What is LMD & Why You Should Use It To Help Secure Your Linux Server

If you are a server administrator you need a way to protect the integrity of your server, in particular from sending out spam. This usually occurs when an account has been compromised. Often users will not have updated their applications to the latest version (e.g. WordPress, Joomla), or they are simply running insecure applications (e.g. remember that neat program you wrote years ago). Failure to address this can mean that malware like php backdoors and bulk mailing/spamming tools can be uploaded.

One really good tool that can help server admins to identify compromised accounts and take action quickly is LMD. LMD is short for Linux Malware Detect. It is also referred to as Maldet. LMD is a Linux based malware scanner. In this tutorial we show you how to setup and configure LMD.

Install LMD

Download maldetect package using wget

Go to the below path

cd /usr/local/src/

Download the tar file using the below link:

wget http://www.rfxn.com/downloads/maldetect-current.tar.gz

Extract the file using the below command

tar -xzf maldetect-current.tar.gz

go to the maldet folder

cd maldetect-*

Now, run the below command to install maldet.

sh ./install.sh

Configuring LMD

By default all options are fully commented in the configuration file, so configure it according to your needs. But before making any changes let’s have a detailed review of each option below.

email_alert : If you would like to receive email alerts, then it should be set to 1.

email_subj : Set your email subject here.

email_addr : Add your email address to receive malware alerts.

quar_hits : The default quarantine action for malware hits, it should be set 1.

quar_clean : Cleaning detected malware injections, must set to 1.

quar_susp : The default suspend action for users wih hits, set it as per your requirements.

quar_susp_minuid : Minimum userid that can be suspended.


Open file /usr/local/maldetect/conf.maldet and make changes according to your needs

vi /usr/local/maldetect/conf.maldet

To update the maldet use the below commands.

maldet -u

To scan the files. perticular user

maldet -a /home/username/

It will scan all the files and provide you the output.

To scan all user under public_html paths under /home*/ this can be done with:

maldet --scan-all /home?/?/public_html
maldet --scan-all /home

To scan the same path but the content that has been created/modified in the last 5 days:

maldet --scan-recent /home?/?/public_html 5

To scan but forget to turn on the quarantine option, you could quarantine all malware results from a previous scan with:

maldet --quarantine SCANID

If you wanted to attempt a clean on all malware results from a previous scan that did not have the feature enabled, you would do with.

maldet --clean SCANID

If you had a file that was quarantined from a false positive or that you simply want to restore (i.e: you manually cleaned it), you can use the following:

maldet --restore config.php.2384
maldet --restore /usr/local/maldetect/quarantine/config.php.2384

LMD is just one way to secure your Linux server or Linux VPS. Also check our other tutorials on setting up CSF and rkhunter.

Leave a Reply

Your email address will not be published. Required fields are marked *