In previous versions, maldet was configured by default to automatically monitor and scan users' home directories. In its current version, the default is for it to only monitor the /dev/shm, /var/tmp, and /tmp directories. We're going to reconfigure it so that we can add some directories. Let's get started:
- Open the /usr/local/maldetect/conf.maldet file for editing. Find these two lines:
default_monitor_mode="users"
# default_monitor_mode="/usr/local/maldetect/monitor_paths"
Change them to the following:
# default_monitor_mode="users"
default_monitor_mode="/usr/local/maldetect/monitor_paths"
- At the top of the file, enable email alerts and set your username as the email address. The two lines should now look something like this:
email_alert="1"
email_addr="donnie"
- LMD isn't already configured to move suspicious files to the quarantine folder, and we want to make it do that. Further down in the conf.maldet file, look for the line that says the following:
quarantine_hits="0"
Change it to the following:
quarantine_hits="1"
You'll see a few other quarantine actions that you can configure, but, for now, this is all we need.
- Save the conf.maldet file, because that's all the changes that we need to make to it.
- Open the /usr/local/maldetect/monitor_paths file for editing. Add the directories that you want to monitor, like this:
/var/dev/shm
/var/tmp
/tmp
/home
/root
Since viruses affect Windows and not Linux, just monitor the directories with files that will be shared with Windows machines.
- After you save the file, start the maldet daemon:
sudo systemctl start maldet
You can add more directories to the monitor_paths file at any time, but remember to restart the maldet daemon any time that you do, in order to read in the new additions.
You've reached the end of the lab – congratulations!
Now, let's talk about keeping ClamAV and maldet updated.