Otu esi etinye Linux Malware Detect (Maldet) na Fedora 34

Linux Malware Chọpụta (LMD), bụkwa nke a maara dị ka Maldet, bụ nyocha malware maka Linux ewepụtara n'okpuru ikike GNU GPLv2. Maldet bụ ihe a ma ama n'etiti sysadmins na webụsaịtị devs n'ihi na ọ na-elekwasị anya na nchọpụta nke azụ azụ PHP, ndị na-ezigara ozi gbara ọchịchịrị, na ọtụtụ faịlụ ọjọọ ndị ọzọ enwere ike ibugo na webụsaịtị mebiri emebi site na iji data iyi egwu sitere na sistemu ịchọpụta intrusion netwọkụ wepụta malware nke bụ. A na-eji ya eme ihe na mbuso agha ma na-ewepụta mbinye aka maka nchọpụta.

N'ime nkuzi a, ị ga-amụta otu esi etinye ma jiri Maldet na Fedora 34.

Prerequisites

  • OS akwadoro: Linux Fedora 34 (Ụdị ọhụrụ ga-arụkwa ọrụ)
  • Akaụntụ onye ọrụ: Akaụntụ onye ọrụ nwere sudo ma ọ bụ ohere mgbọrọgwụ.

Na-emelite Sistemụ Ọrụ

Melite gi Fedora Sistemụ arụmọrụ iji hụ na ngwugwu niile dị adị adịla ugbu a:

sudo dnf update && sudo dnf upgrade -y

Advertisement


Wụnye Maldet

Iji wụnye Maldet, ị ga-achọ ebe nchekwa ngwugwu ha, nke enwere ike ịhụ na onye ọrụ gọọmentị download page. Agbanyeghị, mgbe nkwalite emee, ha anaghị agbanwe URL faịlụ ahụ, yabụ na ọ dabara nke ọma, njikọ nbudata agaghị agbanwe mgbe niile.

N'oge nkuzi a, mbipute (1.6.4) bụ nke kacha ọhụrụ; Otú ọ dị, ka oge na-aga, nke a ga-agbanwe. Ka ibudata ụdị ọhụrụ ugbu a na n'ọdịnihu, pịnye iwu a:

cd /tmp/ && wget http://www.rfxn.com/downloads/maldetect-current.tar.gz

N'akụkụ na-esote, ị ga-achọ iwepụ ebe nchekwa ahụ, nke ị nwere ike iji iwu a:

tar xfz maldetect-current.tar.gz

Ugbu a ị kwuputala na ewepụtara ebe nchekwa ahụ nke ọma, ị ga-eme ya (CD) n'ime ndekọ ma mebie edemede nrụnye iji wụnye Maldet na iwu a:

cd maldetect-1.6.4 && sudo ./install.sh

Nwụnye kwesịrị zuru ezu n'ime ihe nke sekọnd, ma ị ga-enweta ụdị mmepụta dị ka n'okpuru:

Otu esi etinye Linux Malware Detect (Maldet) na Fedora 34

Hazie Maldet

Ugbu a ịmechara edemede nrụnye nke ọma, ị nwere ike gbanwee faịlụ nhazi site na iji editọ ederede masịrị gị. N'okpuru bụ ọmụmaatụ ụfọdụ ntọala na omume na-ewu ewu iji (nano) editọ ederede:

Nke mbụ, mepee (conf.maldet) faịlụ:

sudo nano /usr/local/maldetect/conf.maldet

Ọzọ, chọta ahịrị ndị a wee dezie ha ka ọ bụrụ n'okpuru:

# To enable the email notification.
email_alert="1"

# Specify the email address on which you want to receive an email notification.
email_addr="user@domain.com"

# Enable the LMD signature autoupdate.
autoupdate_signatures="1"

# Enable the automatic updates of the LMD installation.
autoupdate_version="1"

# Enable the daily automatic scanning.
cron_daily_scan="1"

# Allows non-root users to perform scans.
scan_user_access="1"
 
# Move hits to quarantine & alert
quarantine_hits="1"

# Clean string based malware injections.
quarantine_clean="0"

# Suspend user if malware found. 
quarantine_suspend_user="1"

# Minimum userid value that be suspended
quarantine_suspend_user_minuid="500"

# Enable Email Alerting
email_alert="1"

# Email Address in which you want to receive scan reports
email_addr="you@domain.com"

# Use with ClamAV
scan_clamscan="1"

# Enable scanning for root-owned files. Set 1 to disable.
scan_ignore_root="0"

Mara, ntọala niile ebe a bụ nhọrọ, ma ị nwere ike ịtọ nke gị n'ihi na enweghị azịza ziri ezi ma ọ bụ na-ezighi ezi ebe a.


Advertisement


Melite nkọwa nje Maldet & Ngwa

Ka imelite nchekwa data nkọwa nje Maldet, mebie iwu a:

sudo maldet -u

Ihe atụ mmepụta:

Otu esi etinye Linux Malware Detect (Maldet) na Fedora 34

Nke abuo, ka ịlele maka ụdịdị sọftụwia dị ọhụrụ, pịnye iwu a:

sudo maldet -d

Ihe atụ mmepụta:

Otu esi etinye Linux Malware Detect (Maldet) na Fedora 34

Nhọrọ – Wụnye ClamAV

Otu akụkụ kachasị mma gbasara iji Maldet bụ ndakọrịta ya na ClamAV, nke nwere ike ịbawanye ikike nyocha Maldet site na ọtụtụ ihe.

