Setting up Maldet on GridPane

Intro

Thought I’d post this here because it’s not on the GridPane KB. However, always refer to the GridPane Maldet article before this, it’s the original source of truth on this topic.

An Introduction to Maldet and ClamAV Malware Scanning | GridPane

Maldet and ClamAV installation requires that your server has at least 2GB of RAM. If you have a Panel or Developer account with GridPane, then you can get…

gridpane.com

Prerequisites

You need SSH access to your server. GridPane has a ton of articles for this.

Installing/Uninstalling Maldet

Once you have the prerequisites out of the way, installing our malware suite is easy.Copy

gp stack maldet -install
gp stack maldet -uninstall

Scan Exclusions

If you wish to exclude specific files or folders from being scanned. Open /usr/local/maldetect/ignore_paths and you can add the following.Copy

/home/.*/sites/.*/logs
/var/www/.*/logs/
/var/www/.*/logs/.*access.log.*
/var/www/.*/logs/.*error.log.*
/home/.*/sites/.*/logs/.*access.log.*
/home/.*/sites/.*/logs/.*error.log.*

The last four lines are important as these locations are where GridPane stores webserver access and error logs which sometimes trigger false positives.

Logging

There will be a log for maldet in the following location.Copy

/opt/gridpane/maldet-all-sites-report.ids
/opt/gridpane/maldet-last-all-sites-scan.log

Automated Scans

Running Maldet Scans Manually

Run scans. The command below scans the entire server from / not just /var/www:Copy

gp site all-sites -maldet-scan

This scans the entire site:Copy

gp site site.com -maldet-scan -all

This command scans recently changed files and goes back a customizable number of days:Copy

gp site site.com -maldet-scan -recent $integer_for_days

Notes

Automated Scans Aren’t Running

If you’re automated maldet scans on GridPane aren’t executing. Make sure that the following is contained within /root/gridenv/promethean.env Copy

maldet-full-scan:true
maldet:true