Cara Install Maldet, Malware Detect (LMD) atau cukup Maldet adalah alat scan malware gratis yang dirancang untuk OS Linux. Sebelum kami memulai proses instalasi, tutorial ini mengasumsikan bahwa Anda memiliki pengetahuan dasar tentang SSH. Instruksi ini berlaku untuk pengguna yang berurusan dengan VPS (Server Privat Virtual) atau server khusus.
Cara Install Maldet
Step 1: Update Software
Pertama, pastikan semua software dalam kondisi up-to-date:
$ yum -y update
Step 2: Installing Linux Malware Detect
Download software maldet ke server anda:
$ wget http://www.rfxn.com/downloads/maldetect-current.tar.gz
Ekstrak file Maldet:
#tar xfz maldetect-current.tar.gz
Masuk ke directory installasi:
$ cd maldetect-*
Sekarang jalankan perintah install:
./install.sh
Setelah installation selesai, anda akan melihat seperti ini:
Created symlink from /etc/systemd/system/multi-user.target.wants/maldet.service to /usr/lib/systemd/system/maldet.service. Linux Malware Detect v1.6 (C) 2002-2017, R-fx Networks <[email protected]> (C) 2017, Ryan MacDonald <[email protected]> This program may be freely redistributed under the terms of the GNU GPL installation completed to /usr/local/maldetect config file: /usr/local/maldetect/conf.maldet exec file: /usr/local/maldetect/maldet exec link: /usr/local/sbin/maldet exec link: /usr/local/sbin/lmd cron.daily: /etc/cron.daily/maldet maldet(1344): {sigup} performing signature update check... maldet(1344): {sigup} local signature set is version 2017070716978 maldet(1344): {sigup} new signature set (2017080720059) available maldet(1344): {sigup} downloading https://cdn.rfxn.com/downloads/maldet-sigpack.tgz maldet(1344): {sigup} downloading https://cdn.rfxn.com/downloads/maldet-cleanv2.tgz maldet(1344): {sigup} verified md5sum of maldet-sigpack.tgz maldet(1344): {sigup} unpacked and installed maldet-sigpack.tgz maldet(1344): {sigup} verified md5sum of maldet-clean.tgz maldet(1344): {sigup} unpacked and installed maldet-clean.tgz maldet(1344): {sigup} signature set update completed maldet(1344): {sigup} 15215 signatures (12485 MD5 | 1951 HEX | 779 YARA | 0 USER)
Step 3: Configurasi LMD
Lokasi file configurasi Malware Detect /usr/local/maldetect/conf.maldet dan lakukan modifikasi seperti di bawah:
$ nano /usr/local/maldetect/conf.maldet
The default file in your system should look like this:
# Enable Email Alerting email_alert="1" # Email Address in which you want to receive scan reports email_addr="[email protected]" # Use with ClamAV scan_clamscan="1" # Enable scanning for root owned files. Set 1 to disable. scan_ignore_root="0" # Move threats to quarantine quarantine_hits="1" # Clean string based malware injections quarantine_clean="1" # Suspend user if malware found. quarantine_suspend_user="1" # Minimum userid value that be suspended quarantine_suspend_user_minuid="500"
Sekarang ubah seperti ini:
email_alert=1 – If you want to receive email alerts
email_addr=”[email protected]” – Type the address where you want to receive the malware email alerts
quar_hits=1 – The default quarantine alert for malware hits
quar_clean=1 – Clears the detected malware injections
Step 4: Seting CronJob untuk Auto Scanning
In the installation process, a cron job file is installed in /etc/cron.daily/maldet.
These files installed by LMD are useful in keeping the current session, performing daily updates of the signature files, temp, as well as store quarantine data for not more than two weeks or 14 days. It runs a daily scan of all recent files on the system.
To ensure these files are compatible with the structure of your server and those in the Cron file, check the control panel and make the necessary changes.
#!/bin/bash # clear quarantine/session/tmp data every 14 days /usr/sbin/tmpwatch 336 /usr/local/maldetect/tmp >> /dev/null 2>&1 /usr/sbin/tmpwatch 336 /usr/local/maldetect/sess >> /dev/null 2>&1 /usr/sbin/tmpwatch 336 /usr/local/maldetect/quarantine >> /dev/null 2>&1 /usr/sbin/tmpwatch 336 /usr/local/maldetect/pub/*/ >> /dev/null 2>&1 # check for new release version /usr/local/maldetect/maldet -d >> /dev/null 2>&1 # check for new definition set /usr/local/maldetect/maldet -u >> /dev/null 2>&1 # if were running inotify monitoring, send daily hit summary if [ "$(ps -A --user root -o "comm" | grep inotifywait)" ]; then /usr/local/maldetect/maldet --alert-daily >> /dev/null 2>&1 else # scan the last 2 days of file changes if [ -d "/home/virtual" ] && [ -d "/usr/lib/opcenter" ]; then # ensim /usr/local/maldetect/maldet -b -r /home/virtual/?/fst/var/www/html 2 >> /dev/null 2>&1 /usr/local/maldetect/maldet -b -r /home/virtual/?/fst/home/?/public_html 2 >> /dev/null 2>&1 elif [ -d "/etc/psa" ] && [ -d "/var/lib/psa" ]; then # psa /usr/local/maldetect/maldet -b -r /var/www/vhosts/?/httpdocs 2 >> /dev/null 2>&1 /usr/local/maldetect/maldet -b -r /var/www/vhosts/?/subdomains/?/httpdocs 2 >> /dev/null 2>&1 elif [ -d "/usr/local/directadmin" ]; then # DirectAdmin /usr/local/maldetect/maldet -b -r /var/www/html/?/ 2 >> /dev/null 2>&1 /usr/local/maldetect/maldet -b -r /home?/?/domains/?/public_html 2 >> /dev/null 2>&1 else # cpanel, interworx and other standard home/user/public_html setups /usr/local/maldetect/maldet -b -r /home?/?/public_html 2 >> /dev/null 2>&1 fi fi
Untuk mengaktifkan email alerts apabila malware ter deteksi, buka file configurasi Maldet /usr/local/maldetect/conf.maldet dan ikuti contoh berikut:
email_alert=1 email_subj="Maldet alert from $(hostname)" email_addr="[email protected]
Step 5: Manual Scanning
Untuk melakukan scan sebuah folder anda bisa menggunakan perintah ini sebagai contoh:
$ maldet -a /path/to/directory
Untuk meyakinkan Maldet selalu up-to-date, jalankan perintah ini:
$ maldet -u
Anda dapat melihat detail dari opsi pilihan yang tersedia untuk menjalankan perintah maldet dengan perintah berikut:
$ maldet - h
Sekarang Malware Detect (LMD) sudah berhasil di install.