Featured Maldet - Linux Malware Detect Addon (discussion)

eva2000 · Mar 5, 2018

rc112 said: ↑

@eva2000 In consideration of the higher requirement for CPU and RAM, do you think it is okay to disable it? I got $10 VPS with Digital Ocean right
Click to expand...

disable what maldet + clamav ? or disable clamav part of it ? without clamav, maldet is 100s of times slower to run !

rc112 said: ↑

Anyone can tell me how to run the commands?
Click to expand...

i'd skip this script setup it's broken as it sometimes prevents pure-ftpd from restart/starting up.

rc112 · Mar 5, 2018

eva2000 said: ↑

disable what maldet + clamav ? or disable clamav part of it ? without clamav, maldet is 100s of times slower to run !
Click to expand...

I am thinking of disabling and unintstalling both in concern of the higher resource it needs. I am running with 1cpu and 2RAM on DO. Maybe leave the virus scan to external server or so. Thanks.

eva2000 · Mar 5, 2018

For maldet there's a native uninstall.sh script at /svr-setup/maldetect-1.6.2/files/uninstall.sh

Code (Text):

cd /svr-setup/maldetect-*
cd files
./uninstall.sh

example

Code (Text):

./uninstall.sh 
This will completely remove Linux Malware Detect from your server including all quarantine data!
Would you like to proceeed? [y/n] y
Removed symlink /etc/systemd/system/multi-user.target.wants/maldet.service.
Linux Malware Detect has been uninstalled.

for clamav you can undo the yum install for them via yum history

so get yum history list first and for me I see yum install clamav on yum history id = 34

Code (Text):

yum history list
Loaded plugins: fastestmirror, priorities, versionlock
ID     | Command line             | Date and time    | Action(s)      | Altered
-------------------------------------------------------------------------------
    34 | -y install clamav clamav | 2018-03-05 03:10 | Install        |    6   
    33 | -y update ImageMagick6 I | 2018-03-02 21:18 | Update         |    5   
    32 | -q -y install GraphicsMa | 2018-03-02 21:17 | Install        |    1   
    31 | -y install jq            | 2018-02-28 04:54 | Install        |    2   
    30 | -y install redis --enabl | 2018-02-25 05:26 | Install        |    1   
    29 | update --disableplugin=p | 2018-02-25 03:41 | Update         |    2 EE
    28 | -q -y install pure-ftpd  | 2018-02-25 03:34 | Install        |    3   
    27 | -y install ImageMagick6  | 2018-02-25 03:34 | Install        |    8   
    26 | -q -y install libmemcach | 2018-02-25 03:33 | Install        |    2   
    25 | -q -y install postfix-pe | 2018-02-25 03:32 | Install        |    4   
    24 | -q -y install libtidy li | 2018-02-25 03:28 | Install        |    2   
    23 | -q -y install libicu lib | 2018-02-25 03:28 | Install        |    2   
    22 | -q -y install libxslt li | 2018-02-25 03:28 | Install        |    4   
    21 | -q -y install fio --disa | 2018-02-25 03:28 | Install        |   11   
    20 | -y install mytop         | 2018-02-25 03:27 | Install        |    1   
    19 | -y install net-snmp --di | 2018-02-25 03:27 | Install        |    1   
    18 | -y install postfix --dis | 2018-02-25 03:27 | Install        |    1   
    17 | -q -y install perl-DBD-M | 2018-02-25 03:27 | Install        |    1   
    16 | -y install MariaDB-clien | 2018-02-25 03:27 | Install        |    7 EE
    15 | -y remove mariadb-libs   | 2018-02-25 03:26 | Erase          |    4 EE

then run yum history undo 34 where that is your history list id which will differ for each person's install

