Friday, October 4, 2013

How to Detect Linux Malware


                                                     How to Detect Linux Malware


Linux System:

login as: root
Password: ******


#cd /usr/local/src/

#wget http://www.rfxn.com/downloads/maldetect-current.tar.gz
#ls

#tar -zxvf maldetect-current.tar.gz
#ls
#cd maldetect-1.4.2
#ls
#./install.sh                                                                //If permission required then #chmod +1 install.sh

#vi /usr/local/maldetect/conf.maldet


If you would like to scan user’s Home

#maldet --scan-all /home

                             

                             ==Example==
                             [root@engr ~]# maldet --scan-all /home
                             Linux Malware Detect v1.4.2
                             (C) 2002-2013, R-fx Networks <proj@r-fx.org>
                             (C) 2013, Ryan MacDonald <ryan@r-fx.org>
                             inotifywait (C) 2007, Rohan McGovern <rohan@mcgovern.id.au>
                             This program may be freely redistributed under the terms of the GNU GPL v2

                             maldet(23290): {scan} signatures loaded: 11297 (9425 MD5 / 1872 HEX)
                             maldet(23290): {scan} building file list for /home, this might take awhile...
                             maldet(23290): {scan} file list completed, found 761394 files...
                             maldet(23290): {scan} 417/761394 files scanned: 0 hits 0 cleaned



Use the following two commands to turn on and quarantine all previous malware scan results.

# maldet --quarantine SCANID                                       //SCANID==23290
# maldet --clean SCANID                                               //SCANID==23290


Perform a daily scans


# vi /etc/cron.daily/maldet

Posted by at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)