LMD – Linux Malware Detect

Also called MalDet, has a set of signatures for matching malware in web-files. It uses the ClamAV scanner engine (if found) which also includes its own signatures.

Get it:
# git clone https://github.com/rfxn/linux-malware-detect.git

Install it:
# cd linux-malware-detect
# bash install.sh

Change the email_alert & email_addr variables
# vim /usr/local/maldetect/conf.maldet

Optionally change the following to whatever html folder your users has in its homedir, in my case:
inotify_docroot="html"

I emptied this variable since i have a lot of scripts creating files in the tmp dir and this just fills up my logs
scan_tmpdir_paths=””

Test it:
# maldet -a /var/www/?/html/

(The following does not seem to work! Better run it in Cron) 

To run it in background checking every file created by users with UID +500

# apt-get install inotify-tools

# maldet --monitor users

Follow the realtime log
# tail -f /usr/local/maldetect/logs/inotify_log

Published by Nimpen J. Nordström

System Developer and Network Security Enthusiast

Leave a comment

Your email address will not be published. Required fields are marked *