Code (Text):

yum history undo 34

example

Code (Text):

yum history undo 34
Loaded plugins: fastestmirror, priorities, versionlock
Undoing transaction 34, from Mon Mar  5 03:10:52 2018
    Install     clamav-0.99.3-4.el7.x86_64            @epel
    Dep-Install clamav-data-0.99.3-4.el7.noarch       @epel
    Dep-Install clamav-filesystem-0.99.3-4.el7.noarch @epel
    Dep-Install clamav-lib-0.99.3-4.el7.x86_64        @epel
    Install     clamav-server-0.99.3-4.el7.x86_64     @epel
    Install     clamav-update-0.99.3-4.el7.x86_64     @epel
Resolving Dependencies
--> Running transaction check
---> Package clamav.x86_64 0:0.99.3-4.el7 will be erased
---> Package clamav-data.noarch 0:0.99.3-4.el7 will be erased
---> Package clamav-filesystem.noarch 0:0.99.3-4.el7 will be erased
---> Package clamav-lib.x86_64 0:0.99.3-4.el7 will be erased
---> Package clamav-server.x86_64 0:0.99.3-4.el7 will be erased
---> Package clamav-update.x86_64 0:0.99.3-4.el7 will be erased
--> Finished Dependency Resolution

Dependencies Resolved

==========================================================================================================================================================================================================================================================
 Package                                                            Arch                                                    Version                                                          Repository                                              Size
==========================================================================================================================================================================================================================================================
Removing:
 clamav                                                             x86_64                                                  0.99.3-4.el7                                                     @epel                                                  2.4 M
 clamav-data                                                        noarch                                                  0.99.3-4.el7                                                     @epel                                                  155 M
 clamav-filesystem                                                  noarch                                                  0.99.3-4.el7                                                     @epel                                                  0.0 
 clamav-lib                                                         x86_64                                                  0.99.3-4.el7                                                     @epel                                                   11 M
 clamav-server                                                      x86_64                                                  0.99.3-4.el7                                                     @epel                                                  241 k
 clamav-update                                                      x86_64                                                  0.99.3-4.el7                                                     @epel                                                  213 k

Transaction Summary
==========================================================================================================================================================================================================================================================
Remove  6 Packages

Installed size: 169 M
Is this ok [y/N]: y
Downloading packages:
Running transaction check
Running transaction test
Transaction test succeeded
Running transaction
  Erasing    : clamav-server-0.99.3-4.el7.x86_64                                                                                                                                                                                                      1/6 
  Erasing    : clamav-0.99.3-4.el7.x86_64                                                                                                                                                                                                             2/6 
  Erasing    : clamav-update-0.99.3-4.el7.x86_64                                                                                                                                                                                                      3/6 
  Erasing    : clamav-lib-0.99.3-4.el7.x86_64                                                                                                                                                                                                         4/6 
  Erasing    : clamav-data-0.99.3-4.el7.noarch                                                                                                                                                                                                        5/6 
warning: /var/lib/clamav/daily.cvd saved as /var/lib/clamav/daily.cvd.rpmsave
  Erasing    : clamav-filesystem-0.99.3-4.el7.noarch                                                                                                                                                                                                  6/6 
  Verifying  : clamav-filesystem-0.99.3-4.el7.noarch                                                                                                                                                                                                  1/6 
  Verifying  : clamav-server-0.99.3-4.el7.x86_64                                                                                                                                                                                                      2/6 
  Verifying  : clamav-lib-0.99.3-4.el7.x86_64                                                                                                                                                                                                         3/6 
  Verifying  : clamav-data-0.99.3-4.el7.noarch                                                                                                                                                                                                        4/6 
  Verifying  : clamav-update-0.99.3-4.el7.x86_64                                                                                                                                                                                                      5/6 
  Verifying  : clamav-0.99.3-4.el7.x86_64                                                                                                                                                                                                             6/6 

Removed:
  clamav.x86_64 0:0.99.3-4.el7       clamav-data.noarch 0:0.99.3-4.el7       clamav-filesystem.noarch 0:0.99.3-4.el7       clamav-lib.x86_64 0:0.99.3-4.el7       clamav-server.x86_64 0:0.99.3-4.el7       clamav-update.x86_64 0:0.99.3-4.el7     

Complete!

rc112 · Mar 5, 2018

@eva2000 Thank you so much

pamamolf · Mar 5, 2018

What's the difference for yum remove clamv and yum undo?

eva2000 · Mar 6, 2018

rc112 said: ↑

@eva2000 Thank you so much
Click to expand...

you're welcome

pamamolf said: ↑

What's the difference for yum remove clamv and yum undo?
Click to expand...

basically both do the same thing though undo is cleaner if you only have those related yum packages in that transaction so you can see there are several yum packages undone. If you didn't know that there were several packages to remove, manual yum remove would of removed only some packages and not all. Also not ideal if you have other unrelated yum packages within that transaction as they will be undone/removed too.

