In this tutorial, we will show you how to install Linux Malware Detect on CentOS 7. For those of you who didn’t know, Linux Malware Detect is a malware scanner for Linux released under the GNU GPLv2 license, that is designed around the threats faced in shared hosted environments. It uses threat data from network edge intrusion detection systems to extract malware that is actively being used in attacks and generates signatures for detection.
In addition, threat data is also derived from user submissions with the LMD checkout feature and from malware community resources. The signatures that LMD uses are MD5 file hashes and HEX pattern matches, they are also easily exported to any number of detection tools such as ClamAV.
This article assumes you have at least basic knowledge of Linux, know how to use the shell, and most importantly, you host your site on your own VPS. The installation is quite simple. I will show you the step-by-step installation of Linux Malware Detect on CentOS 7 server.
Prerequisites
- A server running one of the following operating systems: CentOS 7.
- It’s recommended that you use a fresh OS install to prevent any potential issues.
- SSH access to the server (or just open Terminal if you’re on a desktop).
- A
non-root sudo useror access to theroot user. We recommend acting as anon-root sudo user, however, as you can harm your system if you’re not careful when acting as the root.
Install Linux Malware Detect on CentOS 7
Step 1. First of all, make sure that all packages are up to date.
yum -y update
Step 2. Install Linux Malware Detect.
Download the latest stable version of Linux Malware Detect:
wget http://www.rfxn.com/downloads/maldetect-current.tar.gz tar xfz maldetect-current.tar.gz cd maldetect-*
And run the installation script:
./install.sh
You should get the following output:
Linux Malware Detect v1.4.2
(C) 2002-2013, R-fx Networks <proj@r-fx.org>
(C) 2013, Ryan MacDonald <ryan@r-fx.org>
inotifywait (C) 2007, Rohan McGovern <rohan@mcgovern.id.au>
This program may be freely redistributed under the terms of the GNU GPL
installation completed to /usr/local/maldetect
config file: /usr/local/maldetect/conf.maldet
exec file: /usr/local/maldetect/maldet
exec link: /usr/local/sbin/maldet
exec link: /usr/local/sbin/lmd
cron.daily: /etc/cron.daily/maldet
maldet(776): {sigup} performing signature update check...
maldet(776): {sigup} local signature set is version 201205035915
maldet(776): {sigup} new signature set (2014082316728) available
maldet(776): {sigup} downloaded http://cdn.rfxn.com/downloads/md5.dat
maldet(776): {sigup} downloaded http://cdn.rfxn.com/downloads/hex.dat
maldet(776): {sigup} downloaded http://cdn.rfxn.com/downloads/rfxn.ndb
maldet(776): {sigup} downloaded http://cdn.rfxn.com/downloads/rfxn.hdb
maldet(776): {sigup} downloaded http://cdn.rfxn.com/downloads/maldet-clean.tgz
maldet(776): {sigup} signature set update completed
maldet(776): {sigup} 11788 signatures (9895 MD5 / 1893 HEX)
Step 3. Configuring Linux Malware Detect.
The configuration of LMD is handled through /usr/local/maldetect/conf.maldet and where we can define the working of LMD and what action to take:
nano /usr/local/maldetect/conf.maldet
And change the following settings:
email_alert=1 – Enable email alerts email_addr=”user@yourdomain.tld” – Enter the destination address for email alerts quar_hits=1 – Move the detected malware to quarantine and send an alert quar_clean=1 – Try to clean sthe detected malware injections
Step 4. Start scanning manually.
To scan a directory you can use
maldet -a /path/to/directory
To update Maldet use the below command:
maldet -u
You can find the details on all options by executing:
maldet - h
Congratulations! You have successfully installed Linux Malware Detect (LMD). Thanks for using this tutorial for installing Linux Malware Detect in CentOS 7 system. For additional help or useful information, we recommend you check the official MLD website.
