Please whitelist cPanel in your adblocker so that you’re able to see our version release promotions, thanks!

The Community Forums

Interact with an entire community of cPanel & WHM users!

Maldet Configuration Questions

Discussion in 'Security' started by weblinks, Nov 18, 2016.

Tags:
  1. weblinks

    weblinks Member

    Joined:
    Sep 19, 2016
    Messages:
    16
    Likes Received:
    2
    Trophy Points:
    3
    Location:
    Pakistan
    cPanel Access Level:
    Root Administrator
    I have setup this according to readme file of maldet

    rfxn.com/appdocs/README.maldetect

    but it seems that its not working as one of wordpress uploaded yesterday on our hosting vps, seems infected today. while scanning with maldet, 4 infected files found.

    I have 2 question, readme file said that

    1. To enable upload scanning with mod_security2 you must set enable the public_scan option in conf.maldet (public_scan=1)

    but i don't find that line anywhere in conf.maldet (public_scan=1)

    will it mean

    Code:
    "# Allows non-root users to perform scans. This must be enabled when
# using mod_security2 upload scanning or if you want to allow users
# to perform scans. When enabled, this will populate 'pub/' with user
# owned quarantine, session and temporary paths to faciliate scans.
# [ 0 = disabled, 1 = enabled, disabled by default ]
scan_user_access="1"
    2. These rules are best placed in your modsec2.user.conf file on cpanel servers
    or at the top of the appropraite rules file for your setup.
    /usr/local/apache/conf/modsec2.user.conf (or similar mod_security2 rules file):

    Code:
    SecRequestBodyAccess On
SecRule FILES_TMPNAMES "@inspectFile /usr/local/maldetect/hookscan.sh" \
                "id:'999999',log,auditlog,deny,severity:2,phase:2,t:none"
    i place it in same manner (with line break) in modsec2.user.conf file - is it correct or not
     
    #1 weblinks, Nov 18, 2016
    Last edited by a moderator: Nov 30, 2016
  2. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    44,355
    Likes Received:
    1,855
    Trophy Points:
    363
    cPanel Access Level:
    Root Administrator
    Hello,

    I've seen recommendations to use CXS for upload scanning instead of Maldet due to the lack of clear installation and usability guidelines for Maldet upload scanning. These threads should help:

    Problem with ModSecurity and Maldetect
    Log Checking

    Thank you.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
    #2 cPanelMichael, Nov 18, 2016
  3. 24x7server

    24x7server Well-Known Member

    Joined:
    Apr 17, 2013
    Messages:
    1,834
    Likes Received:
    85
    Trophy Points:
    78
    Location:
    India
    cPanel Access Level:
    Root Administrator
    Hi,

    I have configured this countless times, so I will advise you to create a separate conf file inside the modsecurity directory instead of adding that in modsec2.user.conf to actually use it properly. Whatever you said in your initial post is correct, you have to add the same code, but make sure you add it in a proper location to make it work for you..
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
    #3 24x7server, Nov 29, 2016
(You must log in or sign up to post here.)
Loading...
Similar Threads - Maldet Configuration Questions
  1. DennisMidjord

    Maldet scan

    DennisMidjord, Aug 16, 2018 at 3:55 AM, in forum: Security
    Replies:
    1
    Views:
    36
    cPanelLauren
    Aug 17, 2018 at 10:20 AM
  2. maldetquest

    Maldet is Saving Signatures to Root?

    maldetquest, Jul 10, 2017, in forum: Security
    Replies:
    1
    Views:
    519
    cPanelMichael
    Jul 10, 2017
  3. WorkinOnIt

    Anacron job 'cron.daily' Maldet

    WorkinOnIt, May 28, 2017, in forum: Security
    Replies:
    4
    Views:
    973
    cPanelMichael
    May 29, 2017
  4. weblinks

    maldet - inotify-tools

    weblinks, Nov 6, 2016, in forum: Security
    Replies:
    4
    Views:
    1,359
    SysSachin
    Nov 7, 2016
  5. netronicus

    exim configuration files wrong group name

    netronicus, Aug 14, 2018 at 12:30 PM, in forum: E-mail Discussion
    Replies:
    1
    Views:
    153
    cPanelMichael
    Aug 15, 2018 at 11:20 AM

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Accept Learn More...
    Dismiss Notice