ClamAV is the best malicious scanning tool which comes with Cpanel/ WHM on Linux server.
You can use following steps to install and scan Clam AV.
Login your WHM >>> find the option "Manage Plugins >>> select Clam AV >>> install.
Once it is install then login your Linux server via SSH and create a directory under /home using following command.
cd /home; mkdir clamscan-infectedfiles
And then use following command to scan the Clam AV.
clamscan --exclude mail --exclude clamscan-infectedfiles -ri [a-z]* --move=clamscan-infectedfiles
Once the scanning process is completed then you will get the complete scanning report in following format.
==============================
----------- SCAN SUMMARY -----------
Known viruses:
Engine version:
Scanned directories:
Scanned files:
Infected files: 0
Data scanned: MB
Data read: MB (ratio 0.89:1)
Time: 000.000 sec (10 m 21 s)
=====================================
Saturday, February 9, 2013
Maldet - Linux Malware Detect (LMD)
Linux Malware Detect (LMD) is a malware scanner for Linux released under the GNU GPLv2 license, that is designed around the threats faced in shared hosted environments.
cd /usr/local/src
wget http://www.rfxn.com/downloads/maldetect-current.tar.gz
tar -xzvf maldetect-current.tar.gz
cd maldetect-*
sh install.sh
cd ..
rm -Rf maldetect-current.tar.gz
echo "Linux Malware Detect has been installed!"
To run the maldet
>maldet -a /
cd /usr/local/src
wget http://www.rfxn.com/downloads/maldetect-current.tar.gz
tar -xzvf maldetect-current.tar.gz
cd maldetect-*
sh install.sh
cd ..
rm -Rf maldetect-current.tar.gz
echo "Linux Malware Detect has been installed!"
To run the maldet
>maldet -a /
RootKit Hunter – A tool which scans for backdoors and malicious softwares present in the server.
Rkhunter (Rootkit Hunter) is an open source Unix/Linux based scanner tool for Linux systems released under GPL that scans backdoors, rootkits and local exploits on your systems. It scans hidden files, wrong permissions set on binaries, suspicious strings in kernel etc. To know more about Rkhunter and its features visit http://www.rootkit.nl/.
Installation
cd /usr/local/src
wget https://dl.dropbox.com/s/i5sd0ljp6pejhn6/rkhunter-1.4.0.tar.gz
wget http://downloads.sourceforge.net/project/rkhunter/rkhunter/1.4.0/rkhunter-1.4.0.tar.gz
tar -xzvf rkhunter-1.4.0.tar.gz
cd rkhunter-1.4.0
./installer.sh --install
rkhunter --check
echo "Rkhunter successfully installed!"
log : /var/log/rkhunter.log
To update it
=========
rkhunter --update
rkhunter --propupd
=========
set crontab to scan and email the report
#!/bin/sh
(
/usr/local/bin/rkhunter --versioncheck
/usr/local/bin/rkhunter --update
/usr/local/bin/rkhunter --cronjob --report-warnings-only
) | /bin/mail -s 'rkhunter Daily Run (PutYourServerNameHere)' your@email.com
Installation
cd /usr/local/src
wget https://dl.dropbox.com/s/i5sd0ljp6pejhn6/rkhunter-1.4.0.tar.gz
wget http://downloads.sourceforge.net/project/rkhunter/rkhunter/1.4.0/rkhunter-1.4.0.tar.gz
tar -xzvf rkhunter-1.4.0.tar.gz
cd rkhunter-1.4.0
./installer.sh --install
rkhunter --check
echo "Rkhunter successfully installed!"
log : /var/log/rkhunter.log
To update it
=========
rkhunter --update
rkhunter --propupd
=========
set crontab to scan and email the report
#!/bin/sh
(
/usr/local/bin/rkhunter --versioncheck
/usr/local/bin/rkhunter --update
/usr/local/bin/rkhunter --cronjob --report-warnings-only
) | /bin/mail -s 'rkhunter Daily Run (PutYourServerNameHere)' your@email.com
CHKRootKit –Detects hacker software and notifies via email
Please keep in mind that, you can use chkrootkit to find the files and processes associated with a rootkit, but you can’t be 100% sure that all pieces of rootkits are found and removed. You can safeguard your system from rootkits by ensuring that all applications and softwares are up-to-date and the system kept patched against all known vulnerabilities.
cd /usr/local/src
wget https://dl.dropbox.com/s/4rmbi1dmifn4si2/chkrootkit.tar.gz
wget ftp://ftp.pangeia.com.br/pub/seg/pac/chkrootkit.tar.gz
tar -xvzf chkrootkit.tar.gz
cd chkrootkit-*/
make sense
./chkrootkit
cd ..
echo "CHRootKit has been installed!"