Also as per How to use yum history to roll back an update in Red Hat Enterprise Linux 6 , 7? - Red Hat Customer Portal there's some requirements for undo

yum history undo will require access to all the previous RPM version; thus, need to ensure the older RPM versions are available to the system. It is recommended that prior to doing updates, you closely inspect the output of package-cleanup --orphans to know what currently installed RPMs are no longer available in the enabled repositories. This should not be a concern if using the standard RHEL repositories provided by Red Hat as multiple versions of RPM are maintained in these locations.
Click to expand...

So undo might not work if prior to running undo transaction one of the grouped packages due for removal was already removed manually within a previous yum transaction/command run (via yum remove).

eva2000 · Jul 9, 2018

Posted a dedicated thread to extending and running Maldet and ClamAV scanning signatures Error | Centmin Mod Community Support Forums

Meirami · Jul 15, 2018

Code (Text):

systemctl status maldet.service -l
* maldet.service - Linux Malware Detect monitoring - maldet
   Loaded: loaded (/usr/lib/systemd/system/maldet.service; enabled; v
endor preset: disabled)
   Active: failed (Result: resources) since Sat 2018-07-14 15:32:22 U
TC; 35s ago
  Process: 30572 ExecStart=/usr/local/maldetect/maldet --monitor /usr
/local/maldetect/monitor_paths (code=exited, status=0/SUCCESS)

Jul 14 15:32:21 myVPS systemd[1]: Starting Linux Malware Detect moni
toring - maldet...
Jul 14 15:32:22 myVPS maldet[30572]: Linux Malware Detect v1.6.2
Jul 14 15:32:22 myVPS systemd[1]: PID file /usr/local/maldetect/tmp/
inotifywait.pid not readable (yet?) after start.
Jul 14 15:32:22 myVPS maldet[30572]: (C) 2002-2017, R-fx Networks <p
roj@rfxn.com>
Jul 14 15:32:22 myVPS maldet[30572]: (C) 2017, Ryan MacDonald <ryan@
rfxn.com>
Jul 14 15:32:22 myVPS maldet[30572]: This program may be freely redi
stributed under the terms of the GNU GPL v2
Jul 14 15:32:22 myVPS maldet[30572]: maldet(30572): {mon} could not
find inotifywait command, install yum package inotify-tools or downlo
ad from https://github.com/rvoicilas/inotify-tools/wiki/
Jul 14 15:32:22 myVPS systemd[1]: Failed to start Linux Malware Dete
ct monitoring - maldet.
Jul 14 15:32:22 myVPS systemd[1]: Unit maldet.service entered failed
 state.
Jul 14 15:32:22 myVPS systemd[1]: maldet.service failed.

I think I followed the guide exactly. After boot I noticed that maldet service wasn't running. According to status, I need to install inotify-tools. Should it be in guide?

When I run maldet and clamscan manually, like in the guide, I got cpu% and mem% quite high, but still ok. At night cron started scan and I think it kept my vps frozen until I booted in the morning. Can it be because of inotify or is it just because low cpu power? Vps panel showed very high cpu usage in the morning.
I just installed virus scan.

eva2000 · Jul 15, 2018

maldet isn't a service it runs via a cronjob in cron.daily so doesn't need a service running

Code (Text):

ls -lah /etc/cron.daily/
total 32K
drwxr-xr-x  2 root root 4.0K Jul  6 19:02 .
drwxr-xr-x 76 root root 4.0K Jul 14 10:30 ..
-rwxr-xr-x  1 root root  979 May 10  2017 cyrus-imapd
-rwxr-xr-x  1 root root 2.1K Jun 20 11:14 diskalert
-rwx------  1 root root  219 Apr 11 00:51 logrotate
-rwxr-xr-x  1 root root 4.2K Jul  6 19:02 maldet
-rwx------  1 root root  208 Apr 10 20:32 mlocate

robert syputa · Jul 20, 2018

Reviews of Linux server antivirus and malware show poor results for clamav. That may be due to the lack of a commercial version - the cost of maintaining an up-to-date signature database needs to be paid for somehow.

A few reviews show alternatives from commercial suppliers of AV who offer free versions for Linux desktops or servers.

