Installing and using Linux Malware Detect(LMD) in Linux Operating Systems with CPanel

installing-using-linux-malware-detect-lmd-linux-cpanel

Installing and using Linux Malware Detect(LMD) in Linux Operating Systems with CPanel

Managing the Servers with the website in shared hosting is a hard task.

One night, you made all the configurations and editing the wordpress for all night, after you are happy with the customization you went to sleep at 6AM, You wakeup and hasĀ  lunch and came back to see your site. GOD DAM*T your site shows site is hacked by some ash**se

I know its frustrating to see such hard work is been harmed by malware and shell scripts executed through php.

To overcome this kind of issue, You have (LMD)Linux Malware Detect to scan and detect such infected files.

Now, we will go for the steps to install the Linux Malware Detect LMD. this can co-exist with cpanel without any issues.

First make a directory to store the installation files of LMD.

Change the directory to the created folder.

We can now download the LMD by the below commands.

wget http://www.rfxn.com/downloads/maldetect-current.tar.gz

Extract the files now.

Use the Below command to execute the Installtion.

[email protected] [~/install/maldetect/maldetect-1.4.2]# ./install.sh

Now, we need to edit the (LMD) Linux Malware Detect configuration file and edit few options to work completely.
this file is located at /usr/local/maldetect/conf.maldet

use nano editor and open the file.
# nano /usr/local/maldetect/conf.maldet

I am going to just write the required options, which you need to update.
1. email_alert
2. email_subj
3. email_addr
4. quar_hits
5. quar_clean

Once this configuration is done, use CTRL + O to write the changes and exit using CTRL + X

Now, we are going to do a scan.
(I used an account which already has infected files, which customer moved today)

On the above scan, the report id is 041715-0605.23098 and the infected files are moved to quarantine
You can view the result by typing.

# maldet –report 041715-0605.23098

You can now delete the infected files either by delete the files on the quarantine or maldet –clean 041715-0605.23098

or

The Final part, adding the automated jobs to cron.

About Bindhu Maniya

Software Engineer at TCS Chennai, Studied Software Engineering at RMK Engineering College, DAV School, Chennai Lives in Chennai, Tamil Nadu, Love to write blogs & helping technically to my friends who needs it. like you :)

View all posts by Bindhu Maniya →

Comments