Cara Install MalDet dan Menggunakannya

Cara Install Maldet, Malware Detect (LMD) atau cukup Maldet adalah alat scan malware gratis yang dirancang untuk OS Linux. Sebelum kami memulai proses instalasi, tutorial ini mengasumsikan bahwa Anda memiliki pengetahuan dasar tentang SSH. Instruksi ini berlaku untuk pengguna yang berurusan dengan VPS (Server Privat Virtual) atau server khusus.

Cara Install Maldet

Step 1: Update Software

Pertama, pastikan semua software dalam kondisi up-to-date:

$ yum -y update

Step 2: Installing Linux Malware Detect

Download software maldet ke server anda:

$ wget http://www.rfxn.com/downloads/maldetect-current.tar.gz

Ekstrak file Maldet:

#tar xfz maldetect-current.tar.gz

Masuk ke directory installasi:

$ cd maldetect-*

Sekarang jalankan perintah install:

./install.sh

Setelah installation selesai, anda akan melihat seperti ini:

Created symlink from /etc/systemd/system/multi-user.target.wants/maldet.service to /usr/lib/systemd/system/maldet.service.
Linux Malware Detect v1.6
 (C) 2002-2017, R-fx Networks <[email protected]>
 (C) 2017, Ryan MacDonald <[email protected]>
This program may be freely redistributed under the terms of the GNU GPL

installation completed to /usr/local/maldetect
config file: /usr/local/maldetect/conf.maldet
exec file: /usr/local/maldetect/maldet
exec link: /usr/local/sbin/maldet
exec link: /usr/local/sbin/lmd
cron.daily: /etc/cron.daily/maldet
maldet(1344): {sigup} performing signature update check...
maldet(1344): {sigup} local signature set is version 2017070716978
maldet(1344): {sigup} new signature set (2017080720059) available
maldet(1344): {sigup} downloading https://cdn.rfxn.com/downloads/maldet-sigpack.tgz
maldet(1344): {sigup} downloading https://cdn.rfxn.com/downloads/maldet-cleanv2.tgz
maldet(1344): {sigup} verified md5sum of maldet-sigpack.tgz
maldet(1344): {sigup} unpacked and installed maldet-sigpack.tgz
maldet(1344): {sigup} verified md5sum of maldet-clean.tgz
maldet(1344): {sigup} unpacked and installed maldet-clean.tgz
maldet(1344): {sigup} signature set update completed
maldet(1344): {sigup} 15215 signatures (12485 MD5 | 1951 HEX | 779 YARA | 0 USER)

Step 3: Configurasi LMD

Lokasi file configurasi Malware Detect /usr/local/maldetect/conf.maldet dan lakukan modifikasi seperti di bawah:

$ nano /usr/local/maldetect/conf.maldet

The default file in your system should look like this:

# Enable Email Alerting
email_alert="1"

# Email Address in which you want to receive scan reports
email_addr="[email protected]"

# Use with ClamAV
scan_clamscan="1"

# Enable scanning for root owned files. Set 1 to disable.
scan_ignore_root="0"

# Move threats to quarantine
quarantine_hits="1"

# Clean string based malware injections
quarantine_clean="1"

# Suspend user if malware found.
quarantine_suspend_user="1"

# Minimum userid value that be suspended
quarantine_suspend_user_minuid="500"

Sekarang ubah seperti ini:

email_alert=1 – If you want to receive email alerts

email_addr=”[email protected] – Type the address where you want to receive the malware email alerts

quar_hits=1 – The default quarantine alert for malware hits

quar_clean=1 – Clears the detected malware injections

Step 4: Seting CronJob untuk Auto Scanning

In the installation process, a cron job file is installed in /etc/cron.daily/maldet.

These files installed by LMD are useful in keeping the current session, performing daily updates of the signature files, temp, as well as store quarantine data for not more than two weeks or 14 days. It runs a daily scan of all recent files on the system.

To ensure these files are compatible with the structure of your server and those in the Cron file, check the control panel and make the necessary changes.

#!/bin/bash

# clear quarantine/session/tmp data every 14 days
/usr/sbin/tmpwatch 336 /usr/local/maldetect/tmp >> /dev/null 2>&1
/usr/sbin/tmpwatch 336 /usr/local/maldetect/sess >> /dev/null 2>&1
/usr/sbin/tmpwatch 336 /usr/local/maldetect/quarantine >> /dev/null 2>&1
/usr/sbin/tmpwatch 336 /usr/local/maldetect/pub/*/ >> /dev/null 2>&1

# check for new release version
/usr/local/maldetect/maldet -d >> /dev/null 2>&1

# check for new definition set
/usr/local/maldetect/maldet -u >> /dev/null 2>&1

# if were running inotify monitoring, send daily hit summary
if [ "$(ps -A --user root -o "comm" | grep inotifywait)" ]; then
        /usr/local/maldetect/maldet --alert-daily >> /dev/null 2>&1
else
        # scan the last 2 days of file changes
        if [ -d "/home/virtual" ] && [ -d "/usr/lib/opcenter" ]; then
                # ensim
                /usr/local/maldetect/maldet -b -r /home/virtual/?/fst/var/www/html 2 >> /dev/null 2>&1
                /usr/local/maldetect/maldet -b -r /home/virtual/?/fst/home/?/public_html 2 >> /dev/null 2>&1
        elif [ -d "/etc/psa" ] && [ -d "/var/lib/psa" ]; then
                # psa
                /usr/local/maldetect/maldet -b -r /var/www/vhosts/?/httpdocs 2 >> /dev/null 2>&1
                /usr/local/maldetect/maldet -b -r /var/www/vhosts/?/subdomains/?/httpdocs 2 >> /dev/null 2>&1
        elif [ -d "/usr/local/directadmin" ]; then
                # DirectAdmin
                /usr/local/maldetect/maldet -b -r /var/www/html/?/ 2 >> /dev/null 2>&1
                /usr/local/maldetect/maldet -b -r /home?/?/domains/?/public_html 2 >> /dev/null 2>&1
        else
                # cpanel, interworx and other standard home/user/public_html setups
                /usr/local/maldetect/maldet -b -r /home?/?/public_html 2 >> /dev/null 2>&1
        fi
fi

Untuk mengaktifkan email alerts apabila malware ter deteksi, buka file configurasi Maldet /usr/local/maldetect/conf.maldet dan ikuti contoh berikut:

email_alert=1
email_subj="Maldet alert from $(hostname)"
email_addr="[email protected]

Step 5: Manual Scanning

Untuk melakukan scan sebuah folder anda bisa menggunakan perintah ini sebagai contoh:

$ maldet -a /path/to/directory

Untuk meyakinkan Maldet selalu up-to-date, jalankan perintah ini:

$ maldet -u

Anda dapat melihat detail dari opsi pilihan yang tersedia untuk menjalankan perintah maldet dengan perintah berikut:

$ maldet - h

Sekarang Malware Detect (LMD) sudah berhasil di install.