You may ask, can Linux get attacked by malware? The answer is always yes. Though most of the malware is created for windows, it is possible that your Linux computer can also get attacked by malware. Linux malware detect (LMD) is a tool that can be used on the Linux system to scan, detect, and remove malware from your system. The LMD can be used as a backdoor scanner on Linux. You can also use the LMD with another antivirus to make the Linux system more secure and virus free.
How LMD Works on Linux
Simple password, spam, botnet, vulnerabilities, running infected applications can be the reason how Linux can be attacked by malware. The LMD is a real-time malware detection tool for Linux. You can use the LMD with ClamAV antivirus to make the LMD more efficient and strong.
The LMD can be used to scan and find malware on the Linux filesystem and directories. It can be programmed to scan the directory both automatically and manually. The LMD can perform static analysis, dynamic analysis, and memory analysis to detect malware on Linux. Malware can also be detected by analyzing the actions of the processor and memory unit.
There are two types of high-level malware detection methods available on Linux. They are the signature-based analysis and signature-free analysis. The signature-based analysis is the method to scan malware on databases and Linux servers. And, the signature free analysis is an alternative way to find malware by monitoring the system and devices. In this post, we will see how to install and configure LMD on Linux.
Step 1: Download LMD on Linux
The very first step of installing LMD on Linux is to download the Maldetect file on your system. If you are a Debian or Ubuntu user, I will recommend you to use the cURL tool to download the file. If you are a Red Hat, Fedora, or other Linux user, you can use either the wget
command or the cURL command to download the Maldetect file.
If you find any server or network error, please use the https
instead of http
in the address line. You can also download the Maldetect file manually from here.
The terminal command line to download the Maldetect file is given below. Normally the file is downloaded and stored in the home
directory of your Linux system. But you can create a temporary file directory to store the file.
cd /tmp/
curl -O https://www.rfxn.com/downloads/maldetect-current.tar.gz
Step 2: Extract and Install LMD
Till now, we have downloaded the compressed file of Maldetect; now, we have to extract and install the LMD tool on our Linux machine. You can either use the default archive manager of Linux, or you can use the following terminal command to extract the tar file.
tar -zxvf maldetect-current.tar.gz
Now, enter the directory of the Maldetect and run the install script to initialize the installation process of LMD on your Linux machine. Don’t forget to run all the operations as a superuser.
cd maldetect-1.6.4
./install.sh
After the installation is finished, you will be able to see the version and the total number of users of LMD on your Linux terminal shell. You can also check the version of LMD by performing the following terminal command.
lmd --version
Step 3: Configure LMD on Linux
After the installation is done, you can now open the configuration script to add your desired rules inside the LMD program. You can use any text editor to update the LMD configuration script. Here, I’m going to open the LMD configuration script using the GNU Nano text editor. Use the following terminal command line to open the configuration script.
nano /usr/local/maldetect/conf.maldet
You can configure the email alert, root directory scan, quarantine hits, malware injections, and suspend user settings by adding the following configuration script in your LMD configuration. After the configuration is placed correctly, you can save and exit the text editor. Be careful when you edit the LMD configuration script. The security of your Linux system can be compromised if you put wrong LMD settings inside the script.
# Enable Email Alerting
email_alert="1"
# Email Address in which you want to receive scan reports
email_addr="you@domain.com"
# Enable scanning for root-owned files. Set 1 to disable.
scan_ignore_root="0"
# Move threats to quarantine
quarantine_hits="1"
# Clean string based malware injections
quarantine_clean="1"
# Suspend user if malware found.
quarantine_suspend_user="1"
# Minimum userid value that be suspended
quarantine_suspend_user_minuid="500"
Step 4: Get Started With LMD
After the configuration part is done, now it’s time to check the system and find some malware. We can either run an automatic malware detect daemon inside the Linux filesystem, or we can perform some quick scans. The LMD can be used to kill and remove malware from your Linux system. A few important and primary operations of LMD are given below.
Use LMD to scan the temp directory.
maldet -a /tmp
Assign a path to scan the system
sudo maldet -a /path/to/home
Create a scan report from the scan ID
sudo maldet --report 200809-1241.5744
Perform an update check of LMD
maldet -u
Use this command to update the LMD
maldet -d
Run the LMD daemon in the background
maldet -b -r /home/username/
Make an index of the scanned and affected file
maldet -e list
Print the log file
maldet -l
To get more command syntax and user guide, you can check the LMD help index from the Linux terminal shell.
lmd --help
Ending Words
The LMD works with some basic principles to find malware on the Linux machine. It can monitor and read the system parameters to detect unusual activities. In this post, I have described how the LMD works on Linux. I have also explained how to install and configure the Linux Malware Detect (LMD) on Linux.
If you are running any Linux distros on a raspberry pi board, you can secure your Pi board by installing the LMD on your system. You can also protect your Linux server form malware by using the LMD on your server.
If you find this post beneficial and helpful, please share it with your friends and the Linux community. You can also write your valuable judgments in the comment segment. Please let us know which tool you are using to protect your Linux machine from malware.
Hei,
thank you.
I don’t want to scan the whole computer and wait several days.
1. Can you sent example what to do if you want to exclude some directories in /home.
Howto find malicious files after some days and delete them after they were isolated.
I’m using Linux Lite and I need a virus/malware checker to help ensure security, especially for accessing online/secure sites.
Coming from a Windows background I find it hard to adjust to the complexity of Linux in this respect. e.g. …..with Windows its download / install and forget about it, since the software will run regular auto scans and updates for you automatically.
With Linux however its a command line slog, even to do simple things like update virus definitions
after installing maldet can not do ssh to server. i am getting everytime connection closed een after finish of the malvare check.