Install Malware Detection on Ubuntu and VestaCP #maldet #ubuntu #vestacp

We’ve all had a website or a server compromised before. If not, we’ve probably not been in the game too long. While VestaCP doesn’t have malware detection built in, it’s easy to add to your server and setup daily scanning. SSH into your machine and a few simple commands will get you up and running:

cd /opt
wget -c http://www.rfxn.com/downloads/maldetect-current.tar.gz
tar -xzvf maldetect-current.tar.gz
cd maldetect-1.4.2
./install.sh

You will see maldet has downloaded the latest definitions and been added to cron.daily:

Linux Malware Detect v1.4.2
(C) 2002-2013, R-fx Networks <proj@r-fx.org>
(C) 2013, Ryan MacDonald <ryan@r-fx.org>
inotifywait (C) 2007, Rohan McGovern <rohan@mcgovern.id.au>
This program may be freely redistributed under the terms of the GNU GPL

installation completed to /usr/local/maldetect
config file: /usr/local/maldetect/conf.maldet
exec file: /usr/local/maldetect/maldet
exec link: /usr/local/sbin/maldet
exec link: /usr/local/sbin/lmd
cron.daily: /etc/cron.daily/maldet

maldet(6256): {sigup} performing signature update check…
maldet(6256): {sigup} local signature set is version 201205035915
maldet(6256): {sigup} new signature set (2015071920693) available
maldet(6256): {sigup} downloaded http://cdn.rfxn.com/downloads/md5.dat
maldet(6256): {sigup} downloaded http://cdn.rfxn.com/downloads/hex.dat
maldet(6256): {sigup} downloaded http://cdn.rfxn.com/downloads/rfxn.ndb
maldet(6256): {sigup} downloaded http://cdn.rfxn.com/downloads/rfxn.hdb
maldet(6256): {sigup} downloaded http://cdn.rfxn.com/downloads/maldet-clean.tgz
maldet(6256): {sigup} signature set update completed
maldet(6256): {sigup} 10792 signatures (8880 MD5 / 1912 HEX)

Then run:

nano /usr/local/maldetect/conf.maldet

Change the following lines to setup notifications:

email_alert=1
email_addr=”you@domain.com”
inotify_webdir=web

If you don’t have clamav installed, change this line. It will scan slower than the clamav engine:

clamav_scan=0

Save and close:

CTRL+O
CTRL+X

Now manually run a scan (and test to make sure it’s working):

maldet –scan-all /home

As long as it scans you should be good to go!

Leave a Reply

Your email address will not be published. Required fields are marked *