Go Back   HowtoForge Forums | HowtoForge - Linux Howtos and Tutorials > ISPConfig 3 > Tips/Tricks/Mods

Do you like HowtoForge? Please consider supporting us by becoming a subscriber.
Reply
 
Thread Tools Display Modes
  #21  
Old 6th February 2013, 16:20
Ovidiu Ovidiu is offline
Senior Member
 
Join Date: Sep 2005
Posts: 1,259
Thanks: 76
Thanked 23 Times in 19 Posts
Default

Just wanted to ad that the problem disappeared once I did a clean re-install so it was most probably my mistake although I can't say what exactly it was. Nothing wrong with the script Croydon posted, it works flawless.
Reply With Quote
Sponsored Links
  #22  
Old 9th February 2013, 00:39
Ovidiu Ovidiu is offline
Senior Member
 
Join Date: Sep 2005
Posts: 1,259
Thanks: 76
Thanked 23 Times in 19 Posts
Default

Here comes another question:

I just got a report by the daily maldet run that informed me about 2 infected and quarantined files. Now I am wondering why the files have not been picked up by the monitor? maldet IS running as a monitor...

Shouldn't maldet running as monitor with inotify send me emails when an infection was found?
Reply With Quote
The Following User Says Thank You to Ovidiu For This Useful Post:
bamlesqtivanova6307 (9th May 2013)
  #23  
Old 12th March 2013, 10:38
Ovidiu Ovidiu is offline
Senior Member
 
Join Date: Sep 2005
Posts: 1,259
Thanks: 76
Thanked 23 Times in 19 Posts
Default

Ok, I'll try my luck again even though it seems nobody is reading this thread anymore :-)

I got it all working just fine with one exception:

Every 1-2 days I find that maldet is no longer running in monitor mode. The inotify process is still there but maldet died. I then have to kill the inotify proces, restart maldet in monitor mode.
No idea why, nothing in my logs, anyone else seen this behavior?
Reply With Quote
The Following User Says Thank You to Ovidiu For This Useful Post:
bamlesqtivanova6307 (9th May 2013)
  #24  
Old 9th May 2013, 16:11
Tozz Tozz is offline
Junior Member
 
Join Date: May 2013
Posts: 3
Thanks: 0
Thanked 1 Time in 1 Post
Default

Despite the great effors in this thread (it solved my initial inotify troubles), using inotify to monitor malware isn't very usefull on bigger installations.

We have about 500 websites per server, and I found it to be impossible to use inotify to watch that many files. If seems /proc/sys/fs/inotify/max_user_watches has an upper limit, so when you set that to an insane limit it is ignored.

From what I found on Google max_user_watches is a regular int, so max_user_watches is limited to MAX_INT. There are plans to change this to a long, but from what I found that is not yet implemented in recent kernels.
Reply With Quote
The Following User Says Thank You to Tozz For This Useful Post:
Ovidiu (10th May 2013)
  #25  
Old 9th May 2013, 16:12
Tozz Tozz is offline
Junior Member
 
Join Date: May 2013
Posts: 3
Thanks: 0
Thanked 1 Time in 1 Post
Default

Quote:
Originally Posted by Ovidiu View Post
Here comes another question:

I just got a report by the daily maldet run that informed me about 2 infected and quarantined files. Now I am wondering why the files have not been picked up by the monitor? maldet IS running as a monitor...

Shouldn't maldet running as monitor with inotify send me emails when an infection was found?
No, maldet monitor doesn't e-mail you immediatly. Instead the detection is logged, which is then e-mailed when /etc/cron.daily/maldet is ran. The cron script checks if a monitor is running and then runs maldet --report-daily.
Reply With Quote
  #26  
Old 10th May 2013, 10:29
Ovidiu Ovidiu is offline
Senior Member
 
Join Date: Sep 2005
Posts: 1,259
Thanks: 76
Thanked 23 Times in 19 Posts
Default

Quote:
Originally Posted by Tozz View Post
No, maldet monitor doesn't e-mail you immediatly. Instead the detection is logged, which is then e-mailed when /etc/cron.daily/maldet is ran. The cron script checks if a monitor is running and then runs maldet --report-daily.
not happening for me :-(
Reply With Quote
  #27  
Old 10th May 2013, 10:37
Tozz Tozz is offline
Junior Member
 
Join Date: May 2013
Posts: 3
Thanks: 0
Thanked 1 Time in 1 Post
Default

Quote:
Originally Posted by Ovidiu View Post
not happening for me :-(
Do you have email_alert set to 1 in conf.maldet?
Reply With Quote
  #28  
Old 11th May 2013, 09:44
Ovidiu Ovidiu is offline
Senior Member
 
Join Date: Sep 2005
Posts: 1,259
Thanks: 76
Thanked 23 Times in 19 Posts
Default

Yes I have.

=>
Quote:
# [ EMAIL ALERTS ]
##
# The default email alert toggle
# [0 = disabled, 1 = enabled]
email_alert="1"

# The subject line for email alerts
email_subj="maldet alert from h2118175.stratoserver.net"

# The destination addresses for email alerts
# [ values are comma (,) spaced ]
email_addr="ovidiu@pacura.ru"

# Ignore e-mail alerts for reports in which all hits have been cleaned.
# This is ideal on very busy servers where cleaned hits can drown out
# other more actionable reports.
email_ignore_clean="0"
Reply With Quote
  #29  
Old 19th June 2013, 09:36
felan felan is offline
Junior Member
 
Join Date: Aug 2012
Posts: 21
Thanks: 0
Thanked 8 Times in 3 Posts
Default

Hmm... Yes I've noticed the same issue on one of my servers too, but I have not found a solution yet... If anyone ells can be of assistance, do not hesitate to post
Reply With Quote
  #30  
Old 5th July 2013, 18:38
Ovidiu Ovidiu is offline
Senior Member
 
Join Date: Sep 2005
Posts: 1,259
Thanks: 76
Thanked 23 Times in 19 Posts
 
Default

Any progress? I still haven't received a single email from maldet :-(
Reply With Quote
Reply

Bookmarks

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
Compile php for ispconfig with zlib on Debian Lenny (Debian 5.0) [ISPConfig 2 mike_phi Installation/Configuration 0 23rd August 2010 15:52
ISPConfig 3.0.0.4 Beta Released till General 54 4th March 2009 09:55
Perfect setup Debian Etch ISPConfig - DNS Server kdclaver Installation/Configuration 16 28th December 2007 01:39
Postfix Problems Rocky Installation/Configuration 22 14th September 2006 09:03
e-mail problem!!! Debian 3.1 maroonworks Installation/Configuration 18 6th December 2005 14:42


All times are GMT +2. The time now is 18:05.


Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2014, vBulletin Solutions, Inc.