Opcje wyszukiwania podręcznika man:
Lista stron man zaczynających się od znaku:
A   B   C   D   E   F   G   H   I   J   K   L   M   N   O   P   Q   R   S   T   U   V   W   X   Y   Z   ALPHA   NUM   OTHER   ALL
LINUX-MALWARE-DETECT(19)         User Commands        LINUX-MALWARE-DETECT(19)

       maldet - Linux Malware Detect

       maldet  [-h|--help]  [-a|--scan-all  PATH] [-r|--scan-recent PATH DAYS]
       [-f|--file-list   PATH]    [-i|--include-regex]    [-x|--exclude-regex]
       [-b|--background]  [-m|--monitor]  [-k|--kill-monitor]  [-c|--checkout]
       [-q|--quarantine] [-s|--restore] [-n|--clean] [-l|--log]  [-e|--report]

       Linux  Malware Detect is a malware scanner for Linux released under the
       GNU GPLv2 license, that is designed around the threats faced in  shared
       hosted  environments.  It  uses threat data from network edge intrusion
       detection systems to extract malware that is  actively  being  used  in
       attacks  and  generates  signatures  for detection. In addition, threat
       data is also derived from user submissions with the LMD  checkout  fea-
       ture and from malware community resources. The signatures that LMD uses
       are MD5 file hashes and HEX  pattern  matches,  they  are  also  easily
       exported to any number of detection tools such as ClamAV.

       The  driving force behind LMD is that there is currently limited avail-
       ability of open source/restriction free tools for  Linux  systems  that
       focus  on  malware detection and more important that get it right. Many
       of the AV products that perform malware detection on Linux have a  very
       poor  track  record  of detecting threats, especially those targeted at
       shared hosted environments.

       The threat landscape in shared hosted environments is unique from  that
       of  the standard AV products detection suite in that they are detecting
       primarily OS level trojans,  rootkits  and  traditional  file-infecting
       viruses  but missing the ever increasing variety of malware on the user
       account level which serves as an attack platform.

       o  MD5 file hash detection for quick threat identification

       o  HEX based pattern matching for identifying threat variants

       o  statistical analysis component for detection of  obfuscated  threats
          (e.g: base64)

       o  integrated detection of ClamAV to use as scanner engine for improved

       o  integrated signature update feature with -u|--update

       o  integrated version update feature with -d|--update-ver

       o  scan-recent option to scan only files that have  been  added/changed
          in X days

       o  scan-all option for full path based scanning

       o  checkout option to upload suspected malware to for review /

       o  full reporting system to view current and previous scan results

       o  quarantine queue that stores threats in a safe fashion with no  per-

       o  quarantine batching option to quarantine the results of a current or
          past scans

       o  quarantine restore option to restore files to original  path,  owner
          and perms

       o  quarantine  suspend account option to Cpanel suspend or shell revoke

       o  cleaner rules to attempt removal of malware injected strings

       o  cleaner batching option to attempt cleaning of previous scan reports

       o  cleaner rules to remove base64 and gzinflate(base64 injected malware

       o  daily cron based scanning of all changes in last 24h in  user  home-

       o  daily  cron  script compatible with stock RH style systems, Cpanel &

       o  kernel based  inotify  real  time  file  scanning  of  created/modi-
          fied/moved files

       o  kernel inotify monitor that can take path data from STDIN or FILE

       o  kernel inotify monitor convenience feature to monitor system users

       o  kernel inotify monitor can be restricted to a configurable user html

       o  kernel inotify monitor with dynamic sysctl limits for  optimal  per-

       o  kernel inotify alerting through daily and/or optional weekly reports

       o  e-mail alert reporting after every scan execution (manual & daily)

       o  path, extension and signature based ignore options

       o  background scanner option for unattended scan operations

       o  verbose logging & output of all actions

       The defining difference with LMD is that it doesn't just detect malware
       based on signatures/hashes that someone else generated but rather it is
       an  encompassing  project  that actively tracks in the wild threats and
       generates signatures based on those real world threats  that  are  cur-
       rently circulating.

       There  are  four main sources for malware data that is used to generate
       LMD signatures:

       o  Network Edge IPS: The network I manage hosts over 35,000  web  sites
          and  as such receives a large amount of daily abuse, all of which is
          logged by our network edge IPS. The  IPS  events  are  processed  to
          extract  malware  url's, decode POST payload and base64/gzip encoded
          abuse data and ultimately that malware is retrieved, reviewed, clas-
          sified and then signatures generated as appropriate. The vast major-
          ity of LMD signatures have been derived from IPS extracted data.

       o  Community Data: Data is aggregated from multiple  community  malware
          websites  such  as  clean-mx and malwaredomainlist then processed to
          retrieve new malware, review, classify and then generate signatures.

