Please whitelist cPanel in your adblocker so that you’re able to see our version release promotions, thanks!

The Community Forums

Interact with an entire community of cPanel & WHM users!

Maldet - log rotation - howto ?

Discussion in 'Security' started by jarecki74, Jul 24, 2013.

  1. jarecki74

    jarecki74 Active Member

    Joined:
    Oct 10, 2010
    Messages:
    33
    Likes Received:
    1
    Trophy Points:
    58
    I would like to enable maldet INOTIFY MONITORING

    http://www.rfxn.com/appdocs/README.maldetect

    maldet --monitor /home/*/public_html,/home2/*/public_html

    and enable logrotate to file /usr/local/maldetect/event_log


    if it is properly ?

    in directory /etc/logrotate.d i must create file maldet.inotify

    and add logrotation rule

    /usr/local/maldetect/event_log {
    daily
    minsize 1M
    create 0600 root root
    rotate 1
    }
     
  2. cPanelMichael

    cPanelMichael Technical Support Community Manager
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    45,532
    Likes Received:
    1,966
    Trophy Points:
    363
    cPanel Access Level:
    Root Administrator
    Twitter:
    Hello :)

    Yes, assuming you have already installed Maildet, that would be a valid way of setting up log rotation for the event_log file.

    Thank you.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  3. jarecki74

    jarecki74 Active Member

    Joined:
    Oct 10, 2010
    Messages:
    33
    Likes Received:
    1
    Trophy Points:
    58
    I checked the configuration and does not work

    /etc/logrotate.d/maldet_inotify

    minisize is set to 1M , my log file have 3M

    /usr/local/maldetect/event_log {
    daily
    minsize 1M
    create 0600 root root
    rotate 1
    }

    can someone help me set it up please
     
  4. cPanelMichael

    cPanelMichael Technical Support Community Manager
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    45,532
    Likes Received:
    1,966
    Trophy Points:
    363
    cPanel Access Level:
    Root Administrator
    Twitter:
    You can try manually running logrotate via:

    Code:
    /usr/sbin/logrotate -vf /etc/logrotate.conf
    Look for output related to your maldet log to see if any problems show up.

    Thank you.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  5. jarecki74

    jarecki74 Active Member

    Joined:
    Oct 10, 2010
    Messages:
    33
    Likes Received:
    1
    Trophy Points:
    58

    new file created ok, but new log is empty
    ------------------------------------------------------------------------------
    root@masterhost [/usr/local/maldetect/inotify]# tail -f 40 /usr/local/maldetect/inotify/inotify_log
    tail: cannot open `40' for reading: No such file or directory
    ==> /usr/local/maldetect/inotify/inotify_log <==

    ----------------------------------------------------------------

    drwxr-xr-x 2 root root 4096 Jul 27 10:20 ./
    drwxr-xr-x 9 root root 4096 Jul 27 10:14 ../
    -rw------- 1 root root 0 Jul 27 10:20 inotify_log
    -rw------- 1 root root 20 Jul 27 10:20 inotify_log-20130727.gz
    -rwxr-x--- 1 root root 37272 May 12 2010 inotifywait*
    -rwxr-x--- 1 root root 67425 Oct 15 2009 libinotifytools.so.0*
    -rwxr-x--- 1 root root 2489 Jan 9 2012 tlog*
    root@masterhost [/usr/local/maldetect/inotify]#

    --------------------------------------------------------------------
     
  6. cPanelMichael

    cPanelMichael Technical Support Community Manager
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    45,532
    Likes Received:
    1,966
    Trophy Points:
    363
    cPanel Access Level:
    Root Administrator
    Twitter:
    Are you sure new entries are not logged to this file? Or, is it only empty because it was recently rotated?

    Thank you.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  7. jarecki74

    jarecki74 Active Member

    Joined:
    Oct 10, 2010
    Messages:
    33
    Likes Received:
    1
    Trophy Points:
    58
    log is fine now, i did delete log file and run /usr/sbin/logrotate -vf /etc/logrotate.conf. a new file is created automatically

    i must add to crontab after reboot system command maldet --monitor /home/*/public_html,/home2/*/public_html

    if it is properly ?

    crontab -e

    @reboot maldet --monitor /home/*/public_html,/home2/*/public_html
     
  8. 24x7server

    24x7server Well-Known Member

    Joined:
    Apr 17, 2013
    Messages:
    1,888
    Likes Received:
    90
    Trophy Points:
    78
    Location:
    India
    cPanel Access Level:
    Root Administrator
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
Loading...

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice