Linux Malware Detect, Debian, and Plesk

Package installation

The easiest way to install Linux Malware Detect will be to use a package. Jan Wagner has put a lot of effort into debianising LMD so a big shout out to him (his Github repo). I merely built the package from the repo.

So without further ado, here is the download.

maldetect_1.4.2+dfsg-13_all.deb

Manual installation

Linux Malware Detect will not run out of the box in monitor mode (scan mode works fine) on a Debian system. There are a few things you need to do to get it working.

LMD comes with a 32-bit inotifywait binary and associated libinotifytools library. Debian Wheezy will not run 32-bit binaries out of the box. We can make it run 32-bit binaries but there’s a whole lot of additional packages you need to install, which we won’t do in order to keep things tidy.
We’ll first need to install the inotify-tools and libinotifytools0 packages which will put 64-bit versions of inotify on the system.

apt-get install inotify-tools libinotifytools0

In internals.conf, change the location of the inotifywait path to /usr/bin/inotifywait

sed -i -e"s/\$inspath\/inotify\/inotifywait/\/usr\/bin\/inotifywait/" /usr/local/maldetect/internals.conf

You may need to tweak inotify_base_watches if you have lots of paths/files.

Scanning the docroots

Now if you’re working with Plesk, you’ll only want LMD to monitor the docroots. Run the following to create a file with a list of all the docroots:

mysql -ss -uadmin -p`cat /etc/psa/.psa.shadow` psa -e "select www_root from hosting;" > /usr/local/maldetect/maldetfilelist

You can then start LMD with:

maldet -m /usr/local/maldetect/maldetfilelist

4 thoughts on “Linux Malware Detect, Debian, and Plesk”

  1. Thank you for your fix!! I’ve received error: “no inotify process found” when try to run maldet monitor. But your solution work perfectly for me. (Ubuntu server).

  2. It works! thank you!

    Note: New Maldet version automatically search for inotifywait location. So, now you do not need edit internals.conf file. Simply install inotify-tools and launch the maldet monitor 🙂

Leave a Comment

Your email address will not be published. Required fields are marked *

Scroll to Top