Please whitelist cPanel in your adblocker so that you’re able to see our version release promotions, thanks!

The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Maldet - log rotation - howto ?

Discussion in 'Security' started by jarecki74, Jul 24, 2013.

  1. jarecki74

    jarecki74 Active Member

    Joined:
    Oct 10, 2010
    Messages:
    30
    Likes Received:
    1
    Trophy Points:
    58
    I would like to enable maldet INOTIFY MONITORING

    http://www.rfxn.com/appdocs/README.maldetect

    maldet --monitor /home/*/public_html,/home2/*/public_html

    and enable logrotate to file /usr/local/maldetect/event_log


    if it is properly ?

    in directory /etc/logrotate.d i must create file maldet.inotify

    and add logrotation rule

    /usr/local/maldetect/event_log {
    daily
    minsize 1M
    create 0600 root root
    rotate 1
    }
     
  2. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    40,819
    Likes Received:
    1,567
    Trophy Points:
    363
    cPanel Access Level:
    Root Administrator
    Hello :)

    Yes, assuming you have already installed Maildet, that would be a valid way of setting up log rotation for the event_log file.

    Thank you.
     
  3. jarecki74

    jarecki74 Active Member

    Joined:
    Oct 10, 2010
    Messages:
    30
    Likes Received:
    1
    Trophy Points:
    58
    I checked the configuration and does not work

    /etc/logrotate.d/maldet_inotify

    minisize is set to 1M , my log file have 3M

    /usr/local/maldetect/event_log {
    daily
    minsize 1M
    create 0600 root root
    rotate 1
    }

    can someone help me set it up please
     
  4. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    40,819
    Likes Received:
    1,567
    Trophy Points:
    363
    cPanel Access Level:
    Root Administrator
    You can try manually running logrotate via:

    Code:
    /usr/sbin/logrotate -vf /etc/logrotate.conf
    Look for output related to your maldet log to see if any problems show up.

    Thank you.
     
  5. jarecki74

    jarecki74 Active Member

    Joined:
    Oct 10, 2010
    Messages:
    30
    Likes Received:
    1
    Trophy Points:
    58

    new file created ok, but new log is empty
    ------------------------------------------------------------------------------
    root@masterhost [/usr/local/maldetect/inotify]# tail -f 40 /usr/local/maldetect/inotify/inotify_log
    tail: cannot open `40' for reading: No such file or directory
    ==> /usr/local/maldetect/inotify/inotify_log <==

    ----------------------------------------------------------------

    drwxr-xr-x 2 root root 4096 Jul 27 10:20 ./
    drwxr-xr-x 9 root root 4096 Jul 27 10:14 ../
    -rw------- 1 root root 0 Jul 27 10:20 inotify_log
    -rw------- 1 root root 20 Jul 27 10:20 inotify_log-20130727.gz
    -rwxr-x--- 1 root root 37272 May 12 2010 inotifywait*
    -rwxr-x--- 1 root root 67425 Oct 15 2009 libinotifytools.so.0*
    -rwxr-x--- 1 root root 2489 Jan 9 2012 tlog*
    root@masterhost [/usr/local/maldetect/inotify]#

    --------------------------------------------------------------------
     
  6. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    40,819
    Likes Received:
    1,567
    Trophy Points:
    363
    cPanel Access Level:
    Root Administrator
    Are you sure new entries are not logged to this file? Or, is it only empty because it was recently rotated?

    Thank you.
     
  7. jarecki74

    jarecki74 Active Member

    Joined:
    Oct 10, 2010
    Messages:
    30
    Likes Received:
    1
    Trophy Points:
    58
    log is fine now, i did delete log file and run /usr/sbin/logrotate -vf /etc/logrotate.conf. a new file is created automatically

    i must add to crontab after reboot system command maldet --monitor /home/*/public_html,/home2/*/public_html

    if it is properly ?

    crontab -e

    @reboot maldet --monitor /home/*/public_html,/home2/*/public_html
     
  8. 24x7server

    24x7server Well-Known Member

    Joined:
    Apr 17, 2013
    Messages:
    1,604
    Likes Received:
    67
    Trophy Points:
    28
    Location:
    India
    cPanel Access Level:
    Root Administrator
Loading...

Share This Page