,

Server security scan #manpage

chkrootkit – Linux rootkit scanner

What it does : Find rootkits
Where to find it : in your distribution – or on chkrootkit.org

# install whatever way you want
apt-get install chkrootkit
chkrootkit
# That's about all you need.

Malware protection

Option 1: ISPProtect – 90 euro / year but worth it.
Where to find it : ispprotect.com

Step #1: Get a licence

Step #2: Download and install and run

#/tmp is what's indicated on ISPProtect site as first instruction
#Obviously you won't leave it here forever :)
cd /tmp
wget http://www.ispprotect.com/download/ispp_scan.tar.gz
tar xzf ispp_scan.tar.gz
./ispp_scan
#and you're nearly done.

Then indicate your key number or trial if you want a trial version.
Indicate /var/www to start the scan on the web installs.

It will then generate reports as follow:


After the scan is completed, you will find the results also in the following files:
Malware => /usr/local/ispprotect/found_malware_20170228201238.txt
Wordpress => /usr/local/ispprotect/software_wordpress_20170228201238.txt
Joomla => /usr/local/ispprotect/software_joomla_20170228201238.txt
Drupal => /usr/local/ispprotect/software_drupal_20170228201238.txt
Mediawiki => /usr/local/ispprotect/software_mediawiki_20170228201238.txt
Contao => /usr/local/ispprotect/software_contao_20170228201238.txt
Magentocommerce => /usr/local/ispprotect/software_magentocommerce_20170228201238.txt
Woltlab Burning Board => /usr/local/ispprotect/software_woltlab_burning_board_20170228201238.txt
Cms Made Simple => /usr/local/ispprotect/software_cms_made_simple_20170228201238.txt
Phpmyadmin => /usr/local/ispprotect/software_phpmyadmin_20170228201238.txt
Typo3 => /usr/local/ispprotect/software_typo3_20170228201238.txt
Roundcube => /usr/local/ispprotect/software_roundcube_20170228201238.txt
Shopware => /usr/local/ispprotect/software_shopware_20170228201238.txt
Mysqldumper => /usr/local/ispprotect/software_mysqldumper_20170228201238.txt
Starting scan level 1 ...

Step #3: The cron job

 
0 * * * * root	/usr/local/ispprotect/ispp_scan --update && /usr/local/ispprotect/ispp_scan --path=/var/www --email-results=EMAIL --non-interactive --scan-key=KEY
#crontab -e to get there

Option 2: Maldet – free which you can find at this place

 
wget http://www.rfxn.com/downloads/maldetect-current.tar.gz
tar -xvf maldetect-current.tar.gz
cd maldetect-1.4.2/
./install.sh
vi /usr/local/maldetect/conf.maldet
#then you have to run more config stuff - go check the doc.

Comments

comments