Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- #!/bin/bash
- #
- ##
- # Linux Malware Detect v1.4.1
- # (C) 2002-2011, R-fx Networks <proj@r-fx.org>
- # (C) 2011, Ryan MacDonald <ryan@r-fx.org>
- # inotifywait (C) 2007, Rohan McGovern <rohan@mcgovern.id.au>
- # This program may be freely redistributed under the terms of the GNU GPL v2
- ##
- #
- ##
- # [ EMAIL ALERTS ]
- ##
- # The default email alert toggle
- # [0 = disabled, 1 = enabled]
- email_alert=1
- # The subject line for email alerts
- email_subj="maldet alert from $(hostname)"
- # The destination addresses for email alerts
- # [ values are comma (,) spaced ]
- email_addr="thiago.laurito@gmail.com"
- # Ignore e-mail alerts for reports in which all hits have been cleaned.
- # This is ideal on very busy servers where cleaned hits can drown out
- # other more actionable reports.
- email_ignore_clean=0
- ##
- # [ QUARANTINE OPTIONS ]
- ##
- # The default quarantine action for malware hits
- # [0 = alert only, 1 = move to quarantine & alert]
- quar_hits=1
- # Try to clean string based malware injections
- # [NOTE: quar_hits=1 required]
- # [0 = disabled, 1 = clean]
- quar_clean=1
- # The default suspend action for users wih hits
- # Cpanel suspend or set shell /bin/false on non-Cpanel
- # [NOTE: quar_hits=1 required]
- # [0 = disabled, 1 = suspend account]
- quar_susp=0
- # minimum userid that can be suspended
- quar_susp_minuid=500
- ##
- # [ SCAN OPTIONS ]
- ##
- # The maximum directory depth that the scanner will search
- # [ changing this may have an impact on scan performance ]
- maxdepth=15
- # The minimum in bytes for a file to be included in a scan
- # [ changing this may have an impact on scan performance ]
- minfilesize=32
- # The maximum file size for a file to be included in scan
- # search results; use man find for accepted values
- # [ changing this may have an impact on scan performance ]
- maxfilesize="768k"
- # The maximum byte depth that the scanner will search into
- # a files contents; default rules expect a 1024*60 depth
- # [ changing this may have an impact on scan performance ]
- hexdepth=61440
- # Use named pipe (FIFO) for passing file contents hex data
- # instead of stdin default; improved performance and greater
- # scanning depth
- # [ 0 = disabled, 1 = enabled; enabled by default ]
- hex_fifo_scan=1
- # The maximum byte depth that the scanner will search into
- # a files contents; default rules expect a 1024*60 depth
- # [ changing this may have an impact on scan performance ]
- hex_fifo_depth=524288
- # Attempt to detect the presence of ClamAV clamscan binary
- # and use as default scanner engine; up to four times faster
- # scan performance and superior hex analysis. This option
- # only uses ClamAV as the scanner engine, LMD signatures
- # are still the basis for detecting threats.
- # [ 0 = disabled, 1 = enabled; enabled by default ]
- clamav_scan=1
- # Allow non-root users to perform malware scans. This must be
- # enabled when using mod_security2 upload scanning or if you
- # want to allow users to perform scans. When enabled, this will
- # populate the /usr/local/maldetect/pub/ path with user owned
- # quarantine, session and temporary paths to faciliate scans.
- # These paths are populated through cron every 10min with the
- # /etc/cron.d/maldet_pub cronjob.
- public_scan=0
- ##
- # [ STATISTICAL ANALYSIS ]
- ##
- # The string length test is used to identify threats based on the
- # length of the longest uninterrupted string within a file. This is
- # useful as obfuscated code is often stored using encoding methods
- # that produce very long strings without spaces (e.g: base64)
- # [ string length in characters, default = 150000 ]
- string_length_scan="1" # [ 0 = disabled, 1 = enabled ]
- string_length="150000" # [ max string length ]
- ##
- # [ MONITORING OPTIONS ]
- ##
- # The base number of files that can be watched under a path
- # [ maximum file watches = inotify_base_watches*users ]
- inotify_base_watches=15360
- # The sleep time in seconds between monitor runs to scan files
- # that have been created/modified/moved
- inotify_stime=30
- # The minimum userid that will be added to path monitoring when
- # the USERS option is specified
- inotify_minuid=500
- # This is the html/web root for users relative to homedir, when
- # this option is set, users will only have the webdir monitored
- # [ clear option to default monitor entire user homedir ]
- #inotify_webdir=public_html
- inotify_webdir=/var/www/htdocs
- # The priority that monitoring process will run as
- # [ -19 = high prio , 19 = low prio, default = 10 ]
- inotify_nice=10
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement