Wednesday, August 21, 2019

Fedora 30 : Testing the Linux Malware Detect.

Linux Malware Detect (LMD) is a malware scanner for Linux released under the GNU GPLv2 license, that is designed around the threats faced in shared hosted environments.
This tool is provided by R-fx Networks.
Let's install and test it:
[mythcat@desk ~]$ wget http://www.rfxn.com/downloads/maldetect-current.tar.gz
[mythcat@desk ~]$ tar -xf maldetect-current.tar.gz 
[mythcat@desk ~]$ cd maldetect-1.6.4/
[mythcat@desk maldetect-1.6.4]$ su
Password: 
[root@desk maldetect-1.6.4]# ./install.sh
Failed to enable unit: Unit file maldet.service does not exist.
Linux Malware Detect v1.6.4
            (C) 2002-2019, R-fx Networks <proj@r-fx.org>
            (C) 2019, Ryan MacDonald <ryan@r-fx.org>
This program may be freely redistributed under the terms of the GNU GPL

installation completed to /usr/local/maldetect
config file: /usr/local/maldetect/conf.maldet
exec file: /usr/local/maldetect/maldet
exec link: /usr/local/sbin/maldet
exec link: /usr/local/sbin/lmd
cron.daily: /etc/cron.daily/maldet
maldet(31046): {sigup} performing signature update check...
maldet(31046): {sigup} local signature set is version 201907043616
maldet(31046): {sigup} new signature set 2019081912001 available
maldet(31046): {sigup} downloading https://cdn.rfxn.com/downloads/maldet-sigpack.tgz
maldet(31046): {sigup} downloading https://cdn.rfxn.com/downloads/maldet-cleanv2.tgz
maldet(31046): {sigup} verified md5sum of maldet-sigpack.tgz
maldet(31046): {sigup} unpacked and installed maldet-sigpack.tgz
maldet(31046): {sigup} verified md5sum of maldet-clean.tgz
maldet(31046): {sigup} unpacked and installed maldet-clean.tgz
maldet(31046): {sigup} signature set update completed
maldet(31046): {sigup} 15552 signatures (12740 MD5 | 2035 HEX | 777 YARA | 0 USER)
[root@desk maldetect-1.6.4]# vim /usr/local/maldetect/conf.maldet
Change this row to scan_user_access=1
Now you can run it:
[mythcat@desk ~]$ /usr/local/sbin/maldet -a 
Linux Malware Detect v1.6.4
            (C) 2002-2019, R-fx Networks 
            (C) 2019, Ryan MacDonald 
This program may be freely redistributed under the terms of the GNU GPL v2

maldet(32628): {scan} signatures loaded: 15552 (12740 MD5 | 2035 HEX | 777 YARA | 0 USER)
maldet(32628): {scan} building file list for , this might take awhile...
maldet(32628): {scan} setting nice scheduler priorities for all operations: cpunice 19 , ionice 6
maldet(32628): {scan} file list completed in 13s, found 44109 files...
maldet(32628): {scan} scan of  (44109 files) in progress...