Go Back   HowtoForge Forums | HowtoForge - Linux Howtos and Tutorials > ISPConfig 3 > Tips/Tricks/Mods

Do you like HowtoForge? Please consider supporting us by becoming a subscriber.
 
 
Thread Tools Display Modes
Prev Previous Post   Next Post Next
  #1  
Old 30th August 2012, 09:19
felan felan is offline
Junior Member
 
Join Date: Aug 2012
Posts: 21
Thanks: 0
Thanked 10 Times in 5 Posts
Default Linux Malware Detect on Debian 6 with ISPConfig 3

I just added this system to two production servers and felt like sharing this with the rest of you. THe system is pretty good at detecting malware in websites. Hope you will all enjoy it.
-----
To install maldet

1. Install

First we need to install inotify-tools

apt-get install inotify-tools

Now we are ready to install maldetect. Run the following commands.

wget http://www.rfxn.com/downloads/maldetect-current.tar.gz
tar -xzvf maldetect-current.tar.gz
cd maldetect-*
sh install.sh


2. Configuring your system.

First we need to modify the main script to work with Debian.

Edit
vi /usr/local/maldetect/maldet

Replace the line that starts with $nice in the main maldet script with the following:
$nice -n $inotify_nice $inotify -r --fromfile $inotify_fpaths $exclude --timefmt "%d %b %H:%M:%S" –format "%w%f %e %T" -m -e create,move,modify >> $inotify_log 2>&1 &

Close and save.

Edit
vi /usr/local/maldetect/internals.conf

Find inotify= and change the value to /usr/bin/inotifywait

Next delete inotifywait and libinotifytools.so.0

rm -rf /usr/local/maldetect/inotify/inotifywait
rm -rf /usr/local/maldetect/inotify/libinotifytools.so.0

Next step is to make sure that the cronjob works as it should.

vi /etc/cron.daily/maldet

Comment out
/usr/local/maldetect/maldet -d >> /dev/null 2>&1

This prevents it from upgrading itself. If it does, all the changes we've just made, will disapear. It is better to upgrade manually until we get proper debian support in the package.

Next comment out
/usr/local/maldetect/maldet -b -r /home?/?/public_html 2 >> /dev/null 2>&1

Add this beneath instead.
# Instead use ISPConfig 3 path var/www
/usr/local/maldetect/maldet -b -r /var/www

Comment out these lines as well, as they are not needed.
if [ -d "/var/www/html" ]; then
/usr/local/maldetect/maldet -b -r /var/www/html 2
fi
if [ -d "/usr/local/apache/htdocs" ]; then
/usr/local/maldetect/maldet -b -r /usr/local/apache/htdocs 2
fi

Save and quit.

If you want to run maldetect as a monitor, type
/usr/local/maldetect/maldet -m /usr/local/maldetect/maldetfilelist

If you want to run the monitor at boot, we need to add some paths.
Now to add some paths to scan and monitor.

vi /usr/local/maldetect/maldetfilelist

Insert
/var/www/clients

Edit /etc/rc.local
vi /etc/rc.local

Insert
/usr/local/maldetect/maldet -m /usr/local/maldetect/maldetfilelist
Reply With Quote
The Following 6 Users Say Thank You to felan For This Useful Post:
Croydon (30th August 2012), falko (31st August 2012), Ovidiu (18th January 2013), Petr (4th September 2012), pititis (10th September 2012), till (9th September 2012)
Sponsored Links
 

Bookmarks

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
Compile php for ispconfig with zlib on Debian Lenny (Debian 5.0) [ISPConfig 2 mike_phi Installation/Configuration 0 23rd August 2010 15:52
ISPConfig 3.0.0.4 Beta Released till General 54 4th March 2009 09:55
Perfect setup Debian Etch ISPConfig - DNS Server kdclaver Installation/Configuration 16 28th December 2007 01:39
Postfix Problems Rocky Installation/Configuration 22 14th September 2006 09:03
e-mail problem!!! Debian 3.1 maroonworks Installation/Configuration 18 6th December 2005 14:42


All times are GMT +2. The time now is 20:07.


Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2014, vBulletin Solutions, Inc.