linux malware detect maldet# Operation System/Linux2022. 7. 8. 07:32
Table of Contents
728x90
반응형
다운로드
[darksharavim.tistory.com]cd /tmp/
[darksharavim.tistory.com]wget http://www.rfxn.com/downloads/maldetect-current.tar.gz
--2022-07-08 14:26:23-- http://www.rfxn.com/downloads/maldetect-current.tar.gz
Resolving www.rfxn.com (www.rfxn.com)... 172.67.144.156, 104.21.28.71, 2606:4700:3036::ac43:909c, ...
Connecting to www.rfxn.com (www.rfxn.com)|172.67.144.156|:80... connected.
HTTP request sent, awaiting response... 200 OK
Length: 1549126 (1.5M) [application/x-gzip]
Saving to: ‘maldetect-current.tar.gz’
100%[==============================================================================================================================>] 1,549,126 2.02MB/s in 0.7s
2022-07-08 14:26:24 (2.02 MB/s) - ‘maldetect-current.tar.gz’ saved [1549126/1549126]
설치
[darksharavim.tistory.com]tar -xvzf maldetect-current.tar.gz
[darksharavim.tistory.com]cd maldetect-1.6.4/
[darksharavim.tistory.com]./install.sh
Created symlink from /etc/systemd/system/multi-user.target.wants/maldet.service to /usr/lib/systemd/system/maldet.service.
Linux Malware Detect v1.6.4
(C) 2002-2019, R-fx Networks <proj@r-fx.org>
(C) 2019, Ryan MacDonald <ryan@r-fx.org>
This program may be freely redistributed under the terms of the GNU GPL
installation completed to /usr/local/maldetect
config file: /usr/local/maldetect/conf.maldet
exec file: /usr/local/maldetect/maldet
exec link: /usr/local/sbin/maldet
exec link: /usr/local/sbin/lmd
cron.daily: /etc/cron.daily/maldet
maldet(5852): {sigup} performing signature update check...
maldet(5852): {sigup} local signature set is version 201907043616
maldet(5852): {sigup} new signature set 20220707870935 available
maldet(5852): {sigup} downloading https://cdn.rfxn.com/downloads/maldet-sigpack.tgz
maldet(5852): {sigup} downloading https://cdn.rfxn.com/downloads/maldet-cleanv2.tgz
maldet(5852): {sigup} verified md5sum of maldet-sigpack.tgz
maldet(5852): {sigup} unpacked and installed maldet-sigpack.tgz
maldet(5852): {sigup} verified md5sum of maldet-clean.tgz
maldet(5852): {sigup} unpacked and installed maldet-clean.tgz
maldet(5852): {sigup} signature set update completed
maldet(5852): {sigup} 17272 signatures (14450 MD5 | 2039 HEX | 783 YARA | 0 USER)
[darksharavim.tistory.com]
설정
[darksharavim.tistory.com]vi /usr/local/maldetect/conf.maldet
# To enable the email notification.
email_alert="1"
# Specify the email address on which you want to receive an email notification.
email_addr="user@domain.com"
# Enable the LMD signature autoupdate.
autoupdate_signatures="1"
# Enable the automatic updates of the LMD installation.
autoupdate_version="1"
# Enable the daily automatic scanning.
cron_daily_scan="1"
# Allows non-root users to perform scans.
scan_user_access="1"
# Move hits to quarantine & alert
quarantine_hits="1"
# Clean string based malware injections.
quarantine_clean="0"
# Suspend user if malware found.
quarantine_suspend_user="1"
# Minimum userid value that be suspended
quarantine_suspend_user_minuid="500"
# Enable Email Alerting
email_alert="1"
# Email Address in which you want to receive scan reports
email_addr="you@domain.com"
# Use with ClamAV
scan_clamscan="1"
# Enable scanning for root-owned files. Set 1 to disable.
scan_ignore_root="0"
업데이트 전
[darksharavim.tistory.com]/usr/local/sbin/maldet --mkpubpaths
Linux Malware Detect v1.6.4
(C) 2002-2019, R-fx Networks <proj@rfxn.com>
(C) 2019, Ryan MacDonald <ryan@rfxn.com>
This program may be freely redistributed under the terms of the GNU GPL v2
public scanning support not enabled in /usr/local/maldetect/conf.maldet, aborting.