Enable Automatic Server Scanning
You can add a cron entry for running chkrootkit automatically and send a scan report to your mail address. Create and add the following entries to “/etc/cron.daily/chkrootkit.sh”
#!/bin/sh
(
/usr/local/chkrootkit/chkrootkit
) | /bin/mail -s ‘CHROOTKIT Daily Run (ServerName)’ your@email.com
cd /usr/local/src
wget https://dl.dropbox.com/s/4rmbi1dmifn4si2/chkrootkit.tar.gz
wget ftp://ftp.pangeia.com.br/pub/seg/pac/chkrootkit.tar.gz
tar -xvzf chkrootkit.tar.gz
cd chkrootkit-*/
make sense
./chkrootkit
cd ..
echo "CHRootKit has been installed!"
Enable Automatic Server Scanning
You can add a cron entry for running chkrootkit automatically and send a scan report to your mail address. Create and add the following entries to “/etc/cron.daily/chkrootkit.sh”
#!/bin/sh
(
/usr/local/chkrootkit/chkrootkit
) | /bin/mail -s ‘CHROOTKIT Daily Run (ServerName)’ your@email.com
Tuesday, February 5, 2013
Creating custom php.ini for needed users
If you have a site on your cPanel VPS that needs a custom php.ini file, you can set that up by following these steps:
1,Copy /usr/local/lib/php.ini to the site's Web root folder (public_html).
>cp /usr/local/lib/php.ini /home/USERNAME/public_html
2,Make sure the file is owned by their cPanel user
>chown USERNAME:USERNAME php.ini
3,Add the following to the site's ".htaccess" file
SetEnv PHPRC /home/USERNAME/public_html/php.ini
or
suPHP_conf /home/user/someplace/php.ini
Custom Values should be added in .htaccess in a format as shown in example below
php_value memory_limit 128M
php_value max_execution_time 3600
php_value post_max_size 5M
php_value upload_max_filesize 5M
1,Copy /usr/local/lib/php.ini to the site's Web root folder (public_html).
>cp /usr/local/lib/php.ini /home/USERNAME/public_html
2,Make sure the file is owned by their cPanel user
>chown USERNAME:USERNAME php.ini
3,Add the following to the site's ".htaccess" file
SetEnv PHPRC /home/USERNAME/public_html/php.ini
or
suPHP_conf /home/user/someplace/php.ini
Custom Values should be added in .htaccess in a format as shown in example below
php_value memory_limit 128M
php_value max_execution_time 3600
php_value post_max_size 5M
php_value upload_max_filesize 5M
Updating mysql user password
root#mysql
mysql> use mysql;
mysql>
SET PASSWORD FOR 'user-name-here'@'hostname-name-here' = PASSWORD('new-password-here');
or
UPDATE mysql.user SET Password=PASSWORD('new-password-here') WHERE User='user-name-here' AND Host='host-name-here';
mysql>flush privileges
mysql>quit
Now restart mysqld
mysql> use mysql;
mysql>
SET PASSWORD FOR 'user-name-here'@'hostname-name-here' = PASSWORD('new-password-here');
or
UPDATE mysql.user SET Password=PASSWORD('new-password-here') WHERE User='user-name-here' AND Host='host-name-here';
mysql>flush privileges
mysql>quit
Now restart mysqld
Thursday, January 24, 2013
Find Command variants
1. Find Files Using Name in Current Directory
Find all the files whose name is server.txt in a current working directory.
# find . -name server.txt
./server.txt
2. Find Files Under Home Directory
Find all the files under /home directory with name server.txt.
# find /home -name server.txt
/home/server.txt
3. Find Files Using Name and Ignoring Case
Find all the files whose name is server.txt and contains both capital and small letters in /home directory.
# find /home -iname server.txt
./server.txt
./server.txt
4. Find Directories Using Name
Find all directories whose name is server in / directory.
# find / -type d -name server
/server
5. Find PHP Files Using Name
Find all php files whose name is server.php in a current working directory.
# find . -type f -name server.php
./server.php
6. Find all PHP Files in Directory
Find all php files in a directory.
# find . -type f -name "*.php"
./server.php
./login.php
./index.php
Part II – Find Files Based on their Permissions
7. Find Files With 777 Permissions
Find all the files whose permissions are 777.