Sophos comes up as a leading free AV that achieves respectably high ratings for screening of virus and malware on Linux servers and also those aimed at windows that may reside on a Linux server.

eva2000 · Jul 20, 2018

Yeah that is true.. always looking for linux alternatives. Thought alternatives would need to be capable of automated installation unattended for Centmin Mod users heh

seems Sophos might slow computers down The 8 Best Free Anti-Virus Programs for Linux so not sure.

Meirami · Aug 7, 2018

Is the maldet running longer than cron.daily thinks? Sometimes I got really high cpu usage when cron.daily runs and I've been thinking it's mlocate. I read logs and saw these time stamps. Maldet is running after it's finished and maybe together with mlocate cpu usage get's high..?

journalctl

Code:

Aug 06 03:19:58 vps run-parts(/etc/cron.daily)[32084]: finished maldet

and mlocate starts

maldetect event_log

Code:

Aug 06 03:19:54 vps maldet(30642): {update} checking for available updates...
Aug 06 03:19:56 vps maldet(30642): {update} downloaded https://cdn.rfxn.com/downloads/maldet.current.ver
Aug 06 03:19:56 vps maldet(30642): {update} hashing install files and checking against server...
Aug 06 03:19:56 vps maldet(30642): {update} downloaded https://cdn.rfxn.com/downloads/maldet.current.hash
Aug 06 03:19:56 vps maldet(30642): {update} latest version already installed.
Aug 06 03:19:56 vps maldet(30778): {sigup} performing signature update check...
Aug 06 03:19:56 vps maldet(30778): {sigup} local signature set is version 2018070518685
Aug 06 03:19:57 vps maldet(30778): {sigup} downloaded https://cdn.rfxn.com/downloads/maldet.sigs.ver
Aug 06 03:19:57 vps maldet(30778): {sigup} latest signature set already installed
Aug 06 03:19:57 vps maldet(30987): {scan} launching scan of /home?/?/public_html/,/var/www/html/,/usr/local/apache/htdocs/ changes in last 1d to background, see /usr/local/maldetect/logs/event_log for progress
Aug 06 03:19:57 vps maldet(31068): {scan} launching scan of /usr/local/nginx/html changes in last 2d to background, see /usr/local/maldetect/logs/event_log for progress
Aug 06 03:19:57 vps maldet(31173): {scan} launching scan of /var/www/html changes in last 2d to background, see /usr/local/maldetect/logs/event_log for progress
Aug 06 03:19:57 vps maldet(31309): {scan} launching scan of /home/nginx/domains/?/public changes in last 2d to background, see /usr/local/maldetect/logs/event_log for progress
Aug 06 03:19:58 vps maldet(31437): {scan} launching scan of /boot changes in last 2d to background, see /usr/local/maldetect/logs/event_log for progress
Aug 06 03:19:58 vps maldet(31068): {scan} signatures loaded: 17085 (14276 MD5 | 2030 HEX | 779 YARA | 0 USER)
Aug 06 03:19:58 vps maldet(31068): {scan} building file list for  of new/modified files from last 2 days, this might take awhile...
Aug 06 03:19:58 vps maldet(30987): {scan} signatures loaded: 17085 (14276 MD5 | 2030 HEX | 779 YARA | 0 USER)
Aug 06 03:19:58 vps maldet(31068): {scan} setting nice scheduler priorities for all operations: cpunice 19 , ionice 6
Aug 06 03:19:58 vps maldet(31173): {scan} signatures loaded: 17085 (14276 MD5 | 2030 HEX | 779 YARA | 0 USER)
Aug 06 03:19:58 vps maldet(30987): {scan} building file list for  of new/modified files from last 1 days, this might take awhile...
Aug 06 03:19:58 vps maldet(31068): {scan} executed eval /bin/nice -n 19 /bin/find "/usr/local/nginx/html" /tmp /var/tmp /dev/shm /var/fcgi_ipc -maxdepth 15 -regextype posix-egrep -type f \( -mtime -2 -o -ctime -2 \) -size +24c -size -6947618c  -not -perm 000   -not -uid 0 -not -gid 0