업데이트
[darksharavim.tistory.com]maldet -u
Linux Malware Detect v1.6.4
(C) 2002-2019, R-fx Networks <proj@rfxn.com>
(C) 2019, Ryan MacDonald <ryan@rfxn.com>
This program may be freely redistributed under the terms of the GNU GPL v2
maldet(6470): {sigup} performing signature update check...
maldet(6470): {sigup} local signature set is version 20220707870935
maldet(6470): {sigup} latest signature set already installed
버전 체크
[darksharavim.tistory.com]maldet -d
Linux Malware Detect v1.6.4
(C) 2002-2019, R-fx Networks <proj@rfxn.com>
(C) 2019, Ryan MacDonald <ryan@rfxn.com>
This program may be freely redistributed under the terms of the GNU GPL v2
maldet(6715): {update} checking for available updates...
maldet(6715): {update} hashing install files and checking against server...
maldet(6715): {update} latest version already installed.
clamav 설치
[darksharavim.tistory.com]yum -y install epel-release
[darksharavim.tistory.com]yum -y install clamav clamav-devel -y
테스트
[darksharavim.tistory.com]cd /tmp
[darksharavim.tistory.com]wget http://www.eicar.org/download/eicar_com.zip
[darksharavim.tistory.com]wget http://www.eicar.org/download/eicarcom2.zip
[darksharavim.tistory.com]maldet -a /tmp
Linux Malware Detect v1.6.4
(C) 2002-2019, R-fx Networks <proj@rfxn.com>
(C) 2019, Ryan MacDonald <ryan@rfxn.com>
This program may be freely redistributed under the terms of the GNU GPL v2
maldet(7641): {scan} signatures loaded: 17272 (14450 MD5 | 2039 HEX | 783 YARA | 0 USER)
maldet(7641): {scan} building file list for /tmp, this might take awhile...
maldet(7641): {scan} setting nice scheduler priorities for all operations: cpunice 19 , ionice 6
maldet(7641): {scan} file list completed in 0s, found 26 files...
maldet(7641): {scan} found clamav binary at /usr/bin/clamscan, using clamav scanner engine...
maldet(7641): {scan} scan of /tmp (26 files) in progress...
maldet(7641): {scan} scan completed on /tmp: files 26, malware hits 0, cleaned hits 0, time 1s
maldet(7641): {scan} scan report saved, to view run: maldet --report 220708-1508.7641
[darksharavim.tistory.com]maldet -a /var/www/html/*.php
보고서 결과
Maldet은 디렉터리 위치 아래에 스캔 보고서를 저장합니다. (/usr/local/maldetect/sess/). 다음 명령을 함께 사용할 수 있습니다. (스캔 ID) 자세한 보고서를 보려면 다음과 같이 하십시오.
[darksharavim.tistory.com]maldet --report 220708-1508.7641
HOST: darksharavim.tistory.com
SCAN ID: 220708-1508.7641
STARTED: 7월 8 2022 15:08:12 +0900
COMPLETED: 7월 8 2022 15:08:13 +0900
ELAPSED: 1s [find: 0s]
PATH: /tmp
TOTAL FILES: 26
TOTAL HITS: 0
TOTAL CLEANED: 0
===============================================
Linux Malware Detect v1.6.4 < proj@rfxn.com >
검역소 보관
[darksharavim.tistory.com]maldet -q 220708-1508.7641
Linux Malware Detect v1.6.4
(C) 2002-2019, R-fx Networks <proj@rfxn.com>
(C) 2019, Ryan MacDonald <ryan@rfxn.com>
This program may be freely redistributed under the terms of the GNU GPL v2
728x90
반응형
'# Operation System > Linux' 카테고리의 다른 글
curl command (0) | 2022.09.21 |
---|---|
tar 분할압축 및 해제 (0) | 2022.07.27 |
[모니터링툴]자빅스6 설치 (0) | 2022.06.03 |
ntp(network time protocol) 서버 구축 (0) | 2022.05.20 |
centos6x yum update 에러 해결 (0) | 2022.05.19 |
@다크쉐라빔 :: 다크쉐라빔의 주절주절
안녕하세요. 이곳은 IT위주의 잡다한 정보를 올려두는 개인 블로그입니다.
포스팅이 좋았다면 "좋아요❤️" 또는 "구독👍🏻" 해주세요!