Linux Malware Detection
Im running CentOS in the lab environment, running into some issues with NOC saying botnet hijacked one or some of my hosts. Installing LMD found in the epel-release.
yum -y install epel-release
Also need to make sure inotify so that LMD can have to the inotifywait command when its scanning
yum -y install inotify-tools
Installing LMD is also pretty straight forward
wget http://www.rfxn.com/downloads/maldetect-current.tar.gz
Extract it and run the install.sh script
Configure Linux Malware Detection in the /usr/local/maldetect/conf.maldet
, look for the clamscan="1"
and quarantine_clean="1"
. Now Im scanning for everything in /var/www/html so to run it;
maldet -a /var/www/html
This process takes a while!
# maldet -a /var/www/html/
Linux Malware Detect v1.6.4
(C) 2002-2019, R-fx Networks <proj@rfxn.com>
(C) 2019, Ryan MacDonald <ryan@rfxn.com>
This program may be freely redistributed under the terms of the GNU GPL v2
maldet(6887): {scan} signatures loaded: 17029 (14209 MD5 | 2035 HEX | 785 YARA | 0 USER)
maldet(6887): {scan} building file list for /var/www/html/, this might take awhile...
maldet(6887): {scan} setting nice scheduler priorities for all operations: cpunice 19 , ionice 6
maldet(6887): {scan} file list completed in 68s, found 468811 files...
maldet(6887): {scan} found clamav binary at /bin/clamscan, using clamav scanner engine...
maldet(6887): {scan} scan of /var/www/html/ (468811 files) in progress...