# find . -type f -perm 0777 -print
8. Find Files Without 777 Permissions
Find all the files without permission 777.
# find / -type f ! -perm 777
9. Find SGID Files with 644 Permissions
Find all the SGID bit files whose permissions set to 644.
# find / -perm 2644
10. Find Sticky Bit Files with 551 Permissions
Find all the Sticky Bit set files whose permission are 551.
# find / -perm 1551
11. Find SUID Files
Find all SUID set files.
# find / -perm /u=s
12. Find SGID Files
Find all SGID set files.
# find / -perm /g+s
13. Find Read Only Files
Find all Read Only files.
# find / -perm /u=r
14. Find Executable Files
Find all Executable files.
# find / -perm /a=x
15. Find Files with 777 Permissions and Chmod to 644
Find all 777 permission files and use chmod command to set permissions to 644.
# find / -type f -perm 0777 -print -exec chmod 644 {} \;
16. Find Directories with 777 Permissions and Chmod to 755
Find all 777 permission directories and use chmod command to set permissions to 755.
# find / -type d -perm 777 -print -exec chmod 755 {} \;
17. Find and remove single File
To find a single file called server.txt and remove it.
# find . -type f -name "server.txt" -exec rm -f {} \;
18. Find and remove Multiple File
To find and remove multiple files such as .mp3 or .txt, then use.
# find . -type f -name "*.txt" -exec rm -f {} \;
OR
# find . -type f -name "*.mp3" -exec rm -f {} \;
19. Find all Empty Files
To file all empty files under certain path.
# find /tmp -type f -empty
20. Find all Empty Directories
To file all empty directories under certain path.
# find /tmp -type d -empty
21. File all Hidden Files
To find all hidden files, use below command.
# find /tmp -type f -name ".*"
Part III – Search Files Based On Owners and Groups
22. Find Single File Based on User
To find all or single file called server.txt under /root directory of owner root.
# find / -user root -name server.txt
23. Find all Files Based on User
To find all files that belongs to user server under /home directory.
# find /home -user server
24. Find all Files Based on Group
To find all files that belongs to group Developer under /home directory.
# find /home -group developer
25. Find Particular Files of User
To find all .txt files of user server under /home directory.
# find /home -user server -iname "*.txt"
Part IV – Find Files and Directories Based on Date and Time
26. Find Last 50 Days Modified Files
To find all the files which are modified 50 days back.
# find / -mtime 50
27. Find Last 50 Days Accessed Files
To find all the files which are accessed 50 days back.
# find / -atime 50
28. Find Last 50-100 Days Modified Files
To find all the files which are modified more than 50 days back and less than 100 days.
# find / -mtime +50 –mtime -100
29. Find Changed Files in Last 1 Hour
To find all the files which are changed in last 1 hour.
# find / -cmin -60
30. Find Modified Files in Last 1 Hour
To find all the files which are modified in last 1 hour.
# find / -mmin -60
31. Find Accessed Files in Last 1 Hour
To find all the files which are accessed in last 1 hour.
# find / -amin -60
Part V – Find Files and Directories Based on Size
32. Find 50MB Files
To find all 50MB files, use.
# find / -size 50M
33. Find Size between 50MB – 100MB
To find all the files which are greater than 50MB and less than 100MB.
# find / -size +50M -size -100M
34. Find and Delete 100MB Files
To find all 100MB files and delete them using one single command.
# find / -size +100M -exec rm -rf {} \;
35. Find Specific Files and Delete
Find all .mp3 files with more than 10MB and delete them using one single command.
# find / -type f -name *.mp3 -size +10M -exec ls -l {} \;
Find all empty files (zero byte file) in your home directory and its subdirectory
Most files of the following command output will be lock-files and place holders created by other applications.
# find ~ -empty
List all the empty files only in your home directory.
# find . -maxdepth 1 -empty
List only the non-hidden empty files only in the current directory.
# find . -maxdepth 1 -empty -not -name ".*"
Find all the files whose name is server.txt in a current working directory.
# find . -name server.txt
./server.txt
2. Find Files Under Home Directory
Find all the files under /home directory with name server.txt.
# find /home -name server.txt
/home/server.txt
3. Find Files Using Name and Ignoring Case
Find all the files whose name is server.txt and contains both capital and small letters in /home directory.
# find /home -iname server.txt
./server.txt
./server.txt
4. Find Directories Using Name
Find all directories whose name is server in / directory.
