How to Install Linux Malware Detect on CentOS 8

Install Linux Malware Detect on CentOS 8

In this article, we will have explained the necessary steps to install and configure Install Linux Malware Detect on CentOS 8. Before continuing with this tutorial, make sure you are logged in as a user with sudo privileges. All the commands in this tutorial should be run as a non-root user.

Linux Malware Detect (LMD) is a malware scanner for Linux released under the GNU GPLv2 license, that is designed around the threats faced in a shared hosted environments. It uses threat data from network edge intrusion detection systems to extract malware that is actively being used in attacks and generates signatures for detection.

Install Linux Malware Detect on CentOS

Step 1. The first command will update the package lists to ensure you get the latest version and dependencies.

sudo dnf update

Step 2. Install Linux Malware Detect.

Go to the official Linux Malware Detect page and download the software to your server:

cd /opt
http://www.rfxn.com/downloads/maldetect-current.tar.gz

Next, extract downloaded archove and install LMD tool:

tar xvf maldetect-current.tar.gz
cd maldetect-*
sh install.sh

Once the installation process is complete, you should have the output below:

Linux Malware Detect v1.6
 (C) 2002-2017, R-fx Networks <proj@r-fx.org>
 (C) 2017, Ryan MacDonald <ryan@r-fx.org>
This program may be freely redistributed under the terms of the GNU GPL
installation completed to /usr/local/maldetect
config file: /usr/local/maldetect/conf.maldet
exec file: /usr/local/maldetect/maldet
exec link: /usr/local/sbin/maldet
exec link: /usr/local/sbin/lmd
cron.daily: /etc/cron.daily/maldet
maldet(1346): {sigup} performing signature update check...
maldet(1346): {sigup} local signature set is version 2020010720059
maldet(1346): {sigup} new signature set (2020010720059) available
maldet(1346): {sigup} downloading https://cdn.rfxn.com/downloads/maldet-sigpack.tgz
maldet(1346): {sigup} downloading https://cdn.rfxn.com/downloads/maldet-cleanv2.tgz
maldet(1346): {sigup} verified md5sum of maldet-sigpack.tgz
maldet(1346): {sigup} unpacked and installed maldet-sigpack.tgz
maldet(1346): {sigup} verified md5sum of maldet-clean.tgz
maldet(1346): {sigup} unpacked and installed maldet-clean.tgz
maldet(1346): {sigup} signature set update completed
maldet(1346): {sigup} 15216 signatures (12486 MD5 | 1961 HEX | 766 YARA | 0 USER)

Step 3. Configure Linux Malware Detect.

Linux Malware Detect configuration file is /usr/local/maldetect/conf.maldet and it can be modified as per the requirements below:

# Enable Email Alerting
email_alert="1"

# Email Address in which you want to receive scan reports
email_addr="your-email@gmail.com"

# Use with ClamAV
scan_clamscan="1"

# Enable scanning for root owned files. Set 1 to disable.
scan_ignore_root="0"

# Move threats to quarantine
quarantine_hits="1"

# Clean string based malware injections
quarantine_clean="1"

# Suspend user if malware found.
quarantine_suspend_user="1"

# Minimum userid value that be suspended
quarantine_suspend_user_minuid="500"

After succefully installed and configured Linux Malware Detect tool (LMD) on your system, lets run your first scann using following command:

maldet --scann-all /var/www/http

Congratulation, you have learned how to install and configure Linux Malware Detect on CentOS 8. If you have any question, please leave a comment below.