Iji wụnye ClamAV, ị nwere ike ime ya site na ịme iwu ndị a:

sudo dnf install clamav clamav-devel -y

Na-esote, mee ka ClamAV:

sudo systemctl enable clamav-freshclam && sudo systemctl start clamav-freshclam

N'ikpeazụ, melite mbinye aka ClamAV gị site na iji iwu freshclam:

sudo freshclam

Ihe atụ mmepụta:

Database test passed.
main.cvd updated (version: 62, sigs: 6647427, f-level: 90, builder: sigmgr)
bytecode database available for download (remote version: 333)
Time:    0.4s, ETA:    0.0s [========================>]  286.79KiB/286.79KiB
Testing database: '/var/lib/clamav/tmp.c736fe0d50/clamav-c52c6549b6ff30a71e65db0c5647f2de.tmp-bytecode.cvd' ...
Database test passed.
bytecode.cvd updated (version: 333, sigs: 92, f-level: 63, builder: awillia2)

Advertisement


Iji Maldet nyochaa - Ọmụmaatụ

Nke mbụ, ị ga-amata nke ọma na syntax Maldet. Iwu niile na-amalite na maldet wee soro nhọrọ na ụzọ ndekọ aha, dịka ọmụmaatụ, maldet [OPTION] [Ụzọ ntụaka].

N'okpuru kpuchiri ọtụtụ ihe atụ syntax na Maldet:

  • -b: Mee ọrụ n'azụ.
  • - ị: Melite mbinye aka nchọpụta malware.
  • -l: Lelee mmemme faịlụ log maldet.
  • -d: Melite ụdị arụnyere.
  • -a: Nyochaa faịlụ niile dị n'ụzọ ahụ.
  • -p : Hichapụ ndekọ, nnọkọ na data nwa oge.
  • -q: Kpụrụ malware niile na akụkọ ahụ.
  • -n: Hichaa & weghachi malware site na akụkọ ahụ.

Iji nwalee Maldet wee hụ na ọ na-arụ ọrụ nke ọma, ị nwere ike ịnwale ọrụ LMD site na nbudata a. (ihe atụ mbinye aka nje) sitere na webụsaịtị EICAR.

cd /tmp
wget http://www.eicar.org/download/eicar_com.zip
wget http://www.eicar.org/download/eicarcom2.zip

Ọzọ, mgbe ị nọ n'ime / tmp ndekọ, ị ga-eme ihe (maldet) iwu ka inyocha ihe (tmp) ndekọ dị ka ndị a:

sudo maldet -a /tmp

Ugbu a, na ị kwesịrị nje faịlụ, ị ga-enweta ụdị mmepụta dị ka n'okpuru:

Otu esi etinye Linux Malware Detect (Maldet) na Fedora 34

Dị ka ị chọpụtala, a naghị edobe nkuzi a ka ọ bụrụ iche maka nhazi anyị. Mgbe ụfọdụ, nkwenye ụgha na iwepụ faịlụ na sava dị ndụ nwere ike ịkpata nsogbu karịa ka ọ na-edozi. Ezigbo sysadmin ma ọ bụ onye nwe ihe nkesa ga-anọgide na-enyocha ya mgbe niile iji lelee nsonaazụ ya wee nyochaa ya.

Ọzọkwa, site na mmepụta, ị nwere ike ịhụ na na ihe nkesa ule anyị, anyị etinyela ClamAV na Maldet na-eji igwe nyocha ClamAV iji mee nyocha ahụ wee nwee ihe ịga nke ọma n'ịchọta. 16 malware kụrụ.

Ụfọdụ iwu ndị ọzọ ị nwere ike ime bụ lekwasịrị anya ndọtị faịlụ ihe nkesa gị; Faịlụ PHP na-abụkarị ebumnuche nke ọtụtụ ọgụ. Ka iṅomi faịlụ .php, jiri ihe ndị a:

maldet -a /var/www/html/*.php

Nke a dị mma maka weebụsaịtị ma ọ bụ sava ndị nwere ọtụtụ faịlụ iji nyochaa, na obere sava ga-erite uru site na nyochaa ndekọ ndekọ niile.

Akụkọ nyocha Maldet

Maldet na-echekwa akụkọ nyocha n'okpuru ebe ndekọ aha (/usr/ local/maldetect/sess/). Ị nwere ike iji iwu a yana nke (Nchọpụta nyocha) ịhụ akụkọ zuru oke dịka ndị a:

Ọmụmaatụ naanị:

sudo maldet -q 210920-0904.6208

Na-esote, ị ga-ahụ akụkọ edepụtara na njedebe gị, na-edepụta nkọwa nke nyocha ahụ.

Ihe atụ mmepụta:

Otu esi etinye Linux Malware Detect (Maldet) na Fedora 34

Site ebe a, ị nwere ike nyochaa ma mee ihe n'iwepụ, idebanye aha ma ọ bụ ịchọ ime nyocha ọzọ.


Advertisement


Okwu na mmechi

N'ime nkuzi na-esote, ị mụtala ka esi etinye Maldet na Fedora wee jiri isi ihe dị na sava weebụ wee nyochaa faịlụ ndị butere ọrịa. N'ozuzu, ngwanro ahụ bụ ụzọ dị irè isi ihicha ọrịa ahụ ma dị mma na ya, n'agbanyeghị na ịchebe onye ọrụ ma ọ bụ weebụsaịtị ka dị mkpa iji zere ọrịa ọzọ na kwesịrị ịbụ isi ihe mbụ tupu iji Maldet, dị ka ezigbo nchebe na nhazi. ọ fọrọ nke nta ka ọ bụrụ mgbe niile igbochi ọrịa na-eme na mbụ.

Ọ bụrụ na ị ga-achọ ịmatakwu gbasara iwu Maldet, gaa na onye ọrụ gọọmentị ibe akwukwo.

Idenye aha
Gwa nke
0 Comments
Inline nzaghachi
Lee echiche niile
0
Ga-ahụ n'anya gị echiche, biko okwu.x