Mini Shell
Mini Shell
| Direktori : /opt/maldetect/ |
| Current File : //opt/maldetect/conf.maldet |
#!/bin/bash # ## # Linux Malware Detect v1.4.1 # (C) 2002-2011, R-fx Networks <proj@r-fx.org> # (C) 2011, Ryan MacDonald <ryan@r-fx.org> # inotifywait (C) 2007, Rohan McGovern <rohan@mcgovern.id.au> # This program may be freely redistributed under the terms of the GNU GPL v2 ## # ## # [ EMAIL ALERTS ] ## # The default email alert toggle # [0 = disabled, 1 = enabled] email_alert=0 # The subject line for email alerts email_subj="maldet alert from $(hostname)" # The destination addresses for email alerts # [ values are comma (,) spaced ] email_addr="you@domain.com" # Ignore e-mail alerts for reports in which all hits have been cleaned. # This is ideal on very busy servers where cleaned hits can drown out # other more actionable reports. email_ignore_clean=0 ## # [ QUARANTINE OPTIONS ] ## # The default quarantine action for malware hits # [0 = alert only, 1 = move to quarantine & alert] quar_hits=0 # Try to clean string based malware injections # [NOTE: quar_hits=1 required] # [0 = disabled, 1 = clean] quar_clean=1 # The default suspend action for users wih hits # Cpanel suspend or set shell /bin/false on non-Cpanel # [NOTE: quar_hits=1 required] # [0 = disabled, 1 = suspend account] quar_susp=0 # minimum userid that can be suspended quar_susp_minuid=500 ## # [ SCAN OPTIONS ] ## # The maximum directory depth that the scanner will search # [ changing this may have an impact on scan performance ] maxdepth=15 # The minimum in bytes for a file to be included in a scan # [ changing this may have an impact on scan performance ] minfilesize=32 # The maximum file size for a file to be included in scan # search results; use man find for accepted values # [ changing this may have an impact on scan performance ] maxfilesize="768k" # The maximum byte depth that the scanner will search into # a files contents; default rules expect a 1024*60 depth # [ changing this may have an impact on scan performance ] hexdepth=61440 # Use named pipe (FIFO) for passing file contents hex data # instead of stdin default; improved performance and greater # scanning depth # [ 0 = disabled, 1 = enabled; enabled by default ] hex_fifo_scan=0 # The maximum byte depth that the scanner will search into # a files contents; default rules expect a 1024*60 depth # [ changing this may have an impact on scan performance ] hex_fifo_depth=524288 # Attempt to detect the presence of ClamAV clamscan binary # and use as default scanner engine; up to four times faster # scan performance and superior hex analysis. This option # only uses ClamAV as the scanner engine, LMD signatures # are still the basis for detecting threats. # [ 0 = disabled, 1 = enabled; enabled by default ] clamav_scan=1 # Allow non-root users to perform malware scans. This must be # enabled when using mod_security2 upload scanning or if you # want to allow users to perform scans. When enabled, this will # populate the /opt/maldetect/pub/ path with user owned # quarantine, session and temporary paths to faciliate scans. # These paths are populated through cron every 10min with the # /etc/cron.d/maldet_pub cronjob. public_scan=1 ## # [ STATISTICAL ANALYSIS ] ## # The string length test is used to identify threats based on the # length of the longest uninterrupted string within a file. This is # useful as obfuscated code is often stored using encoding methods # that produce very long strings without spaces (e.g: base64) # [ string length in characters, default = 150000 ] string_length_scan="0" # [ 0 = disabled, 1 = enabled ] string_length="150000" # [ max string length ] ## # [ MONITORING OPTIONS ] ## # The base number of files that can be watched under a path # [ maximum file watches = inotify_base_watches*users ] inotify_base_watches=15360 # The sleep time in seconds between monitor runs to scan files # that have been created/modified/moved inotify_stime=30 # The minimum userid that will be added to path monitoring when # the USERS option is specified inotify_minuid=500 # This is the html/web root for users relative to homedir, when # this option is set, users will only have the webdir monitored # [ clear option to default monitor entire user homedir ] inotify_webdir=public_html # The priority that monitoring process will run as # [ -19 = high prio , 19 = low prio, default = 10 ] inotify_nice=15