nstallation
=========
# wget http://www.rfxn.com/downloads/maldetect-current.tar.gz
# tar -xzvf maldetect-current.tar.gz
# cd maldetect-*
# sh install.sh
# maldet --update-ver
# maldet --update
After running the install script , the installation will complete with in seconds and you will be provided with successful installation output, in this information some of the main configuration and usage related information provided is below :installation completed to /usr/local/maldetect
config file: /usr/local/maldetect/conf.maldet
exec file: /usr/local/maldetect/maldet
exec link: /usr/local/sbin/maldet
exec link: /usr/local/sbin/lmd
cron.daily: /etc/cron.daily/maldet
As you can see from above output the main configuration file for malware detect is located at below path :
/usr/local/maldetect/conf.maldet
The main cron is located at /etc/cron.daily/maldet
The configuration file is fully commented so you should be able to make out most options but lets take a moment to review the more important ones anyways.
email_alert
This is a top level toggle for the e-mail alert system, this must be turned on if you want to receive alerts.
email_addr
This is a comma spaced list of e-mail addresses that should receive alerts.
quar_hits
This tells LMD that it should move malware content into the quarantine path and strip it of all permissions. Files are fully restorable to original path, owner and permission using the –restore FILE option.
quar_clean
This tells LMD that it should try to clean malware that it has cleaner rules for, at the moment base64_decode and gzinflate file injection strings can be cleaned. Files that are cleaned are automatically restored to original path, owner and permission.
quar_susp
Using this option allows LMD to suspend a user account that malware is found residing under. On CPanel systems this will pass the user to /scripts/suspendacct and add a comment with the maldet report command to the report that caused the users suspension (e.g: maldet –report SCANID). On non-cpanel systems, the users shell will be set to /bin/false.
quar_susp_minuid
This is the minimum user id that will be evaluated for suspension, the default should be fine on most systems.
Usage & Manual Scan
=================
If we wanted to scan all user public_html paths under /home*/ this can be done with:
maldet –scan-all /home?/?/public_html
If you wanted to scan the same path but scope it to content that has been created/modified in the last 5 days you would run:
maldet –scan-recent /home?/?/public_html 5
If you performed a scan but forget to turn on the quarantine option, you could quarantine all malware results from a previous scan with:
maldet –quarantine SCANID
Similarly to the above, if you wanted to attempt a clean on all malware results from a previous scan that did not have the feature enabled, you would do so with:
maldet –clean SCANID
Monday, 30 April 2012
Sunday, 8 April 2012
How to increase disk inodes limit?
Question: You have a VPS client and he is asking to increase disk-inodes limit, how would you do that? Before we just jump and increase Disk-Inode, we will learn basic things about disk inodes, and here we go.
What is Disk Inodes?
Full information about Inodes can be found here, but for simplicity. Inodes is file identification number of each file in unix/linux system; contain information about like user and group ownership, access mode and type of file. 2 different file that have different information will create 2 Inodes, but 2 file that has exactly the same information will only create 1 Inode
To see the inode information of a file, you can use the following command.
# ls -i filename
How to increase Disk Inode?
grep DISK /etc/sysconfig/vz-scripts/255.conf (To check)
nano /etc/sysconfig/vz-scripts/255.conf (Edit disk Inodes)
Note: 255 is VPS ID
What is Disk Inodes?
Full information about Inodes can be found here, but for simplicity. Inodes is file identification number of each file in unix/linux system; contain information about like user and group ownership, access mode and type of file. 2 different file that have different information will create 2 Inodes, but 2 file that has exactly the same information will only create 1 Inode
To see the inode information of a file, you can use the following command.
# ls -i filename
How to increase Disk Inode?
grep DISK /etc/sysconfig/vz-scripts/255.conf (To check)
nano /etc/sysconfig/vz-scripts/255.conf (Edit disk Inodes)
Note: 255 is VPS ID
Subscribe to:
Posts (Atom)