Go Back   HowtoForge Forums | HowtoForge - Linux Howtos and Tutorials > ISPConfig 3 > Tips/Tricks/Mods

Do you like HowtoForge? Please consider supporting us by becoming a subscriber.
Reply
 
Thread Tools Display Modes
  #31  
Old 5th July 2013, 19:41
felan felan is offline
Junior Member
 
Join Date: Aug 2012
Posts: 22
Thanks: 1
Thanked 11 Times in 5 Posts
Default

HIya.

No sorry haven't found a solution yet...
Reply With Quote
The Following User Says Thank You to felan For This Useful Post:
robertoshulze2257 (4th October 2014)
Sponsored Links
  #32  
Old 15th July 2013, 12:42
Ovidiu Ovidiu is offline
Senior Member
 
Join Date: Sep 2005
Posts: 1,269
Thanks: 84
Thanked 25 Times in 21 Posts
Default

This maldet is really weird, check this:

Quote:
root@server:~# pstree | grep maldet
root@server:~#
Then I start it manually:

Quote:
root@server:~# /usr/local/maldetect/maldet -m /usr/local/maldetect/maldetfilelist
Linux Malware Detect v1.4.2
(C) 2002-2013, R-fx Networks <proj@r-fx.org>
(C) 2013, Ryan MacDonald <ryan@r-fx.org>
inotifywait (C) 2007, Rohan McGovern <rohan@mcgovern.id.au>
This program may be freely redistributed under the terms of the GNU GPL v2

maldet(51977): {mon} existing inotify process detected (try -k): 232055
root@server:~#
Reply With Quote
  #33  
Old 26th July 2013, 00:59
MaddinXx MaddinXx is offline
Senior Member
 
Join Date: Jul 2011
Location: Switzerland
Posts: 200
Thanks: 26
Thanked 65 Times in 48 Posts
Default

Another helpful one. If you prefer LMD over ClamAV for pure-ftpd upload scan, you can use the following within the upload scipt:

Code:
/usr/local/sbin/maldet --config-option quar_hits=1,quar_clean=0,clamav_scan=0 --modsec -a "$1" > /dev/null 2>&1
which will put the file to quarantine. Code is from modsec.sh from LMD.
Reply With Quote
The Following 2 Users Say Thank You to MaddinXx For This Useful Post:
robertoshulze2257 (6th October 2014), SupuS (21st November 2013)
  #34  
Old 1st December 2013, 01:16
SupuS SupuS is offline
HowtoForge Supporter
 
Join Date: May 2006
Posts: 202
Thanks: 68
Thanked 14 Times in 12 Posts
Default

Quote:
Originally Posted by MaddinXx View Post
Another helpful one. If you prefer LMD over ClamAV for pure-ftpd upload scan, you can use the following within the upload scipt:

Code:
/usr/local/sbin/maldet --config-option quar_hits=1,quar_clean=0,clamav_scan=0 --modsec -a "$1" > /dev/null 2>&1
which will put the file to quarantine. Code is from modsec.sh from LMD.
Hi MaddinXx,

I set file upload scan by http://www.howtoforge.com/how-to-int...debian-squeeze and used the script you suggested. It works well but I am facing problem with "part" extension during upload of files. I tried upload of test.txt. Here are messages from event_log:

Code:
maldet(23688): {scan} invalid path /var/www/clients/client55/web175/private/test.txt.part
The txt file was small, so upload finished and file was rename to test.txt but the scan was executed on test.txt.part. Bigger files are scanned but before upload is finished I am afraid:

maldet(22107): {scan.modsec} results returned OK on /var/www/clients/clientXX/webXX/private/test.txt.part (id: 120113-0000.22107)

Do you have same sort of problems or not? I use Debian 6.

Thanks for any suggestion.

EDIT: I found the problem is in FTP client. This client is the culprit which creates files with .part extension

EDIT 2: I did some testing and my FTP client is able sucessfully upload infected file to server when scan is executed on ".part" file .. so the script has to be improved somehow

Last edited by SupuS; 1st December 2013 at 01:42.
Reply With Quote
  #35  
Old 8th February 2014, 21:26
shadowcast shadowcast is offline
Junior Member
 
Join Date: Feb 2014
Posts: 1
Thanks: 0
Thanked 0 Times in 0 Posts
Default

Hello,
since today, when i want to edit conf.maldet i got a error, that the file is readonly.
File Properties should be 644 and owned by root.
Im loged in as root.