       o  ClamAV: The HEX & MD5 detection signatures from ClamAV are monitored
          for  relevant updates that apply to the target user group of LMD and
          added to the project as appropriate. To date there has been  roughly
          400 signatures ported from ClamAV while the LMD project has contrib-
          uted back to ClamAV by submitting over 1,100 signatures and  contin-
          ues to do so on an ongoing basis.

       o  User  Submission:  LMD  has  a checkout feature that allows users to
          submit suspected malware for review, this has grown into a very pop-
          ular  feature  and  generates on average about 30-50 submissions per

       The LMD signatures are updated typically once  per  day  or  more  fre-
       quently  depending  on  incoming threat data from the LMD checkout fea-
       ture, IPS malware extraction and other sources. The updating of  signa-
       tures  in  LMD  installations  is  performed  daily through the default
       cron.daily script with the --update option, which can be  run  manually
       at any time.

       An RSS feed is available for tracking malware threat updates:
              RSS Recent Signatures:

       CLI USAGE
              The command line options are as follows:

       -b, --background

              Execute operations in the background, ideal for large scans e.g:
              maldet -b -r /home/?/public_html 7

       -u, --update-sigs

              Update malware detection signatures from

       -f, --file-list

              Scan files or paths defined in line spaced file e.g:  maldet  -f

       -r, --scan-recent PATH DAYS

              Scan  files  created/modified  in  the last X days (default: 7d,
              wildcard: ?)  e.g: maldet -r /home/?/public_html 2

       -a, --scan-all PATH

              Scan all files in  path  (default:  /home,  wildcard:  ?)   e.g:
              maldet -a /home/?/public_html

       -i, --include-regex REGEX

              Include paths/files from file list based on supplied posix-egrep
              regular expression.  e.g: To include only paths named wp-content
              and   files   ending   in   .php:   --include-regex  ".*/wp-con-

       -x, --exclude-regex REGEX

              Exclude paths/files from file list based on supplied posix-egrep
              regular  expression.   e.g: To exclude paths containing 'wp-con-
              tent/w3tc/'   and   core   files:   --exclude-regex   ".*wp-con-

       -m, --monitor USERS|PATHS|FILE|RELOAD

              Run maldet with inotify kernel level file create/modify monitor-
              ing If USERS is specified, monitor user homedirs for UID's > 500
              If  FILE  is  specified, paths will be extracted from file, line
              spaced If PATHS are specified, must be  comma  spaced  list,  NO
              WILDCARDS!   e.g:  maldet  --monitor users e.g: maldet --monitor
              /usr/local/maldetect/monitor_paths   e.g:    maldet    --monitor

       -k, --kill-monitor

              Terminate inotify monitoring service

       -c, --checkout FILE

              Upload  suspected  malware to for review & hashing into

       -l, --log

              View maldet log file events

       -e, --report SCANID email

              View scan report of most recent scan or of a specific SCANID and
              optionally  e-mail  the report to a supplied e-mail address e.g:
              maldet --report e.g: maldet --report list e.g:  maldet  --report
              050910-1534.21135 e.g: maldet --report SCANID

       -s, --restore FILE|SCANID

              Restore  file  from  quarantine queue to orginal path or restore
              all  items  from  a  specific  SCANID  e.g:   maldet   --restore
              /usr/local/maldetect/quarantine/config.php.23754   e.g:   maldet
              --restore 050910-1534.21135

       -q, --quarantine SCANID

              Quarantine all malware from report SCANID e.g: maldet  --quaran-
              tine 050910-1534.21135

       -n, --clean SCANID

              Try  to  clean  &  restore  malware hits from report SCANID e.g:
              maldet --clean 050910-1534.21135

       -U, --user USER

              Set execution under specified user,  ideal  for  restoring  from
              user  quarantine  or  to  view user reports.  e.g: maldet --user
              nobody   --report   e.g:   maldet   --user   nobody    --restore

       -co, --config-option VAR1=VALUE,VAR2=VALUE,VAR3=VALUE

              Set  or redefine the value of maldetect.conf config options e.g:
              maldet     --config-option,quaran-

       -p, --purge

              Clear logs, quarantine queue, session and temporary data.

       This program may be freely redistributed under the terms of the GNU GPL

       (C) 2002-2019, R-fx Networks <> (C) 2019,  Ryan  MacDonald

Linux Malware Detect v1.6.4     September 2016        LINUX-MALWARE-DETECT(19)

Czas wygenerowania: 0.00053 sek.

Created with the man page lookup class by Andrew Collington.
Based on a C man page viewer by Vadim Pavlov
Unicode soft-hyphen fix (as used by RedHat) by Dan Edwards
Some optimisations by Eli Argon
Caching idea and code contribution by James Richardson

Copyright © 2003-2023
Hosted by Hosting