Maldet - log rotation - howto ?

[jarecki74]

I would like to enable maldet INOTIFY MONITORING

http://www.rfxn.com/appdocs/README.maldetect

maldet --monitor /home/*/public_html,/home2/*/public_html

and enable logrotate to file /usr/local/maldetect/event_log


if it is properly ?

in directory /etc/logrotate.d i must create file maldet.inotify

and add logrotation rule

/usr/local/maldetect/event_log {
daily
minsize 1M
create 0600 root root
rotate 1
}

 

[cPanelMichael]

Hello

Yes, assuming you have already installed Maildet, that would be a valid way of setting up log rotation for the event_log file.

Thank you.

 

[jarecki74]

I checked the configuration and does not work

/etc/logrotate.d/maldet_inotify

minisize is set to 1M , my log file have 3M

/usr/local/maldetect/event_log {
daily
minsize 1M
create 0600 root root
rotate 1
}

can someone help me set it up please

 

[cPanelMichael]

You can try manually running logrotate via:

/usr/sbin/logrotate -vf /etc/logrotate.conf

Look for output related to your maldet log to see if any problems show up.

Thank you.

 

[jarecki74]

You can try manually running logrotate via:

/usr/sbin/logrotate -vf /etc/logrotate.conf

Look for output related to your maldet log to see if any problems show up.

Thank you.

new file created ok, but new log is empty
------------------------------------------------------------------------------
[email protected] [/usr/local/maldetect/inotify]# tail -f 40 /usr/local/maldetect/inotify/inotify_log
tail: cannot open `40' for reading: No such file or directory
==> /usr/local/maldetect/inotify/inotify_log <==

----------------------------------------------------------------

drwxr-xr-x 2 root root 4096 Jul 27 10:20 ./
drwxr-xr-x 9 root root 4096 Jul 27 10:14 ../
-rw------- 1 root root 0 Jul 27 10:20 inotify_log
-rw------- 1 root root 20 Jul 27 10:20 inotify_log-20130727.gz
-rwxr-x--- 1 root root 37272 May 12 2010 inotifywait*
-rwxr-x--- 1 root root 67425 Oct 15 2009 libinotifytools.so.0*
-rwxr-x--- 1 root root 2489 Jan 9 2012 tlog*
[email protected] [/usr/local/maldetect/inotify]#

--------------------------------------------------------------------

 

[cPanelMichael]

Are you sure new entries are not logged to this file? Or, is it only empty because it was recently rotated?

Thank you.

 

[jarecki74]

log is fine now, i did delete log file and run /usr/sbin/logrotate -vf /etc/logrotate.conf. a new file is created automatically

i must add to crontab after reboot system command maldet --monitor /home/*/public_html,/home2/*/public_html

if it is properly ?

crontab -e

@reboot maldet --monitor /home/*/public_html,/home2/*/public_html

 

[24x7server]

Yes, You can setup cron for maldat Real-Time Monitoring

@reboot maldet --monitor /home?/?/public_html/

Also check this : Linux Malware Detect | R-fx Networks