ClamAV is the best malicious scanning tool which comes with Cpanel/ WHM on Linux server.

ClamAV is the best malicious scanning tool which comes with Cpanel/ WHM on Linux server.

You can use following steps to install and scan Clam AV.

Login your WHM >>> find the option "Manage Plugins >>> select Clam AV >>> install.

Once it is install then login your Linux server via SSH and create a directory under /home using following command.

cd /home; mkdir clamscan-infectedfiles

And then use following command to scan the Clam AV.

clamscan --exclude mail --exclude clamscan-infectedfiles -ri [a-z]* --move=clamscan-infectedfiles

Once the scanning process is completed then you will get the complete scanning report in following format.

==============================
----------- SCAN SUMMARY -----------
Known viruses:
Engine version:
Scanned directories:
Scanned files:
Infected files: 0
Data scanned: MB
Data read: MB (ratio 0.89:1)
Time: 000.000 sec (10 m 21 s)
=====================================

Maldet - Linux Malware Detect (LMD)

Linux Malware Detect (LMD) is a malware scanner for Linux released under the GNU GPLv2 license, that is designed around the threats faced in shared hosted environments.

cd /usr/local/src
wget http://www.rfxn.com/downloads/maldetect-current.tar.gz
tar -xzvf maldetect-current.tar.gz
cd maldetect-*
sh install.sh
cd ..
rm -Rf maldetect-current.tar.gz
echo "Linux Malware Detect has been installed!"

To run the maldet

>maldet -a /

RootKit Hunter – A tool which scans for backdoors and malicious softwares present in the server.

Rkhunter (Rootkit Hunter) is an open source Unix/Linux based scanner tool for Linux systems released under GPL that scans backdoors, rootkits and local exploits on your systems. It scans hidden files, wrong permissions set on binaries, suspicious strings in kernel etc. To know more about Rkhunter and its features visit http://www.rootkit.nl/.

Installation

cd /usr/local/src
wget https://dl.dropbox.com/s/i5sd0ljp6pejhn6/rkhunter-1.4.0.tar.gz
wget http://downloads.sourceforge.net/project/rkhunter/rkhunter/1.4.0/rkhunter-1.4.0.tar.gz
tar -xzvf rkhunter-1.4.0.tar.gz
cd rkhunter-1.4.0
./installer.sh --install
rkhunter --check
echo "Rkhunter successfully installed!"
log : /var/log/rkhunter.log

To update it
=========
rkhunter --update
rkhunter --propupd
=========

set crontab to scan and email the report

#!/bin/sh
(
/usr/local/bin/rkhunter --versioncheck
/usr/local/bin/rkhunter --update
/usr/local/bin/rkhunter --cronjob --report-warnings-only
) | /bin/mail -s 'rkhunter Daily Run (PutYourServerNameHere)' your@email.com

CHKRootKit –Detects hacker software and notifies via email

Please keep in mind that, you can use chkrootkit to find the files and processes associated with a rootkit, but you can’t be 100% sure that all pieces of rootkits are found and removed. You can safeguard your system from rootkits by ensuring that all applications and softwares are up-to-date and the system kept patched against all known vulnerabilities.

cd /usr/local/src
wget https://dl.dropbox.com/s/4rmbi1dmifn4si2/chkrootkit.tar.gz
wget ftp://ftp.pangeia.com.br/pub/seg/pac/chkrootkit.tar.gz
tar -xvzf chkrootkit.tar.gz
cd chkrootkit-*/
make sense
./chkrootkit
cd ..
echo "CHRootKit has been installed!"

Enable Automatic Server Scanning

You can add a cron entry for running chkrootkit automatically and send a scan report to your mail address. Create and add the following entries to “/etc/cron.daily/chkrootkit.sh”

#!/bin/sh
(
/usr/local/chkrootkit/chkrootkit
) | /bin/mail -s ‘CHROOTKIT Daily Run (ServerName)’ your@email.com

Creating custom php.ini for needed users

If you have a site on your cPanel VPS that needs a custom php.ini file, you can set that up by following these steps:

1,Copy /usr/local/lib/php.ini to the site's Web root folder (public_html).
>cp /usr/local/lib/php.ini /home/USERNAME/public_html
2,Make sure the file is owned by their cPanel user
>chown USERNAME:USERNAME php.ini
3,Add the following to the site's ".htaccess" file
  SetEnv PHPRC /home/USERNAME/public_html/php.ini
or
   suPHP_conf /home/user/someplace/php.ini

Custom Values should be added in .htaccess in a format as shown in example below

php_value memory_limit 128M
php_value max_execution_time 3600
php_value post_max_size 5M
php_value upload_max_filesize 5M

Updating mysql user password

root#mysql
mysql> use mysql;
mysql>

SET PASSWORD FOR 'user-name-here'@'hostname-name-here' = PASSWORD('new-password-here');  
or
UPDATE mysql.user SET Password=PASSWORD('new-password-here') WHERE User='user-name-here' AND Host='host-name-here';  

mysql>flush privileges
mysql>quit

Now restart mysqld

Find Command variants

1. Find Files Using Name in Current Directory

Find all the files whose name is server.txt in a current working directory.

