Install and configure Maldet latest version

Spread the love

As we understand, Linux Malware Detect (LMD) is a malware scanner and under the GNU GPLv2 license it is published. Maldet is commonly used to discover malicious scripts that threaten the server in the hosting environment. Using this tool, we can secure the server. We will learn how to install and configure the recent version of Maldet in this post.

Step 1. Download Linux Malware Detect (LMD) latest version

cd /usr/local/src/
wget https://www.rfxn.com/projects/linux-malware-detect/
cd maldetect-*
sh install.sh
cd ..
rm -rf maldetect-*

[root@techfaqsolutions ~]# cd /usr/local/src/
[root@techfaqsolutions src]# wget http://www.rfxn.com/downloads/maldetect-current.tar.gz
--2018-08-13 11:32:24-- http://www.rfxn.com/downloads/maldetect-current.tar.gz
Resolving www.rfxn.com (www.rfxn.com)... 45.33.122.151
Connecting to www.rfxn.com (www.rfxn.com)|45.33.122.151|:80... connected.
HTTP request sent, awaiting response... 200 OK
Length: 1605546 (1.5M) [application/x-gzip]
Saving to: ‘maldetect-current.tar.gz’

100%[================================================================================>] 16,05,546 348KB/s in 5.3s

2018-08-13 11:32:30 (293 KB/s) - ‘maldetect-current.tar.gz’ saved [1605546/1605546]

[root@techfaqsolutions src]# cd maldetect-*
[root@techfaqsolutions maldetect-1.6.2]# 

[root@techfaqsolutions maldetect-1.6.2]# sh install.sh 
Created symlink from /etc/systemd/system/multi-user.target.wants/maldet.service to /usr/lib/systemd/system/maldet.service.
Linux Malware Detect v1.6
            (C) 2002-2017, R-fx Networks <proj@r-fx.org>
            (C) 2017, Ryan MacDonald <ryan@r-fx.org>
This program may be freely redistributed under the terms of the GNU GPL

installation completed to /usr/local/maldetect
config file: /usr/local/maldetect/conf.maldet
exec file: /usr/local/maldetect/maldet
exec link: /usr/local/sbin/maldet
exec link: /usr/local/sbin/lmd
cron.daily: /etc/cron.daily/maldet
maldet(1490): {sigup} performing signature update check...
maldet(1490): {sigup} local signature set is version 2017070716978
maldet(1490): {sigup} new signature set (2018080811293) available
maldet(1490): {sigup} downloading https://cdn.rfxn.com/downloads/maldet-sigpack.tgz
maldet(1490): {sigup} downloading https://cdn.rfxn.com/downloads/maldet-cleanv2.tgz
maldet(1490): {sigup} verified md5sum of maldet-sigpack.tgz
maldet(1490): {sigup} unpacked and installed maldet-sigpack.tgz
maldet(1490): {sigup} verified md5sum of maldet-clean.tgz
maldet(1490): {sigup} unpacked and installed maldet-clean.tgz
maldet(1490): {sigup} signature set update completed
maldet(1490): {sigup} 17155 signatures (14346 MD5 | 2030 HEX | 779 YARA | 0 USER)

[root@techfaqsolutions maldetect-1.6.2]# cd ..
[root@techfaqsolutions src]# rm -rf maldetect-*

Step 2 – Install ClamAV

Installing ClamAV with Maldet scanner get the best scanning results of LMD. ClamAV is an anti-virus scanner.

