Maldet Configuration Questions

weblinks

Member
Sep 19, 2016
21
2
3
Pakistan
cPanel Access Level
Root Administrator
I have setup this according to readme file of maldet

rfxn.com/appdocs/README.maldetect

but it seems that its not working as one of wordpress uploaded yesterday on our hosting vps, seems infected today. while scanning with maldet, 4 infected files found.

I have 2 question, readme file said that

1. To enable upload scanning with mod_security2 you must set enable the public_scan option in conf.maldet (public_scan=1)

but i don't find that line anywhere in conf.maldet (public_scan=1)

will it mean

Code:
"# Allows non-root users to perform scans. This must be enabled when
# using mod_security2 upload scanning or if you want to allow users
# to perform scans. When enabled, this will populate 'pub/' with user
# owned quarantine, session and temporary paths to faciliate scans.
# [ 0 = disabled, 1 = enabled, disabled by default ]
scan_user_access="1"
2. These rules are best placed in your modsec2.user.conf file on cpanel servers
or at the top of the appropraite rules file for your setup.
/usr/local/apache/conf/modsec2.user.conf (or similar mod_security2 rules file):

Code:
SecRequestBodyAccess On
SecRule FILES_TMPNAMES "@inspectFile /usr/local/maldetect/hookscan.sh" \
                "id:'999999',log,auditlog,deny,severity:2,phase:2,t:none"
i place it in same manner (with line break) in modsec2.user.conf file - is it correct or not
 
Last edited by a moderator:

24x7server

Well-Known Member
Apr 17, 2013
1,911
96
78
India
cPanel Access Level
Root Administrator
Twitter
Hi,

I have configured this countless times, so I will advise you to create a separate conf file inside the modsecurity directory instead of adding that in modsec2.user.conf to actually use it properly. Whatever you said in your initial post is correct, you have to add the same code, but make sure you add it in a proper location to make it work for you..