Go Back   HowtoForge Forums | HowtoForge - Linux Howtos and Tutorials > ISPConfig 3 > Tips/Tricks/Mods

Do you like HowtoForge? Please consider supporting us by becoming a subscriber.
Reply
 
Thread Tools Display Modes
  #11  
Old 4th October 2012, 20:52
Croydon Croydon is offline
ISPConfig Developer
 
Join Date: Jul 2007
Location: Koblenz, Germany
Posts: 932
Thanks: 16
Thanked 264 Times in 208 Posts
Default

Install the "ed" package
__________________
Marius Cramer

pixcept KG
Reply With Quote
Sponsored Links
  #12  
Old 4th October 2012, 20:56
felan felan is offline
Junior Member
 
Join Date: Aug 2012
Posts: 22
Thanks: 1
Thanked 11 Times in 5 Posts
Default

Quote:
Originally Posted by Croydon View Post
Install the "ed" package
Doh! Thanks, had overlooked that one...
Reply With Quote
  #13  
Old 5th October 2012, 08:20
concept21 concept21 is offline
Senior Member
 
Join Date: Dec 2011
Posts: 168
Thanks: 32
Thanked 28 Times in 21 Posts
Default

HI,
I have installed rootkit hunter. Do I still need this MalDetect?
Reply With Quote
  #14  
Old 5th October 2012, 11:22
felan felan is offline
Junior Member
 
Join Date: Aug 2012
Posts: 22
Thanks: 1
Thanked 11 Times in 5 Posts
Default

Quote:
Originally Posted by concept21 View Post
HI,
I have installed rootkit hunter. Do I still need this MalDetect?
I would say yes. Rootkit hunter checks your system for rootkits, where maldet checks websites for PHP based malware.
Reply With Quote
  #15  
Old 17th October 2012, 07:01
concept21 concept21 is offline
Senior Member
 
Join Date: Dec 2011
Posts: 168
Thanks: 32
Thanked 28 Times in 21 Posts
Question

HI,
I have got this error in /usr/local/maldetect/inotify/inotify_log. How to correct it??

My OS is Ubuntu 10.04 64 bit. Thanks.



The '--filename' option no longer exists. The option it enabled in earlier
versions of inotifywait is now turned on by default.
Reply With Quote
  #16  
Old 17th October 2012, 16:27
falko falko is offline
Super Moderator
 
Join Date: Apr 2005
Location: Lüneburg, Germany
Posts: 41,701
Thanks: 1,900
Thanked 2,751 Times in 2,581 Posts
Default

Just leave that option out. It is now enabled by default.
__________________
Falko
--
Download the ISPConfig 3 Manual! | Check out the ISPConfig 3 Billing Module!

FB: http://www.facebook.com/howtoforge

nginx-Webhosting: Timme Hosting | Follow me on:
Reply With Quote
  #17  
Old 18th October 2012, 06:11
concept21 concept21 is offline
Senior Member
 
Join Date: Dec 2011
Posts: 168
Thanks: 32
Thanked 28 Times in 21 Posts
Default

I have searched the main script file maldetect for the word "filename" but nothing is found.
Reply With Quote
  #18  
Old 19th January 2013, 00:37
Ovidiu Ovidiu is offline
Senior Member
 
Join Date: Sep 2005
Posts: 1,269
Thanks: 84
Thanked 25 Times in 21 Posts
Default

Hi there,

I've run this maldet.sh install script and everything seems fine except that when I run:
Code:
/usr/local/maldetect/maldet -m /usr/local/maldetect/maldetfilelist
I get:
Code:
oot@h2118175:~# /usr/local/maldetect/maldet -m /usr/local/maldetect/maldetfilelist
Linux Malware Detect v1.4.1
            (C) 2002-2011, R-fx Networks <proj@r-fx.org>
            (C) 2011, Ryan MacDonald <ryan@r-fx.org>
inotifywait (C) 2007, Rohan McGovern <rohan@mcgovern.id.au>
This program may be freely redistributed under the terms of the GNU GPL v2

maldet(7733): {mon} set inotify max_user_instances to 128
maldet(7733): {mon} set inotify max_user_watches to 46080
/usr/bin/wc: /usr/local/maldetect/sess/inotify.paths.7733: No such file or directory
maldet(7733): {mon} added /var/www/clients/client2/web1/web to inotify monitoring array
maldet(7733): {mon} ignored invalid path /var/www/clients/*/web*/private
maldet(7733): {mon} starting inotify process on 1 paths, this might take awhile...
maldet(7733): {mon} no inotify process found, check /usr/local/maldetect/inotify/inotify_log for errors.
So something isn't right here yet.

The log file says:

Code:
root@h2118175:~# cat /usr/local/maldetect/inotify/inotify_log 
/usr/bin/inotifywait: error while loading shared libraries: libinotifytools.so.0: wrong ELF class: ELFCLASS32
Any idea what could be wrong? Running this on Debian Squeeze. Btw. I had installed this before, as per the original from the author and since I couldn't get the monitor to work I had given up. Just wondering why my original config file: /usr/local/maldetect/conf.maldet is still there, shouldn't it have been overwritten by this modified installer script?

Quote:
Originally Posted by Croydon View Post
There is one very important thing when using it with ispconfig.

In file maldet there is a line
users_tot=`cat /etc/passwd | grep -ic home`
this should be changed to
users_tot=`cat /etc/passwd | grep -ic var/www`

Otherwise the maldet inotify monitor will very soon run into trouble as of watch limit!

