Last Updated on April 2, 2024 EDT by Gina
Table of Contents
Intro
Thought I’d post this here because it’s not on the GridPane KB. However, always refer to the GridPane Maldet article before this, it’s the original source of truth on this topic.
Prerequisites
You need SSH access to your server. GridPane has a ton of articles for this.
Installing/Uninstalling Maldet
Once you have the prerequisites out of the way, installing our malware suite is easy.Copy
gp stack maldet -install gp stack maldet -uninstall
Scan Exclusions
If you wish to exclude specific files or folders from being scanned. Open /usr/local/maldetect/ignore_paths
and you can add the following.Copy
/home/.*/sites/.*/logs /var/www/.*/logs/ /var/www/.*/logs/.*access.log.* /var/www/.*/logs/.*error.log.* /home/.*/sites/.*/logs/.*access.log.* /home/.*/sites/.*/logs/.*error.log.*
The last four lines are important as these locations are where GridPane stores webserver access and error logs which sometimes trigger false positives.
Logging
There will be a log for maldet in the following location.Copy
/opt/gridpane/maldet-all-sites-report.ids /opt/gridpane/maldet-last-all-sites-scan.log
Automated Scans
Running Maldet Scans Manually
Run scans. The command below scans the entire server from / not just /var/www:Copy
gp site all-sites -maldet-scan
This scans the entire site:Copy
gp site site.com -maldet-scan -all
This command scans recently changed files and goes back a customizable number of days:Copy
gp site site.com -maldet-scan -recent $integer_for_days
Notes
Automated Scans Aren’t Running
If you’re automated maldet scans on GridPane aren’t executing. Make sure that the following is contained within /root/gridenv/promethean.env
Copy
maldet-full-scan:true maldet:true
Last Updated on April 2, 2024 EDT by Gina
Comments are closed.