Otu esi etinye ma jiri Maldet na Ubuntu 20.04

Linux Malware Chọpụta (LMD), bụkwa nke a maara dị ka Maldet, bụ nyocha malware maka Linux ewepụtara n'okpuru ikike GNU GPLv2. Maldet bụ ihe a ma ama n'etiti sysadmins na webụsaịtị devs n'ihi na ọ na-elekwasị anya na nchọpụta nke azụ azụ PHP, ndị na-ezigara ozi gbara ọchịchịrị, na ọtụtụ faịlụ ọjọọ ndị ọzọ enwere ike ibugo na webụsaịtị mebiri emebi site na iji data iyi egwu sitere na sistemu ịchọpụta intrusion netwọkụ wepụta malware nke bụ. A na-eji ya eme ihe na mbuso agha ma na-ewepụta mbinye aka maka nchọpụta.

N'ime nkuzi a, ị ga-amụta otu esi etinye ma jiri Maldet na Ubuntu 20.04 LTS. Otu ụkpụrụ ahụ ga-arụ ọrụ maka ụdị ọhụrụ Ubuntu 21.04 (Hirsute Hippo).

Prerequisites

  • OS akwadoro: Ubuntu 20.04 - nhọrọ (Ubuntu 21.04 na Linux Mint 20)
  • Akaụntụ onye ọrụ: Akaụntụ onye ọrụ nwere sudo ma ọ bụ ohere mgbọrọgwụ.
  • Ngwungwu achọrọ: wget

Lelee ma kwalite sistemụ arụmọrụ Ubuntu 20.04 gị na mbụ site na iwu a:

sudo apt update && sudo apt upgrade -y

wụnye (wget) ngwugwu ma ọ bụrụ na ịnweghị ya na sistemụ Ubuntu gị:

sudo apt install wget -y

Rịba ama maka ndị ọrụ novice, ọ bụrụ na ejighị n'aka, mebie iwu ahụ.


Advertisement


Ịwụnye Maldet

Iji wụnye Maldet, ị ga-achọ ebe nchekwa ngwugwu ha, nke enwere ike ịhụ na onye ọrụ gọọmentị download page. Agbanyeghị, mgbe nkwalite emee, ha anaghị agbanwe URL faịlụ ahụ, yabụ na ọ dabara nke ọma, njikọ nbudata agaghị agbanwe mgbe niile.

N'oge nkuzi a, mbipute (1.6.4) bụ nke kacha ọhụrụ; Otú ọ dị, ka oge na-aga, nke a ga-agbanwe. Ka ibudata ụdị ọhụrụ ugbu a na n'ọdịnihu, pịnye iwu a:

cd /tmp/ && wget http://www.rfxn.com/downloads/maldetect-current.tar.gz

N'akụkụ na-esote, ị ga-achọ iwepụ ebe nchekwa ahụ, nke ị nwere ike iji iwu a:

tar xfz maldetect-current.tar.gz

Ọ dị mma ịlele na ewepụtara ihe niile n'oge a. Enwere ike iji nke a mee nke a (ls) nye iwu dika ndi a:

ls

Ihe atụ mmepụta:

Otu esi etinye maldet na ubuntu 20.04

Ugbu a ị kwuputala na ewepụtara ebe nchekwa ahụ nke ọma, ị ga-eme ya (CD) n'ime ndekọ ma mebie edemede nrụnye iji wụnye Maldet na iwu a:

cd maldetect-1.6.4 && ./install.sh

Nwụnye kwesịrị zuru ezu n'ime ihe nke sekọnd, ma ị ga-enweta ụdị mmepụta dị ka n'okpuru:

Otu esi etinye maldet na ubuntu 20.04

Na-ahazi Maldet

Ugbu a ịmechara edemede nrụnye nke ọma, ị nwere ike gbanwee faịlụ nhazi site na iji editọ ederede masịrị gị. N'okpuru bụ ọmụmaatụ ụfọdụ ntọala na omume na-ewu ewu iji (nano) editọ ederede:

Nke mbụ, mepee (conf.maldet) faịlụ:

sudo nano /usr/local/maldetect/conf.maldet

Ọzọ, chọta ahịrị ndị a wee dezie ha ka ọ bụrụ n'okpuru:

# To enable the email notification.
email_alert="1"

# Specify the email address on which you want to receive an email notification.
email_addr="user@domain.com"

# Enable the LMD signature autoupdate.
autoupdate_signatures="1"

# Enable the automatic updates of the LMD installation.
autoupdate_version="1"

# Enable the daily automatic scanning.
cron_daily_scan="1"

# Allows non-root users to perform scans.
scan_user_access="1"
 
# Move hits to quarantine & alert
quarantine_hits="1"

# Clean string based malware injections.
quarantine_clean="0"

# Suspend user if malware found. 
quarantine_suspend_user="1"

# Minimum userid value that be suspended
quarantine_suspend_user_minuid="500"

# Enable Email Alerting
email_alert="1"

# Email Address in which you want to receive scan reports
email_addr="you@domain.com"

# Use with ClamAV
scan_clamscan="1"

# Enable scanning for root-owned files. Set 1 to disable.
scan_ignore_root="0"

Mara, ntọala niile ebe a bụ nhọrọ, ma ị nwere ike ịtọ nke gị n'ihi na enweghị azịza ziri ezi ma ọ bụ na-ezighi ezi ebe a.