You should change the content of the maldetfilelist file from
/var/www
to
/var/www/clients/*/web*/web
/var/www/clients/*/web*/private
at least if you use bind mounts or links inside the /var/www paths

I modified the installer script to match this.

/tmp/maldetect.sh
Code:
#!/bin/bash
# debian-specific installation script by M. Cramer <m.cramer@pixcept.de>
# howto taken from howtoforge written by "felan":
# http://www.howtoforge.com/forums/showthread.php?p=284504
#

CURDIR=`pwd`
PROG=`readlink -f $0`

echo "Installing prerequisites..."
apt-get -y -q install inotify-tools sed

echo "Fetching latest version of maldetect..."
cd /tmp
wget http://www.rfxn.com/downloads/maldetect-current.tar.gz
tar -xzf maldetect-current.tar.gz
cd maldetect-*

echo "Modifying install script..."
sed -r -i 's/^(.*cp.*\/libinotifytools.so\.0[ ]+\/usr\/lib\/.*)$/#\1/g' install.sh;

echo "Modifying cron job..."
sed -r -i '/maldet.*\/var\/www\/vhosts\/\?\/subdomains\/\?\/httpdocs.*$/ a\
        elif [ -d "/usr/local/ispconfig" || -d "/root/ispconfig" ]; then\
                # ispconfig\
                /usr/local/maldetect/maldet -b -r /var/www 2 >> /dev/null 2>&1' cron.daily;

echo "Modifying maldet script..."
sed -r -i 's/^\$nice .*$/\$nice -n \$inotify_nice \$inotify -r --fromfile \$inotify_fpaths \$exclude --timefmt "%d %b %H:%M:%S" --format "%w%f %e %T" -m -e create,move,modify >> \$inotify_log 2>\&1 \&/g' files/maldet;

sed -r -i 's/cat \/etc\/passwd \| grep -ic home/cat \/etc\/passwd \| grep -ic var\/www/g' files/maldet;

sed -r -i '/lmdup\(\) \{.*$/ a\
ofile=\$tmpdir/.lmdup_vercheck.\$\$\
tmp_inspath=/usr/local/lmd_update\
rm -rf \$tmp_inspath\
rm -f \$ofile\
\
mkdir -p \$tmp_inspath\
chmod 750 \$tmp_inspath\
\
eout "\{update\} checking for available updates..." 1\
\
\$wget --referer="http://www.rfxn.com/LMD-\$ver" -q -t5 -T5 "\$lmdurl_ver" -O \$ofile >> /dev/null 2>\&1\
if \[ -s "\$ofile" \]; then\
        installed_ver=`echo \$ver | tr -d "."`\
        current_ver=`cat \$ofile | tr -d "."`\
        current_hver=`cat \$ofile`\
        if \[ "\$current_ver" -gt "\$installed_ver" \]; then\
                eout "\{update\} new version \$current_hver found, updating..." 1\
                '"$PROG"'\
        fi\
else\
    echo "no update file found. try again later"\
    exit\
fi\
\
rm -rf \$tmp_inspath \$ofile \$ofile_has\
\
exit;\
# skip all the rest\
' files/maldet;

echo "Modifying config..."
sed -r -i 's/^inotify=.*$/inotify=\/usr\/bin\/inotifywait/g' files/internals.conf

echo "Deleting unneccessary files..."
rm -f files/inotify/inotifywait
rm -f files/inotify/libinotifytools.so.0

./install.sh

rm -r /tmp/maldetect-*

echo "/var/www/clients/*/web*/web" > /usr/local/maldetect/maldetfilelist
echo "/var/www/clients/*/web*/private" >> /usr/local/maldetect/maldetfilelist

cd $CURDIR

echo "If you want to run the monitor at boot, we need to add some paths."
echo ""
echo "vi /etc/rc.local"
echo ""
echo "Insert"
echo "/usr/local/maldetect/maldet -m /usr/local/maldetect/maldetfilelist "
Reply With Quote
  #19  
Old 19th January 2013, 01:39
Ovidiu Ovidiu is offline
Senior Member
 
Join Date: Sep 2005
Posts: 1,269
Thanks: 84
Thanked 25 Times in 21 Posts
Default

Another weird issue, the daily maldet cron reports:

Quote:
/etc/cron.daily/maldet:
/etc/cron.daily/maldet: line 28: [: missing `]'
/etc/cron.daily/maldet: line 28: -d: command not found
line 28:
Quote:
elif [ -d "/usr/local/ispconfig" || -d "/root/ispconfig" ]; then
Reply With Quote
  #20  
Old 27th January 2013, 00:42
Ovidiu Ovidiu is offline
Senior Member
 
Join Date: Sep 2005
Posts: 1,269
Thanks: 84
Thanked 25 Times in 21 Posts
 
Default

Anyone? any hints?
Reply With Quote
Reply

Bookmarks

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
Compile php for ispconfig with zlib on Debian Lenny (Debian 5.0) [ISPConfig 2 mike_phi Installation/Configuration 0 23rd August 2010 16:52
ISPConfig 3.0.0.4 Beta Released till General 54 4th March 2009 10:55
Perfect setup Debian Etch ISPConfig - DNS Server kdclaver Installation/Configuration 16 28th December 2007 02:39
Postfix Problems Rocky Installation/Configuration 22 14th September 2006 10:03
e-mail problem!!! Debian 3.1 maroonworks Installation/Configuration 18 6th December 2005 15:42


All times are GMT +2. The time now is 19:31.


Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2014, vBulletin Solutions, Inc.