{"id":369,"date":"2013-10-22T13:45:17","date_gmt":"2013-10-22T13:45:17","guid":{"rendered":"http:\/\/blog.shineservers.com\/?p=369"},"modified":"2013-10-22T13:45:17","modified_gmt":"2013-10-22T13:45:17","slug":"install-linux-malware-detect-lmd-rhel-centos-fedora","status":"publish","type":"post","link":"https:\/\/www.shineservers.com\/2013\/10\/22\/install-linux-malware-detect-lmd-rhel-centos-fedora\/","title":{"rendered":"Install Linux Malware Detect (LMD) in RHEL, CentOS and Fedora"},"content":{"rendered":"<h3>What is Malware?<\/h3>\n<p><strong>Malware<\/strong>\u00a0is called malicious software, script or code which is created and used by hackers to retrieve information of private data or gain access to any private computer systems. Malware can be trojans, viruses, spyware, adware, rootkits or any other malicious programs which can be very harmful to any computer user.<\/p>\n<h3>What is Linux Malware Detect (LMD)?<\/h3>\n<p><strong>Linux Malware Detect (LMD)<\/strong>\u00a0is an open source and free malware scanner and detector for Unix\/Linux based operating systems, released under GNU GPLv2. It is designed to figure out threats faced by shared hosting environments. For more information and features visit at<a href=\"http:\/\/www.rfxn.com\/projects\/linux-malware-detect\/\" target=\"_blank\" data-hasqtip=\"true\" rel=\"noopener noreferrer\">http:\/\/www.rfxn.com\/projects\/linux-malware-detect\/<\/a>.<\/p>\n<div align=\"center\"><strong>Install Linux Malware Detect (LMD) in\u00a0<\/strong><strong>RHEL 6.3\/6.2\/6.1\/6\/5.8<\/strong>,<strong>CentOS 6.3\/6.2\/6.1\/6\/5.8<\/strong>\u00a0and\u00a0<strong>Fedora 12,13,14,15,16,17<\/strong><\/div>\n<h3>Installing Linux Malware Detect (LMD) in RHEL, CentOS and Fedora<\/h3>\n<h4>Step 1: Downloading Linux Malware Detect (LMD)<\/h4>\n<p>Downloading latest\u00a0<strong>LMD<\/strong>\u00a0package using following\u00a0<strong>wget<\/strong>\u00a0command.<\/p>\n<pre># cd \/tmp\n# wget http:\/\/www.rfxn.com\/downloads\/maldetect-current.tar.gz<\/pre>\n<h4>Step 2: Installing LMD<\/h4>\n<p>Installation and Configuration of\u00a0<strong>LMD<\/strong>\u00a0is a bit easy task, just follow below steps as root user.<\/p>\n<pre># tar xfz maldetect-current.tar.gz\n# cd maldetect-*\n# .\/install.sh<\/pre>\n<h4>Sample Output<\/h4>\n<pre>Linux Malware Detect v1.4.1\n            (C) 2002-2011, R-fx Networks \n            (C) 2011, Ryan MacDonald \ninotifywait (C) 2007, Rohan McGovern \nThis program may be freely redistributed under the terms of the GNU GPL\n\ninstallation completed to \/usr\/local\/maldetect\nconfig file: \/usr\/local\/maldetect\/conf.maldet\nexec file: \/usr\/local\/maldetect\/maldet\nexec link: \/usr\/local\/sbin\/maldet\nexec link: \/usr\/local\/sbin\/lmd\ncron.daily: \/etc\/cron.daily\/maldet\n\nmaldet(3092): {sigup} performing signature update check...\nmaldet(3092): {sigup} local signature set is version 201205035915\nmaldet(3092): {sigup} new signature set (2012071115632) available\nmaldet(3092): {sigup} downloaded http:\/\/www.rfxn.com\/downloads\/md5.dat\nmaldet(3092): {sigup} downloaded http:\/\/www.rfxn.com\/downloads\/hex.dat\nmaldet(3092): {sigup} downloaded http:\/\/www.rfxn.com\/downloads\/rfxn.ndb\nmaldet(3092): {sigup} downloaded http:\/\/www.rfxn.com\/downloads\/rfxn.hdb\nmaldet(3092): {sigup} downloaded http:\/\/www.rfxn.com\/downloads\/maldet-clean.tgz\nmaldet(3092): {sigup} signature set update completed\nmaldet(3092): {sigup} 9649 signatures (7782 MD5 \/ 1867 HEX)<\/pre>\n<h4>Step 3: Configuring LMD<\/h4>\n<p>By default all options are fully commented in the configuration file, so configure it according to your needs. But before making any changes let\u2019s have a detailed review of each option below.<\/p>\n<ol>\n<li><strong>email_alert<\/strong>\u00a0: If you would like to receive email alerts, then it should be set to 1.<\/li>\n<li><strong>email_subj<\/strong>\u00a0: Set your email subject here.<\/li>\n<li><strong>email_addr<\/strong>\u00a0: Add your email address to receive malware alerts.<\/li>\n<li><strong>quar_hits<\/strong>\u00a0: The default quarantine action for malware hits, it should be set 1.<\/li>\n<li><strong>quar_clean<\/strong>\u00a0: Cleaing detected malware injections, must set to 1.<\/li>\n<li><strong>quar_susp<\/strong>\u00a0: The default suspend action for users wih hits, set it as per your requirements.