Shulou(Shulou.com)06/02 Report--

This article will explain in detail the method of installing Linux malware detection program for you. The editor thinks it is very practical, so I share it with you as a reference. I hope you can get something after reading this article.

Malware is called malware, and it can be any script, application, or anything harmful to our system and data.

Linux Malware detect (LMD) is a malware scanner for Linux that is released under the GNU GPLV2 license and is designed to address threats in a managed environment. It uses threat data from the network edge intrusion detection system to extract malware actively used for attacks and generate signatures for detection.

Threats and standard AV product detection kits in shared managed environments are unique in that they mainly detect operating system-level Trojan horses, rootkit, and traditional virus-infected files, while ignoring the growing variety of malware at the user account level as attack platforms.

Step 1: download and install LMD

First log in to the server using a ssh client such as putty, and then download the latest lmd source code using the following command.

# cd / opt # wget http://www.rfxn.com/downloads/maldetect-current.tar.gz

Now extract the downloaded archive in the current directory

Now extract the archive files downloaded from the current directory

# tar xfz maldetect-current.tar.gz

After unzipping the archive, execute the install.sh script provided in source, which installs LMD on the system.

# cd maldetect-1.4.2 # sh install.sh

Step 2: configure LMD

LMD creates a configuration file / usr/local/maldetect/conf.maldet where we can define the work of LMD and the actions to be taken.

# vim / usr/local/maldetect/conf.maldet# [EMAIL ALERTS] # The default email alert toggle# [0 = disabled, 1 = enabled] email_alert=1# The subject line for email alertsemail_subj= "MLD Scan Report from $(hostname)" # The destination addresses for email alerts# [values are comma ( ) spaced] email_addr= "webmaster@mydomain.com" # Ignore e-mail alerts for reports in which all hits have been cleaned.# This is ideal on very busy servers where cleaned hits can drown out# other more actionable reports.email_ignore_clean=0### [QUARANTINE OPTIONS] # The default quarantine action for malware hits# [0 = alert only, 1 = move to quarantine & alert] quar_hits=1# Try to clean string based malware injections# [NOTE: quar_hits=1 required] # [0 = disabled 1 = clean] quar_clean=1# The default suspend action for users wih hits# Cpanel suspend or set shell / bin/false on non-Cpanel# [NOTE: quar_hits=1 required] # [0 = disabled, 1 = suspend account] quar_susp=0# minimum userid that can be suspendedquar_susp_minuid=500

Step 3: start scanning manually

At this stage, LMD has been successfully installed and configured on the system. Let's run the first scan manually by executing the following command.

# maldet-- scan-all / var / www / html

The above command scans all files and directories under / var/www/html. Depending on the number of files, it may take a long time to complete. After completing the above command, it will display a command to view the report shown below

# maldet-- report 060214-1946.24560malware detect scan report for svr1.tecadmin.net:SCAN ID: 060214-1946.24560TIME: May 28 19:46:12 + 0530PATH: / var/www/html/TOTAL FILES: 4441TOTAL HITS: 0TOTAL CLEANED: 0===Linux Malware Detect v1.4.2

In this example, TOTAL HITS is 0, so LMD will not detect any malware on the system. But if it detects any malware on the system, you can use one of the following commands to isolate the malware

# maldet-quarantine SCANIDOR# maldet-clean SCANID

SCANID can be found in the report generated above.

Step 4: set up periodic scans

During the installation of LMD, it has created the crontab files that are executed every day.

# vi / etc/cron.daily/maldet

However, if the system has a large number of files and directories, you can change the scan to weekly instead of daily.

On the installation of Linux malware detection program to share here, I hope that the above content can be of some help to you, can learn more knowledge. If you think the article is good, you can share it for more people to see.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.