# find . -name server.txt

./server.txt

2. Find Files Under Home Directory

Find all the files under /home directory with name server.txt.

# find /home -name server.txt

/home/server.txt

3. Find Files Using Name and Ignoring Case

Find all the files whose name is server.txt and contains both capital and small letters in /home directory.

# find /home -iname server.txt

./server.txt
./server.txt

4. Find Directories Using Name

Find all directories whose name is server in / directory.

# find / -type d -name server

/server

5. Find PHP Files Using Name

Find all php files whose name is server.php in a current working directory.

# find . -type f -name server.php

./server.php

6. Find all PHP Files in Directory

Find all php files in a directory.

# find . -type f -name "*.php"

./server.php
./login.php
./index.php

Part II – Find Files Based on their Permissions
7. Find Files With 777 Permissions

Find all the files whose permissions are 777.

# find . -type f -perm 0777 -print

8. Find Files Without 777 Permissions

Find all the files without permission 777.

# find / -type f ! -perm 777

9. Find SGID Files with 644 Permissions

Find all the SGID bit files whose permissions set to 644.

# find / -perm 2644

10. Find Sticky Bit Files with 551 Permissions

Find all the Sticky Bit set files whose permission are 551.

# find / -perm 1551

11. Find SUID Files

Find all SUID set files.

# find / -perm /u=s

12. Find SGID Files

Find all SGID set files.

# find / -perm /g+s

13. Find Read Only Files

Find all Read Only files.

# find / -perm /u=r

14. Find Executable Files

Find all Executable files.

# find / -perm /a=x

15. Find Files with 777 Permissions and Chmod to 644

Find all 777 permission files and use chmod command to set permissions to 644.

# find / -type f -perm 0777 -print -exec chmod 644 {} \;

16. Find Directories with 777 Permissions and Chmod to 755

Find all 777 permission directories and use chmod command to set permissions to 755.

# find / -type d -perm 777 -print -exec chmod 755 {} \;

17. Find and remove single File

To find a single file called server.txt and remove it.

# find . -type f -name "server.txt" -exec rm -f {} \;

18. Find and remove Multiple File

To find and remove multiple files such as .mp3 or .txt, then use.

# find . -type f -name "*.txt" -exec rm -f {} \;

OR

# find . -type f -name "*.mp3" -exec rm -f {} \;

19. Find all Empty Files

To file all empty files under certain path.

# find /tmp -type f -empty

20. Find all Empty Directories

To file all empty directories under certain path.

# find /tmp -type d -empty

21. File all Hidden Files

To find all hidden files, use below command.

# find /tmp -type f -name ".*"

Part III – Search Files Based On Owners and Groups
22. Find Single File Based on User

To find all or single file called server.txt under /root directory of owner root.

# find / -user root -name server.txt

23. Find all Files Based on User

To find all files that belongs to user server under /home directory.

# find /home -user server

24. Find all Files Based on Group

To find all files that belongs to group Developer under /home directory.

# find /home -group developer

25. Find Particular Files of User

To find all .txt files of user server under /home directory.

# find /home -user server -iname "*.txt"

Part IV – Find Files and Directories Based on Date and Time
26. Find Last 50 Days Modified Files

To find all the files which are modified 50 days back.

# find / -mtime 50

27. Find Last 50 Days Accessed Files

To find all the files which are accessed 50 days back.

# find / -atime 50

28. Find Last 50-100 Days Modified Files

To find all the files which are modified more than 50 days back and less than 100 days.

# find / -mtime +50 –mtime -100

29. Find Changed Files in Last 1 Hour

To find all the files which are changed in last 1 hour.

# find / -cmin -60

30. Find Modified Files in Last 1 Hour

To find all the files which are modified in last 1 hour.

# find / -mmin -60

31. Find Accessed Files in Last 1 Hour

To find all the files which are accessed in last 1 hour.

# find / -amin -60

Part V – Find Files and Directories Based on Size
32. Find 50MB Files

To find all 50MB files, use.

# find / -size 50M

33. Find Size between 50MB – 100MB

To find all the files which are greater than 50MB and less than 100MB.

# find / -size +50M -size -100M

34. Find and Delete 100MB Files

To find all 100MB files and delete them using one single command.

# find / -size +100M -exec rm -rf {} \;

35. Find Specific Files and Delete

Find all .mp3 files with more than 10MB and delete them using one single command.

# find / -type f -name *.mp3 -size +10M -exec ls -l {} \;

 

Find all empty files (zero byte file) in your home directory and its subdirectory

Most files of the following command output will be lock-files and place holders created by other applications.

# find ~ -empty

List all the empty files only in your home directory.

# find . -maxdepth 1 -empty

List only the non-hidden empty files only in the current directory.

# find . -maxdepth 1 -empty -not -name ".*"