Aug 06 03:19:58 vps maldet(31173): {scan} building file list for  of new/modified files from last 2 days, this might take awhile...
Aug 06 03:19:58 vps maldet(31309): {scan} signatures loaded: 17085 (14276 MD5 | 2030 HEX | 779 YARA | 0 USER)
Aug 06 03:19:58 vps maldet(30987): {scan} setting nice scheduler priorities for all operations: cpunice 19 , ionice 6
Aug 06 03:19:58 vps maldet(31309): {scan} building file list for  of new/modified files from last 2 days, this might take awhile...
Aug 06 03:19:58 vps maldet(31173): {scan} setting nice scheduler priorities for all operations: cpunice 19 , ionice 6
Aug 06 03:19:58 vps maldet(31309): {scan} setting nice scheduler priorities for all operations: cpunice 19 , ionice 6
Aug 06 03:19:58 vps maldet(31309): {scan} executed eval /bin/nice -n 19 /bin/find "/home/nginx/domains/demodomain.com/public" "/home/nginx/domains/domain.name/public" /tmp /var/tmp /dev/shm /var/fcgi_ipc -maxdepth 15 -regextype posix-egrep -type f \( -mtime -2 -o -ctime -2 \) -size +24c -size -6947618c  -not -perm 000   -not -uid 0 -not -gid 0
Aug 06 03:19:58 vps maldet(31437): {scan} signatures loaded: 17085 (14276 MD5 | 2030 HEX | 779 YARA | 0 USER)
Aug 06 03:19:58 vps maldet(31437): {scan} building file list for  of new/modified files from last 2 days, this might take awhile...
Aug 06 03:19:58 vps maldet(30987): {scan} executed eval /bin/nice -n 19 /bin/find "/home\*/\*/public_html/" "/var/www/html/" "/usr/local/apache/htdocs/" /tmp /var/tmp /dev/shm /var/fcgi_ipc -maxdepth 15 -regextype posix-egrep -type f \( -mtime -1 -o -ctime -1 \) -size +24c -size -6947618c  -not -perm 000   -not -uid 0 -not -gid 0
Aug 06 03:19:58 vps maldet(31173): {scan} executed eval /bin/nice -n 19 /bin/find "/var/www/html" /tmp /var/tmp /dev/shm /var/fcgi_ipc -maxdepth 15 -regextype posix-egrep -type f \( -mtime -2 -o -ctime -2 \) -size +24c -size -6947618c  -not -perm 000   -not -uid 0 -not -gid 0
Aug 06 03:19:58 vps maldet(31437): {scan} setting nice scheduler priorities for all operations: cpunice 19 , ionice 6
Aug 06 03:19:58 vps maldet(31437): {scan} executed eval /bin/nice -n 19 /bin/find "/boot" /tmp /var/tmp /dev/shm /var/fcgi_ipc -maxdepth 15 -regextype posix-egrep -type f \( -mtime -2 -o -ctime -2 \) -size +24c -size -6947618c  -not -perm 000   -not -uid 0 -not -gid 0
Aug 06 03:19:58 vps maldet(31576): {scan} launching scan of /etc changes in last 2d to background, see /usr/local/maldetect/logs/event_log for progress
Aug 06 03:19:58 vps maldet(31926): {scan} launching scan of /usr changes in last 2d to background, see /usr/local/maldetect/logs/event_log for progress
Aug 06 03:19:58 vps maldet(31576): {scan} signatures loaded: 17085 (14276 MD5 | 2030 HEX | 779 YARA | 0 USER)
Aug 06 03:19:58 vps maldet(31576): {scan} building file list for  of new/modified files from last 2 days, this might take awhile...
Aug 06 03:19:58 vps maldet(31576): {scan} setting nice scheduler priorities for all operations: cpunice 19 , ionice 6
Aug 06 03:19:58 vps maldet(31576): {scan} executed eval /bin/nice -n 19 /bin/find "/etc" /tmp /var/tmp /dev/shm /var/fcgi_ipc -maxdepth 15 -regextype posix-egrep -type f \( -mtime -2 -o -ctime -2 \) -size +24c -size -6947618c  -not -perm 000   -not -uid 0 -not -gid 0
Aug 06 03:19:58 vps maldet(31926): {scan} signatures loaded: 17085 (14276 MD5 | 2030 HEX | 779 YARA | 0 USER)
Aug 06 03:19:58 vps maldet(31926): {scan} building file list for  of new/modified files from last 2 days, this might take awhile...
Aug 06 03:19:58 vps maldet(31926): {scan} setting nice scheduler priorities for all operations: cpunice 19 , ionice 6
