Are you a spammer

Please note, that the first 3 posts you make, will need to be approved by a forum Administrator or Moderator before they are publicly viewable.
Each application to join this forum is checked at the Stop Forum Spam website. If the email or IP address appears there when checked, you will not be allowed to join this forum.
If you get past this check and post spam on this forum, your posts will be immediately deleted and your account inactivated.You will then be banned and your IP will be submitted to your ISP, notifying them of your spamming. So your spam links will only be seen for an hour or two at most. In other words, don't waste your time and ours.

This forum is for the use and enjoyment of the members and visitors looking to learn about and share information regarding the topics listed. It is not a free-for-all advertising venue. Your time would be better spent pursuing legitimate avenues of promoting your websites.

Detect malware on linux.

Build it and learn to secure your system/server.


Detect malware on linux.

Postby tanmay.01 » Thu Apr 18, 2013 11:18 am

If you are running a mission-critical web server, or managing shared hosting environments on Linux, chances are that you constantly watch out for potential threats from Linux malware such as viruses, trojans, rootkits and worms. While staying up-to-date with the latest server hardening guides is a must to prevent any future attack, you may wish to add malware detection tools to your arsenal for extra security.

Linux Malware Detect (LMD) is a freeware malware scanning tool for Linux. In this guide, I will show you how to install and configure LMD to scan for malware on your Linux system.

In order to install LMD on Linux, run the following,
Code: Select all
wget http://www.rfxn.com/downloads/maldetect-current.tar.gz
tar xvfvz maldetect-current.tar.gz
cd maldetect-1.4.2
sudo ./install.sh


Linux Malware Detect v1.4.1
(C) 2002-2013, R-fx Networks <proj@r-fx.org>
(C) 2013, Ryan MacDonald <ryan@r-fx.org>
inotifywait (C) 2007, Rohan McGovern <rohan@mcgovern.id.au>
This program may be freely redistributed under the terms of the GNU GPL

installation completed to /usr/local/maldetect
config file: /usr/local/maldetect/conf.maldet
exec file: /usr/local/maldetect/maldet
exec link: /usr/local/sbin/maldet
exec link: /usr/local/sbin/lmd
cron.daily: /etc/cron.daily/maldet

maldet(6001): {sigup} performing signature update check...
maldet(6001): {sigup} local signature set is version 201205035915
maldet(6001): {sigup} new signature set (2013041816820) available
maldet(6001): {sigup} downloaded http://www.rfxn.com/downloads/md5.dat
maldet(6001): {sigup} downloaded http://www.rfxn.com/downloads/hex.dat
maldet(6001): {sigup} downloaded http://www.rfxn.com/downloads/rfxn.ndb
maldet(6001): {sigup} downloaded http://www.rfxn.com/downloads/rfxn.hdb
maldet(6001): {sigup} downloaded http://www.rfxn.com/downloads/maldet-clean.tgz
maldet(6001): {sigup} signature set update completed
maldet(6001): {sigup} 11203 signatures (9335 MD5 / 1868 HEX)


After installation, daily cron job is added in /etc/cron.daily/maldet, which checks for the latest version of LMD and malware definition/signature files, and update them automatically. If inotify-based real time monitoring is enabled, the daily cron job also scans the recently updated/created files for malware.

To initiate malware scanning manually, run maldet with a target folder to scan.

Code: Select all
sudo maldet --scan-all /home


After scanning, you can examine malware scan report by running the following command with the scan report ID (which your terminal displays).

Code: Select all
sudo maldet --report 041813-2044.6125


To quarantine the infected files, run the following command with the scan report ID. The infected files will then be quarantined for cleaning.

Code: Select all
sudo maldet -q 041813-2044.6125


If you want to actively monitor specific directories for malware infection, you can run maldet as a daemon as follows.

Code: Select all
sudo maldet -m /var,/home


If you want to have maldet alert you on detected malware by email, you can modify maldet configuration as follows.

Code: Select all
sudo vi /usr/local/maldetect/conf.maldet


email_alert=1
email_subj="Malware detected by maldet"
email_addr="TheeMahn@forumubuntusoftware.info"
;)
HP ENVY 15
•3rd generation Intel(R) Core(TheeMahn) i5-3210M Processor (2.5 GHz with Turbo Boost up to 3.1 GHz)
• 1GB Radeon(TheeMahn) HD 7750M GDDR5 Graphics [HDMI]
• 6GB 1600DDR3 System Memory (2 Dimm)
• 750GB 7200 rpm Hard Drive
• Intel 2x2 802.11a/b/g/n WLAN + Bluetooth(R)
• Full-size Radiance backlit keyboard.

Image
User avatar
tanmay.01
Moderator
 
Posts: 253
Joined: Wed Dec 07, 2011 1:03 pm
Location: India
Age: 27
Operating System: Other Linux



Re: Detect malware on linux.

Postby Randymanme » Thu Apr 18, 2013 7:58 pm

Thanks for this tutorial. Will this work okay on a personal computer?
AMD Athlon II X2 220 Processor × 2, 2.8 GHz, 6 GB, Geforce 6150SE, 1 TB hdd: Windows 8.1 Pro Review; Linux Mint 14 Nadia - Mate; Ultimate Edition 3.4.
User avatar
Randymanme
U.E. Newbie
U.E. Newbie
 
Posts: 5
Joined: Tue Dec 29, 2009 9:26 am
Operating System: Ultimate Edition 1.8 Gamers



Re: Detect malware on linux.

Postby tanmay.01 » Thu Apr 18, 2013 11:24 pm

Yes this will work as Linux os are scaleable. Meaning with some server softwares youccould make your personal computer into a server.
And Linux does not have viruses but it can have malwares.
HP ENVY 15
•3rd generation Intel(R) Core(TheeMahn) i5-3210M Processor (2.5 GHz with Turbo Boost up to 3.1 GHz)
• 1GB Radeon(TheeMahn) HD 7750M GDDR5 Graphics [HDMI]
• 6GB 1600DDR3 System Memory (2 Dimm)
• 750GB 7200 rpm Hard Drive
• Intel 2x2 802.11a/b/g/n WLAN + Bluetooth(R)
• Full-size Radiance backlit keyboard.

Image
User avatar
tanmay.01
Moderator
 
Posts: 253
Joined: Wed Dec 07, 2011 1:03 pm
Location: India
Age: 27
Operating System: Other Linux


Return to Server and Security

Who is online

Users browsing this forum: No registered users and 2 guests