You will learn how to Install Maldet on cPanel Server, Configure, Scan commands, etc. I will try to cover all topics which will be helpful for you to understand how to use Maldet(Linux Malware Detect).
Maldet full form is Linux Malware Detect which is opensource and available at free of cost from R-fx Networks, This is helpful for detecting php backdoors and various type of malicious files. Automation is available and it can automatically run and quarantine file but depend on your configuration file.
How to Install Maldet on cPanel?
Run this command on your
wget http://www.rfxn.com/downloads/maldetect-current.tar.gz tar -xzvf maldetect-current.tar.gz cd maldetect-* sh install.sh
Once Installation is completed then you will need to edit configuration file and change configuration.
Edit configuration file of Maldet, Run command:
If nano command in not installed then you can install it by running “yum install nano” command or use vi command.
Edit configuration file and change this:
Enable email alert by changing it to “1”, Zero means you will not receive email alert but we recommended you to enable email alert.
Change email address to your email address:
If ClamAV in installed on your cPanel server then you can leave this as it is then ClamAV will be used as default scan engine. However If you wish then you can disable it by changing from “1” to “0”.
Enable automatic quarantine hits by changing from “0”(disabled) to “1”(enable). When maldet will run then it will automatically remove malicious file from public directory to Maldet directory and later If file is required then you can restore it.
Suspend cPanel user If found any malicious file:
By default this option is disabled(0) however If you wish then you can enable this option but your cPanel user will be suspended If any malicious file will be found on cPanel user directory.
How to scan directory using Maldet?
Scan whole directory inside public_html folder of every cPanel user
maldet -a /home/?/public_html/?
Meaning of -a means all directory and question mark “?” means it will contain every directory, This is same as aster-streak * (Means select everything inside folder /home/* but maldet use question mark)
Scan single directory of cPanel
maldet -a /home/username-here/public_html/path/?
How to check quarantine report?
maldet –quarantine SCANID
Restore a file that you have already quarantined
maldet --restore FILENAME
How to Monitor file using Maldet?
You can monitor user file in realtime for file creation, mode, modify, etc.
maldet --monitor cPanelUsername (Monitor cPanel user) maldet --monitor /home/username/public_html
You don’t need to setup any cronjob command because of it will run everyday, Cronjob file location of maldet is /etc/cron.daily/maldet however sometimes it does not properly so you can set cronjob by adding this (Make changes according to your needs)
0 0 * * * maldet -a /home/?/public_html/?