Advertisement


Na-emelite Maldet

Mbụ, gbaa iwu a ka ịmepụta ụzọ ziri ezi maka onye abanyela; ị nwere ike inwe nsogbu imelite na-emeghị nke a.

sudo /usr/local/sbin/maldet --mkpubpaths

Ka imelite nchekwa data nkọwa nje Maldet, mebie iwu a:

maldet -u

Ihe atụ mmepụta:

Otu esi etinye maldet na ubuntu 20.04

Nke abuo, ka ịlele maka ụdị ngwa ngwa ndị ọhụrụ, pịnye iwu a:

maldet -d

Ihe atụ mmepụta:

Otu esi etinye maldet na ubuntu 20.04

Nhọrọ – Wụnye ClamAV

Otu akụkụ kachasị mma gbasara iji Maldet bụ ndakọrịta ya na ClamAV, nke nwere ike ịbawanye ikike nyocha Maldet site na ọtụtụ ihe.

Iji wụnye ClamAV, ị nwere ike ime ya site na ịme iwu ndị a:

sudo apt install clamav clamav-daemon clamdscan -y

Biko hụ ntuziaka anyị maka ịwụnye na iji ClamAV na Ubuntu 20.04 maka ntuziaka zuru oke na ịtọlite ​​​​ClamAV.


Advertisement


Iji Maldet nyochaa - Ọmụmaatụ

Nke mbụ, ị ga-amata nke ọma na syntax Maldet. Iwu niile na-amalite na maldet wee soro nhọrọ na ụzọ ndekọ aha, dịka ọmụmaatụ, maldet [OPTION] [Ụzọ ntụaka].

N'okpuru kpuchiri ọtụtụ ihe atụ syntax na Maldet:

  • -b: Mee ọrụ n'azụ.
  • - ị: Melite mbinye aka nchọpụta malware.
  • -l: Lelee mmemme faịlụ log maldet.
  • -d: Melite ụdị arụnyere.
  • -a: Nyochaa faịlụ niile dị n'ụzọ ahụ.
  • -p : Hichapụ ndekọ, nnọkọ na data nwa oge.
  • -q: Kpụrụ malware niile na akụkọ ahụ.
  • -n: Hichaa & weghachi malware site na akụkọ ahụ.

Iji nwalee Maldet wee hụ na ọ na-arụ ọrụ nke ọma, ị nwere ike ịnwale ọrụ LMD site na nbudata a. (ihe atụ mbinye aka nje) sitere na webụsaịtị EICAR.

cd /tmp
wget http://www.eicar.org/download/eicar_com.zip
wget http://www.eicar.org/download/eicarcom2.zip

Na-esote, ị ga-eme ihe (maldet) iwu ka inyocha ihe (tmp) ndekọ dị ka ndị a:

maldet -a /tmp

Ugbu a, na faịlụ anyị butere, ị ga-enweta ụdị mmepụta dị ka n'okpuru:

Otu esi etinye maldet na ubuntu 20.04

Anyị edobela ka anyị ghara ichepụ iche maka nhazi anyị n'ihi na mgbe ụfọdụ ụgha ụgha na iwepu faịlụ na sava dị ndụ nwere ike ịkpata ọtụtụ nsogbu. Ezigbo sysadmin ga na-elele oge niile iji lelee nsonaazụ ya.

Ọzọkwa, site na mmepụta, ị nwere ike ịhụ nke ọma na n'ime ihe nkesa ule anyị, anyị etinyela ClamAV na Maldet na-eji igwe nyocha ClamAV iji mee nyocha ahụ wee nwee ike ịchọta malware.

Ụfọdụ iwu ndị ọzọ ị nwere ike ime bụ lekwasịrị anya ndọtị faịlụ ihe nkesa gị; Faịlụ PHP na-abụkarị ebumnuche nke ọtụtụ ọgụ. Ka iṅomi faịlụ .php, jiri ihe ndị a:

maldet -a /var/www/html/*.php

Nke a dị mma maka weebụsaịtị ma ọ bụ sava ndị nwere ọtụtụ faịlụ iji nyochaa, na obere sava ga-erite uru site na nyochaa ndekọ ndekọ niile.

Akụkọ nyocha Maldet

Maldet na-echekwa akụkọ nyocha n'okpuru ebe ndekọ aha (/usr/ local/maldetect/sess/). Ị nwere ike iji iwu na-esonụ yana (Scan ID) ka ịhụ akụkọ zuru ezu dị ka ndị a:

sudo maldet --report 210724-0528.4723

Na-esote, a ga-akpọrọ gị gaa na mkpesa mmapụta na editọ ederede (nano) dịka ọmụmaatụ n'okpuru:

Otu esi etinye maldet na ubuntu 20.04

Dị ka ị na-ahụ, akụkọ zuru ezu nke ndepụta hit na nkọwa ndị gbara ya gburugburu bụ maka nyocha na nyocha ọzọ. Echekwala faịlụ a (CTRL+X) ịpụ apụ ozugbo emechara.


Advertisement


Okwu na mmechi

N'ime nkuzi na-esote, ị mụtala ka esi etinye Maldet na Ubuntu 20.04 wee jiri isi ihe dị na sava weebụ wee nyochaa faịlụ ndị butere ọrịa. N'ozuzu, ngwanro ahụ bụ ụzọ dị irè isi ihicha ọrịa ahụ ma dị mma na ya, n'agbanyeghị na ịchebe onye ọrụ ma ọ bụ weebụsaịtị ka dị mkpa iji zere ọrịa ọzọ na kwesịrị ịbụ isi ihe mbụ tupu iji Maldet, dị ka ezigbo nchebe na nhazi. ọ fọrọ nke nta ka ọ bụrụ mgbe niile igbochi ọrịa na-eme na mbụ.

Ọ bụrụ na ị ga-achọ ịmatakwu gbasara iwu Maldet, gaa na onye ọrụ gọọmentị ibe akwukwo.

Idenye aha
Gwa nke
0 Comments
Inline nzaghachi
Lee echiche niile
0
Ga-ahụ n'anya gị echiche, biko okwu.x