<\/li>\n<li><strong>quar_susp_minuid<\/strong>\u00a0: Minimum userid that can be suspended.<\/li>\n<\/ol>\n<p>Open file\u00a0<strong>\/usr\/local\/maldetect\/conf.maldet<\/strong>\u00a0and make changes according to your needs.<\/p>\n<pre># vi \/usr\/local\/maldetect\/conf.maldet<\/pre>\n<h4>Sample Configuration<\/h4>\n<p>Here is the my sample configuration file.<\/p>\n<pre># [ EMAIL ALERTS ]\n##\n# The default email alert toggle\n# [0 = disabled, 1 = enabled]\n<strong>email_alert=1<\/strong>\n\n# The subject line for email alerts\nemail_subj=\"maldet alert from $(hostname)\"\n\n# The destination addresses for email alerts\n# [ values are comma (,) spaced ]\n<strong>email_addr=\"tecmint.com@gmail.com\"<\/strong>\n\n# Ignore e-mail alerts for reports in which all hits have been cleaned.\n# This is ideal on very busy servers where cleaned hits can drown out\n# other more actionable reports.\nemail_ignore_clean=0\n\n##\n# [ QUARANTINE OPTIONS ]\n##\n# The default quarantine action for malware hits\n# [0 = alert only, 1 = move to quarantine &amp; alert]\n<strong>quar_hits=1<\/strong>\n\n# Try to clean string based malware injections\n# [NOTE: quar_hits=1 required]\n# [0 = disabled, 1 = clean]\n<strong>quar_clean=1<\/strong>\n\n# The default suspend action for users wih hits\n# Cpanel suspend or set shell \/bin\/false on non-Cpanel\n# [NOTE: quar_hits=1 required]\n# [0 = disabled, 1 = suspend account]\n<strong>quar_susp=0<\/strong>\n# minimum userid that can be suspended\n<strong>quar_susp_minuid=500<\/strong><\/pre>\n<h4>Step 4: Manual Scans and Usage<\/h4>\n<p>If you would like to scan user\u2019s\u00a0<strong>Home<\/strong>\u00a0directory, then simply issue following command.<\/p>\n<pre># maldet --scan-all \/home<\/pre>\n<p>You performed a scan but failed to turn on the quarantine option, don\u2019t worry just use the following command to turn on and quarantine all previous malware scan results.<\/p>\n<pre># maldet --quarantine SCANID\nOR\n# maldet --clean SCANID<\/pre>\n<h4>Step 5: Daily Scans<\/h4>\n<p>By default installation keeps LMD script under\u00a0<strong>\/etc\/cron.daily\/maldet<\/strong>\u00a0and it is used to perform a daily scans, update of signatures, quarantine etc, and sends a daily report of malware scan to your specified emails. If you need to add additional paths to be scanned, then you should edit this file accordingly to your requirements.<\/p>\n<pre># vi \/etc\/cron.daily\/maldet<\/pre>\n<p>If you like this article, please share with your friends and do leave comments.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>What is Malware? Malware\u00a0is called malicious software, script or code which is created and used by hackers to retrieve information of private data or gain access to any private computer systems. Malware can be trojans, viruses, spyware, adware, rootkits or any other malicious programs which can be very harmful to any computer user. What is [&hellip;]<\/p>\n","protected":false},"author":2,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"inline_featured_image":false,"_jetpack_memberships_contains_paid_content":false,"footnotes":""},"categories":[60],"tags":[141],"class_list":["post-369","post","type-post","status-publish","format-standard","hentry","category-linux","tag-install-linux-malware-detect-centos"],"acf":[],"aioseo_notices":[],"jetpack_featured_media_url":"","jetpack_sharing_enabled":true,"_links":{"self":[{"href":"https:\/\/www.shineservers.com\/wp-json\/wp\/v2\/posts\/369","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.shineservers.com\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.shineservers.com\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.shineservers.com\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/www.shineservers.com\/wp-json\/wp\/v2\/comments?post=369"}],"version-history":[{"count":0,"href":"https:\/\/www.shineservers.com\/wp-json\/wp\/v2\/posts\/369\/revisions"}],"wp:attachment":[{"href":"https:\/\/www.shineservers.com\/wp-json\/wp\/v2\/media?parent=369"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.shineservers.com\/wp-json\/wp\/v2\/categories?post=369"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.shineservers.com\/wp-json\/wp\/v2\/tags?post=369"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}