Install Maldetect Cpanel
Login to cPanel server via SSH as the root user.
Execute the below commands:
cd /usr/local/src/
wget http://www.webchamp.com.br/downloads/maldetect-current.tar.gz
tar -xzf maldetect-current.tar.gz
cd maldetect-*
sh ./install.sh
Updating the application
Manually update maldet
maldet -d
maldet -u
Configuring Linux Malware Detect (Maldet)
By default all options are fully commented in the configuration file, so configure it according to your needs. But before making any changes let’s have a detailed review of each option below.
Open file /usr/local/maldetect/conf.maldet and make changes according to your needs
nano /usr/local/maldetect/conf.maldet
email_alert : If you would like to receive email alerts, then it should be set to 1.
email_addr : Add your email address to receive malware alerts.
quarantine_hits : The default quarantine action for malware hits, it should be set 1.
quarantine_clean : Cleaning detected malware injections, it should be set 1.
quarantine_suspend_user : The default suspend action for users wih hits, set it as per your requirements.
quarantine_suspend_user_minuid : Minimum userid that can be suspended.
Running full malware scan user home directories
# The maximum file size for a file to be included in scan
# search results; use man find for accepted values
# [ changing this may have an impact on scan performance ]
maxfilesize=“768k”
Altere 768k para 1024K.
First i suggest full scan user home directories to detect and clean malware:
The Bellow command will scan all files and directories within the /home directory, which is where the content for cPanel accounts is stored.
maldet -a /home/?
Later you can only scan example all .php files. Command Below:
maldet –include-regex “.*.php$” -a /home/?/public_html
Acionando a varredura
Em nosso padrão de uso do Linux Malware Detect, acionamos o monitoramento de todos os usuários, através do comando abaixo:
# maldet -m users
Caso de algum erro, instale o pacote abaixo com o comando:
yum install inotify-tools -y