# find / -type d -name server
/server
5. Find PHP Files Using Name
Find all php files whose name is server.php in a current working directory.
# find . -type f -name server.php
./server.php
6. Find all PHP Files in Directory
Find all php files in a directory.
# find . -type f -name "*.php"
./server.php
./login.php
./index.php
Part II – Find Files Based on their Permissions
7. Find Files With 777 Permissions
Find all the files whose permissions are 777.
# find . -type f -perm 0777 -print
8. Find Files Without 777 Permissions
Find all the files without permission 777.
# find / -type f ! -perm 777
9. Find SGID Files with 644 Permissions
Find all the SGID bit files whose permissions set to 644.
# find / -perm 2644
10. Find Sticky Bit Files with 551 Permissions
Find all the Sticky Bit set files whose permission are 551.
# find / -perm 1551
11. Find SUID Files
Find all SUID set files.
# find / -perm /u=s
12. Find SGID Files
Find all SGID set files.
# find / -perm /g+s
13. Find Read Only Files
Find all Read Only files.
# find / -perm /u=r
14. Find Executable Files
Find all Executable files.
# find / -perm /a=x
15. Find Files with 777 Permissions and Chmod to 644
Find all 777 permission files and use chmod command to set permissions to 644.
# find / -type f -perm 0777 -print -exec chmod 644 {} \;
16. Find Directories with 777 Permissions and Chmod to 755
Find all 777 permission directories and use chmod command to set permissions to 755.
# find / -type d -perm 777 -print -exec chmod 755 {} \;
17. Find and remove single File
To find a single file called server.txt and remove it.
# find . -type f -name "server.txt" -exec rm -f {} \;
18. Find and remove Multiple File
To find and remove multiple files such as .mp3 or .txt, then use.
# find . -type f -name "*.txt" -exec rm -f {} \;
OR
# find . -type f -name "*.mp3" -exec rm -f {} \;
19. Find all Empty Files
To file all empty files under certain path.
# find /tmp -type f -empty
20. Find all Empty Directories
To file all empty directories under certain path.
# find /tmp -type d -empty
21. File all Hidden Files
To find all hidden files, use below command.
# find /tmp -type f -name ".*"
Part III – Search Files Based On Owners and Groups
22. Find Single File Based on User
To find all or single file called server.txt under /root directory of owner root.
# find / -user root -name server.txt
23. Find all Files Based on User
To find all files that belongs to user server under /home directory.
# find /home -user server
24. Find all Files Based on Group
To find all files that belongs to group Developer under /home directory.
# find /home -group developer
25. Find Particular Files of User
To find all .txt files of user server under /home directory.
# find /home -user server -iname "*.txt"
Part IV – Find Files and Directories Based on Date and Time
26. Find Last 50 Days Modified Files
To find all the files which are modified 50 days back.
# find / -mtime 50
27. Find Last 50 Days Accessed Files
To find all the files which are accessed 50 days back.
# find / -atime 50
28. Find Last 50-100 Days Modified Files
To find all the files which are modified more than 50 days back and less than 100 days.
# find / -mtime +50 –mtime -100
29. Find Changed Files in Last 1 Hour
To find all the files which are changed in last 1 hour.
# find / -cmin -60
30. Find Modified Files in Last 1 Hour
To find all the files which are modified in last 1 hour.
# find / -mmin -60
31. Find Accessed Files in Last 1 Hour
To find all the files which are accessed in last 1 hour.
# find / -amin -60
Part V – Find Files and Directories Based on Size
32. Find 50MB Files
To find all 50MB files, use.
# find / -size 50M
33. Find Size between 50MB – 100MB
To find all the files which are greater than 50MB and less than 100MB.
# find / -size +50M -size -100M
34. Find and Delete 100MB Files
To find all 100MB files and delete them using one single command.
# find / -size +100M -exec rm -rf {} \;
35. Find Specific Files and Delete
Find all .mp3 files with more than 10MB and delete them using one single command.
# find / -type f -name *.mp3 -size +10M -exec ls -l {} \;
Find all empty files (zero byte file) in your home directory and its subdirectory
Most files of the following command output will be lock-files and place holders created by other applications.
# find ~ -empty
List all the empty files only in your home directory.
# find . -maxdepth 1 -empty
List only the non-hidden empty files only in the current directory.
# find . -maxdepth 1 -empty -not -name ".*"
Subscribe to:
Posts (Atom)