Tech Support Notes
introduction
1. Topic 01: Firewalls
- 1.1. CSF
- 1.2. APF
- 1.3. IPtables
- 1.4. UFW
- 1.5. Windows Firewall
2. Topic 02: Package Management
- 2.1. Yum
- 2.2. rpm
- 2.3. rpm2cpio
- 2.4. Apt
- 2.5. dpkg
3. Topic 03: Networking
- 3.1. mtr/traceroute
- 3.2. pathping
- 3.3. ipv6
- 3.4. nmap
- 3.5. telnet/netcat
- 3.6. netstat/ss
- 3.7. Bandwidth and Speed Testing
- 3.8. Assigning IP's
4. Topic 04: DNS
- 4.1. Dns overview
- 4.2. dig
- 4.3. host
5. Topic 5: Configuration Files
- 5.1. ssh
- 5.2. apache
- 5.3. samba
- 5.4. bind/named
- 5.5. exim
- 5.6. postfix
- 5.7. vsftpd
6. Topic 6: Mysql
- 6.1. to sort
7. Topic 7: Apache
- 7.1. to sort
8. Topic 8: Memory
- 8.1. free / vmstat
9. Topic 9: Process Tracking
- 9.1. ps
- 9.2. lsof
- 9.3. windows
10. Topic 10: Partitions/Filesystems
- 10.1. Basic Layout
- 10.2. creating / modifying
- 10.3. fdisk / parted
- 10.4. fstab / mount
- 10.5. labels / uuid
- 10.6. LVM Part One
- 10.7. LVM Part Two
11. Topic 11: Devices/shares
- 11.1. samba / nfs / nas
- 11.2. iscsi
12. Topic 12: Space and drive usage
- 12.1. du / df / inodes
- 12.2. iostat
- 12.3. smartctl
13. Topic 13: Logging
- 13.1. logging configuration
- 13.2. general system logs
- 13.3. plesk logs
- 13.4. cpanel logs
14. Topic 14: Finding Exploits
- 14.1. maldet
- 14.2. rootkit hunter
- 14.3. windows
15. Topic 15: Email
- 15.1. general troubleshooting
- 15.2. exim
- 15.3. qmail
- 15.4. postfix
- 15.5. spam
16. Topic 16: Find
- 16.1. find examples
17. Topic 17: Rescue Layer/Live Environment
- 17.1. mounting filesystem / chroot
- 17.2. cloning
18. Topic 18: Permissions/users/groups
- 18.1. permissions
- 18.2. users
- 18.3. groups
19. Topic 19: Cpanel
- 19.1. general
- 19.2. Moving Mysql
20. Topic 20: Plesk
- 20.1. general
21. Topic 21: Windows
- 21.1. windows to sort
- 21.2. hyper-v
22. Topic 22: Freebsd
- 22.1. installing packages
- 22.2. networking
- 22.3. drive management
23. Topic 23: Dumping ground
- 23.1. sed / awk
- 23.2. gdb
- 23.3. curl / wget
- 23.4. compress / uncompress
- 23.5. rsync / scp
- 23.6. Random commands

Tech Support Notes

Maldet

Linux Malware Detect (LMD) is a malware scanner. It uses threat data from network edge intrusion detection systems to extract malware that is actively being used in attacks and generates signatures for detection

Download and install

wget http://www.rfxn.com/downloads/maldetect-current.tar.gz  
tar -xf maldetect-current.tar.gz  
cd maldetect-*  
./install.sh

You could run the scan against the / directory, but depending on how much data you have, this could take hours or days.

I generally focus on the /var/www/vhosts directory for Plesk servers and the /home directory on cPanel server but this in this example we are going to sayour website content is in /var/www

maldet -u
maldet --scan-all /var/www

If you would like to scan the entire server then you can use:

maldet --scan-all /

You can also set up maldet to email you if it find anything of note during scheduled scans. For this you need to edit the file /usr/local/maldetect/conf.maldet

email_alert=1  
email_addr="[email protected]"