Maldet – Realtime Monitoring

Jeff Shotnik

Well-Known Member
Oct 10, 2012
61
0
6
Denver, Colorado, United States
cPanel Access Level
DataCenter Provider
When you install maldet, it will automatically setup a the cron job for you. Real time monitoring is enabled by running `maldet -m /first/path,/second/path`. lmd's cronjob is within /etc/cron.daily/ by default, so you can move it to another interval or create your own interval with crontab. Run `maldet --help` for more info.
 

moleno

Active Member
Jan 31, 2013
25
0
1
cPanel Access Level
Root Administrator
Thank you Jeff Shotnik !

I have already seen it . Could you please tell me set by step process?

I want to change cron timing to 18:00 [server time] .
 

Jeff Shotnik

Well-Known Member
Oct 10, 2012
61
0
6
Denver, Colorado, United States
cPanel Access Level
DataCenter Provider
Thank you Jeff Shotnik !

I have already seen it . Could you please tell me set by step process?

I want to change cron timing to 18:00 [server time] .
There are multiple ways, one could be:

Create a new file in /etc/cron.d with the following content:

0 18 * * * /path/to/maldet/cronjob/file

You could also add the job to roots crontab.
 

nisamudeen97

Well-Known Member
Jul 7, 2010
60
5
58
Cochin
cPanel Access Level
Root Administrator
Hi,

Maldet can be used for real time monitoring. "iNotify Monitoring" is the feature used for real time monitoring purpose. The maldet monitoring option requires a kernel that supports inotify_watch which is found in kernels 2.6.13+ and CentOS/RHEL 5 by default. The main plus point is that we can use this feature instead of daily/weekly scan. We can also configure maldet in such a way that we will be getting email alerts.

This scans users real-time file creation/modify/move operations.

There are three modes that the monitor can be executed with and they relate to what will be monitored, they are USERS|PATHS|FILES.

e.g: maldet --monitor users
e.g: maldet --monitor /root/monitor_paths
e.g: maldet --monitor /home/mike,/home/ashton

The options break down as follows:

USERS - The users option will take the homedirs of all system users that are above inotify_minuid and monitor them. If inotify_webdir is set then the users webdir, if it exists, will only be monitored.
PATHS - A comma spaced list of paths to monitor
FILE - A line spaced file list of paths to monitor
 
Last edited:
  • Like
Reactions: nyoman