Discover Top Posts Tagged with #malware detection methods

New Post has been published on WebSetNet

New Post has been published on http://websetnet.com/malware-detect-maldetect-ispconfig-3-debian-6-install/

Malware Detect (maldetect) – ISPConfig 3 – Debian 6 -Install

Installation instructions for malwaredetect on a Debian 6 server with ISPConfig3:

Installation

Install pre-reqs:

apt-get install inotify-tools

Install maldetect:

wget http://www.rfxn.com/downloads/maldetect-current.tar.gz tar -xzvf maldetect-current.tar.gz cd maldetect-* sh install.sh

Configure

Edit the main maldet script to work with Debian:

vim /usr/local/maldetect/maldet

Replace the line that starts with $nice in the main maldet script with the following:

$nice -n $inotify_nice $inotify -r --fromfile $inotify_fpaths $exclude --timefmt "%d %b %H:%M:%S" –format "%w%f %e %T" -m -e create,move,modify >> $inotify_log 2>&1 &

Edit internals.conf - Find inotify= and change the value to /usr/bin/inotifywait:

vim /usr/local/maldetect/internals.conf

Next delete inotifywait and libinotifytools.so.0

rm -rf /usr/local/maldetect/inotify/inotifywait rm -rf /usr/local/maldetect/inotify/libinotifytools.so.0

Now edit the cronjob:

vim /etc/cron.daily/maldet

Comment out:

/usr/local/maldetect/maldet -d >> /dev/null 2>&1

/usr/local/maldetect/maldet -b -r /home?/?/public_html 2 >> /dev/null 2>&1

if [ -d "/var/www/html" ]; then /usr/local/maldetect/maldet -b -r /var/www/html 2 fi if [ -d "/usr/local/apache/htdocs" ]; then /usr/local/maldetect/maldet -b -r /usr/local/apache/htdocs 2 fi

Add this:

# Instead use ISPConfig 3 path var/www /usr/local/maldetect/maldet -b -r /var/www

Below this:

#/usr/local/maldetect/maldet -b -r /home?/?/public_html 2 >> /dev/null 2>&1

Now configure maldetect to run daily and send report to email address of your choice:

Set toggle to 1, update subject line and enter email address:

vim /usr/local/maldetect/conf.maldet

# [ EMAIL ALERTS ] ## # The default email alert toggle # [0 = disabled, 1 = enabled] email_alert=1 # The subject line for email alerts email_subj="Malware Detect Subject Line $(hostname)" # The destination addresses for email alerts # [ values are comma (,) spaced ] email_addr="[email protected]"

**Cron should run daily with an email report. Report only sent if malware found**

Manual Scanning

Scan specific directory:

maldet -a /home/homedir/public_html/

Scan all directories using a wildcard:

maldet -a /home/?/public_html/

#apache #Malware Detect #malware detection methods #malware detection website