net:
    SCAN ID: 060214-1946.24560
    TIME: May  28 19:46:12 +0530
    PATH: /var/www/html/
    TOTAL FILES: 4441
    TOTAL HITS: 0
    TOTAL CLEANED: 0
    
    ===============================================
    Linux Malware Detect v1.4.2 < [email protected] >
    

    In my case the TOTAL HITS is 0, So LMD doesn’t detect any malware on system. But If it detects any malware on your system, Use one of following command to quarantine malwares

    # maldet --quarantine SCANID
    OR
    # maldet --clean SCANID
    

    SCANID can be found in report generated above.

    Step 4: Setup Regular Scanning

    During installation of LMD it already creates and crontab file to be execute on daily basis

    # vi /etc/cron.daily/maldet
    

    But if your system has large number of files and directories change scanning to weekly basis rather than daily.

    References:
    https://www.rfxn.com/projects/linux-malware-detect/

    LMD Malware
    Share. Facebook Twitter Pinterest LinkedIn Tumblr Email WhatsApp

    Related Posts

    How to Open Port in Linux

    How to Install and Configure Fail2ban on Debian 11

    Securing SSH Server in Linux

    How To Secure SSH Server

    View 6 Comments

    6 Comments

    1. Tim Rowley on April 21, 2015 3:42 am

      I ran # yum install wget and was told it was already present. I ran maldet –scan-all once again but got the same message, “could not find required binary wget, aborting.”

      I had a search around and found # yum install which which worked.

      Reply
    2. Tim Rowley on April 20, 2015 11:58 pm

      I installed but on the scan command returns “could not find required binary wget, aborting.”.
      What do I do now ?

      Reply
      • Rahul on April 21, 2015 3:00 am

        Hi Tim,

        Install wget package on your system.

        # yum install wget
        
        Reply
        • Tim Rowley on April 21, 2015 3:04 am

          Will do, thanks Rahul.

          Reply
          • Tim Rowley on April 21, 2015 4:44 am

            I installed only to find that it was already there. I searched around and found ” # yum install which ” , which worked.
            It found nothing in “/home” so I scanned ” / ” and it ended up cleaning a bit of itself , so I probably need to re-install it now !!

            Reply
    3. Young man on October 22, 2014 5:54 am

      When i type my email address inside the “” how do i save it also email_alert=1 how do i save it?
      hope to help

      Reply

    Leave A Reply Cancel Reply

    Advertisement
    Recent Posts
    • Error: EACCES: permission denied, scandir (Resolved)
    • How To Install Python 3.11 on Ubuntu 22.04 / 20.04
    • How to Install Python 3.11 on Amazon Linux 2
    • An Introduction to the “./configure” Command: Compiling Source Code in Linux
    • How to Install PHP 8.x on Pop!_OS
    Facebook Twitter Instagram Pinterest
    © 2023 Tecadmin.net. All Rights Reserved | Terms  | Privacy Policy

    Type above and press Enter to search. Press Esc to cancel.