Please whitelist cPanel in your adblocker so that you’re able to see our version release promotions, thanks!

The Community Forums

Interact with an entire community of cPanel & WHM users!

Maldet Configuration Questions

Discussion in 'Security' started by weblinks, Nov 18, 2016.

Tags:
  1. weblinks

    weblinks Member

    Joined:
    Sep 19, 2016
    Messages:
    16
    Likes Received:
    2
    Trophy Points:
    3
    Location:
    Pakistan
    cPanel Access Level:
    Root Administrator
    I have setup this according to readme file of maldet

    rfxn.com/appdocs/README.maldetect

    but it seems that its not working as one of wordpress uploaded yesterday on our hosting vps, seems infected today. while scanning with maldet, 4 infected files found.

    I have 2 question, readme file said that

    1. To enable upload scanning with mod_security2 you must set enable the public_scan option in conf.maldet (public_scan=1)

    but i don't find that line anywhere in conf.maldet (public_scan=1)

    will it mean

    Code:
    "# Allows non-root users to perform scans. This must be enabled when
# using mod_security2 upload scanning or if you want to allow users
# to perform scans. When enabled, this will populate 'pub/' with user
# owned quarantine, session and temporary paths to faciliate scans.
# [ 0 = disabled, 1 = enabled, disabled by default ]
scan_user_access="1"
    2. These rules are best placed in your modsec2.user.conf file on cpanel servers
    or at the top of the appropraite rules file for your setup.
    /usr/local/apache/conf/modsec2.user.conf (or similar mod_security2 rules file):

    Code:
    SecRequestBodyAccess On
SecRule FILES_TMPNAMES "@inspectFile /usr/local/maldetect/hookscan.sh" \
                "id:'999999',log,auditlog,deny,severity:2,phase:2,t:none"
    i place it in same manner (with line break) in modsec2.user.conf file - is it correct or not
     
    #1 weblinks, Nov 18, 2016
    Last edited by a moderator: Nov 30, 2016
  2. cPanelMichael

    cPanelMichael Technical Support Community Manager Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    45,760
    Likes Received:
    1,995
    Trophy Points:
    363
    cPanel Access Level:
    Root Administrator
    Twitter:
    Hello,

    I've seen recommendations to use CXS for upload scanning instead of Maldet due to the lack of clear installation and usability guidelines for Maldet upload scanning. These threads should help:

    Problem with ModSecurity and Maldetect
    Log Checking

    Thank you.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
    #2 cPanelMichael, Nov 18, 2016
  3. 24x7server

    24x7server Well-Known Member

    Joined:
    Apr 17, 2013
    Messages:
    1,890
    Likes Received:
    90
    Trophy Points:
    78
    Location:
    India
    cPanel Access Level:
    Root Administrator
    Hi,

    I have configured this countless times, so I will advise you to create a separate conf file inside the modsecurity directory instead of adding that in modsec2.user.conf to actually use it properly. Whatever you said in your initial post is correct, you have to add the same code, but make sure you add it in a proper location to make it work for you..
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
    #3 24x7server, Nov 29, 2016
(You must log in or sign up to post here.)
Loading...
Similar Threads - Maldet Configuration Questions
  1. DennisMidjord

    Automating Maldet scan question

    DennisMidjord, Aug 16, 2018, in forum: Security
    Replies:
    3
    Views:
    408
    cPanelLauren
    Aug 17, 2018
  2. maldetquest

    Maldet is Saving Signatures to Root?

    maldetquest, Jul 10, 2017, in forum: Security
    Replies:
    1
    Views:
    628
    cPanelMichael
    Jul 10, 2017
  3. WorkinOnIt

    Anacron job 'cron.daily' Maldet

    WorkinOnIt, May 28, 2017, in forum: Security
    Replies:
    4
    Views:
    1,300
    cPanelMichael
    May 29, 2017
  4. thcpanel

    Partition configuration suggestions?

    thcpanel, Jan 18, 2019 at 10:42 AM, in forum: Workarounds and Optimization
    Replies:
    2
    Views:
    203
    thcpanel
    Jan 22, 2019 at 3:40 PM
  5. shenzy

    lost configuration of "custom_begin_rbl"

    shenzy, Jan 17, 2019 at 6:21 AM, in forum: E-mail Discussion
    Replies:
    1
    Views:
    389
    cPanelLauren
    Jan 18, 2019 at 2:27 PM

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Accept Learn More...
    Dismiss Notice