The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Maldet Configuration Questions

Discussion in 'Security' started by weblinks, Nov 18, 2016.

Tags:
  1. weblinks

    weblinks Member

    Joined:
    Sep 19, 2016
    Messages:
    7
    Likes Received:
    1
    Trophy Points:
    3
    Location:
    Pakistan
    cPanel Access Level:
    Root Administrator
    I have setup this according to readme file of maldet

    rfxn.com/appdocs/README.maldetect

    but it seems that its not working as one of wordpress uploaded yesterday on our hosting vps, seems infected today. while scanning with maldet, 4 infected files found.

    I have 2 question, readme file said that

    1. To enable upload scanning with mod_security2 you must set enable the public_scan option in conf.maldet (public_scan=1)

    but i don't find that line anywhere in conf.maldet (public_scan=1)

    will it mean

    Code:
    "# Allows non-root users to perform scans. This must be enabled when
    # using mod_security2 upload scanning or if you want to allow users
    # to perform scans. When enabled, this will populate 'pub/' with user
    # owned quarantine, session and temporary paths to faciliate scans.
    # [ 0 = disabled, 1 = enabled, disabled by default ]
    scan_user_access="1"
    2. These rules are best placed in your modsec2.user.conf file on cpanel servers
    or at the top of the appropraite rules file for your setup.
    /usr/local/apache/conf/modsec2.user.conf (or similar mod_security2 rules file):

    Code:
    SecRequestBodyAccess On
    SecRule FILES_TMPNAMES "@inspectFile /usr/local/maldetect/hookscan.sh" \
                    "id:'999999',log,auditlog,deny,severity:2,phase:2,t:none"
    i place it in same manner (with line break) in modsec2.user.conf file - is it correct or not
     
    #1 weblinks, Nov 18, 2016
    Last edited by a moderator: Nov 30, 2016
  2. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    36,995
    Likes Received:
    1,275
    Trophy Points:
    363
    cPanel Access Level:
    Root Administrator
    Hello,

    I've seen recommendations to use CXS for upload scanning instead of Maldet due to the lack of clear installation and usability guidelines for Maldet upload scanning. These threads should help:

    Problem with ModSecurity and Maldetect
    Log Checking

    Thank you.
     
  3. 24x7server

    24x7server Well-Known Member

    Joined:
    Apr 17, 2013
    Messages:
    1,398
    Likes Received:
    52
    Trophy Points:
    28
    Location:
    India
    cPanel Access Level:
    Root Administrator
    Hi,

    I have configured this countless times, so I will advise you to create a separate conf file inside the modsecurity directory instead of adding that in modsec2.user.conf to actually use it properly. Whatever you said in your initial post is correct, you have to add the same code, but make sure you add it in a proper location to make it work for you..
     
Loading...

Share This Page