Aug 06 03:19:58 vps maldet(31926): {scan} executed eval /bin/nice -n 19 /bin/find "/usr" /tmp /var/tmp /dev/shm /var/fcgi_ipc -maxdepth 15 -regextype posix-egrep -type f \( -mtime -2 -o -ctime -2 \) -size +24c -size -6947618c  -not -perm 000   -not -uid 0 -not -gid 0
Aug 06 03:19:58 vps maldet(30987): {scan} file list completed in 0s, found 489 files...
Aug 06 03:19:58 vps maldet(31437): {scan} file list completed in 0s, found 489 files...
Aug 06 03:19:58 vps maldet(31068): {scan} file list completed in 0s, found 489 files...
Aug 06 03:19:58 vps maldet(31173): {scan} file list completed in 0s, found 489 files...
Aug 06 03:19:58 vps maldet(31437): {scan} found clamav binary at /bin/clamscan, using clamav scanner engine...
Aug 06 03:19:58 vps maldet(30987): {scan} found clamav binary at /bin/clamscan, using clamav scanner engine...
Aug 06 03:19:58 vps maldet(31068): {scan} found clamav binary at /bin/clamscan, using clamav scanner engine...
Aug 06 03:19:58 vps maldet(31173): {scan} found clamav binary at /bin/clamscan, using clamav scanner engine...
Aug 06 03:19:58 vps maldet(31437): {scan} scan of  (489 files) in progress...
Aug 06 03:19:58 vps maldet(30987): {scan} scan of  (489 files) in progress...
Aug 06 03:19:58 vps maldet(31068): {scan} scan of  (489 files) in progress...
Aug 06 03:19:58 vps maldet(31173): {scan} scan of  (489 files) in progress...
Aug 06 03:19:58 vps maldet(31576): {scan} file list completed in 0s, found 490 files...
Aug 06 03:19:58 vps maldet(31576): {scan} found clamav binary at /bin/clamscan, using clamav scanner engine...
Aug 06 03:19:58 vps maldet(31576): {scan} scan of  (490 files) in progress...
Aug 06 03:20:04 vps maldet(31309): {scan} file list completed in 6s, found 491 files...
Aug 06 03:20:04 vps maldet(31309): {scan} found clamav binary at /bin/clamscan, using clamav scanner engine...
Aug 06 03:20:04 vps maldet(31309): {scan} scan of  (491 files) in progress...
Aug 06 03:20:39 vps maldet(31926): {scan} file list completed in 40s, found 489 files...
Aug 06 03:20:39 vps maldet(31926): {scan} found clamav binary at /bin/clamscan, using clamav scanner engine...
Aug 06 03:20:39 vps maldet(31926): {scan} scan of  (489 files) in progress...
Aug 06 03:23:34 vps maldet(31437): {scan} scan completed on : files 489, malware hits 0, cleaned hits 0, time 214s
Aug 06 03:23:34 vps maldet(31437): {scan} scan report saved, to view run: maldet --report 180806-0319.31437
Aug 06 03:23:50 vps maldet(30987): {scan} scan completed on : files 489, malware hits 0, cleaned hits 0, time 233s
Aug 06 03:23:50 vps maldet(30987): {scan} scan report saved, to view run: maldet --report 180806-0319.30987
Aug 06 03:23:50 vps maldet(31309): {scan} scan completed on : files 491, malware hits 0, cleaned hits 0, time 233s
Aug 06 03:23:50 vps maldet(31309): {scan} scan report saved, to view run: maldet --report 180806-0319.31309
Aug 06 03:23:50 vps maldet(31068): {scan} scan completed on : files 489, malware hits 0, cleaned hits 0, time 233s
Aug 06 03:23:50 vps maldet(31068): {scan} scan report saved, to view run: maldet --report 180806-0319.31068
Aug 06 03:23:50 vps maldet(31576): {scan} scan completed on : files 490, malware hits 0, cleaned hits 0, time 232s
Aug 06 03:23:50 vps maldet(31576): {scan} scan report saved, to view run: maldet --report 180806-0319.31576
Aug 06 03:23:51 vps maldet(31173): {scan} scan completed on : files 489, malware hits 0, cleaned hits 0, time 234s
Aug 06 03:23:51 vps maldet(31173): {scan} scan report saved, to view run: maldet --report 180806-0319.31173
Aug 06 03:23:58 vps maldet(31926): {scan} scan completed on : files 489, malware hits 0, cleaned hits 0, time 240s
Aug 06 03:23:58 vps maldet(31926): {scan} scan report saved, to view run: maldet --report 180806-0319.31926