yum -y install clamav clamav-devel

[root@techfaqsolutions src]# yum -y install clamav clamav-devel
Loaded plugins: fastestmirror
base | 3.6 kB 00:00:00 
epel/x86_64/metalink | 7.4 kB 00:00:00 
epel | 3.2 kB 00:00:00 
extras | 3.4 kB 00:00:00 
updates | 3.4 kB 00:00:00 
(1/3): epel/x86_64/group_gz | 88 kB 00:00:02 
(2/3): epel/x86_64/updateinfo | 933 kB 00:00:08 
(3/3): epel/x86_64/primary | 3.6 MB 00:00:10 
Loading mirror speeds from cached hostfile
* base: mirrors.fibergrid.in
* epel: repo.ugm.ac.id
* extras: mirrors.fibergrid.in
* updates: mirrors.fibergrid.in
epel 12642/12642
Resolving Dependencies
--> Running transaction check
---> Package clamav.x86_64 0:0.100.1-1.el7 will be installed
--> Processin
.
.
.
Verifying : libsepol-2.5-6.el7.x86_64 36/40 
Verifying : libcom_err-1.42.9-10.el7.x86_64 37/40 
Verifying : e2fsprogs-libs-1.42.9-10.el7.x86_64 38/40 
Verifying : e2fsprogs-1.42.9-10.el7.x86_64 39/40 
Verifying : krb5-libs-1.15.1-8.el7.x86_64 40/40

Installed:
clamav.x86_64 0:0.100.1-1.el7 clamav-devel.x86_64 0:0.100.1-1.el7

Dependency Installed:
clamav-filesystem.noarch 0:0.100.1-1.el7 clamav-lib.x86_64 0:0.100.1-1.el7 clamav-update.x86_64 0:0.100.1-1.el7
json-c.x86_64 0:0.11-4.el7_0 keyutils-libs-devel.x86_64 0:1.5.8-3.el7 krb5-devel.x86_64 0:1.15.1-19.el7 
libcom_err-devel.x86_64 0:1.42.9-12.el7_5 libkadm5.x86_64 0:1.15.1-19.el7 libselinux-devel.x86_64 0:2.5-12.el7
libsepol-devel.x86_64 0:2.5-8.1.el7 libtool-ltdl.x86_64 0:2.4.2-22.el7_3 libverto-devel.x86_64 0:0.2.5-4.el7 
openssl-devel.x86_64 1:1.0.2k-12.el7 pcre-devel.x86_64 0:8.32-17.el7 pcre2.x86_64 0:10.23-2.el7 
zlib-devel.x86_64 0:1.2.7-17.el7

Dependency Updated:
e2fsprogs.x86_64 0:1.42.9-12.el7_5 e2fsprogs-libs.x86_64 0:1.42.9-12.el7_5 krb5-libs.x86_64 0:1.15.1-19.el7 
libcom_err.x86_64 0:1.42.9-12.el7_5 libselinux.x86_64 0:2.5-12.el7 libselinux-python.x86_64 0:2.5-12.el7 
libselinux-utils.x86_64 0:2.5-12.el7 libsepol.x86_64 0:2.5-8.1.el7 libss.x86_64 0:1.42.9-12.el7_5 
openssl.x86_64 1:1.0.2k-12.el7 openssl-libs.x86_64 1:1.0.2k-12.el7

Complete!
[root@techfaqsolutions src]#

After ClamAV has been installed, we can update the ClamAV virus databases with the freshclam command:

freshclam

[root@techfaqsolutions src]# freshclam
ClamAV update process started at Mon Aug 13 12:17:21 2018
Downloading main.cvd [100%]
main.cvd updated (version: 58, sigs: 4566249, f-level: 60, builder: sigmgr)
Downloading daily.cvd [100%]
daily.cvd updated (version: 24838, sigs: 2046995, f-level: 63, builder: neo)
Downloading bytecode.cvd [100%]
bytecode.cvd updated (version: 327, sigs: 91, f-level: 63, builder: neo)
Database updated (6613335 signatures) from database.clamav.net (IP: 104.16.189.138)

Step 3. How to run first maldet scan.

To perform a maldet scan for /home, you can use like below:

maldet -a /home

To scan all websites on a web server:

maldet -a /home/?/public_html/

Scan only 2 days old files:

maldet -r /home/?/public_html/ 2

Step 4. Maldet report

After the first, we need to scan the report. To do that please use below command to find the latest scan report.

maldet --report

To see any scan report with SCAN ID:

maldet <SCANID>

maldet --report 161008-0524.9467

Quarantine the detected files:

maldet -q <SCANID>

maldet -q 161008-0524.9467

 


Spread the love

You may also like...

3 Responses

  1. Janna says:

    It works really well for me

  2. here says:

    It works really well for me

Leave a Reply

Your email address will not be published. Required fields are marked *