How to Install Maldet on Linux Server

Linux Malware Detect shorts for Maldet is a powerful malware scanner designed specifically for Linux environments. It is particularly useful in shared hosting environments where multiple users share the same server resources. Maldet uses threat data from network edge intrusion detection systems to extract malware that is actively being used in attacks and generates signatures for detection.

In this post, we will cover the process of installing Maldet on your Linux server along with essential configuration steps.

Prerequisites

Before install Linux Maldet make sure you have the following:

• Linux server: This guide assumes a Debian based system like Ubuntu. The installation process might vary slightly for other distributions.
• Root privileges: You’ll need root or sudo access to execute the necessary commands.

Installing Maldet on Linux Server

Following are the steps described below to install Maldet on the Linux server:

Step 1: Connect Linux Server

First, connect to your Linux server using SSH. You can use a terminal on Linux or macOS or an SSH client. You need to install PuTTY on Windows system. Log in with SSH access such as IP address, username, and password.

Step 2: Update Your System

It’s always a good practice to update your system before installing new software. Run the following commands to update your package lists and upgrade your installed packages:

apt update && apt upgrade

Step 3: Download Maldet

Next, download the latest version of Maldet from the official website. First, navigate the /usr/local/src directory with the cd command:

cd /usr/local/src

Use the wget command to download the tarball

wget http://www.rfxn.com/downloads/maldetect-current.tar.gz

Step 4: Extract the Tarball

Once the download is complete extract the tarball using the tar command:

tar -xzf maldetect-current.tar.gz

This will create a directory named maldetect-* in your current directory.

Step 5: Install Maldet

Navigate to the extracted directory and run the installation script:

cd maldetect-* && ./install.sh

The installation script will install Maldet to /usr/local/maldetect and create a Linux symbolic link to the executable in /usr/local/sbin/maldet.

Step 6: Configure Maldet

Maldet’s configuration file is located at /usr/local/maldetect/conf.maldet. Open this file in a text editor to configure Maldet according to your needs:

nano /usr/local/maldetect/conf.maldet

Here are some important configuration options:

• email_alert: Set this to 1 to enable email alerts.
• email_subj: Set the subject line for email alerts.
• email_addr: Set the email address to receive alerts.
• quar_hits: Set this to 1 to enable quarantine for detected malware.
• quar_clean: Set this to 1 to enable automatic cleaning of detected malware.
• quar_susp: Set this to 1 to enable user suspension for detected malware.

Save and close the file after making your changes.

Step 7: Update Maldet Signatures

Before running a scan update the Maldet signatures to ensure you have the latest malware definitions:

maldet -u

Step 8: Run a Scan

You can now run a scan using Maldet. Here are some common scan commands:

To scan a specific directory:

maldet -a /path/to/directory

To scan all user directories under /home:

maldet -a /home?/

To scan a specific user directory:

maldet -a /home/username

Replace /path/to/directory and username with the actual path and username you want to scan.

Step 9: View Scan Results

After the scan is complete you can view the scan results using the following command:

maldet --report SCANID

Replace SCANID with the actual scan ID provided at the end of the scan.

Step 10: Schedule Regular Scans

To ensure your server remains protected schedule regular scans using cron jobs. Open the cron table for editing:

crontab -e

Add a line to schedule a daily scan at a specific time for example 2:00 AM:

0 2 * * * /usr/local/sbin/maldet -a /home?/

Save and close the file. This will run a scan of all user directories /home every day at 2 AM.

Important Considerations

Following are some important considerations after Maldet download on your Linux server:

• Maldet provides flexibility in customizing scan rules. You can create custom rules to target specific file types, patterns, or behaviors.
• Maldet can generate detailed reports about detected threats. Use the --report option to generate reports in various formats for example HTML and CSV.
• Maldet can be integrated with other security tools like intrusion detection systems (IDS) or security information and event management (SIEM) solutions.
• Regularly monitor Maldet’s logs for any suspicious activity or warnings.

Conclusion

Maldet is a valuable tool for detecting and mitigating malware on Linux servers. By following this guide you can install and configure Maldet to protect your server from malicious threats. Regular updates and scans will help ensure your server remains secure.

FAQ