Linux Malware Detect (LMD) is an open source and free malware scanner and detector for Unix/Linux based operating systems, released under GNU GPLv2. It is designed to figure out threats faced by shared hosting environments.
The installation of LMD in RHEL and CentOS is kind of easy, here we will give you an example on how to setup and config LMD.
Step 1: Download the latest package and run setup
# cd /tmp; wget http://www.rfxn.com/downloads/maldetect-current.tar.gz
Installation and Configuration of LMD is a bit easy task, just follow below steps as root user.
# tar zxf maldetect-current.tar.gz # cd maldetect-* # sudo ./install.sh
Step 2: Configuring LMD
By default all options are commented out in the configuration file, you need to config it according to your needs. Before making any changes let’s have a detailed review of each option below.
- email_alert : If you would like to receive email alerts, then it should be set to 1.
- email_subj : Set your email subject here.
- email_addr : Add your email address to receive malware alerts.
- quar_hits : The default quarantine action for malware hits, it should be set 1.
- quar_clean : Cleaing detected malware injections, must set to 1.
- quar_susp : The default suspend action for users wih hits, set it as per your requirements.
- quar_susp_minuid : Minimum userid that can be suspended.
Open file /usr/local/maldetect/conf.maldet and make changes according to your needs. Here is the my sample configuration file.
email_alert=1 email_subj="maldet alert from $(hostname)" email_addr="firstname.lastname@example.org" email_ignore_clean=0 quar_hits=1 quar_clean=1 quar_susp=0 quar_susp_minuid=500
Then, you can have a manual scans. If you would like to scan users’ Home directory, simply run this command “maldet –scan-all /home”.
You performed a scan but failed to turn on the quarantine option, don’t worry just use the following command to turn on and quarantine all previous malware scan results.
# maldet --quarantine SCANIDOR # maldet --clean SCANID
Step 3: Deploy Daily Scans
By default installation keeps LMD script under /etc/cron.daily/maldet and it’s used to perform a daily scans, update of signatures, quarantine etc, and sends a daily report of malware scan to your specified emails. If you need to add additional paths to be scanned, then you should edit this file /etc/cron.daily/maldet accordingly to your requirements.