I have setup this according to readme file of maldet
rfxn.com/appdocs/README.maldetect
but it seems that its not working as one of wordpress uploaded yesterday on our hosting vps, seems infected today. while scanning with maldet, 4 infected files found.
I have 2 question, readme file said that
1. To enable upload scanning with mod_security2 you must set enable the public_scan option in conf.maldet (public_scan=1)
but i don't find that line anywhere in conf.maldet (public_scan=1)
will it mean
2. These rules are best placed in your modsec2.user.conf file on cpanel servers
or at the top of the appropraite rules file for your setup.
/usr/local/apache/conf/modsec2.user.conf (or similar mod_security2 rules file):
i place it in same manner (with line break) in modsec2.user.conf file - is it correct or not
rfxn.com/appdocs/README.maldetect
but it seems that its not working as one of wordpress uploaded yesterday on our hosting vps, seems infected today. while scanning with maldet, 4 infected files found.
I have 2 question, readme file said that
1. To enable upload scanning with mod_security2 you must set enable the public_scan option in conf.maldet (public_scan=1)
but i don't find that line anywhere in conf.maldet (public_scan=1)
will it mean
Code:
"# Allows non-root users to perform scans. This must be enabled when
# using mod_security2 upload scanning or if you want to allow users
# to perform scans. When enabled, this will populate 'pub/' with user
# owned quarantine, session and temporary paths to faciliate scans.
# [ 0 = disabled, 1 = enabled, disabled by default ]
scan_user_access="1"
or at the top of the appropraite rules file for your setup.
/usr/local/apache/conf/modsec2.user.conf (or similar mod_security2 rules file):
Code:
SecRequestBodyAccess On
SecRule FILES_TMPNAMES "@inspectFile /usr/local/maldetect/hookscan.sh" \
"id:'999999',log,auditlog,deny,severity:2,phase:2,t:none"
Last edited by a moderator: