20 Mar
Installing LMD on centos
Download the LMD package from rfxn site
- Login with ssh/putty with root access
- go to your tmp folder or create own folder where you want to download this package for installation process
# cd /tmp
- use wget command to download latest LMD from source site
# wget http://www.rfxn.com/downloads/maldetect-current.tar.gz
Installing downloaded LMD package on your centos box
- Extract downloaded package
# tar xfz maldetect-current.tar.gz
- go to extracted directory
# cd maldetect-*
- check proper permission for installation script file sh. It must have executable permission. If not then you can use below command for changing permission
# chmod 0777 install.sh
- run installation script
# ./ install.sh
You will got output something like below
Linux Malware Detect v1.4.1
(C) 2002-2011, R-fx Networks
(C) 2011, Ryan MacDonald
inotifywait (C) 2007, Rohan McGovern
This program may be freely redistributed under the terms of the GNU GPL
installation completed to /usr/local/maldetect
config file: /usr/local/maldetect/conf.maldet
exec file: /usr/local/maldetect/maldet
exec link: /usr/local/sbin/maldet
exec link: /usr/local/sbin/lmd
cron.daily: /etc/cron.daily/maldet
Now configure your LMD program according to your need
edit configuration file
# nano /usr/local/maldetect/conf.maldet
Following few options you will got in this file
- email_alert: If you would like to receive email alerts, then it should be set to 1.
- email_subj: Set your email subject here.
- email_addr: Add your email address to receive malware alerts.
- quar_hits: The default quarantine action for malware hits, it should be set 1.
- quar_clean: Cleaing detected malware injections, must set to 1.
- quar_susp: The default suspend action for users wih hits, set it as per your requirements.
- quar_susp_minuid: Minimum userid that can be suspended.
Default it have something like below:-
# [ EMAIL ALERTS ] ## # The default email alert toggle # [0 = disabled, 1 = enabled] email_alert=1 # The subject line for email alerts email_subj="maldet alert from $(hostname)" # The destination addresses for email alerts # [ values are comma (,) spaced ] email_addr="[email protected]" # Ignore e-mail alerts for reports in which all hits have been cleaned. # This is ideal on very busy servers where cleaned hits can drown out # other more actionable reports. email_ignore_clean=0 ## # [ QUARANTINE OPTIONS ] ## # The default quarantine action for malware hits # [0 = alert only, 1 = move to quarantine & alert] quar_hits=1 # Try to clean string based malware injections # [NOTE: quar_hits=1 required] # [0 = disabled, 1 = clean] quar_clean=1 # The default suspend action for users wih hits # Cpanel suspend or set shell /bin/false on non-Cpanel # [NOTE: quar_hits=1 required] # [0 = disabled, 1 = suspend account] quar_susp=0 # minimum userid that can be suspended quar_susp_minuid=500
That’s it.
Now how to use LMD program
- if you want to scan your root home directory and all its sub folder’s then you can run below
# maldet --scan-all /home
- If you forgot to turn on quarantine option then you can use it manfully after scanning like
# maldet --quarantine SCANID
OR
# maldet --clean SCANID
here SCANID is your last scan report id which returned by scan command at last.
- If you want to set maldet program for daily scanning as a cron job then you can use cron job command or can set cron job according to your requirement
# vi /etc/cron.daily/maldet
For more detail you can visit https://www.rfxn.com/projects/linux-malware-detect/
I am a software engineer who specializes in Internet applications. I have worked with a wide variety of technologies and programming languages to open source LAMP environments. I have more than 6 years of object-oriented programming experience and am highly proficient in ActionScript, PHP, MYSQL, JavaScript, Jquery and a multitude of other technologies used in modern web applications.
Latest posts by Rajeev Achra (see all)
- Jquery webcam plugin - June 19, 2016
- How To Add and Delete Users on a CentOSServer - June 5, 2016
- How To Set Up vsftpd on CentOS 6 - June 5, 2016