Cara install maldetect di Debian 10

Cara install Linux Malware Detect (LMD) atau Maldetect di Debian 10 secara urut pada Google Cloud atau VPS lainnya. Mari langsung saja

Cara install Linux Malware Detect (LMD) atau Maldetect di Debian 10 (VPS)

Masuk sebagai root untuk akses penuh

su

kemudian ketikan password root VPS anda

Masuk ke folder temporary

cd /tmp

kemudian download maldetect (LMD) terbaru dengan cara mengetikan perintah:

wget http://www.rfxn.com/downloads/maldetect-current.tar.gz

ekstrak hasil download dengan mengetikan:

tar -xvf maldetect-current.tar.gz

Akan tampil kurang lebih proses seperti ini:

maldetect-1.6.4/files/clean/js.inject.VisitorTracker
maldetect-1.6.4/files/clean/gzbase64.inject.unclassed
maldetect-1.6.4/files/ignore_sigs
maldetect-1.6.4/files/conf.maldet
maldetect-1.6.4/files/ignore_inotify
maldetect-1.6.4/files/sigs/
maldetect-1.6.4/files/sigs/hex.dat
maldetect-1.6.4/files/sigs/rfxn.yara
maldetect-1.6.4/files/sigs/rfxn.ndb
maldetect-1.6.4/files/sigs/rfxn.hdb
maldetect-1.6.4/files/sigs/md5v2.dat
maldetect-1.6.4/files/sigs/maldet.sigs.ver
maldetect-1.6.4/files/sigs/md5.dat
maldetect-1.6.4/files/sigs/rfxn.yara.bk
maldetect-1.6.4/files/sigs/appver/
maldetect-1.6.4/files/sigs/appver/wordpress.ver
maldetect-1.6.4/files/monitor_paths
maldetect-1.6.4/CHANGELOG
maldetect-1.6.4/CHANGELOG.VARIABLES
maldetect-1.6.4/COPYING.GPL
maldetect-1.6.4/CHANGELOG.RELEASE
maldetect-1.6.4/cron.d.pub
maldetect-1.6.4/.ca.def
maldetect-1.6.4/install.sh

hapus file tar.gz hasil download yang sudah di ekstrak agar mengurangi space yang digunakan. Ketikan perintah:

rm maldetect-current.tar.gz

masuk ke folder maldetect. Untuk versi disesuaikan versi saat ini ya:

cd maldetect-1.6.4

ketikan perintah ini untuk menginstal:

bash ./install.sh

Maka anda akan melihat proses seperti ini:

installation completed to /usr/local/maldetect

config file: /usr/local/maldetect/conf.maldet

exec file: /usr/local/maldetect/maldet

exec link: /usr/local/sbin/maldet

exec link: /usr/local/sbin/lmd

cron.daily: /etc/cron.daily/maldet

imported config options from /usr/local/maldetect.last/conf.maldet

maldet(13793): {sigup} performing signature update check...maldet(13793): {sigup} local signature set is version 201907043616

maldet(13793): {sigup} new signature set 2019081323971 available

maldet(13793): {sigup} downloading https://cdn.rfxn.com/downloads/maldet-sigpack.tgzmaldet(13793): {sigup} downloading https://cdn.rfxn.com/downloads/maldet-cleanv2.tgz

maldet(13793): {sigup} verified md5sum of maldet-sigpack.tgz

maldet(13793): {sigup} unpacked and installed maldet-sigpack.tgz

maldet(13793): {sigup} verified md5sum of maldet-clean.tgz

maldet(13793): {sigup} unpacked and installed maldet-clean.tgz

maldet(13793): {sigup} signature set update completed

maldet(13793): {sigup} 15550 signatures (12738 MD5 | 2035 HEX | 777 YARA | 0 USER)

Lalu edit file conf.maldet

nano /usr/local/maldetect/conf.maldet

Atur nilainya seperti berikut:

scan_clamscan="1"
email_alert="1"
email_addr="[email protected]"
quarantine_hits="1"
quarantine_clean="1"
quarantine_suspend_user="0"
quarantine_suspend_user_minuid="1000"

Masuk ke folder /usr/local/maldetect

cd /usr/local/maldetect

Buat alias maldet

alias maldet=/usr/local/sbin/maldet

ketikan su – untuk masuk ke root . Path root mencakup /usr/local/sbin pada banyak distribusi Linux termasuk debian.

su -

Download inotify-tools. Cara menginstall inotify di linux lain silahkan klik: github.com/rvoicilas/inotify-tools/wiki

apt-get install inotify-tools

Anda akan melihat proses:

Reading package lists... Done

Building dependency tree Reading state information... DoneThe following additional packages will be installed: libinotifytools0

The following NEW packages will be installed: inotify-tools libinotifytools

00 upgraded, 2 newly installed, 0 to remove and 5 not upgraded.Need to get 44.3 kB of archives.

After this operation, 145 kB of additional disk space will be used.Do you want to continue? [Y/n] y

Get:1 http://deb.debian.org/debian buster/main amd64 libinotifytools0 amd64 3.14-7 [18.7 kB]

Get:2 http://deb.debian.org/debian buster/main amd64 inotify-tools amd64 3.14-7 [25.5 kB]

Fetched 44.3 kB in 0s (2711 kB/s) Selecting previously unselected package libinotifytools0:amd64.(Reading database ... 43801 files and directories currently installed.)

Preparing to unpack .../libinotifytools0_3.14-7_amd64.deb ...Unpacking libinotifytools0:amd64 (3.14-7) ...Selecting previously unselected package inotify-tools.

Preparing to unpack .../inotify-tools_3.14-7_amd64.deb ...Unpacking inotify-tools (3.14-7) ...Setting up libinotifytools0:amd64 (3.14-7) ...Setting up inotify-tools (3.14-7) ...Processing triggers for libc-bin (2.28-10) ...

Cara menggunakan maldet

Cara scan folder tertentu

maldet -a /path_yang_akan_anda_scan/

Tunggu proses

Untuk Scan di background yang sangat ideal untuk scan berukuran besar (memakan waktu lama) kita bisa gunakan maldet -b

maldet -b -r /path_yang_akan_anda_scan/

Update maldetect ke versi terkini:

maldet -d

terminate inotify monitoring service kita gunakan -k, –kill

maldet -k

Karantina semua hasil SCANID

maldet –quarantine 081419-1234.2311159

Lihat laporan hasil scan terbaru dan kirim email

maldet –report SCANID [email protected]

Lihat laporan hasil scan terbaru

maldet –report 081419-1234.2311159

Restore hasil scan

maldet –restore 081419-1234.2311159

Melihat log

maldet -l

Hapus log

maldet -p

Menutup notify

killall inotifywait

 

Sekian panduan cara install Linux Malware Detect (LMD) atau Maldetect di Debian 10 secara urut pada Google Cloud atau VPS lainnya. Mari langsung saja