Some other files i can edit normally???

Greetz
Reply With Quote
  #36  
Old 26th February 2014, 14:14
Ovidiu Ovidiu is offline
Senior Member
 
Join Date: Sep 2005
Posts: 1,269
Thanks: 84
Thanked 25 Times in 21 Posts
Default

Isn't there anyone willing to "adopt" this Debian-Mod?
I really think maldet is an awesome script but the author is very unresponsive and in its current state there are way too many errors and unanswered questions in this thread...

I'd be willing to donate maybe 1-2 hour's worth of work?
Reply With Quote
  #37  
Old 16th March 2014, 00:53
felan felan is offline
Junior Member
 
Join Date: Aug 2012
Posts: 22
Thanks: 1
Thanked 11 Times in 5 Posts
Default

Ovidiu: I wish I could be of more help, but work keeps me busy, sadly. If anyone ells would take this up, personally I'd be really grateful.
Reply With Quote
The Following 2 Users Say Thank You to felan For This Useful Post:
Ovidiu (22nd November 2014), robertoshulze2257 (2nd October 2014)
  #38  
Old 29th September 2014, 12:31
concept21 concept21 is offline
Senior Member
 
Join Date: Dec 2011
Posts: 169
Thanks: 32
Thanked 28 Times in 21 Posts
Smile

Quote:
Originally Posted by felan View Post
Ovidiu: I wish I could be of more help, but work keeps me busy, sadly. If anyone ells would take this up, personally I'd be really grateful.
I have just installed the newest version 1.4.2 of year 2014 on my Ubuntu 10.04.

The installation and running are straight forward and no more modification is required.


This is not needed anymore:
apt-get install inotify-tools

Last edited by concept21; 30th September 2014 at 20:32. Reason: Improvement
Reply With Quote
  #39  
Old 30th September 2014, 20:36
concept21 concept21 is offline
Senior Member
 
Join Date: Dec 2011
Posts: 169
Thanks: 32
Thanked 28 Times in 21 Posts
Question

Anybody knows how to use /etc/cron.d/maldet_pub for ISPConfig3?

It scans the Linux user's public directory every 10 minutes.
Reply With Quote
The Following User Says Thank You to concept21 For This Useful Post:
nokia80 (5th October 2014)
  #40  
Old 21st November 2014, 17:02
dayjahone dayjahone is offline
Senior Member
 
Join Date: Jan 2007
Posts: 432
Thanks: 31
Thanked 0 Times in 0 Posts
 
Default

I get the following when I try to run it:

Code:
maldet(25457): {mon} set inotify max_user_instances to 128
maldet(25457): {mon} set inotify max_user_watches to 599040
/usr/bin/wc: /usr/local/maldetect/sess/inotify.paths.25457: No such file or directory
maldet(25457): {mon} added /var/www/clients to inotify monitoring array
maldet(25457): {mon} starting inotify process on 1 paths, this might take awhile...
maldet(25457): {mon} no inotify process found, check /usr/local/maldetect/inotify/inotify_log for errors.

Last edited by dayjahone; 21st November 2014 at 17:15.
Reply With Quote
Reply

Bookmarks

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
Compile php for ispconfig with zlib on Debian Lenny (Debian 5.0) [ISPConfig 2 mike_phi Installation/Configuration 0 23rd August 2010 16:52
ISPConfig 3.0.0.4 Beta Released till General 54 4th March 2009 10:55
Perfect setup Debian Etch ISPConfig - DNS Server kdclaver Installation/Configuration 16 28th December 2007 02:39
Postfix Problems Rocky Installation/Configuration 22 14th September 2006 10:03
e-mail problem!!! Debian 3.1 maroonworks Installation/Configuration 18 6th December 2005 15:42


All times are GMT +2. The time now is 19:04.


Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2014, vBulletin Solutions, Inc.