How to install MALDET Linux Malware Detect on cPanel Server?

Maldet is a malware detector and scanner for Linux based servers a project designed by R-fx networks project. It can be installed on shared hosting servers like cPanel WHM and linux plesk servers which works along with Clamav tool.

1. Download & Install Maldet -

   cd /usr/local/src
   wget http://www.rfxn.com/downloads/maldetect-current.tar.gz
   tar -xzvf maldetect-current.tar.gz


2. Go to the maldetect directory and run the installer script 'install.sh' as root:
   
     cd maldetect-1.5
   ./install.sh


3. Next, make a symlink to the maldet command in the /bin/ directory.

   ln -s /usr/local/maldetect/maldet /bin/maldet
   hash -r

 4. Configure Maldet, Install Nano editor if its not installed ( yum install nano ) -

    cd /usr/local/maldetect/
    nano conf.maldet


5. Enable email alert by changing the value to '1'.
  
    email_alert="1"


6. Set your email address .

    email_addr="root@24x7servermanagement.com"


We will use the ClamAV clamscan binary as default scan engine because it provides a high-performance scan on large file sets. If its not installed you can install it using ( yum -y install clamav clamav-devel ) then update using ( freshclam ) command.

7. Change value to '1' on line 114 - scan_clamscan="1"

8.  
Next, enable quarantining to move malware to the quarantine automatically during the scan process. Change value to '1' on line 180 - quarantine_hits="1"

9. Change value to 1 on line 185 to enable clean based malware injections - quarantine_clean="1"

10. Save and exit.


Use Real-Time Monitoring with Maldet for active monitoring.

The inotify monitoring feature is designed to monitor paths/users in real-time for file creation/modify/move operations. This option requires a kernel that supports inotify_watch (CONFIG_INOTIFY) which is found in kernels 2.6.13+ and CentOS/RHEL 5 by default.

There are three modes that the monitor can be executed with and they relate to what will be monitored, they are USERS|PATHS|FILES.
e.g: maldet --monitor users
e.g: maldet --monitor /root/monitor_paths
e.g: maldet --monitor /home/mike,/home/ashton

  • 0 Users Found This Useful
Was this answer helpful?

Related Articles

How to enable Hot Link Protection in cPanel?

To avoid other sites to use your website's bandwidth, you can enable the hot link protection....

Domain ****.com has outgoing email disabled.

I was getting below error message while sending emails - This message was created automatically...

Response: 421 Home directory not available - aborting Error: Could not connect to server

While connecting to hosting service using FTP client, I was getting below error message...

Account Creation Status: failed. A database owner with the name <account-name> already exists.

I have deleted the account from the WHM but while recreating it, I was getting below error...

Powered by WHMCompleteSolution