How to Install & Configure Linux Malware Detect (LMD) on CentOS 6x
Q. What is LMD ?
-- Linux Malware Detect (LMD) is Malware detector & scanner for Linux, Designed for shared hosting environments. LMD is released under GNU GPLV2 license, it can be installed on cPanel WHM & Linux Environments with together other Detection tools such as ClamAV.
Prerequisite:
1. CentOS 6.x
2. Root Privileges.
Step: 1. Install Epel Repository :
# yum -y install epel-release
Step: 2. Install Mailx :
# yum -y install mailx
Step: 3. Install Linux Malware Detect (LMD) :
# cd /tmp
# wget http://www.rfxn.com/downloads/maldetect-current.tar.gz
# tar -xzvf maldetect-current.tar.gz
# cd maldetect-1.5
# ./install.sh
Step: 4. Make a Symlink to the maldet Command in the /bin/ Directory :
# ln -s /usr/local/maldetect/maldet /bin/maldet
# hash -r
Step: 5. Configure Linux Malware Detect (LMD) :
# cd /usr/local/maldetect/
# vi conf.maldet
-- Enable Email Alert by Changing the value to '1' on Line No 16.
email_alert="1"
-- Type in Your Email Address on Line No 21.
email_addr="koushik@domain.com"
-- Use the ClamAV Scan binary as default Scan Engine because it provides a high-performance Scan on large file sets. Change value to '1' on Line No 114.
scan_clamscan="1"
-- Enable Quarantining to move Malware to the Quarantine Automatically During the Scan Process. Change value to '1' on Line No 180.
quarantine_hits="1"
-- Enable Clean based Malware Injections. Change value to '1' on Line No 185.
quarantine_clean="1"
-- Save & Quit (:wq)
Step: 6. Install ClamAV :
# yum -y install clamav clamav-devel
Step: 7. Update the ClamAV Virus Databases :
# freshclam
Step: 8. Testing LMD and ClamAV :
-- Go to the Web root Directory & Download some sample malware (eicar) with wget.
# yum -y install wget
# cd /var/www/html
# wget http://www.eicar.org/download/eicar.com.txt
# wget http://www.eicar.org/download/eicar_com.zip
# wget http://www.eicar.org/download/eicarcom2.zip
-- Scan the Web root Directory with the maldet.
# maldet -a /var/www/html
Step: 9. Check the Scan Report :
# maldet --report 161008-0524.9466
Step: 10. Now Check the Email Report from LMD :
# tail -f /var/mail/root
Step: 11. Other LMD Commands :
-- Perform a Scan for Specific file Extention only :
# maldet -a /var/www/html/*.php
-- Get a List of all Reports :
# maldet -e list
-- Scan Files that have been Created/Modified in the last X Days :
# maldet -r /var/www/html/ 5
-- Restore Files from the Quarantine Directory :
# maldet -s SCANID
-- Enable Monitoring of a Directory :
# maldet -m /var/www/html/
-- Check the Monitor Log File :
# tail -f /usr/local/maldetect/logs/inotify_log
Thanks For Visiting on My Blog, For More Tutorials Keep Visiting My Blog