eva2000 · Aug 7, 2018

Cron only triggers maldet. How long it then runs, is up to how many files it has to scan and speed of your server

Meirami · Aug 7, 2018

eva2000 said: ↑

Cron only triggers maldet. How long it then runs, is up to how many files it has to scan and speed of your server
Click to expand...

So is it actually launching all executables at the same time in the cron.daily directory?
According to journalctl command, there are 1. executable started and later 1. executable stopped. After that comes 2. executable started and so on. There may be other jobs (not cron.daily) between start and stop. I just thought the stop actually means the job is done, because different jobs runs different times...

eva2000 · Aug 7, 2018

Cronjob only starts maldet scan as with any other cronjobs when they stop is up to the program or script that is started

Meirami · Aug 7, 2018

eva2000 said: ↑

Cronjob only starts maldet scan as with any other cronjobs when they stop is up to the program or script that is started
Click to expand...

That's the part I understand.
I don't understand why Journalctl logs that cron.daily maldet stopped at Aug 06 03:19:58 and in the Maldetect event_log you can see that first scan completed at Aug 06 03:23:34. 3 and a half minute later.

eva2000 · Aug 7, 2018

Hard to know when maldet reports finish could be when it found clamav binary and passed the scan over to clamav binary

David Coate · Feb 6, 2021

I had to install notify-tools for the Maldet service to start with current version of the Maldet.sh Addon.

eva2000 · Feb 7, 2021

David Coate said: ↑

I had to install notify-tools for the Maldet service to start with current version of the Maldet.sh Addon.
Click to expand...

interesting. Thanks for the heads up !

happyhacking · Jun 11, 2022

eva2000 said: ↑

interesting. Thanks for the heads up !
Click to expand...

Confirmed: The Maldet service requires inotify-tools:
Code:
maldet(882): {mon} could not find inotifywait command, install yum package inotify-tools or download from https://github.com/rvoicilas/inotify-tools/wiki/
systemd[1]: Can't open PID file /usr/local/maldetect/tmp/inotifywait.pid (yet?) after start: No such file or directory
systemd[1]: Failed to start Linux Malware Detect monitoring - maldet.
Then adding the following command to the maldet.sh script will fix it:
Code:
yum -y install inotify-tools
Or perhaps a centmin detection routine for maldet service failed startup.

Log in / Register

Forums

Want to subscribe to topics you're interested in?

Featured Maldet - Linux Malware Detect Addon (discussion)

eva2000 Administrator Staff Member

rc112 Member

eva2000 Administrator Staff Member

rc112 Member

pamamolf Well-Known Member

eva2000 Administrator Staff Member

eva2000 Administrator Staff Member

Meirami Active Member

eva2000 Administrator Staff Member

robert syputa Member

Attached Files:

av-test-lab-detection-rates-of-linux-security-packages-100619725-large.idge.gif

eva2000 Administrator Staff Member

Meirami Active Member

eva2000 Administrator Staff Member

Meirami Active Member

eva2000 Administrator Staff Member

Meirami Active Member

eva2000 Administrator Staff Member

David Coate New Member

eva2000 Administrator Staff Member

happyhacking Premium Member Premium Member

.

Log in / Register

Useful Searches

Want to subscribe to topics you're interested in?

Featured Maldet - Linux Malware Detect Addon (discussion)

eva2000 Administrator Staff Member

rc112 Member

eva2000 Administrator Staff Member

rc112 Member

pamamolf Well-Known Member

eva2000 Administrator Staff Member

eva2000 Administrator Staff Member

Meirami Active Member

eva2000 Administrator Staff Member

robert syputa Member

Attached Files:

av-test-lab-detection-rates-of-linux-security-packages-100619725-large.idge.gif

eva2000 Administrator Staff Member

Meirami Active Member

eva2000 Administrator Staff Member

Meirami Active Member

eva2000 Administrator Staff Member

Meirami Active Member

eva2000 Administrator Staff Member

David Coate New Member

eva2000 Administrator Staff Member

happyhacking Premium Member Premium Member

.